Need Help with Lobby with Tokens

All I can think to do at this point is include my FQDN.cfg.lua file to see if someone can spot what I am doing wrong. I am getting a bit weary from going over this again and again, but I believe that if I persevere, I will get it in the end.

So let me know if you see anything glaringly wrong.

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "meet.example.com"

turncredentials_secret = "ioCqcUlWNbCuy7Hy"

turncredentials = {
   { type = "stun", host = "meet.example.com", port = "3478" },
   { type = "turn", host = "meet.example.com", port = "3478", transport = "udp" },
   { type = "turns", host = "meet.example.com", port = "443", transport = "tcp" }
}

https_certificate = "/etc/ssl/certfolder/keyfolder/example_com.key"
https_key = "/etc/ssl/certfolder/crtfolder/exmaple_com_combined.crt"

cross_domain_bosh = false
consider_bosh_secure = true

app_id="xxxxxx"
app_secret="xxxXxxxXxxxXxxxXxxxXxxx"

-- https_ports = { }; -- Remove this line to prevent listening on port 5284

-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
   protocol = "tlsv1_2+",
   ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}

asap_accepted_issuers = { "jitsi", "smash" }
asap_accepted_audiences = { "jitsi", "smash" }


VirtualHost "meet.example.com"
   -- enabled = false -- Remove this line to enable this host
   authentication = "token"
   allow_empty_token = true
   token_verification_require_token_for_moderation = true
   -- Properties below are modified by jitsi-meet-tokens package config
   -- and authentication above is switched to "token"
  app_id="xxxxxx"
  app_secret="xxxXxxxXxxxXxxxXxxxXxxx"
   -- Assign this host a certificate for TLS, otherwise it would use the one
   -- set in the global section (if any).
   -- Note that old-style SSL on port 5223 only supports one certificate, and will always
   -- use the global one.
   ssl = {
      key = "/etc/ssl/certfolder/keyfolder/example_com.key",
      certificate = "/etc/ssl/certfolder/crtfolder/exmaple_com_combined.crt"
   }
   speakerstats_component = "speakerstats.meet.example.com"
   conference_duration_component = "conferenceduration.meet.example.com"
   modules_enabled = {
      "bosh";
      "pubsub";
      "ping"; -- Enable mod_ping
      "speakerstats";
      "turncredentials"; -- Use XEP-0215
      "conference_duration";
      "presence_identity"; -- for token auth
      "muc_size";
      "muc_status";
      "muc_lobby_rooms";
      "websocket";
      "smacks"; -- Use XEP-0215
   }
   c2s_require_encryption = false
   lobby_muc = "lobby.meet.example.com"
   main_muc = "conference.meet.example.com"
   muc_lobby_whitelist = { "recorder.meet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms

VirtualHost "auth.meet.example.com"
   authentication = "internal_plain"
   ssl = {
      key = "/etc/ssl/certfolder/keyfolder/example_com.key",
      certificate = "/etc/ssl/certfolder/crtfolder/exmaple_com_combined.crt"
   }

VirtualHost "guest.meet.example.com"

   authentication = "anonymous"
   -- Properties below are modified by jitsi-meet-tokens package config
   -- and authentication above is switched to "token"
   --
   speakerstats_component = "speakerstats.meet.example.com"
   conference_duration_component = "conferenceduration.meet.example.com"
   modules_enabled = {
      "speakerstats";
      "conference_duration"; -- this is required for timer to work.
   }
   c2s_require_encryption = false

VirtualHost "recorder.meet.example.com"
   modules_enabled = {
      "ping"; -- was ping only, everything else dmk test 5/3
   }
   authentication = "internal_plain"
   --c2s_require_encryption = false

Component "lobby.meet.example.com" "muc"
   storage = "memory"
   muc_room_cache_size = 1000
   restrict_room_creation = true
   muc_room_locking = false
   muc_room_default_public_jids = true

-- Internal Components

Component "conference.meet.example.com" "muc"
   storage = "memory"
   --muc_max_ocupants = 8
   --muc_access_whitelist = { "recorder.meet.example.com" }
   modules_enabled = {
      "muc_meeting_id";
      "muc_domain_mapper";
      -- "muc_mam"; -- Store MUC messages in an archive an allaow users top access it.
      -- "muc_max_occupants";
      "token_verification";
   }
   admins = { "focus@auth.meet.example.com", "callcontrol@auth.meet.example.com" }
   restrict_room_creaton = true
   muc_room_locking = false
   muc_room_default_public_jids = true
   -- token_verification_require_token_for_moderation = true

-- internal muc component. Note: this is also used for Jibri
Component "internal.auth.meet.example.com" "muc"
   storage = "memory"
   modules_enabled = {
      "ping";
   }
   admins = { "focus@auth.meet.example.com", "jvb@auth.meet.example.com", "callcontrol@auth.meet.example.com" }
   muc_room_locking = false
   muc_room_default_public_jids = true
   muc_room_cache_size = 1000 -- dmk

Component "focus.meet.example.com"
   component_secret = "gaWgFSmo8pY60Uxe"

Component "speakerstats.meet.example.com" "speakerstats_component"
   muc_component = "conference.meet.example.com"

Component "conferenceduration.meet.example.com" "conference_duration_component"
   muc_component = "conference.meet.example.com"

Component "callcontrol.meet.example.com"
   component_secret = "gaWgFSmo8pY60Uxe"

Currently I am trying to wrap my head around how /etc/nginx/nginx.conf and /etc/nginx/sites-available/fqdn and /etc/nginx/sites-available/fqdn.conf should be set up. So I am giving myself a course on Nginx.

What should /etc/nginx/nginx.conf look like?

What should /etc/nginx/sites-available/FQDN.conf look like?

Like the default that comes from the distro.

That’s it nothing more than that??

This is the template when you install jitsi-meet

For some reason that didn’t get copied.

what about sites-available??

OK, I was about to make a big mistake.

Where can I get a copy of the default nginx.conf that comes with the distro so that I can copy and paste into my nginx.conf.

Inside its deb package … Reinstall or download the deb and extract it …

And why do I have an /etc/nginx/sites-available/fqdn and ./etc/nginx/sites-available/fqdn.conf??

Does /etc/nginx/sites-available/fqdn need to go??

Not sure why and which is the used one … Probably check sites enabled folder which one is using

I can enable and disable either. Perhaps keep fdqn.conf, since that appears to be the Jitsi standard.

By the way Mr. D. thank you so much I owe you more than a beer.

Hate to bother you further, but should I remove the “default” server block from sites-enabled?

yep, should be fine

OK, I owe you three beers now.

damencho, Nginx is happy now, but now, I get a blank gray screen on Jitsi. What is easiest approach, save all my config files purge all of JItsi and start over with a new installation, or something else?? I have to stop this or I will end up getting you drunk, too many beers.

Yes, I restarted everything.

Cheyxk browser js console logs for errors, normally this is a missing coma in config file

Ah hah:

Uncaught ReferenceError: config is not defined

https://meet.politea.us/libs/app.bundle.min.js?v=4428:54
https://meet.politea.us/libs/app.bundle.min.js?v=4428:54
n https://meet.politea.us/libs/app.bundle.min.js?v=4428:1
https://meet.politea.us/libs/app.bundle.min.js?v=4428:54
https://meet.politea.us/libs/app.bundle.min.js?v=4428:54
n https://meet.politea.us/libs/app.bundle.min.js?v=4428:1
https://meet.politea.us/libs/app.bundle.min.js?v=4428:93
https://meet.politea.us/libs/app.bundle.min.js?v=4428:93
n https://meet.politea.us/libs/app.bundle.min.js?v=4428:1
https://meet.politea.us/libs/app.bundle.min.js?v=4428:196
n https://meet.politea.us/libs/app.bundle.min.js?v=4428:1
https://meet.politea.us/libs/app.bundle.min.js?v=4428:1
https://meet.politea.us/libs/app.bundle.min.js?v=4428:1

Probably ssi is not turned on

SSL is on, but I am using a Comodo Cert. Is that a problem?

I am waiting for Comodo to give me the correct cipher list, however.