Jibri cant join if password is set

Hey :smiley:

I have Jitsi setup and running,for any reasons I got issues with Jibri joining when a password is set.

2022-02-09 19:20:34.470 INFO: [110] XmppApi.updatePresence#144: Jibri reports its status is now JibriStatus(busyStatus=BUSY, health=OverallHealth(healthStatus=HEALTHY, details={})), publishing presence to connections
2022-02-09 19:20:34.471 INFO: [110] XmppApi.handleStartJibriIq#207: Sending 'pending' response to start IQ
2022-02-09 19:20:34.472 INFO: [142] AbstractPageObject.visit#32: Visiting url https://us-conference.domain.com
2022-02-09 19:20:35.376 INFO: [142] AbstractPageObject.visit#38: Waited 904ms for driver to load page
2022-02-09 19:20:35.407 INFO: [142] AbstractPageObject.visit#32: Visiting url https://us-conference.domain.com/asdasdasd#config.iAmRecorder=true&config.externalConnectUrl=null&config.startWithAudioMuted=true&config.startWithVideoMu>
2022-02-09 19:20:35.943 INFO: [142] AbstractPageObject.visit#38: Waited 536ms for driver to load page
2022-02-09 19:20:35.964 FINE: [142] CallPage$visit$$inlined$measureTimedValue$lambda$1.apply#58: Not joined yet: Cannot read properties of undefined (reading 'isJoined')
2022-02-09 19:20:40.031 FINE: [18] WebhookClient$updateStatus$1.invokeSuspend#107: Updating 0 subscribers of status
2022-02-09 19:21:01.870 FINE: [70] HttpApi$apiModule$2$1$1.invokeSuspend#84: Got health request
2022-02-09 19:21:01.871 FINE: [70] HttpApi$apiModule$2$1$1.invokeSuspend#86: Returning health JibriHealth(status=JibriStatus(busyStatus=BUSY, health=OverallHealth(healthStatus=HEALTHY, details={})), environmentContext=EnvironmentContext>
2022-02-09 19:21:06.344 SEVERE: [142] CallPage.visit#65: Timed out waiting for call page to load
2022-02-09 19:21:06.345 INFO: [142] [session_id=tywjmdckhxzgvlbr] JibriSelenium.onSeleniumStateChange#215: Transitioning from state Starting up to Error: FailedToJoinCall SESSION Failed to join the call
2022-02-09 19:21:06.345 INFO: [142] [session_id=tywjmdckhxzgvlbr] StatefulJibriService.onServiceStateChange#39: File recording service transitioning from state Starting up to Error: FailedToJoinCall SESSION Failed to join the call
2022-02-09 19:21:06.345 INFO: [142] XmppApi$createServiceStatusHandler$1.invoke#243: Current service had an error Error: FailedToJoinCall SESSION Failed to join the call, sending error iq <iq xmlns='jabber:client' to='jibribrewery@inter>
2022-02-09 19:21:06.345 FINE: [142] JibriStatsDClient.incrementCounter#38: Incrementing statsd counter: stop:recording
2022-02-09 19:21:06.346 INFO: [142] JibriManager.stopService#260: Stopping the current service
2022-02-09 19:21:06.346 INFO: [142] [session_id=tywjmdckhxzgvlbr] FileRecordingJibriService.stop#181: Stopping capturer
2022-02-09 19:21:06.346 INFO: [142] [session_id=tywjmdckhxzgvlbr] JibriSubprocess.stop#75: Stopping ffmpeg process
2022-02-09 19:21:06.346 INFO: [142] [session_id=tywjmdckhxzgvlbr] JibriSubprocess.stop#89: ffmpeg exited with value null
2022-02-09 19:21:06.346 INFO: [142] [session_id=tywjmdckhxzgvlbr] FileRecordingJibriService.stop#183: Quitting selenium
2022-02-09 19:21:06.346 INFO: [142] [session_id=tywjmdckhxzgvlbr] FileRecordingJibriService.stop#190: No media was recorded, deleting directory and skipping metadata file & finalize
2022-02-09 19:21:06.346 INFO: [142] [session_id=tywjmdckhxzgvlbr] JibriSelenium.leaveCallAndQuitBrowser#336: Leaving call and quitting browser
2022-02-09 19:21:06.346 INFO: [142] [session_id=tywjmdckhxzgvlbr] JibriSelenium.leaveCallAndQuitBrowser#339: Recurring call status checks cancelled
2022-02-09 19:21:06.351 INFO: [142] [session_id=tywjmdckhxzgvlbr] JibriSelenium.leaveCallAndQuitBrowser#345: Got 10 log entries for type browser
2022-02-09 19:21:06.371 INFO: [142] [session_id=tywjmdckhxzgvlbr] JibriSelenium.leaveCallAndQuitBrowser#345: Got 1062 log entries for type driver
2022-02-09 19:21:06.432 INFO: [142] [session_id=tywjmdckhxzgvlbr] JibriSelenium.leaveCallAndQuitBrowser#345: Got 0 log entries for type client
2022-02-09 19:21:06.432 INFO: [142] [session_id=tywjmdckhxzgvlbr] JibriSelenium.leaveCallAndQuitBrowser#354: Leaving web call
2022-02-09 19:21:11.466 INFO: [142] [session_id=tywjmdckhxzgvlbr] JibriSelenium.leaveCallAndQuitBrowser#361: Quitting chrome driver
2022-02-09 19:21:11.538 INFO: [142] [session_id=tywjmdckhxzgvlbr] JibriSelenium.leaveCallAndQuitBrowser#363: Chrome driver quit

My Jicofo conf:

# Jicofo HOCON configuration. See /usr/share/jicofo/jicofo.jar/reference.conf for
#available options, syntax, and default values.
jicofo {
  xmpp: {
    client: {
      client-proxy: focus.us-conference.domain.com
    }
    trusted-domains: [recorder.us-conference.domain.com]
  }
  bridge: {
    brewery-jid: "JvbBrewery@internal.auth.us-conference.domain.com"
  }
}

My Jibri conf:

// New XMPP environment config.
jibri {
    streaming {
        // A list of regex patterns for allowed RTMP URLs.  The RTMP URL used
        // when starting a stream must match at least one of the patterns in
        // this list.
        rtmp-allow-list = [
          // By default, all services are allowed
          ".*"
        ]
    }
    ffmpeg {
        resolution = "1280x720"
    }
    chrome {
        // The flags which will be passed to chromium when launching
        flags = [
          "--use-fake-ui-for-media-stream",
          "--start-maximized",
          "--kiosk",
          "--enabled",
          "--disable-infobars",
          "--autoplay-policy=no-user-gesture-required",
          "--ignore-certificate-errors",
          "--disable-dev-shm-usage"
        ]
    }
    stats {
        enable-stats-d = true
    }
    call-status-checks {
        // If all clients have their audio and video muted and if Jibri does not
        // detect any data stream (audio or video) comming in, it will stop
        // recording after NO_MEDIA_TIMEOUT expires.
        no-media-timeout = 30 seconds

        // If all clients have their audio and video muted, Jibri consideres this
        // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
        all-muted-timeout = 10 minutes

        // When detecting if a call is empty, Jibri takes into consideration for how
        // long the call has been empty already. If it has been empty for more than
        // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
        default-call-empty-timeout = 30 seconds
    }
    recording {
         recordings-directory = /var/jbrecord
         finalize-script = /home/jibri/finalize_recording.sh
    }
    api {
        xmpp {
            environments = [
                {
                // A user-friendly name for this environment
                name = "Jibri Sessions"

                // A list of XMPP server hosts to which we'll connect
                xmpp-server-hosts = [ "us-conference.domain.com" ]

                // The base XMPP domain
                xmpp-domain = "us-conference.domain.com"

                // The MUC we'll join to announce our presence for
                // recording and streaming services
                control-muc {
                    domain = "internal.auth.us-conference.domain.com"
                    room-name = "JibriBrewery"
                    nickname = "Live"
                }

                // The login information for the control MUC
                control-login {
                    domain = "auth.us-conference.domain.com"
                    username = "jibri"
                    password = "Password"
                }

                // An (optional) MUC configuration where we'll
                // join to announce SIP gateway services
            //    sip-control-muc {
            //        domain = "domain"
            //        room-name = "room-name"
            //        nickname = "nickname"
            //    }

                // The login information the selenium web client will use
                call-login {
                    domain = "recorder.us-conference.domain.com"
                    username = "recorder"
                    password = "Password"
                }

                // The value we'll strip from the room JID domain to derive
                // the call URL
                strip-from-room-domain = "conference."

                // How long Jibri sessions will be allowed to last before
                // they are stopped.  A value of 0 allows them to go on
                // indefinitely
                usage-timeout = 0 hour

                // Whether or not we'll automatically trust any cert on
                // this XMPP domain
                trust-all-xmpp-certs = true
                }
            ]
        }
    }
}

Prosody conf:

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "us-conference.domain.com";

external_service_secret = "asdasdasd";
external_services = {
     { type = "stun", host = "us-conference.domain.com", port = 3478 },
     { type = "turn", host = "us-conference.domain.com", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
     { type = "turns", host = "us-conference.domain.com", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
};

cross_domain_bosh = true;
consider_bosh_secure = true;
cross_domain_websocket = true;
consider_websocket_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284

-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
    protocol = "tlsv1_2+";
    ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}

unlimited_jids = {
    "focus@auth.us-conference.domain.com",
    "jvb@auth.us-conference.domain.com"
}

VirtualHost "us-conference.domain.com"
    -- enabled = false -- Remove this line to enable this host
    authentication = "anonymous"
    -- Properties below are modified by jitsi-meet-tokens package config
    -- and authentication above is switched to "token"
    --app_id="example_app_id"
    --app_secret="example_app_secret"
    -- Assign this host a certificate for TLS, otherwise it would use the one
    -- set in the global section (if any).
    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
    -- use the global one.
    ssl = {
        key = "/etc/prosody/certs/us-conference.domain.com.key";
        certificate = "/etc/prosody/certs/us-conference.domain.com.crt";
    }
    av_moderation_component = "avmoderation.us-conference.domain.com"
    speakerstats_component = "speakerstats.us-conference.domain.com"
    conference_duration_component = "conferenceduration.us-conference.domain.com"
    -- we need bosh
    modules_enabled = {
        "bosh";
        "websocket";
        "smacks";
        "pubsub";
        "ping"; -- Enable mod_ping
        "speakerstats";
        "external_services";
        "conference_duration";
        "muc_lobby_rooms";
        "av_moderation";
        "muc_breakout_rooms";
    }
--      smacks_max_unacked_stanzas = 5;
  --       smacks_hibernation_time = 60;
  --       smacks_max_hibernated_sessions = 1;
  --       smacks_max_old_sessions = 1;
    c2s_require_encryption = false
    lobby_muc = "lobby.us-conference.domain.com"
    breakout_rooms_muc = "breakout.us-conference.domain.com"
    main_muc = "conference.us-conference.domain.com"
    muc_lobby_whitelist = { "recorder.us-conference.domain.com" } -- Here we can whitelist jibri to enter lobby enabled rooms

Component "conference.us-conference.domain.com" "muc"
    restrict_room_creation = true
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        "polls";
        --"token_verification";
    }
    admins = { "focus@auth.us-conference.domain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.us-conference.domain.com" "muc"
    storage = "memory"
    modules_enabled = {
        "ping";
    }
    admins = { "focus@auth.us-conference.domain.com", "jvb@auth.us-conference.domain.com", "recorder@auth.us-conference.domain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.us-conference.domain.com"
    ssl = {
        key = "/etc/prosody/certs/auth.us-conference.domain.com.key";
        certificate = "/etc/prosody/certs/auth.us-conference.domain.com.crt";
    }
    modules_enabled = {
        "limits_exception";
    }
    authentication = "internal_hashed"

-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
Component "focus.us-conference.domain.com" "client_proxy"
    target_address = "focus@auth.us-conference.domain.com"

Component "speakerstats.us-conference.domain.com" "speakerstats_component"
    muc_component = "conference.us-conference.domain.com"

Component "conferenceduration.us-conference.domain.com" "conference_duration_component"
    muc_component = "conference.us-conference.domain.com"

Component "avmoderation.us-conference.domain.com" "av_moderation_component"
    muc_component = "conference.us-conference.domain.com"

Component "lobby.us-conference.domain.com" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "recorder.us-conference.domain.com"
  modules_enabled = {
    "ping";
    "smacks";
  }
  authentication = "internal_hashed"

Component "breakout.us-conference.domain.com" "muc"
    restrict_room_creation = true
    storage = "memory"
    admins = {"focus@auth.us-conference.domain.com", "jvb@auth.us-conference.domain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

Any ideas where the issue could be?

Yeah, this is a known shortfall. Use the suggestion in this post to fix it.

1 Like

Worked, thanks, but how can that be a know issue?

It’s always been. I guess the team never did quite get to it. It was the same thing with the lobby, but that got fixed.

1 Like

It’s now no longer necessary to add a custom module, it has been integrated into Jitsi-meet (will be in next stable). Add the module to the conference muc. It’s important to stress that the module will NOT work if added to the host. It’s looks like the lobby whitelist, but is not setup in the same way.

Component "conference.meet.example.com" "muc"
(...)
    modules_enabled = {
(..)
        "muc_password_whitelist";
    }
(...)
    muc_password_whitelist = { "recorder@recorder.meet.example.com" } -- Here we can whitelist jibri recorder to enter password protected rooms