[jitsi-users] Help with Secure Jitsi Meet


#1

Hello!

I installed Jitsi-Meet and have a problem with the secure mode. Would be
really great if someone could help me!

*System:*
Ubuntu Server 16.04 with LEMP-Stack

*Jitsi-Meet:*
Installed with apt-get install jitsi-meet
FQHN *****.f1.htw-berlin.de
Afterwards: SSL-Certs from letsencrypt

*Problem:*
I start a room under https://*****.f1.htw-berlin.de/room
The info-window tells me to wait or to click that I'm the host
I click that I'm host and enter "tjaden@auth.*****.f1.htw-berlin.de"
with my password

The I get "Get session-id error:"

===> What am I doing wrong?

*Prosody Configuration:*

···

###############################
VirtualHost "*******.f1.htw-berlin.de"
        ssl = {
                key = "/etc/prosody/certs/*******.f1.htw-berlin.de.key";
                certificate =
"/etc/prosody/certs/*******.f1.htw-berlin.de.crt";
        }
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
        }
Component "conference.*******.f1.htw-berlin.de" "muc"
    --modules_enabled = { "token_verification" }
admins = {"focus@auth.*******.f1.htw-berlin.de";
          "tjaden@auth.*******.f1.htw-berlin.de"
        }

Component "jitsi-videobridge.*******.f1.htw-berlin.de"
    component_secret = "*******"

VirtualHost "auth.*******.f1.htw-berlin.de"
    authentication = "internal_plain"

VirtualHost "guest.*******.f1.htw-berlin.de"
    authentication = "anonymous"

Component "focus.fs-meeting.f1.htw-berlin.de"
    component_secret = "*******"
################################
Afterwards I made:
/sudo prosodyctl register tjaden auth.jitsi.example.com password//
//sudo prosodyctl restart/

*Jitsi Meet (/etc/jitsi/meet/*******.f1.htw-berlin.de-config.js):*
###############################
var config = { // eslint-disable-line no-unused-vars
    hosts: {
        domain: '*******.f1.htw-berlin.de',
        anonymousdomain: 'guest.*******.f1.htw-berlin.de',
        authdomain: 'auth.*******.f1.htw-berlin.de', // defaults to
<domain>
        muc: 'conference.*******.f1.htw-berlin.de', // FIXME: use XEP-0030
        focus: 'focus.*******.f1.htw-berlin.de', // defaults to
'focus.fs-meeting.f1.htw-berlin.de'
    },
    useNicks: false,
    bosh: '//*******.f1.htw-berlin.de/http-bind', // FIXME: use xep-0156
for that
    clientNode: 'http://jitsi.org/jitsimeet', // The name of client node
advertised in XEP-0115 'c' stanza
    //focusUserJid: 'focus@auth.*******.f1.htw-berlin.de', // The real
JID of focus participant - can be overridd$
    //defaultSipNumber: '', // Default SIP number

    desktopSharingChromeMethod: 'ext',
    desktopSharingChromeExtId: 'diibjkoicjeejcmhdnailmkgecihlobk',
    desktopSharingChromeSources: ['screen', 'window', 'tab'],
    desktopSharingChromeMinExtVersion: '0.1',

    desktopSharingFirefoxExtId: null,
    desktopSharingFirefoxDisabled: false,
    desktopSharingFirefoxMaxVersionExtRequired: 42,
    desktopSharingFirefoxExtensionURL: null,

    webrtcIceUdpDisable: false,
    webrtcIceTcpDisable: false,

    openSctp: true, // Toggle to enable/disable SCTP channels
    disableStats: false,
    disableAudioLevels: false,
    channelLastN: -1, // The default value of the channel attribute last-n.
    adaptiveLastN: false,
    enableRecording: false,
    enableWelcomePage: true,
    disableSimulcast: false,
    logStats: false, // Enable logging of PeerConnection stats via the focus
    requireDisplayName: true,
    defaultLanguage: "de",
    disableThirdPartyRequests: false,
    minHDHeight: 540,
    enableUserRolesBasedOnToken: false,
    disableSuspendVideo: true
};
################################

*Jicofy (/etc/jitsi/jicofo/sip-communicator.properties)*
################################
org.jitsi.jicofo.auth.URL=XMPP:********.f1.htw-berlin.de
################################


#2

Hi Tjaden,
The domain you want to authenticate against is the main one, not auth.***.f1.htw-berlin.de. Based on your config, I think all you need to do is create the Prosody user tjaden@***.f1.htw-berlin.de (use the "prosodyctl adduser" command). If you want to login with just the username, comment out the auth domain line in your config.js, then reload nginx.

John

···

________________________________
From: users <users-bounces@jitsi.org> on behalf of Tjarko Tjaden <t.tjaden@gmail.com>
Sent: Wednesday, March 29, 2017 11:47:31 AM
To: users@jitsi.org
Subject: [jitsi-users] Help with Secure Jitsi Meet

Hello!

I installed Jitsi-Meet and have a problem with the secure mode. Would be really great if someone could help me!

System:
Ubuntu Server 16.04 with LEMP-Stack

Jitsi-Meet:
Installed with apt-get install jitsi-meet
FQHN *****.f1.htw-berlin.de
Afterwards: SSL-Certs from letsencrypt

Problem:
I start a room under https://*****.f1.htw-berlin.de/room
The info-window tells me to wait or to click that I'm the host
I click that I'm host and enter "tjaden@auth.*****.f1.htw-berlin.de"<mailto:tjaden@auth.*****.f1.htw-berlin.de> with my password

The I get "Get session-id error:"

===> What am I doing wrong?

Prosody Configuration:
###############################
VirtualHost "*******.f1.htw-berlin.de"
        ssl = {
                key = "/etc/prosody/certs/*******.f1.htw-berlin.de.key";
                certificate = "/etc/prosody/certs/*******.f1.htw-berlin.de.crt";
        }
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
        }
Component "conference.*******.f1.htw-berlin.de" "muc"
    --modules_enabled = { "token_verification" }
admins = {"focus@auth.*******.f1.htw-berlin.de"<mailto:focus@auth.*******.f1.htw-berlin.de>;
          "tjaden@auth.*******.f1.htw-berlin.de"<mailto:tjaden@auth.*******.f1.htw-berlin.de>
        }

Component "jitsi-videobridge.*******.f1.htw-berlin.de"
    component_secret = "*******"

VirtualHost "auth.*******.f1.htw-berlin.de"
    authentication = "internal_plain"

VirtualHost "guest.*******.f1.htw-berlin.de"
    authentication = "anonymous"

Component "focus.fs-meeting.f1.htw-berlin.de"
    component_secret = "*******"
################################
Afterwards I made:
sudo prosodyctl register tjaden auth.jitsi.example.com password
sudo prosodyctl restart

Jitsi Meet (/etc/jitsi/meet/*******.f1.htw-berlin.de-config.js):
###############################
var config = { // eslint-disable-line no-unused-vars
    hosts: {
        domain: '*******.f1.htw-berlin.de',
        anonymousdomain: 'guest.*******.f1.htw-berlin.de',
        authdomain: 'auth.*******.f1.htw-berlin.de', // defaults to <domain>
        muc: 'conference.*******.f1.htw-berlin.de', // FIXME: use XEP-0030
        focus: 'focus.*******.f1.htw-berlin.de', // defaults to 'focus.fs-meeting.f1.htw-berlin.de'
    },
    useNicks: false,
    bosh: '//*******.f1.htw-berlin.de/http-bind', // FIXME: use xep-0156 for that
    clientNode: 'http://jitsi.org/jitsimeet', // The name of client node advertised in XEP-0115 'c' stanza
    //focusUserJid: 'focus@auth.*******.f1.htw-berlin.de<mailto:focus@auth.*******.f1.htw-berlin.de>', // The real JID of focus participant - can be overridd$
    //defaultSipNumber: '', // Default SIP number

    desktopSharingChromeMethod: 'ext',
    desktopSharingChromeExtId: 'diibjkoicjeejcmhdnailmkgecihlobk',
    desktopSharingChromeSources: ['screen', 'window', 'tab'],
    desktopSharingChromeMinExtVersion: '0.1',

    desktopSharingFirefoxExtId: null,
    desktopSharingFirefoxDisabled: false,
    desktopSharingFirefoxMaxVersionExtRequired: 42,
    desktopSharingFirefoxExtensionURL: null,

    webrtcIceUdpDisable: false,
    webrtcIceTcpDisable: false,

    openSctp: true, // Toggle to enable/disable SCTP channels
    disableStats: false,
    disableAudioLevels: false,
    channelLastN: -1, // The default value of the channel attribute last-n.
    adaptiveLastN: false,
    enableRecording: false,
    enableWelcomePage: true,
    disableSimulcast: false,
    logStats: false, // Enable logging of PeerConnection stats via the focus
    requireDisplayName: true,
    defaultLanguage: "de",
    disableThirdPartyRequests: false,
    minHDHeight: 540,
    enableUserRolesBasedOnToken: false,
    disableSuspendVideo: true
};
################################

Jicofy (/etc/jitsi/jicofo/sip-communicator.properties)
################################
org.jitsi.jicofo.auth.URL=XMPP:********.f1.htw-berlin.de
################################


#3

Great, thanks John. This solved the problem.
Now everything works. Only there is a lack in transporting audio and
video. Whereas video is fast the audio comes 3s later. How should I
investigate on this problem?

···

Am 29.03.2017 um 22:00 schrieb John Lightfoot:

Hi Tjaden,
The domain you want to authenticate against is the main one, not
auth.***.f1.htw-berlin.de. Based on your config, I think all you need
to do is create the Prosody user tjaden@***.f1.htw-berlin.de (use the
"prosodyctl adduser" command). If you want to login with just the
username, comment out the auth domain line in your config.js, then
reload nginx.

John

------------------------------------------------------------------------
*From:* users <users-bounces@jitsi.org> on behalf of Tjarko Tjaden
<t.tjaden@gmail.com>
*Sent:* Wednesday, March 29, 2017 11:47:31 AM
*To:* users@jitsi.org
*Subject:* [jitsi-users] Help with Secure Jitsi Meet

Hello!

I installed Jitsi-Meet and have a problem with the secure mode. Would
be really great if someone could help me!

*System:*
Ubuntu Server 16.04 with LEMP-Stack

*Jitsi-Meet:*
Installed with apt-get install jitsi-meet
FQHN *****.f1.htw-berlin.de
Afterwards: SSL-Certs from letsencrypt

*Problem:*
I start a room under https://*****.f1.htw-berlin.de/room
The info-window tells me to wait or to click that I'm the host
I click that I'm host and enter "tjaden@auth.*****.f1.htw-berlin.de"
with my password

The I get "Get session-id error:"

===> What am I doing wrong?

*Prosody Configuration:*
###############################
VirtualHost "*******.f1.htw-berlin.de"
        ssl = {
                key = "/etc/prosody/certs/*******.f1.htw-berlin.de.key";
                certificate =
"/etc/prosody/certs/*******.f1.htw-berlin.de.crt";
        }
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
        }
Component "conference.*******.f1.htw-berlin.de" "muc"
    --modules_enabled = { "token_verification" }
admins = {"focus@auth.*******.f1.htw-berlin.de";
          "tjaden@auth.*******.f1.htw-berlin.de"
        }

Component "jitsi-videobridge.*******.f1.htw-berlin.de"
    component_secret = "*******"

VirtualHost "auth.*******.f1.htw-berlin.de"
    authentication = "internal_plain"

VirtualHost "guest.*******.f1.htw-berlin.de"
    authentication = "anonymous"

Component "focus.fs-meeting.f1.htw-berlin.de"
    component_secret = "*******"
################################
Afterwards I made:
/sudo prosodyctl register tjaden auth.jitsi.example.com password//
//sudo prosodyctl restart/

*Jitsi Meet (/etc/jitsi/meet/*******.f1.htw-berlin.de-config.js):*
###############################
var config = { // eslint-disable-line no-unused-vars
    hosts: {
        domain: '*******.f1.htw-berlin.de',
        anonymousdomain: 'guest.*******.f1.htw-berlin.de',
        authdomain: 'auth.*******.f1.htw-berlin.de', // defaults to
<domain>
        muc: 'conference.*******.f1.htw-berlin.de', // FIXME: use XEP-0030
        focus: 'focus.*******.f1.htw-berlin.de', // defaults to
'focus.fs-meeting.f1.htw-berlin.de'
    },
    useNicks: false,
    bosh: '//*******.f1.htw-berlin.de/http-bind', // FIXME: use
xep-0156 for that
    clientNode: 'http://jitsi.org/jitsimeet', // The name of client
node advertised in XEP-0115 'c' stanza
    //focusUserJid: 'focus@auth.*******.f1.htw-berlin.de', // The real
JID of focus participant - can be overridd$
    //defaultSipNumber: '', // Default SIP number

    desktopSharingChromeMethod: 'ext',
    desktopSharingChromeExtId: 'diibjkoicjeejcmhdnailmkgecihlobk',
    desktopSharingChromeSources: ['screen', 'window', 'tab'],
    desktopSharingChromeMinExtVersion: '0.1',

    desktopSharingFirefoxExtId: null,
    desktopSharingFirefoxDisabled: false,
    desktopSharingFirefoxMaxVersionExtRequired: 42,
    desktopSharingFirefoxExtensionURL: null,

    webrtcIceUdpDisable: false,
    webrtcIceTcpDisable: false,

    openSctp: true, // Toggle to enable/disable SCTP channels
    disableStats: false,
    disableAudioLevels: false,
    channelLastN: -1, // The default value of the channel attribute
last-n.
    adaptiveLastN: false,
    enableRecording: false,
    enableWelcomePage: true,
    disableSimulcast: false,
    logStats: false, // Enable logging of PeerConnection stats via the
focus
    requireDisplayName: true,
    defaultLanguage: "de",
    disableThirdPartyRequests: false,
    minHDHeight: 540,
    enableUserRolesBasedOnToken: false,
    disableSuspendVideo: true
};
################################

*Jicofy (/etc/jitsi/jicofo/sip-communicator.properties)*
################################
org.jitsi.jicofo.auth.URL=XMPP:********.f1.htw-berlin.de
################################

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users