emrah
August 9, 2022, 2:37pm
1
jibri cannot record if the token authentication is enabled and allow_empty_token = false for the latest stable. If I switch back to the anonymous authentication or set allow_empty_token = true then it can record as expected.
I think this is a new issue.
ii jicofo 1.0-910-1
ii jitsi-meet 2.0.7577-1
ii jitsi-meet-prosody 1.0.6380-1
ii jitsi-meet-tokens 1.0.6380-1
ii jitsi-meet-turnserver 1.0.6380-1
ii jitsi-meet-web 1.0.6380-1
ii jitsi-meet-web-config 1.0.6380-1
ii prosody 0.11.9-2+deb11u2 amd64
/etc/jitsi/jicofo/jicofo.conf
jicofo {
xmpp: {
client: {
client-proxy: focus.jitsi.mydomain.corp
}
trusted-domains: [ "recorder.jitsi.mydomain.corp" ]
}
bridge: {
brewery-jid: "JvbBrewery@internal.auth.jitsi.mydomain.corp"
}
conference: {
enable-auto-owner: true
}
jibri: {
brewery-jid: "JibriBrewery@internal.auth.jitsi.mydomain.corp"
pending-timeout: 90 seconds
}
}
The status of the log folder after the recording has failed
ls -alh /var/log/jitsi/jibri/
-rw-r--r-- 1 jibri jibri 427K Aug 9 17:12 browser.0.txt
-rw-r--r-- 1 jibri jibri 0 Aug 9 17:12 browser.0.txt.lck
-rw-r--r-- 1 jibri jibri 0 Aug 9 17:12 ffmpeg.0.txt
-rw-r--r-- 1 jibri jibri 0 Aug 9 17:12 ffmpeg.0.txt.lck
-rw-r--r-- 1 jibri jibri 18K Aug 9 17:12 log.0.txt
-rw-r--r-- 1 jibri jibri 0 Aug 9 17:10 log.0.txt.lck
-rw-r--r-- 1 jibri jibri 44K Aug 9 17:10 xorg.log
/var/log/jitsi/jibri/log.0.txt log.0.txt (18.0 KB)
/var/log/jitsi/jibri/browser.0.txt browser.0.txt (426.6 KB)
saghul
August 9, 2022, 3:16pm
2
Good catch. I suppose we need a whitelist like we have for other modules like the lobby. Wanna take a stab at it?
@damencho thoughts?
emrah
August 9, 2022, 4:11pm
4
Isn’t ‘VirtualHost "recorder.yourdomain.com"’ for that?
Yes it st, and jibri connects there. But when joining the room it wants to check its token whether it is allowed to join that room. And as that vhost does not use token and main vhost does not allow empty token the token_verification module rejects it.
emrah
August 9, 2022, 6:06pm
6
The issue seems related with the following line. it works when the default is set as false.false in the old stable.
-- the main VirtualHost for the deployment
self.muc_domain_base = module:get_option_string("muc_mapper_domain_base");
-- The "real" MUC domain that we are proxying to
if self.muc_domain_base then
self.muc_domain = module:get_option_string(
"muc_mapper_domain",
self.muc_domain_prefix.."."..self.muc_domain_base);
end
-- whether domain name verification is enabled, by default it is enabled
-- when disabled checking domain name and tenant if available will be skipped, we will check only room name.
self.enableDomainVerification = module:get_option_boolean('enable_domain_verification', true);
if self.allowEmptyToken == true then
module:log("warn", "WARNING - empty tokens allowed");
end
if self.appId == nil then
module:log("error", "'app_id' must not be empty");
return nil;
end
1 Like
emrah
August 9, 2022, 6:18pm
7
Adding the following line into the prosody config had the same effect
enable_domain_verification = false
Can you open an issue on github jitsi-meet so we do not forget about this one? Thanks.
deben
August 14, 2022, 9:40am
12
I have created the mr to address this issue. Let me know what do yo think.
jitsi:master ← debendraoli:master
opened 09:39AM - 14 Aug 22 UTC
<!--
Thank you for your pull request. Please provide a thorough description bel… ow.
Contributors guide: https://github.com/jitsi/jitsi-meet/blob/master/CONTRIBUTING.md
-->
This mr provides ability to configure domains to allow whitelisted domain to enter jwt auth enabled rooms.