Jibri cannot record if the token authentication is enabled

jibri cannot record if the token authentication is enabled and allow_empty_token = false for the latest stable. If I switch back to the anonymous authentication or set allow_empty_token = true then it can record as expected.

I think this is a new issue.

ii  jicofo                1.0-910-1
ii  jitsi-meet            2.0.7577-1
ii  jitsi-meet-prosody    1.0.6380-1
ii  jitsi-meet-tokens     1.0.6380-1
ii  jitsi-meet-turnserver 1.0.6380-1
ii  jitsi-meet-web        1.0.6380-1
ii  jitsi-meet-web-config 1.0.6380-1
ii  prosody               0.11.9-2+deb11u2 amd64


jicofo {
  xmpp: {
    client: {
      client-proxy: focus.jitsi.mydomain.corp
    trusted-domains: [ "recorder.jitsi.mydomain.corp" ]
  bridge: {
    brewery-jid: "JvbBrewery@internal.auth.jitsi.mydomain.corp"
  conference: {
    enable-auto-owner: true
  jibri: {
    brewery-jid: "JibriBrewery@internal.auth.jitsi.mydomain.corp"
    pending-timeout: 90 seconds

The status of the log folder after the recording has failed

ls -alh /var/log/jitsi/jibri/

-rw-r--r-- 1 jibri jibri 427K Aug  9 17:12 browser.0.txt
-rw-r--r-- 1 jibri jibri    0 Aug  9 17:12 browser.0.txt.lck
-rw-r--r-- 1 jibri jibri    0 Aug  9 17:12 ffmpeg.0.txt
-rw-r--r-- 1 jibri jibri    0 Aug  9 17:12 ffmpeg.0.txt.lck
-rw-r--r-- 1 jibri jibri  18K Aug  9 17:12 log.0.txt
-rw-r--r-- 1 jibri jibri    0 Aug  9 17:10 log.0.txt.lck
-rw-r--r-- 1 jibri jibri  44K Aug  9 17:10 xorg.log

log.0.txt (18.0 KB)

browser.0.txt (426.6 KB)

Good catch. I suppose we need a whitelist like we have for other modules like the lobby. Wanna take a stab at it?

@damencho thoughts?

Yep, this seems right. A whitelist like jitsi-meet/prosody.cfg.lua-jvb.example at f5649efa494938379c76e0c5de50b275ee003be8 · jitsi/jitsi-meet · GitHub

Isn’t ‘VirtualHost "recorder.yourdomain.com"’ for that?

Yes it st, and jibri connects there. But when joining the room it wants to check its token whether it is allowed to join that room. And as that vhost does not use token and main vhost does not allow empty token the token_verification module rejects it.
The only way out is to have a list of vhosts in the config that are allowed to join without token.
Does this make sense?

The issue seems related with the following line. it works when the default is set as false.
It is false in the old stable.

1 Like

Adding the following line into the prosody config had the same effect

enable_domain_verification = false

Can you open an issue on github jitsi-meet so we do not forget about this one? Thanks.


Thank you

I have created the mr to address this issue. Let me know what do yo think.