Jitsi-Web user interface requires username and password

yes? Is this a problem? I wanted to set up first http and then implement redirection to https.

Yes it is. Browsers don’t allow WebRTC to work on “untrusted origins”. So you need to visit your site over HTTPS.

1 Like

ok thank you very much. Gonna try that :slight_smile:

@saghul hey, sorry for bothering you another time. But could you explain, what is meant by this error “connection refused” in the jitsi-jap logs below? When I access the jap container and create a room, it redirects me to a gitlab authentication service. When I log in there, it tries to redirect me once again to the jitsi-web container. And during this final redirection this error is thrown in the logs.
Do you have an idea what might be the cause?

[s6-init] making user provided files available at /var/run/s6/etc…exited 0.
[s6-init] ensuring user provided files have correct perms…exited 0.
[fix-attrs.d] applying ownership & permissions fixes…
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts…
[cont-init.d] 10-setJAPParms: executing…
[cont-init.d] 10-setJAPParms: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
2019/10/16 11:22:07 GITLAB_URL = https://gitlab.CENSORED.com
2019/10/16 11:22:08 Starting HTTP server on :8080
2019/10/16 11:23:44 http: proxy error: dial tcp 127.0.0.1:80: connect: connection refused

I have no idea, never used jap with the docker setup myself. AFAIS someone is trying to connect to port 80 on localhost but there is no entity listening there.

@saghul the issue was kinda strange and the solution was tied to our internal server structure (we use a sniproxy, nginx-letsencrypt set up) and I had to “register” two virtual hosts. One for the jap container and another one for the web container because the web container expects a port mapping of 80:80 which is just not possible in our setting (external Port 80 is taken by the sniproxy).
Nevertheless, it is (almost) working now. It asks me for permissions for microphone and camera but those devices are still not working. Also the chat doesn’t show the messages, when I enter smth. And after a few seconds, the service disconnects and needs to reconnect again. I’ve found these two issues:

but I am not quite sure whats the fitting one or if even one of them is fitting. Could you have a quick look at my browser console?


If you need other information or w/e just text me :slight_smile:

Looks like XMPP signalling is not working properly. Did you setup the /http-bind proxy-pass correctly? Is prosody up and running?

@saghul hmm I really don’t know, what to do anymore. Can you have a quick look at those screenshots of prosody, jicofo and jvb logs? What is this “Cannot find a socket to remove” in the jvb logs? (the images are readable if you open them in a new tab or smth)


and because you were talking about http-bind. I found this at /config/nginx/meet.conf inside the jitsi-web container:

# BOSH
location /http-bind {
proxy_pass http://meettest.censored.com:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host meettest.censored.com;
}

The logs don’t tell much, components seem to find each other and things seem to be working ok.

If you visit https://meettest.censored.com/http-bind what do you get? As an example, check here what you should be getting: https://meet.jit.si/http-bind

@saghul I really don’t get the expected output. Just a complete blank page. Could you elaborate on what this means?

Ok, so it looks like we are closer to finding the solution here.

That http-bind endpoint is used for BOSH communication (XMPP over HTTP, basically) which is that Jitsi Meet uses internally as a signalling protocol.

So, you need to make sure that in your setup that HTTP(S) endpoint ends up in the Prosody container, on port 5280. The Docker stup we provide already does this with a proxy pass rule, you mayu need to adapt that to your setup.

@saghul yes that was actually true. I passed the wrong URL in the censored section. It had an old value inside which was quite similar to the desired one. Now finally, I can create a room for one person where microphone, camera, chat, and everything else actually does work. But if another one tries to join, both disconnect immediately. In jicofo logs, there appears this two times in a row:

SEVERE: [39] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Can not invite participant – no bridge available

and I found these issues:



But none of them fits in a satisfactory manner. As you can see in the images above, there is no “too many open files” in my jicofo logs. And when I execute “service jitsi-videobridge status” inside the jvb container it only gives me:

[FAIL] jvb is not running … failed!

Any ideas what might be wrong with my videobridge?

I guess the JVB failed to start. What’s the output of the process?

@saghul What do you mean by output of the process :thinking: ? The jvb-logs? If yes, they didn’t really change. It’s basically the same like in the images above.

Looks like the JVB is starting ok. So it can be a config issue. The JVB will connect to a spceial MUC so Jicofo can “register” it.

What is your Jicofo and JVB configuration? I noticed you have 2 jicofos and 2 jvbs, what are you trying to accomplish with 2 jicofo instances?

@saghul I never planned to run two jicofos and two jvbs. From where do you conclude that? If I execute “docker ps” on our server, I only see one instance :thinking:
Below are some screenshots of our configuration. I needed to add the .sip files manually bcs the containers drop privileges and I need to define those rights be copying this configuration with the correct owner user group etc (the copying section is not visible in the following screenshots). I am not sure which parameters inside this file are also set by arguments in my docker-container-jitsi.yml, so I might have unnecessary duplicates in the .yml.
Apart from that, we have two virtual hosts. The web container and at the jap container. I’ve explained in the answer 13d ago, why we need two instead of one (sniproxy, letsencrypt etc).

Sorry, I got lost with so many screenshots and thought there were 2 jicofos running.

The first clear thing I see is that Jicofo is incorrectly configured. The org.jitsi.jicofo.BRIDGE_MUC option must match what you set in the JVB as org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS.

That would explain why Jicofo sees no bridges.

@saghul yes, you were right again. And sorry for these screenshots spam. Just thought, I would make things faster doing that ^^’. It is almost working now, I think. Multiple people can join and chat but the issue is, that somehow you can’t see each other (you see yourself and the others see themselves but vice versa you only see placeholder images instead of a video of the other person). Jicofo is throwing a new error:

SEVERE: [43] org.jitsi.jicofo.JvbDoctor.log() Unexpected error returned by the bridge: focus@auth.meettestweb.censored.com/VesBWVNe, err: <iq to=‘focus@auth.meettestweb.censored.com/focus8872291665495’ from=‘focus@auth.meettestweb.censored.com/VesBWVNe’ id=‘4ErEP-59’ type=‘error’><error type=‘auth’><not-authorized xmlns=‘urn:ietf:params:xml:ns:xmpp-stanzas’/></error></iq>

Note: I changed every occurence of “jvb” in all config and setup files you can see above to “focus” in order to avoid further mismatches

That is not correct. focus is a special user which is an admin. In the JVB you must configure org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP to be focus@YOUR_AUTH_DOMAIN/*. Of course, that user must exist in Prosody and Jicofo must be configured to use it on startup (the --user_name= option).

Then the JVB gets anohter user, which also must exist in Prosody. What we are doing here is telling the JVB to join a specific MUC (the “brewery”, which basically the pool of JVBs) using a certain user (by defaultt jvb).

@saghul sorry for bothering you another time. You were correct. Changing a few focus entries back to jvb made it work. But only for two participants. As soon as a third person tries to enter the room, everyone gets “disconnected”. In jitsi-prosody logs there are entries like:
bosh31efd5e4-e94e-4d5a-9b00-3ada678a0331 info BOSH client disconnected: session close
Chat and everything still works, but video and microphone is not available.
I’ve searched through the web and discovered, that jitsi uses p2p for two clients or less in one room and switches to videobridge for three or more clients in one room. So obviously smth must be wrong with the jvb.
In jicofo-logs there is still this recurrent severe error in the logs which already appears at the beginning no matter how many people are in the room:
SEVERE: [43] org.jitsi.jicofo.JvbDoctor.log() Unexpected error returned by the bridge: focus@auth.meettestweb.censored.com/VesBWVNe, err: <iq to=‘focus@auth.meettestweb.censored.com/focus8872291665495’ from=‘focus@auth.meettestweb.censored.com/VesBWVNe’ id=‘4ErEP-59’ type=‘error’><error type=‘auth’><not-authorized xmlns=‘urn:ietf:params:xml:ns:xmpp-stanzas’/></error></iq>
I’ve also set up the NAT_HARVESTER_LOCAL/PUBLIC_ADDRESS. As localIP I’ve used
localPVideoBridgeContainer:10000 (10000 is an jvb udp port) and as PublicIP I’ve simply used the public IP address from our server without any port. Would be nice, if you could correct me there if this is somehow wrong :slight_smile:
Do you have any idea what could be wrong with the bridge?

EDIT:
SEVERE: [75] org.jitsi.jicofo.AbstractChannelAllocator.log() Failed to allocate channels using bridge: jvb@auth.meettestweb.censored.com/UwxQuZ9l
net.java.sip.communicator.service.protocol.OperationFailedException: Failed to allocate colibri channels: <iq to=‘focus@auth.meettestweb.censored.com/focus444191322431864’ from=‘jvb@auth.meettestweb.censored.com/UwxQuZ9l’ id=‘KmeZY-463’ type=‘error’><error type=‘auth’></error></iq>
also appears in the jicofo logs right after the second participant enters the room. But the error looks quite similar to the one described above, so it might be the same reason for both errors.