Jitsi with reverse proxy - private server authentication doesn´t work?


I run Jitsy on my proxmox machine with an custom ssl certificate.
Data runs over my reverse proxy with let´s encrypt certificate.
All runs quite good, but only settings for private server authentication doesn´t work.
I can start rooms without authentication…

I used https://decatec.de/home-server/jitsi-meet-videokonferenz-system-unter-ubuntu-server-mit-nginx/ to install but only uses a custom certificate…


VirtualHost "meet.meinedomain.de"
    authentication = "internal_plain"


VirtualHost "guest.meet.meinedomain.de"
    authentication = "anonymous"
    c2s_require_encryption = false

and so on

doesn´t matter…

Need help, please.



Hello. Maybe you should try this option:
VirtualHost “meet.meinedomain.de
authentication = “internal_hashed”

As well as
sudo nano /etc/jitsi/jicofo/sip-communicator.properties

And enter commands:

And remember to restart Prosody after making changes.


I added

org.jitsi.jicofo.auth.URL=XMPP:meet.meinedomain.de was already set.
I restart all services

service prosody restart
service jicofo restart
service jitsi-videobridge2 restart

but no change. My reverse proxy is calling Jitsi over IP and Port 443, so is that a problem?
EDIT: Access over FQDN doesn´t change anything, private access isn´t working!



ah, because of following error:
portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281

https_ports = { }; – Remove this line to prevent listening on port 5284
this line in config…
But this isn´t the fault, or?


Can you start a meeting with 3 participants?

This is not problem, don’t worry about it

Show us your proxy config please.

To rule out errors, I test locally first (without reverse proxy).

But when I start a meeting on PC and want to connect over my local WLAN Handy, it went into an seperate, same named, conference.
So on each conferenz there are 1 participants.

When I test over reverse proxy, there is an fault too, after some time there is a reconnect. But this is another error…
HM: Reverse Proxy is on OPNSense, HA Porxy, doesn´t know how te “extract” the config.



Are you using the same URL to enter the meeting in both cases?

it’s definitely the same url.
On each I see only “me”.



Is your load balancer sending you to the same Prosody server?

I´ve only ONE Server in proxy. It´s only for hosting my Let´s Encrypt Certificate for all my services.
And testing was without proxy, only direct-connection!



How odd. Can you open devtools and check the network requests, making sure that either http-bind or xmpp-websocket go to the same location?


what do you mean?
When I press F12 and look into Network, I see
in both browsers.

In adressline there is in both browsers



Ok, don´t know, but now I get it running with local/ direct access.

When I use haproxy, I get same issue, so there I think, haproxy is missconfigured

Tried some settings:

Frontend: FE_Jitsy_56583 ()

frontend FE_Jitsy_56583
bind name ssl alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/621f320ad222c5.22366463.certlist
bind :::56583 name :::56583 ssl alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/621f320ad222c5.22366463.certlist
mode http
option httpclose
default_backend BE_Jitsy
option forwardfor
# tuning options
timeout client 120s
timeout http-request 120s
timeout http-keep-alive 3m

# logging options
# ACL: CON_Everything
acl acl_5d0e49021f8569.21918121 path_beg -i /

use_backend BE_Jitsy if acl_5d0e49021f8569.21918121
# WARNING: pass through options below this line
option forwardfor
option http-server-close
option httpclose
compression algo gzip
compression type text/css text/html text/javascript application/javascript text/plain text/xml application/json
        http-request del-header X-Forwarded-Proto
        http-request set-header X-Forwarded-Proto https if { ssl_fc }

Backend: BE_Jitsy ()
backend BE_Jitsy
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 200k expire 120m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
# WARNING: pass through options below this line
option redispatch
option forwardfor
option http-server-close
option http-pretend-keepalive
http-response set-header X-Frame-Options SAMEORIGIN
source usesrc clientip
http-reuse never
server Jitsy meet.jitsi.local:443 ssl verify none

cross_domain_bosh = true;

did the trick!