Impossible to login as host / moderator

Despite all my efforts, I am unable to login to my newly configured jitsi server.

While unauthenticated conf worked in a quite straightforward way, I am fighting to authenticate… So something must be wrong somewhere…

The logs are showing this :

root@meet:/etc/jitsi/jicofo# systemctl restart prosody ; tail -f /var/log/prosody/prosody.log
Sep 28 23:37:54 jcp562688770b40 info component disconnected: focus.meet.marley.com (false)
Sep 28 23:37:54 general info Shutting down…
Sep 28 23:37:54 general info Shutdown status: Cleaning up
Sep 28 23:37:54 general info Shutdown complete
Sep 28 23:37:55 general info Hello and welcome to Prosody version 0.10.0
Sep 28 23:37:55 general info Prosody is using the select backend for connection handling
Sep 28 23:37:55 portmanager info Activated service ‘s2s’ on [::]:5269, []:5269
Sep 28 23:37:55 portmanager info Activated service ‘c2s’ on [::]:5222, [
]:5222
Sep 28 23:37:55 portmanager info Activated service ‘legacy_ssl’ on no ports
Sep 28 23:37:55 mod_posix info Prosody is about to detach from the console, disabling further console output
Sep 28 23:37:55 mod_posix info Successfully daemonized to PID 11770
Sep 28 23:37:55 portmanager info Activated service ‘component’ on [127.0.0.1]:5347, [::1]:5347
Sep 28 23:37:55 conference.meet.marley.com:muc_domain_mapper info Loading mod_muc_domain_mapper for host internal.auth.meet.marley.com!
Sep 28 23:37:55 conference.meet.marley.com:muc_domain_mapper info Loading mod_muc_domain_mapper for host conference.meet.marley.com!
Sep 28 23:37:55 conference.meet.marley.com:muc_domain_mapper info Loading mod_muc_domain_mapper for host guest.meet.marley.com!
Sep 28 23:37:55 conference.meet.marley.com:muc_domain_mapper info Loading mod_muc_domain_mapper for host focus.meet.marley.com!
Sep 28 23:37:55 speakerstats.meet.marley.com:speakerstats_component warn speaker stats will not work with Prosody version 0.10 or less.
Sep 28 23:37:55 conference.meet.marley.com:muc_domain_mapper info Loading mod_muc_domain_mapper for host localhost!
Sep 28 23:37:55 conference.meet.marley.com:muc_domain_mapper info Loading mod_muc_domain_mapper for host conferenceduration.meet.marley.com!
Sep 28 23:37:55 conferenceduration.meet.marley.com:conference_duration_component warn conference duration will not work with Prosody version 0.10 or less.
Sep 28 23:37:55 conference.meet.marley.com:muc_domain_mapper info Loading mod_muc_domain_mapper for host auth.meet.marley.com!
Sep 28 23:37:55 conference.meet.marley.com:muc_domain_mapper info Loading mod_muc_domain_mapper for host meet.marley.com!
Sep 28 23:37:55 meet.marley.com:muc_lobby_rooms warn Lobby rooms will not work with Prosody version 0.10 or less.
Sep 28 23:37:55 portmanager info Activated service ‘http’ on [::]:5280, [*]:5280
Sep 28 23:37:55 portmanager info Activated service ‘https’ on no ports
Sep 28 23:37:55 jcp5622493d1dd0 info Incoming Jabber component connection
Sep 28 23:37:55 focus.meet.marley.com:component info External component successfully authenticated
Sep 28 23:37:55 mod_bosh info Client tried to use sid ‘d5fba525-95fc-4b98-8c14-03eab7c29c06’ which we don’t know about
Sep 28 23:37:55 mod_bosh info Client tried to use sid ‘d5fba525-95fc-4b98-8c14-03eab7c29c06’ which we don’t know about
Sep 28 23:37:56 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:37:56 c2s5622493eddf0 info Client connected
Sep 28 23:37:57 c2s5622493eddf0 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:37:57 c2s5622493eddf0 info Authenticated as jvb@auth.meet.marley.com
Sep 28 23:37:58 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:37:58 c2s5622490398c0 info Client connected
Sep 28 23:37:59 c2s5622490398c0 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:37:59 c2s5622490398c0 info Client disconnected: connection closed
Sep 28 23:38:04 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:38:04 c2s56224902a410 info Client connected
Sep 28 23:38:04 c2s56224902a410 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:38:04 c2s56224902a410 info Client disconnected: connection closed
Sep 28 23:38:07 mod_bosh info Client tried to use sid ‘d957fde6-0fd8-4133-8cf7-17d203d88921’ which we don’t know about
Sep 28 23:38:07 mod_bosh info Client tried to use sid ‘5d109aac-c204-4441-a7e9-e11ad5f8e165’ which we don’t know about
Sep 28 23:38:09 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:38:09 c2s56224927c670 info Client connected
Sep 28 23:38:09 c2s56224927c670 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:38:09 c2s56224927c670 info Client disconnected: connection closed
Sep 28 23:38:09 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:38:09 mod_bosh info New BOSH session, assigned it sid ‘75d6d83b-bcc3-4f88-a491-a29af078ba92’
Sep 28 23:38:09 bosh75d6d83b-bcc3-4f88-a491-a29af078ba92 info Authenticated as c984709c-0ad3-4a29-87ee-3b76029a9507@guest.meet.marley.com
Sep 28 23:38:14 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:38:14 c2s562249100890 info Client connected
Sep 28 23:38:14 c2s562249100890 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:38:14 c2s562249100890 info Client disconnected: connection closed
Sep 28 23:38:19 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:38:19 c2s56224921a830 info Client connected
Sep 28 23:38:19 c2s56224921a830 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:38:19 c2s56224921a830 info Client disconnected: connection closed
Sep 28 23:38:24 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:38:24 c2s5622490f0fe0 info Client connected
Sep 28 23:38:24 c2s5622490f0fe0 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:38:24 c2s5622490f0fe0 info Client disconnected: connection closed
Sep 28 23:38:29 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:38:29 c2s5622493012b0 info Client connected
Sep 28 23:38:29 c2s5622493012b0 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:38:29 c2s5622493012b0 info Client disconnected: connection closed
Sep 28 23:38:34 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:38:34 c2s562249481460 info Client connected
Sep 28 23:38:34 c2s562249481460 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:38:34 c2s562249481460 info Client disconnected: connection closed
Sep 28 23:38:39 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:38:39 c2s5622494c7650 info Client connected
Sep 28 23:38:39 c2s5622494c7650 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:38:39 c2s5622494c7650 info Client disconnected: connection closed
Sep 28 23:38:44 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:38:44 c2s562249515c80 info Client connected
Sep 28 23:38:44 c2s562249515c80 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:38:44 c2s562249515c80 info Client disconnected: connection closed
Sep 28 23:38:49 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:38:49 c2s56224955b9e0 info Client connected
Sep 28 23:38:49 c2s56224955b9e0 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:38:49 c2s56224955b9e0 info Client disconnected: connection closed
Sep 28 23:38:54 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:38:54 c2s56224959bed0 info Client connected
Sep 28 23:38:55 c2s56224959bed0 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:38:55 c2s56224959bed0 info Client disconnected: connection closed
Sep 28 23:39:00 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:39:00 c2s5622495ead50 info Client connected
Sep 28 23:39:00 c2s5622495ead50 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:39:00 c2s5622495ead50 info Client disconnected: connection closed
Sep 28 23:39:05 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:39:05 c2s562249630150 info Client connected
Sep 28 23:39:05 c2s562249630150 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Sep 28 23:39:05 c2s562249630150 info Client disconnected: connection closed
Sep 28 23:39:10 conference.meet.marley.com:muc_domain_mapper warn Session filters applied
Sep 28 23:39:10 c2s56224967f8e0 info Client connected
Sep 28 23:39:10 c2s56224967f8e0 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)

My lua config seems ok :

plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

– domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = “meet.marley.com”;

turncredentials_secret = “SECRET1”;

turncredentials = {
{ type = “stun”, host = “meet.marley.com”, port = “3478” },
{ type = “turn”, host = “meet.marley.com”, port = “3478”, transport = “udp” },
{ type = “turns”, host = “meet.marley.com”, port = “443”, transport = “tcp” }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
https_ports = { }; – Remove this line to prevent listening on port 5284

https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
protocol = “tlsv1_2+”;
ciphers = “ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-G
CM-SHA256:DHE-RSA-AES256-GCM-SHA384”
}

VirtualHost “meet.marley.com
– enabled = false – Remove this line to enable this host
–authentication = “anonymous”
authentication = “internal_plain”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/meet.marley.com.key”;
certificate = “/etc/prosody/certs/meet.marley.com.crt”;
}
speakerstats_component = “speakerstats.meet.marley.com
conference_duration_component = “conferenceduration.meet.marley.com
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
“speakerstats”;
“turncredentials”;
“conference_duration”;
“muc_lobby_rooms”;
}
c2s_require_encryption = false
lobby_muc = “lobby.meet.marley.com
main_muc = “conference.meet.marley.com
– muc_lobby_whitelist = { “recorder.meet.marley.com” } – Here we can whitelist jibri to enter lobby enabled rooms

VirtualHost “guest.meet.marley.com
authentication = “anonymous”
c2s_require_encryption = false

Component “conference.meet.marley.com” “muc”
storage = “none”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
– “token_verification”;
}
admins = { “focus@auth.meet.marley.com” }
muc_room_locking = false
muc_room_default_public_jids = true

– internal muc component
Component “internal.auth.meet.marley.com” “muc”
storage = “none”
modules_enabled = {
“ping”;
}
admins = { “focus@auth.meet.marley.com”, “jvb@auth.meet.marley.com” }
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “auth.meet.marley.com
ssl = {
key = “/etc/prosody/certs/auth.meet.marley.com.key”;
certificate = “/etc/prosody/certs/auth.meet.marley.com.crt”;
}
authentication = “internal_hashed”

Component “focus.meet.marley.com
component_secret = “SECRET2”

Component “speakerstats.meet.marley.com” “speakerstats_component”
muc_component = “conference.meet.marley.com

Component “conferenceduration.meet.marley.com” “conference_duration_component”
muc_component = “conference.meet.marley.com

Component “lobby.meet.marley.com” “muc”
storage = “none”
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true

I am not sure what else to show ?
Login seems to always be refused no matter what I do.

I would really love to deploy this server. But I need a minimum of abilities to control communication channels…