Nginx but no Jitsi

Hi,
I have installed Jitsi like described on Howtoforge.
A clean Ubuntu 18.04.

I have Nginx running after figuring out that in the config only the listener for port 80 in the IPv6 version had to be active, Ubuntu 18.04 starts it for both.
If you leave both in the config, an error comes that on port 80 two listeners are active.

In /etc/nginx/sites-available/sub.domain.tld.conf

#listen 80;
listen [::]:80;

I now see the standard welcome-site from nginx.

Letsencrypt points to
/usr/share/jitsi-meet

this where things go wrong, the pointer “root” does not seem to change to the right directory
/usr/share/jitsi-meet
and there is no /.well-known/acme-challenge/ over there.

I am not very familiar with nginx.

Does anyone have a hint on how I get nginx to point to the right directory?

Regards,
Jan

You need to add quite a lot more config to /etc/nginx/sites-available/sub.domain.tld.conf.

Here’s mine:

server_names_hash_bucket_size 64;

server {
listen 80;
listen [::]:80;
server_name meet.example.tld;

location ^~ /.well-known/acme-challenge/ {
   default_type "text/plain";
   root         /usr/share/jitsi-meet;
}
location = /.well-known/acme-challenge/ {
   return 404;
}
location / {
   return 301 https://$host$request_uri;
}

}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name meet.example.tld;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";

add_header Strict-Transport-Security "max-age=31536000";

ssl_certificate /etc/letsencrypt/live/meet.example.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/meet.example.tld/privkey.pem;

root /usr/share/jitsi-meet;

# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;

index index.html index.htm;
error_page 404 /static/404.html;

location = /interface_config.js {
    alias /usr/share/jitsi-meet/dl_interface_config.js;
}

location = /config.js {
    alias /etc/jitsi/meet/meet.example.tld-config.js;
}

location = /external_api.js {
    alias /usr/share/jitsi-meet/libs/external_api.min.js;
}

#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
    add_header 'Access-Control-Allow-Origin' '*';
    alias /usr/share/jitsi-meet/$1/$2;
}

# BOSH
location = /http-bind {
    proxy_pass      http://localhost:5280/http-bind;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $http_host;
}

# xmpp websockets
location = /xmpp-websocket {
    proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    tcp_nodelay on;
}

location ~ ^/([^/?&:'"]+)$ {
    try_files $uri @root_path;
}

location @root_path {
    rewrite ^/(.*)$ / break;
}

location ~ ^/([^/?&:'"]+)/config.js$
{
   set $subdomain "$1.";
   set $subdir "$1/";

   alias /etc/jitsi/meet/meet.example.tld-config.js;
}

#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
    set $subdomain "$1.";
    set $subdir "$1/";
    rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}

# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
    set $subdomain "$1.";
    set $subdir "$1/";
    set $prefix "$1";

    rewrite ^/(.*)$ /http-bind;
}

# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
    set $subdomain "$1.";
    set $subdir "$1/";
    set $prefix "$1";

    rewrite ^/(.*)$ /xmpp-websocket;
}

}

But remove this from yours:

location = /interface_config.js {
alias /usr/share/jitsi-meet/dl_interface_config.js;
}

(But it’s an example of how to use a custom interface / GUI set-up, which won’t be overwritten with a future package update.)

Thanks for the blazing fast reaction.

I still get nginx Welcome-page from /var/www/html

my config is almost identical except that my certificates point to
/etc/jitsi/meet/meet.domain.tld.key
/etc/jitsi/meet/meet.domain.tld.crt

there is no “live” subdirectory in
/etc/letsencrypt

With htop i can see a lot of Java running in the background so I suppose that jitsi itself is installed ok.

what do you propose, run certbot manually?

Regards,
Jan

Did you restart or reload nginx after you updated the config?

(If you don’t have Let’s Encrypt certs, yes, change to what you do have.)

Hi,

i did restart nginx, I know how to handle apache and it is not that different.

The fact that the letsencrypt files are inside jitsi wondered me, i ran certbot manually before it was integrated in the several controlpanels,

What I do not understand is why the location for jitsi is not accepted by nginx.
This " root /usr/share/jitsi-meet" should start the website from this directory or am i wrong there?

Regards,
Jan

@janvanl Lazy way: reboot the server and say it if works after reboot, because there could be some services stuck

In my case I had yesterday version of jitsi that had jitsi-turnserver colliding with nginx and needed to purge it

You are right (and that’s what I do).

Hi,

the server was rebooted twice, I loaded updates for nginx and jitsi.

I corrected the error described here:

Still I get the welcom-page from nginx.

in sites-available there is a default where it points to /var/www/html
removing the default conf-file gives an error, so it is back again.

I checked ufw ports 80 and 443, nginx_full, nginx-http, upd-ports they are all allowed with ipv4 and ipv6.

I do not understand why “root /usr/share/jitsi-meet” is not accepted.

The owner of the jitsi-meet directory is root, should that not be www-data?

Regards,
Jan

I purged nginx and installed apache.

at least I get a fully gray screen and i can see the sourcecode that comes from the jitsi directory.

Any hint on how to see the app?

regards,
Jan

Hi, I have digged through errors in the console and the logs.
googled all of them and solved those. Mostly missing apache modules like rewrite, ssl, include.

While there is no .well-known directoy the letsencrypt certificates fail.
I will figure out how to solve this.

[edit] after installing letsencrypt for apache and running certbot manually it is working.
Just without sound - camera and disconnecting in 20 seconds.
I will drop that in another thread.

regards,
Jan