Jigasi BOSH connection not working with JWT

hkhait · September 6, 2022, 9:14am

Hello,

I am trying to setup a Jigasi server within an external public network but I have a hard time connecting it to my Jitsi-Meet instance via BOSH connection. XMPP connection works fine though.

My Jitsi-Meet server uses JWT authentication and secure domain is activated.

Here are Jigasi logs when I generate a inbound phone call

2022-09-05 18:02:06.880 INFOS: [95] SipGateway$SipCallListener.incomingCallReceived#216: [ctx=1662393726876685118626] Incoming call received...
2022-09-05 18:02:06.896 INFOS: [97] SipGatewaySession$WaitForJvbRoomNameThread.run#1567: [ctx=1662393726876685118626] Wait thread cancelled
2022-09-05 18:02:06.910 INFOS: [95] JvbConference.start#479: [ctx=1662393726876685118626] Starting JVB conference room: jigasi0312345679@conference.my-jitsi-meet-domain.com
2022-09-05 18:02:06.911 INFOS: [95] JvbConference.createAccountPropertiesForCallId#1584: [ctx=1662393726876685118626] Using bosh url:https://my-jitsi-meet-domain.com/http-bind?room=jigasi0312345679&token=MY.VALID.TOKEN
2022-09-05 18:02:06.980 INFOS: [95] JvbConference.setXmppProvider#615: [ctx=1662393726876685118626] Using ProtocolProviderServiceJabberImpl(Jabber:159f6afc@my-jitsi-meet-domain.com/159f6afc)
2022-09-05 18:02:07.131 INFOS: [100] org.igniterealtime.jbosh.BOSHClient.init: Starting with 1 request processors
2022-09-05 18:02:07.500 INFOS: [100] net.java.sip.communicator.impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged: Jingle : ON 
2022-09-05 18:02:07.503 INFOS: [100] JvbConference.registrationStateChanged#677: [ctx=1662393726876685118626] Registering XMPP.
2022-09-05 18:02:07.635 INFOS: [100] net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$JabberConnectionListener.authenticated: Authenticated: false
2022-09-05 18:02:07.693 INFOS: [100] AudioModeration.xmppProviderRegistered#499: [ctx=1662393726876685118626] Discovered avmoderation.my-jitsi-meet-domain.com for 64ms.
2022-09-05 18:02:07.694 INFOS: [100] JvbConference.joinConferenceRoom#759: [ctx=1662393726876685118626] Joining JVB conference room: jigasi0312345679@conference.my-jitsi-meet-domain.com
2022-09-05 18:02:07.780 GRAVE: [100] JvbConference.inviteFocus#1697: [ctx=1662393726876685118626] Could not invite the focus to the conference
org.jivesoftware.smack.XMPPException$XMPPErrorException: XMPP error reply received from focus.my-jitsi-meet-domain.com: XMPPError: not-acceptable - modify
	at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:171)
	at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:165)
	at org.jivesoftware.smack.StanzaCollector.nextResultOrThrow(StanzaCollector.java:284)
	at org.jivesoftware.smack.StanzaCollector.nextResultOrThrow(StanzaCollector.java:228)
	at org.jitsi.jigasi.JvbConference.inviteFocus(JvbConference.java:1691)
	at org.jitsi.jigasi.JvbConference.joinConferenceRoom(JvbConference.java:834)
	at org.jitsi.jigasi.JvbConference.registrationStateChanged(JvbConference.java:658)
	at net.java.sip.communicator.service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged(AbstractProtocolProviderService.java:185)
	at net.java.sip.communicator.service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged(AbstractProtocolProviderService.java:139)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1395)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:968)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:793)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:495)
	at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)
2022-09-05 18:02:07.869 AVERTISSEMENT: [119] net.java.sip.communicator.impl.protocol.jabber.ChatRoomJabberImpl$ChatRoomPresenceListener.processStanza: Unable to handle packet: Presence Stanza [to=89a1fbd2-86dc-48d9-8459-06c850e76014@my-jitsi-meet-domain.com/PMSRG-Uo1aa6,from=jigasi0312345679@conference.my-jitsi-meet-domain.com/771823b5,id=ZR7YJ-2,type=error,]
2022-09-05 18:02:07.871 GRAVE: [100] net.java.sip.communicator.impl.protocol.jabber.ChatRoomJabberImpl.joinAs: Failed to join room jigasi0312345679@conference.my-jitsi-meet-domain.com with nickname: 771823b5
org.jivesoftware.smack.XMPPException$XMPPErrorException: XMPP error reply received from jigasi0312345679@conference.my-jitsi-meet-domain.com/771823b5: XMPPError: not-allowed - cancel [Room creation is restricted]. Generated by conference.my-jitsi-meet-domain.com
	at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:171)
	at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:165)
	at org.jivesoftware.smack.StanzaCollector.nextResultOrThrow(StanzaCollector.java:284)
	at org.jivesoftware.smackx.muc.MultiUserChat.enter(MultiUserChat.java:408)
	at org.jivesoftware.smackx.muc.MultiUserChat.join(MultiUserChat.java:721)
	at org.jivesoftware.smackx.muc.MultiUserChat.join(MultiUserChat.java:651)
	at net.java.sip.communicator.impl.protocol.jabber.ChatRoomJabberImpl.joinAs(ChatRoomJabberImpl.java:739)
	at net.java.sip.communicator.impl.protocol.jabber.ChatRoomJabberImpl.joinAs(ChatRoomJabberImpl.java:873)
	at org.jitsi.jigasi.JvbConference.joinConferenceRoom(JvbConference.java:850)
	at org.jitsi.jigasi.JvbConference.registrationStateChanged(JvbConference.java:658)
	at net.java.sip.communicator.service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged(AbstractProtocolProviderService.java:185)
	at net.java.sip.communicator.service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged(AbstractProtocolProviderService.java:139)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1395)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:968)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:793)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:495)
	at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)
2022-09-05 18:02:07.872 GRAVE: [100] JvbConference.joinConferenceRoom#972: [ctx=1662393726876685118626] Failed to join room jigasi0312345679@conference.my-jitsi-meet-domain.com with nickname: 771823b5
net.java.sip.communicator.service.protocol.OperationFailedException: Failed to join room jigasi0312345679@conference.my-jitsi-meet-domain.com with nickname: 771823b5
	at net.java.sip.communicator.impl.protocol.jabber.ChatRoomJabberImpl.joinAs(ChatRoomJabberImpl.java:840)
	at net.java.sip.communicator.impl.protocol.jabber.ChatRoomJabberImpl.joinAs(ChatRoomJabberImpl.java:873)
	at org.jitsi.jigasi.JvbConference.joinConferenceRoom(JvbConference.java:850)
	at org.jitsi.jigasi.JvbConference.registrationStateChanged(JvbConference.java:658)
	at net.java.sip.communicator.service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged(AbstractProtocolProviderService.java:185)
	at net.java.sip.communicator.service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged(AbstractProtocolProviderService.java:139)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1395)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:968)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:793)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:495)
	at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)
Caused by: org.jivesoftware.smack.XMPPException$XMPPErrorException: XMPP error reply received from jigasi0312345679@conference.my-jitsi-meet-domain.com/771823b5: XMPPError: not-allowed - cancel [Room creation is restricted]. Generated by conference.my-jitsi-meet-domain.com
	at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:171)
	at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:165)
	at org.jivesoftware.smack.StanzaCollector.nextResultOrThrow(StanzaCollector.java:284)
	at org.jivesoftware.smackx.muc.MultiUserChat.enter(MultiUserChat.java:408)
	at org.jivesoftware.smackx.muc.MultiUserChat.join(MultiUserChat.java:721)
	at org.jivesoftware.smackx.muc.MultiUserChat.join(MultiUserChat.java:651)
	at net.java.sip.communicator.impl.protocol.jabber.ChatRoomJabberImpl.joinAs(ChatRoomJabberImpl.java:739)
	... 10 more
2022-09-05 18:02:07.873 INFOS: [100] JvbConference.stop#575: [ctx=1662393726876685118626] Removing account Jabber:159f6afc@my-jitsi-meet-domain.com/159f6afc
2022-09-05 18:02:07.877 INFOS: [100] net.java.sip.communicator.impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged: Jingle : OFF 
2022-09-05 18:02:07.896 INFOS: [122] SipGatewaySession$SipCallStateListener.handleCallState#1440: [ctx=1662393726876685118626] SIP call ended: CallPeerChangeEvent: type=CallPeerStatusChange oldV=net.java.sip.communicator.service.protocol.CallPeerState:Incoming Call newV=net.java.sip.communicator.service.protocol.CallPeerState:Failed for peer=...4420 <...4420@192.168.1.20>;status=Failed
2022-09-05 18:02:07.898 INFOS: [122] SipGatewaySession.sipCallEnded#694: [ctx=1662393726876685118626] Sip call ended: Call: id=1662393726875877139545 peers=0
2022-09-05 18:02:07.898 GRAVE: [122] AbstractGateway.notifyCallEnded#121: [ctx=1662393726876685118626] Call resource not exists for session.
2022-09-05 18:02:07.899 INFOS: [122] SipGatewaySession$CallPeerListener.peerStateChanged#1501: null SIP peer state: Failed
2022-09-05 18:02:07.911 GRAVE: [107] net.java.sip.communicator.util.UtilActivator.uncaughtException: An uncaught exception occurred in thread=Thread[RequestProcessor[1470595295]: Receive thread 0,10,main], and message was: Connection is not open
java.lang.IllegalStateException: Connection is not open
	at org.apache.http.util.Asserts.check(Asserts.java:34)
	at org.apache.http.impl.SocketHttpClientConnection.assertOpen(SocketHttpClientConnection.java:73)
	at org.apache.http.impl.AbstractHttpClientConnection.receiveResponseEntity(AbstractHttpClientConnection.java:305)
	at org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseEntity(AbstractClientConnAdapter.java:221)
	at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:279)
	at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125)
	at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:679)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:481)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:235)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.getBody(ApacheHTTPResponse.java:192)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1123)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:999)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1728)
	at java.base/java.lang.Thread.run(Thread.java:829)

And here’s my jigasi sip-communicator.properties file :

org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME=siptest@conference.my-jitsi-meet-domain.com
org.jitsi.jigasi.MUC_SERVICE_ADDRESS=conference.my-jitsi-meet-domain.com
net.java.sip.communicator.impl.protocol.SingleCallInProgressPolicy.enabled=false
net.java.sip.communicator.impl.neomedia.codec.audio.opus.encoder.COMPLEXITY=10
net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.ACCOUNT_UID=SIP\:jigasi_user@my-sip-provider.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PASSWORD=MY-SIP-PASSWORD
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.USER_ID=jigasi_user@my-sip-provider.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.KEEP_ALIVE_INTERVAL=25
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.KEEP_ALIVE_METHOD=OPTIONS
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.VOICEMAIL_ENABLED=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PROTOCOL_NAME=SIP
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SERVER_ADDRESS=my-sip-provider.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SERVER_PORT=5060
net.java.sip.communicator.impl.protocol.sip.acc1403273890647=acc1403273890647
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.AMR-WB/16000=750
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.G722/8000=700
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.GSM/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.H263-1998/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.H264/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.PCMA/8000=600
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.PCMU/8000=650
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/12000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/24000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.VP8/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.iLBC/8000=10
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.opus/48000=1000
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.red/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/32000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.telephone-event/8000=1
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.ulpfec/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.OVERRIDE_ENCODINGS=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DEFAULT_ENCRYPTION=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.JITSI_MEET_ROOM_HEADER_NAME=X-Room-Name
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SKIP_REINVITE_ON_FOCUS_CHANGE_PROP=true
net.java.sip.communicator.impl.protocol.sip.SKIP_REINVITE_ON_FOCUS_CHANGE_PROP=true
net.java.sip.communicator.plugin.reconnectplugin.ATLEAST_ONE_SUCCESSFUL_CONNECTION.SIP\:jigasi_user@my-sip-provider.com=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DOMAIN_BASE=my-jitsi-meet-domain.com
org.jitsi.jigasi.ALLOWED_JID=JigasiBrewery@internal.auth.my-jitsi-meet-domain.com
org.jitsi.jigasi.BREWERY_ENABLED=true
org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS=my-jitsi-meet-domain.com
org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true
org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false
org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false
org.jitsi.jigasi.xmpp.acc.IM_DISABLED=true
org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true
org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true
org.jitsi.jigasi.xmpp.acc.KEEP_ALIVE_METHOD=XEP-0199
org.jitsi.jigasi.xmpp.acc.KEEP_ALIVE_INTERVAL=30
org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
org.jitsi.jigasi.xmpp.acc.BOSH_URL_PATTERN=https://my-jitsi-meet-domain.com/http-bind?room={roomName}&token=MY.VALID.TOKEN
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
org.jitsi.jigasi.ENABLE_SIP=true
org.jitsi.jigasi.HEALTH_CHECK_SIP_URI=healthcheck
org.jitsi.jigasi.HEALTH_CHECK_INTERVAL=300000
org.jitsi.jigasi.HEALTH_CHECK_TIMEOUT=600000
org.jitsi.impl.neomedia.transform.csrc.CsrcTransformEngine.DISCARD_CONTRIBUTING_SOURCES=true
net.java.sip.communicator.impl.protocol.HOLE_PUNCH_PKT_COUNT=24

Does anyone know why the BOSH connection fails ?
Thanks for your help

damencho · September 6, 2022, 12:50pm

Is this the domain where the jwt for jigasi is configured?

hkhait · September 6, 2022, 1:19pm

Yes. Here’s my prosody config :

-- Plugins path gets uncommented during jitsi-meet-tokens package install - that's where token plugin is located
plugin_paths = {
    "/usr/share/jitsi-meet/prosody-plugins/"
}

external_service_secret = "******************";
external_services = {
    {
         type = "turns",
         host = "turn.my-jitsi-meet-domain.com",
         port = 443,
         transport = "tcp",
         secret = true,
         ttl = 86400,
         algorithm = "turn"
    }
}

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "my-jitsi-meet-domain.com";

--Network backends method
network_backend = "epoll";

cross_domain_bosh = false;
consider_bosh_secure = true;
consider_websocket_secure = true;
cross_domain_websocket = true;

unlimited_jids = {
        "focus@auth.my-jitsi-meet-domain.com",
        "jvb-zone1-01@auth.my-jitsi-meet-domain.com",
        "jvb-zone1-02@auth.my-jitsi-meet-domain.com",
        "jvb-zone2-01@auth.my-jitsi-meet-domain.com",
        "jvb-zone2-02@auth.my-jitsi-meet-domain.com"
}

VirtualHost "my-jitsi-meet-domain.com"
        -- enabled = false -- Remove this line to enable this host
        authentication = "token"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        app_id="*******************"
        app_secret="*******************"
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/my-jitsi-meet-domain.com.key";
                certificate = "/etc/prosody/certs/my-jitsi-meet-domain.com.crt";
        }
        av_moderation_component = "avmoderation.my-jitsi-meet-domain.com"
        speakerstats_component = "speakerstats.my-jitsi-meet-domain.com"
        conference_duration_component = "conferenceduration.my-jitsi-meet-domain.com"
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
            "speakerstats";
            "external_services";
            "conference_duration";
            "pinger";
            "websocket";
            "muc_lobby_rooms";
            "muc_breakout_rooms";
            "av_moderation";
        }
        c2s_require_encryption = false
        lobby_muc = "lobby.my-jitsi-meet-domain.com"
        breakout_rooms_muc = "breakout.my-jitsi-meet-domain.com"
        main_muc = "conference.my-jitsi-meet-domain.com"

Component "conference.my-jitsi-meet-domain.com" "muc"
    restrict_room_creation = true
    storage = "memory"
    c2s_idle_timeout=30;
    c2s_ping_timeout=5;

    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        "token_verification";
        "ping";
        "pinger";
        "polls";
        "muc_rate_limit";
    }
    admins = { "focus@auth.my-jitsi-meet-domain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true
    --muc_max_occupants = "30"
    muc_access_whitelist = { "focus@auth.my-jitsi-meet-domain.com" }

Component "breakout.my-jitsi-meet-domain.com" "muc"
    restrict_room_creation = true
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        --"token_verification";
        "muc_rate_limit";
    }
    admins = { "focus@auth.my-jitsi-meet-domain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.my-jitsi-meet-domain.com" "muc"
    storage = "memory"
    modules_enabled = {
      "ping";
    }
    admins = {
            "focus@auth.my-jitsi-meet-domain.com",
            "jvb-zone1-01@auth.my-jitsi-meet-domain.com",
            "jvb-zone1-02@auth.my-jitsi-meet-domain.com",
            "jvb-zone2-01@auth.my-jitsi-meet-domain.com",
            "jvb-zone2-02@auth.my-jitsi-meet-domain.com"
    }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.my-jitsi-meet-domain.com"
    modules_enabled = { "limits_exception"; }
    ssl = {
        key = "/etc/prosody/certs/auth.my-jitsi-meet-domain.com.key";
        certificate = "/etc/prosody/certs/auth.my-jitsi-meet-domain.com.crt";
    }
    authentication = "internal_hashed"

Component "focus.my-jitsi-meet-domain.com" "client_proxy"
    target_address = "focus@auth.my-jitsi-meet-domain.com"
    component_secret = "******************"

Component "speakerstats.my-jitsi-meet-domain.com" "speakerstats_component"
    muc_component = "conference.my-jitsi-meet-domain.com"

Component "conferenceduration.my-jitsi-meet-domain.com" "conference_duration_component"
    muc_component = "conference.my-jitsi-meet-domain.com"

Component "avmoderation.my-jitsi-meet-domain.com" "av_moderation_component"
    muc_component = "conference.my-jitsi-meet-domain.com"

Component "lobby.my-jitsi-meet-domain.com" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true
    modules_enabled = {
        "muc_rate_limit";
    }

VirtualHost "guest.my-jitsi-meet-domain.com"
    authentication = "token"
    app_id="empty";
    app_secret="empty";
    c2s_require_encryption = false;
    allow_empty_token = true;
    modules_enabled = {
        "bosh";
        "ping";
        "pinger";
        "external_services";
    }

Am I missing something ?

damencho · September 6, 2022, 1:26pm

hkhait:

2022-09-05 18:02:07.780 GRAVE: [100] JvbConference.inviteFocus#1697: [ctx=1662393726876685118626] Could not invite the focus to the conference
org.jivesoftware.smack.XMPPException$XMPPErrorException: XMPP error reply received from focus.my-jitsi-meet-domain.com: XMPPError: not-acceptable - modify
	at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:171)
	at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:165)

...

2022-09-05 18:02:07.871 GRAVE: [100] net.java.sip.communicator.impl.protocol.jabber.ChatRoomJabberImpl.joinAs: Failed to join room jigasi0312345679@conference.my-jitsi-meet-domain.com with nickname: 771823b5
org.jivesoftware.smack.XMPPException$XMPPErrorException: XMPP error reply received from jigasi0312345679@conference.my-jitsi-meet-domain.com/771823b5: XMPPError: not-allowed - cancel [Room creation is restricted]. Generated by conference.my-jitsi-meet-domain.com

Wait that is another issue … Its better to check on PC rather than on mobile, you see the logs better.
So jigasi invites jicofo to create a meeting which is denied … this can happen when you have this jicofo config:

enabled: true
    type: XMPP
    login-url: jitsi-meet.example.com

Which is not supposed to be there when you have token configuration in place.

And as your jigasi is the first one to join and jicofo has not created the room that is the second error denied the room creation.

hkhait · September 6, 2022, 1:42pm

I actually do have token configuration in place in jicofo.conf

jicofo {
  // Authentication with external services
  authentication {
    enabled = true
    // The type of authentication. Supported values are XMPP, JWT or SHIBBOLETH (default).
    type = JWT

    // The pattern of authentication URL. See ShibbolethAuthAuthority for more information.
    login-url = "my-jitsi-meet-domain.com"

    # logout-url =

    authentication-lifetime = 24 hours
    enable-auto-login = true
  }

...

  jigasi {
    // The JID of the MUC to be used as a brewery for jigasi instances.
    # brewery-jid = "jigasibrewery@example.com"

    // The XMPP connection to use to communicate with Jigasi instances. Either `Client` or `Service` (case-sensitive).
    // See the corresponding XMPP connection configuration under `xmpp`.
    // Note that if no separate Service connection has been configured, all services will automatically use the
    // Client connection.
    xmpp-connection-name = Client
  }

...

  xmpp {
    // The separate XMPP connection used for communication with clients (endpoints).
    client {
      enabled = true
      hostname = "prosody-server.local"
      port = 5222
      domain = "auth.my-jitsi-meet-domain.com"
      username = "focus"
      password = "**************"

      // How long to wait for a response to a stanza before giving up.
      reply-timeout = 15 seconds

      // The JID/domain of the MUC service used for conferencing.
      conference-muc-jid = "conference.my-jitsi-meet-domain.com"

      // A flag to suppress the TLS certificate verification.
      disable-certificate-verification = true

      // The JID of the mod_client_proxy component if used. It will be trusted to encode the JID of the original
      // sender in the resource part of the JID.
      client-proxy = focus.my-jitsi-meet-domain.com

      // Use TLS between Jicofo and the XMPP server
      // Only disable this if your xmpp connection is on loopback!
      use-tls = true
    }

...

damencho · September 6, 2022, 1:50pm

Does it work if you disable that?

hkhait · September 7, 2022, 4:19pm

Hello @damencho

I replaced enabled = true with enabled = false but I still have the same errors.

Should I enable the parameters below even when using BOSH ?

# If you want jigasi to perform authenticated login instead of anonymous login
# to the XMPP server, you can set the following properties.
#org.jitsi.jigasi.xmpp.acc.USER_ID=jigasi@auth.my-jitsi-meet-domain.com
#org.jitsi.jigasi.xmpp.acc.PASS=PWD
#org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false

damencho · September 7, 2022, 4:58pm

Yep, try that out and with ANONYMOUS_AUTH=true

hkhait · September 7, 2022, 10:08pm

When I set org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=true I get this strange error :

2022-09-07 23:49:53.611 INFOS: [94] SipGateway$SipCallListener.incomingCallReceived#216: [ctx=16625873936021114408082] Incoming call received...
2022-09-07 23:49:54.621 INFOS: [96] SipGatewaySession$WaitForJvbRoomNameThread.run#1567: [ctx=16625873936021114408082] Wait thread cancelled
2022-09-07 23:49:54.638 INFOS: [94] JvbConference.start#479: [ctx=16625873936021114408082] Starting JVB conference room: jigasi03123456789@conference.my-jitsi-meet-domain.com
2022-09-07 23:49:54.639 INFOS: [94] JvbConference.createAccountPropertiesForCallId#1584: [ctx=16625873936021114408082] Using bosh url:https://my-jitsi-meet-domain.com/http-bind?room=jigasi03123456789&token=MY.VALID.TOKEN
2022-09-07 23:49:54.686 INFOS: [94] JvbConference.setXmppProvider#615: [ctx=16625873936021114408082] Using ProtocolProviderServiceJabberImpl(Jabber:v-jigasi@auth.my-jitsi-meet-domain.com/37c5c812)
2022-09-07 23:49:54.821 INFOS: [99] org.igniterealtime.jbosh.BOSHClient.init: Starting with 1 request processors
2022-09-07 23:49:55.183 INFOS: [99] net.java.sip.communicator.impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged: Jingle : ON 
2022-09-07 23:49:55.187 INFOS: [99] JvbConference.registrationStateChanged#677: [ctx=16625873936021114408082] Registering XMPP.
2022-09-07 23:49:55.188 GRAVE: [99] net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin: Failed to connect to XMPP service for:ProtocolProviderServiceJabberImpl(Jabber:v-jigasi@auth.my-jitsi-meet-domain.com/37c5c812)
org.jivesoftware.smack.SmackException$SmackSaslException: No supported and enabled SASL Mechanism provided by server. Server announced mechanisms: [PLAIN, SCRAM-SHA-1]. Registered SASL mechanisms with Smack: [SASL Mech: GSSAPI, Prio: 100, SASL Mech: SCRAM-SHA-1-PLUS, Prio: 100, SASL Mech: SCRAM-SHA-1, Prio: 110, SASL Mech: DIGEST-MD5, Prio: 200, SASL Mech: CRAM-MD5, Prio: 300, SASL Mech: PLAIN, Prio: 400, SASL Mech: X-OAUTH2, Prio: 410, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: ANONYMOUS, Prio: 500]. Enabled SASL mechanisms for this connection: [ANONYMOUS]. Blacklisted SASL mechanisms: [SCRAM-SHA-1-PLUS]. Skip reasons: []
	at org.jivesoftware.smack.SASLAuthentication.selectMechanism(SASLAuthentication.java:366)
	at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:188)
	at org.jivesoftware.smack.AbstractXMPPConnection.authenticate(AbstractXMPPConnection.java:897)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.loginInternal(XMPPBOSHConnection.java:230)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:638)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:595)
	at net.java.sip.communicator.impl.protocol.jabber.AnonymousLoginStrategy.login(AnonymousLoginStrategy.java:83)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1377)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:968)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:793)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:495)
	at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)
2022-09-07 23:49:55.206 GRAVE: [99] net.java.sip.communicator.util.UtilActivator.uncaughtException: An uncaught exception occurred in thread=Thread[Thread-49,10,main], and message was: null
java.lang.NullPointerException
	at java.base/java.util.concurrent.ConcurrentHashMap.replaceNode(ConcurrentHashMap.java:1111)
	at java.base/java.util.concurrent.ConcurrentHashMap.remove(ConcurrentHashMap.java:1102)
	at org.jivesoftware.smackx.disco.ServiceDiscoveryManager.removeNodeInformationProvider(ServiceDiscoveryManager.java:387)
	at net.java.sip.communicator.impl.protocol.jabber.ScServiceDiscoveryManager.stop(ScServiceDiscoveryManager.java:680)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.disconnectAndCleanConnection(ProtocolProviderServiceJabberImpl.java:1540)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1005)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:793)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:495)
	at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)

However, when I set ANONYMOUS_AUTH=false I get SASLError using SCRAM-SHA-1: not-authorized, Although I added the user in prosody with the command sudo prosodyctl register jigasi auth.my-jitsi-meet-domain.com jigasi_password

2022-09-07 23:56:57.381 INFOS: [96] org.igniterealtime.jbosh.BOSHClient.init: Starting with 1 request processors
2022-09-07 23:56:57.759 INFOS: [96] net.java.sip.communicator.impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged: Jingle : ON 
2022-09-07 23:56:57.762 INFOS: [96] JvbConference.registrationStateChanged#677: [ctx=16625878171731120741264] Registering XMPP.
2022-09-07 23:56:57.817 GRAVE: [96] net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin: Failed to connect to XMPP service for:ProtocolProviderServiceJabberImpl(Jabber:jigasi@auth.my-jitsi-meet-domain.com/390e5116)
org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
	at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:286)
	at org.jivesoftware.smack.AbstractXMPPConnection.lambda$new$2(AbstractXMPPConnection.java:407)
	at org.jivesoftware.smack.NonzaCallback$ClassAndConsumer.accept(NonzaCallback.java:177)
	at org.jivesoftware.smack.NonzaCallback$ClassAndConsumer.access$200(NonzaCallback.java:166)
	at org.jivesoftware.smack.NonzaCallback.onNonzaReceived(NonzaCallback.java:46)
	at org.jivesoftware.smack.AbstractXMPPConnection.parseAndProcessNonza(AbstractXMPPConnection.java:1440)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.access$1700(XMPPBOSHConnection.java:69)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection$BOSHPacketReader.responseReceived(XMPPBOSHConnection.java:534)
	at org.igniterealtime.jbosh.BOSHClient.fireResponseReceived(BOSHClient.java:1610)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1145)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:999)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1728)
	at java.base/java.lang.Thread.run(Thread.java:829)
2022-09-07 23:56:57.828 GRAVE: [96] JvbConference.registrationStateChanged#681: [ctx=16625878171731120741264] XMPP Connection failed. RegistrationStateChangeEvent[ oldState=Registering; newState=RegistrationState=Connection Failed; userRequest=false; reasonCode=6; reason=SASLError using SCRAM-SHA-1: not-authorized]
2022-09-07 23:56:57.951 GRAVE: [105] net.java.sip.communicator.util.UtilActivator.uncaughtException: An uncaught exception occurred in thread=Thread[RequestProcessor[1362023993]: Receive thread 1,10,main], and message was: Connection is not open
java.lang.IllegalStateException: Connection is not open
	at org.apache.http.util.Asserts.check(Asserts.java:34)
	at org.apache.http.impl.SocketHttpClientConnection.assertOpen(SocketHttpClientConnection.java:73)
	at org.apache.http.impl.AbstractHttpClientConnection.receiveResponseEntity(AbstractHttpClientConnection.java:305)
	at org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseEntity(AbstractClientConnAdapter.java:221)
	at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:279)
	at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125)
	at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:679)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:481)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:235)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.getBody(ApacheHTTPResponse.java:192)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1123)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:999)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1728)
	at java.base/java.lang.Thread.run(Thread.java:829)

I’m still digging but I cannot find a solution

damencho · September 7, 2022, 10:19pm

But with anonymous false, you are setting and the password right?

hkhait · September 7, 2022, 10:31pm

Yes, the same password as the one in prosodyctl register command

damencho · September 7, 2022, 10:34pm

And in that case you are not sending the token with the bosh connection… Not sure it matters though…

hkhait · September 9, 2022, 2:49pm

Now it works. Thanks for your help @damencho. Jigasi wasn’t communicating with the right prosody server (I have two shards) + I had another issue with OCTO and I had to add org.jitsi.jigasi.LOCAL_REGION="MyRegion"

Here’s the full config for anyone facing the same issue

org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME=siptest@conference.my-jitsi-meet-domain.com
org.jitsi.jigasi.MUC_SERVICE_ADDRESS=conference.my-jitsi-meet-domain.com
net.java.sip.communicator.impl.protocol.SingleCallInProgressPolicy.enabled=false
net.java.sip.communicator.impl.neomedia.codec.audio.opus.encoder.COMPLEXITY=10
net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.ACCOUNT_UID=SIP\:jigasi_user@my-sip-provider.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PASSWORD=PWD
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.USER_ID=jigasi_user@my-sip-provider.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.KEEP_ALIVE_INTERVAL=25
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.KEEP_ALIVE_METHOD=OPTIONS
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.VOICEMAIL_ENABLED=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PROTOCOL_NAME=SIP
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SERVER_ADDRESS=my-sip-provider.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PREFERRED_TRANSPORT=UDP
net.java.sip.communicator.impl.protocol.sip.acc1403273890647=acc1403273890647
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.AMR-WB/16000=750
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.G722/8000=700
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.GSM/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.H263-1998/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.H264/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.PCMA/8000=600
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.PCMU/8000=650
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/12000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/24000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.VP8/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.iLBC/8000=10
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.opus/48000=1000
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.red/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/32000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.telephone-event/8000=1
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.ulpfec/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.OVERRIDE_ENCODINGS=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DEFAULT_ENCRYPTION=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.JITSI_MEET_ROOM_HEADER_NAME=X-Room-Name
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SKIP_REINVITE_ON_FOCUS_CHANGE_PROP=true
net.java.sip.communicator.impl.protocol.sip.SKIP_REINVITE_ON_FOCUS_CHANGE_PROP=true
net.java.sip.communicator.plugin.reconnectplugin.ATLEAST_ONE_SUCCESSFUL_CONNECTION.SIP\:jigasi_user@my-sip-provider.com=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DOMAIN_BASE=my-jitsi-meet-domain.com
org.jitsi.jigasi.ALLOWED_JID=JigasiBrewery@internal.auth.my-jitsi-meet-domain.com
org.jitsi.jigasi.BREWERY_ENABLED=true
org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS=my-jitsi-meet-domain.com
org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true
org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false
org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false
org.jitsi.jigasi.xmpp.acc.IM_DISABLED=true
org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true
org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true
org.jitsi.jigasi.xmpp.acc.KEEP_ALIVE_METHOD=XEP-0199
org.jitsi.jigasi.xmpp.acc.KEEP_ALIVE_INTERVAL=30
org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
org.jitsi.jigasi.xmpp.acc.BOSH_URL_PATTERN=https://my-jitsi-meet-domain.com/http-bind?room={roomName}
org.jitsi.jigasi.xmpp.acc.USER_ID=jigasi_user@auth.my-jitsi-meet-domain.com
org.jitsi.jigasi.xmpp.acc.PASS=toto
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
org.jitsi.jigasi.ENABLE_SIP=true
org.jitsi.jigasi.HEALTH_CHECK_SIP_URI=healthcheck
org.jitsi.jigasi.HEALTH_CHECK_INTERVAL=300000
org.jitsi.jigasi.HEALTH_CHECK_TIMEOUT=600000
org.jitsi.jigasi.LOCAL_REGION="MyRegion"
org.jitsi.impl.neomedia.transform.csrc.CsrcTransformEngine.DISCARD_CONTRIBUTING_SOURCES=true
net.java.sip.communicator.impl.protocol.HOLE_PUNCH_PKT_COUNT=24

damencho · September 9, 2022, 2:56pm

There is one small drawback when using this kind of authentication with jigasi and it is about lobby rooms. If you have a room where lobby is enabled and someone dials in and you allow the jigasi to enter, this allows all subsequent jigasis to enter the meeting bypassing lobby.
Cause you allow jigasi_user@auth.my-jitsi-meet-domain.com for that meeting and all jigasis that connect use that.

The only solution for that if you do not want anonymous users connecting(jigasi using anonymous connection) is to use tokens and for jigasi. We are using this for jaas, jitsi-meet/jaas.cfg.lua at ede97584f2d1cfd90121c8ac93058a94adab549b · jitsi/jitsi-meet · GitHub
and you have TLS sip link to the provider and from the provider, as a sip header you pass the token as you do for the room name jigasi/SipGatewaySession.java at 3fdc420f311d17f731befcee6b73ee71d84d05ea · jitsi/jigasi · GitHub

hkhait · September 9, 2022, 3:46pm

Those are valuable information. I will try that next week.
Thank you very much

damencho · September 9, 2022, 4:36pm

hkhait · October 17, 2022, 2:15pm

Hello @damencho

Jigasi struggles to connect to JVB in the same region when using OCTO. It only works half the time.
It seems that jicofo ignores Jigasi’s region even though it’s configured as follows in jigasi config file org.jitsi.jigasi.LOCAL_REGION="MyRegion"… am I missing something ?

damencho · October 17, 2022, 2:17pm

When you set org.jitsi.jigasi.LOCAL_REGION it is jigasi reporting it to jicofo and jicofo is the one choosing jigasi when doing outgoing calls.

hkhait · October 17, 2022, 3:19pm

Does that mean that LOCAL_REGION is not useful for incoming call ?

Here’s my actual use case (when it works)

But sometimes, this is what happens

In the second case, the connection between Jigasi and “JVB PrivateRegion” cannot be established because this JVB doesn’t have a public IP.

damencho · October 17, 2022, 3:25pm

Well we use the regions in two places actually. The first is jigasi/Statistics.java at fb76d173eb643b94fb7ee10721af1a1647127ee9 · jitsi/jigasi · GitHub
Which is what jicofo uses to choose jigasi that is in a different region.

The second one is jigasi/JvbConference.java at 4964b522a18df7ac0296f3a580c2d24b11cc82bd · jitsi/jigasi · GitHub where it adds a region to the presence so jicofo can choose a bridge for that client … I guess you are using octo … Not sure why jicofo will use the wrong region … you want to debug jicofo choosing the bridge for that jigasi …