Jitsi-Web user interface requires username and password

I’ve set up a jitsi-meet environment with a jitsi-web server. When I try to access the previously defined url and create a room it asks for a username and a password. But I can’t remember that I’ve set a username and a password at any point and I am confused what I have to enter there.


Do you have any idea how to handle this? When you need additional information, don’t bother to ask.
Thanks and Greets.

How did you install? Did you follow the secure domain steps? What steps did you follow?
Have you changed prosody config? Maybe try checking prosody logs for some error.

I’ve used this github project and created an ansible yaml file which sets up the images jitsi-jap, jitsi-web, jitsi-prosody, jitsi-jvb, and jitsi-jicofo as docker container.
When I want to use jitsi, at first, I access the jap container, which redirects me to gitlab for user authentication. When I log in with my credentials there, the jap container redirects me to the address of the web container. And then, the image shown above shows up.
So, I did not follow the secure domain steps. I also did not change prosody.cfg.lua, if this is meant by “Have you changed prosody config?”. The prosody logs are:

[s6-init] making user provided files available at /var/run/s6/etc…exited 0.
[s6-init] ensuring user provided files have correct perms…exited 0.
[fix-attrs.d] applying ownership & permissions fixes…
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts…
[cont-init.d] 01-set-timezone: executing…
[cont-init.d] 01-set-timezone: exited 0.
[cont-init.d] 10-config: executing…
Generating RSA private key, 2048 bit long modulus
…+++++
…+++++
e is 65537 (0x010001)
Choose key size (2048): Key written to /config/data/censoredtest.censored.com.key
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or ‘.’ to exclude the field.
countryName (GB): localityName (The Internet): organizationName (Your Organisation): organizationalUnitName (XMPP Department): commonName (censoredtest.censored.com): emailAddress (xmpp@censoredtest.censored.com):
Config written to /config/data/censoredtest.censored.com.cnf
Certificate written to /config/data/censoredtest.censored.com.crt

Generating RSA private key, 2048 bit long modulus
…+++++
…+++++
e is 65537 (0x010001)
Choose key size (2048): Key written to /config/data/auth.censoredtest.censored.com.key
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or ‘.’ to exclude the field.
countryName (GB): localityName (The Internet): organizationName (Your Organisation): organizationalUnitName (XMPP Department): commonName (auth.censoredtest.censored.com): emailAddress (xmpp@auth.censoredtest.censored.com):
Config written to /config/data/auth.censoredtest.censored.com.cnf
Certificate written to /config/data/auth.censoredtest.censored.com.crt

[cont-init.d] 10-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
startup info Hello and welcome to Prosody version 0.11.2
startup info Prosody is using the select backend for connection handling
portmanager info Activated service ‘c2s’ on [::]:5222, []:5222
portmanager info Activated service ‘legacy_ssl’ on no ports
portmanager info Activated service ‘s2s’ on [::]:5269, [
]:5269[s6-init] making user provided files available at /var/run/s6/etc…exited 0.
[s6-init] ensuring user provided files have correct perms…exited 0.
[fix-attrs.d] applying ownership & permissions fixes…
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts…
[cont-init.d] 01-set-timezone: executing…
[cont-init.d] 01-set-timezone: exited 0.
[cont-init.d] 10-config: executing…
Generating RSA private key, 2048 bit long modulus
…+++++
…+++++
e is 65537 (0x010001)
Choose key size (2048): Key written to /config/data/censoredtest.censored.com.key
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or ‘.’ to exclude the field.
countryName (GB): localityName (The Internet): organizationName (Your Organisation): organizationalUnitName (XMPP Department): commonName (censoredtest.censored.com): emailAddress (xmpp@censoredtest.censored.com):
Config written to /config/data/censoredtest.censored.com.cnf
Certificate written to /config/data/censoredtest.censored.com.crt

Generating RSA private key, 2048 bit long modulus
…+++++
…+++++
e is 65537 (0x010001)
Choose key size (2048): Key written to /config/data/auth.censoredtest.censored.com.key
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or ‘.’ to exclude the field.
countryName (GB): localityName (The Internet): organizationName (Your Organisation): organizationalUnitName (XMPP Department): commonName (auth.censoredtest.censored.com): emailAddress (xmpp@auth.censoredtest.censored.com):
Config written to /config/data/auth.censoredtest.censored.com.cnf
Certificate written to /config/data/auth.censoredtest.censored.com.crt

[cont-init.d] 10-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
startup info Hello and welcome to Prosody version 0.11.2
startup info Prosody is using the select backend for connection handling
portmanager info Activated service ‘c2s’ on [::]:5222, []:5222
portmanager info Activated service ‘legacy_ssl’ on no ports
portmanager info Activated service ‘s2s’ on [::]:5269, [
]:5269
portmanager info Activated service ‘component’ on []:5347
portmanager info Activated service ‘http’ on [::]:5280, [
]:5280
portmanager info Activated service ‘https’ on no ports
c2s5556a097a910 info Client connected
c2s5556a097a910 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
c2s5556a097a910 info Authenticated as jvb@auth.censoredtest.censored.com
c2s5556a09d6e10 info Client connected
jcp5556a09eaee0 info Incoming Jabber component connection
focus.censoredtest.censored.com:component info External component successfully authenticated
c2s5556a09d6e10 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
c2s5556a09d6e10 info Authenticated as focus@auth.censoredtest.censored.com
mod_bosh info New BOSH session, assigned it sid ‘399c5dda-9f65-4a45-8045-3bfbf015a84a’
bosh399c5dda-9f65-4a45-8045-3bfbf015a84a info BOSH client disconnected: session close
mod_bosh info New BOSH session, assigned it sid ‘9a4699a7-4872-45d5-8d1c-9d014bf2c4ce’
bosh9a4699a7-4872-45d5-8d1c-9d014bf2c4ce info BOSH client disconnected: session close
mod_bosh info New BOSH session, assigned it sid ‘32ee60df-feeb-42c8-858c-40050cfc239a’

portmanager info Activated service ‘component’ on []:5347
portmanager info Activated service ‘http’ on [::]:5280, [
]:5280
portmanager info Activated service ‘https’ on no ports
c2s5556a097a910 info Client connected
c2s5556a097a910 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
c2s5556a097a910 info Authenticated as jvb@auth.censoredtest.censored.com
c2s5556a09d6e10 info Client connected
jcp5556a09eaee0 info Incoming Jabber component connection
focus.censoredtest.censored.com:component info External component successfully authenticated
c2s5556a09d6e10 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
c2s5556a09d6e10 info Authenticated as focus@auth.censoredtest.censored.com
mod_bosh info New BOSH session, assigned it sid ‘399c5dda-9f65-4a45-8045-3bfbf015a84a’
bosh399c5dda-9f65-4a45-8045-3bfbf015a84a info BOSH client disconnected: session close
mod_bosh info New BOSH session, assigned it sid ‘9a4699a7-4872-45d5-8d1c-9d014bf2c4ce’
bosh9a4699a7-4872-45d5-8d1c-9d014bf2c4ce info BOSH client disconnected: session close
mod_bosh info New BOSH session, assigned it sid ‘32ee60df-feeb-42c8-858c-40050cfc239a’

I see. Sorry I’m not familiar how the docker setup works and my question about prosody is not relevant in that context. But I suspect some misconfiguration for the docker images. @saghul any idea?

@Lavair maybe you can share your config.

1 Like

@damencho i just figured out which environment variables in my set up define the necessary input there. I don’t know yet how to avoid, that the user interface asks for these additional credentials, but for other people:
The value of XMPP_AUTH_DOMAIN is your username and “passw0rd” is the password. Unfortunately there are various env variables with the default value “passw0rd”. So it’s unclear to me rn, which of them defines the user password exactly.

admins = { “focus@auth.meettest.CENSORED.com” }
plugin_paths = { “/prosody-plugins-custom” }
http_default_host = “meettest.CENSORED.com

VirtualHost “meettest.CENSORED.com

authentication = "internal_plain"

ssl = {
    key = "/config/certs/meettest.CENSORED.com.key";
    certificate = "/config/certs/meettest.CENSORED.com.crt";
}
modules_enabled = {
    "bosh";
    "pubsub";
    "ping";
    
}

c2s_require_encryption = false

VirtualHost “auth.meettest.CENSORED.com
ssl = {
key = “/config/certs/auth.meettest.CENSORED.com.key”;
certificate = “/config/certs/auth.meettest.CENSORED.com.crt”;
}
authentication = “internal_plain”

Component “internal-muc.meettest.CENSORED.com” “muc”
modules_enabled = {
“ping”;

}
storage = "memory"
muc_room_cache_size = 1000

Component “muc.meettest.CENSORED.com” “muc”
storage = “memory”
modules_enabled = {

}

Component “focus.meettest.CENSORED.com
component_secret = “s3cr37”

this was my prosody config part which probably causes this log in section.

You do have authentication enabled.

@saghul I am currently trying to set up these containers on our own internal servers. We already have a jitsi meet service running on aws servers. Thus, I looked at the configuration files there to set up my own.
The section of the file I’ve actually shown you, is automatically generated by the prosody image itself. I’ve never set “authentication” actively to “internal_plain”.
I’ve just tried to remove the env parameter “AUTH_ENABLED” from my prosody configuration and the log in screen dissapeared. But this ‘authentication = “internal_plain”’ thing is still inside the file.
I might be wrong, but I don’t think, that this was responsible for anything, or is it?

The ENABLE_AUTH flag does control that, indeed. Now, you will need to recreate the container if you change the value because we generate the config on first boot and never again.

@saghul Even after complete removal and recreation, this section remained unchanged :thinking: I even scraped for other *.lua files inside the container to check, if there is another configuration file which might be responsible but didn’t find anything suitable.
Well, it is not that important. The issue is solved ^^
But i’ve got another tiny question, if you have some free time.
The log in screen disappeared but now I’ve got the issue, that jitsi meet is not able to access my microphone, my webcam or any other data. Do you have any idea what might be wrong here?


If you need logs from jvb, jicofo or w/e, just write me :wink:

Any chance you’re running on HTTP instead of HTTPS?

yes? Is this a problem? I wanted to set up first http and then implement redirection to https.

Yes it is. Browsers don’t allow WebRTC to work on “untrusted origins”. So you need to visit your site over HTTPS.

1 Like

ok thank you very much. Gonna try that :slight_smile:

@saghul hey, sorry for bothering you another time. But could you explain, what is meant by this error “connection refused” in the jitsi-jap logs below? When I access the jap container and create a room, it redirects me to a gitlab authentication service. When I log in there, it tries to redirect me once again to the jitsi-web container. And during this final redirection this error is thrown in the logs.
Do you have an idea what might be the cause?

[s6-init] making user provided files available at /var/run/s6/etc…exited 0.
[s6-init] ensuring user provided files have correct perms…exited 0.
[fix-attrs.d] applying ownership & permissions fixes…
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts…
[cont-init.d] 10-setJAPParms: executing…
[cont-init.d] 10-setJAPParms: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
2019/10/16 11:22:07 GITLAB_URL = https://gitlab.CENSORED.com
2019/10/16 11:22:08 Starting HTTP server on :8080
2019/10/16 11:23:44 http: proxy error: dial tcp 127.0.0.1:80: connect: connection refused

I have no idea, never used jap with the docker setup myself. AFAIS someone is trying to connect to port 80 on localhost but there is no entity listening there.

@saghul the issue was kinda strange and the solution was tied to our internal server structure (we use a sniproxy, nginx-letsencrypt set up) and I had to “register” two virtual hosts. One for the jap container and another one for the web container because the web container expects a port mapping of 80:80 which is just not possible in our setting (external Port 80 is taken by the sniproxy).
Nevertheless, it is (almost) working now. It asks me for permissions for microphone and camera but those devices are still not working. Also the chat doesn’t show the messages, when I enter smth. And after a few seconds, the service disconnects and needs to reconnect again. I’ve found these two issues:



but I am not quite sure whats the fitting one or if even one of them is fitting. Could you have a quick look at my browser console?

If you need other information or w/e just text me :slight_smile:

Looks like XMPP signalling is not working properly. Did you setup the /http-bind proxy-pass correctly? Is prosody up and running?

@saghul hmm I really don’t know, what to do anymore. Can you have a quick look at those screenshots of prosody, jicofo and jvb logs? What is this “Cannot find a socket to remove” in the jvb logs? (the images are readable if you open them in a new tab or smth)


and because you were talking about http-bind. I found this at /config/nginx/meet.conf inside the jitsi-web container:

# BOSH
location /http-bind {
proxy_pass http://meettest.censored.com:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host meettest.censored.com;
}

The logs don’t tell much, components seem to find each other and things seem to be working ok.

If you visit https://meettest.censored.com/http-bind what do you get? As an example, check here what you should be getting: https://meet.jit.si/http-bind

@saghul I really don’t get the expected output. Just a complete blank page. Could you elaborate on what this means?