Secure Domain Setup Not Prompting For Login - Crashes When Another User Connects

First off, apologies if this is simple or was answered already, I tried searching around here and on search engines for a solution to this issue but I can’t seem to find one.

I Installed Jitsi-Meet on my Ubuntu 20.04 server, and I followed the instructions for Debian/Ubuntu to a T and it worked great! That is until I tried to follow the directions in the handbook for secure domain setup. I followed those to a T (triple checked it just now) as well, but it just did not work… When I start a new meeting it does not prompt me for any credentials, and moreover when anybody else tries to connect to the meeting it just crashes. My Jitsi server is public facing so I want it to be secured so random people who stumble upon it don’t make a bunch of rooms to overload the server. I’ve tried deciphering the config files to see if I could figure it out on my own, but I do not have too much experience with this and I could not find the relevant documentation that may help me fix the issue. If there is any information I can provide to better elucidate the problem please let me know and I will do so. Any help is greatly appreciated!

Edit: Thanks for all the help, I ended up opting to reinstall Jitsi completely using the script generously provided by @Prashanth since I can’t make any more replies as a new user. This fixed all my issues and got the login screen working. Now I just need to figure out how to configure my matrix server to default conferences to my jitsi server, but that may be beyond the scope of the discussion here. Once again, thank you for all the help!

What are the services status?

systemctl status prosody
systemctl status jicofo
systemctl status jitsi-videobridge2.service

Thanks for the quick response! They are all loaded and active, these are the status messages each spits out.
prosody :
Loaded: loaded (/lib/systemd/system/prosody.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-02-10 03:31:11 EST; 10h ago
Docs: Documentation – Prosody IM
Main PID: 28561 (lua5.2)
Tasks: 1 (limit: 28724)
Memory: 19.6M
CGroup: /system.slice/prosody.service
└─28561 lua5.2 /usr/bin/prosody
Feb 10 03:31:11 CodingPC systemd[1]: Started Prosody XMPP Server.
Feb 10 03:31:11 CodingPC prosody[28561]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Feb 10 03:31:11 CodingPC prosody[28561]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281

Jicofo:
Loaded: loaded (/etc/init.d/jicofo; generated)
Active: active (running) since Wed 2021-02-10 02:53:46 EST; 10h ago
Docs: man:systemd-sysv-generator(8)
Process: 2130 ExecStart=/etc/init.d/jicofo start (code=exited, status=0/SUCCESS)
Tasks: 89 (limit: 28724)
Memory: 418.8M
CGroup: /system.slice/jicofo.service
Loaded: loaded (/etc/init.d/jicofo; generated)
Active: active (running) since Wed 2021-02-10 02:53:46 EST; 10h ago
Docs: man:systemd-sysv-generator(8)
Process: 2130 ExecStart=/etc/init.d/jicofo start (code=exited, status=0/SUCCESS)
Tasks: 89 (limit: 28724)
Memory: 418.8M
CGroup: /system.slice/jicofo.service
└─2197 java -Xmx3072m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -Djdk.tls.ephemeralDHK>
Feb 10 02:53:46 CodingPC systemd[1]: Starting LSB: Jitsi conference Focus…
Feb 10 02:53:46 CodingPC jicofo[2130]: Starting jicofo: jicofo started.
Feb 10 02:53:46 CodingPC systemd[1]: Started LSB: Jitsi conference Focus.

jitsi-videobridge2:
jitsi-videobridge2.service - Jitsi Videobridge
Loaded: loaded (/lib/systemd/system/jitsi-videobridge2.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-02-10 03:31:13 EST; 10h ago
Process: 28574 ExecStartPost=/bin/bash -c echo $MAINPID > /var/run/jitsi-videobridge/jitsi-videobridge.pid >
Main PID: 28573 (java)
Tasks: 45 (limit: 65000)
Memory: 298.0M
CGroup: /system.slice/jitsi-videobridge2.service
└─28573 java -Xmx3072m -XX:+UseConcMarkSweepGC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/t
Feb 10 03:31:13 CodingPC systemd[1]: Starting Jitsi Videobridge…
Feb 10 03:31:13 CodingPC systemd[1]: Started Jitsi Videobridge.

I didn’t think to check the prosody output before. The port in the error message is not mentioned in the setup guide and I don’t have it allowed by my firewall, could that be the issue? I generated my SSL certificate using certbot and it works for my webpages that connect through 443, but I already had that certificate when before I set up Jitsi, I just pointed Jitsi to it during installation, do I need to generate a new certificate that includes options for this port?

Thank You!

@arcsine if you are willing to reinstall, stable version of jitsi, you may give it a try using this script GitHub - pregalla/jitsi: Installer for Jitsi, Jigasi, and Jibri

Say no to jibri installation…as it is a work in progress…

@arcsine what’s the output of this command?

dpkg -l "jitsi-*" "jicofo*" "prosody*" | egrep '^ii'

Also, share your cfg.lua file.

Output:
ii jicofo 1.0-692-hf-1 all JItsi Meet COnference FOcus
ii jitsi-meet 2.0.5390-3 all WebRTC JavaScript video conferences
ii jitsi-meet-prosody 1.0.4628-1 all Prosody configuration for Jitsi Meet
ii jitsi-meet-turnserver 1.0.4628-1 all Configures coturn to be used with Jitsi Meet
ii jitsi-meet-web 1.0.4628-1 all WebRTC JavaScript video conferences
ii jitsi-meet-web-config 1.0.4628-1 all Configuration for web serving of Jitsi Meet
ii jitsi-videobridge2 2.1-416-g2f43d1b4-1 all WebRTC compatible Selective Forwarding Unit (SFU)
ii prosody 0.11.4-1 amd64 Lightweight Jabber/XMPP server

My cfg file is at cfg.lua - Pastebin.com I haven’t edited except to modify the lines mentioned in the handbook for secure domain.

Thank You!

Is the package the handbook directs me to download not the latest stable version? I’ll try troubleshooting first, as maybe I will learn a thing or two, but I will try this as a last resort. Thank You!

Nothing stands out to me in your lua - looks fine.

Can you share your prosody and Jicofo logs?

Btw, you added this line in Jicofo, right?

org.jitsi.jicofo.auth.URL=XMPP:my.site.com

this is pointing to a problem in your config.js, did you remove the ‘//’ that are in the file before ‘anonymousdomain’ ? they are commenting out the instruction.

Here is my config.js: Config.js - Pastebin.com

Yes I added that line in Jicofo, here is my Jicofo sip-communicator.properties:
org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.my.site.com
org.jitsi.jicofo.auth.URL=XMPP:my.site.com

As for Prosody and Jicofo logs, what directory can I find those in?

var/log/jitsi/jicofo.log
/var/log/prosody/prosody.err
/var/log/prosody/prosody.log

yes your config.js seems all right (who has flagged this post ??)
In your place I’d try to replace ‘internal_plain’ by ‘internal_hashed’ in the auth.yoursite section and restart prosody (wait 2 minutes after that to give time to jicofo and jvb to reconnect)

Is there a place I can post the logs? They are too big to go into a pastebin or a post apparently.

Hmm…mm I’d recommend clearing them (not deleting the files), restarting all services and then sharing the logs.

I tried your suggestion, but it unfortunately did not change the behavior at all. Why do you recommend this? Is internal_hashed more secure? I changed it back to internal_plain for now while I am troubleshooting, but if it is more secure I will switch it back once I get everything else working.

yes but what was troubling me was the lack of coherence between the 2 sections (main host and auth). Default used to be internal_plain then it was changed to internal_hashed (to be a bit more secure), so the doc assumes that the value in internal_hashed I think. But your config is older and dates from the time when internal_plain was the default.

Well strangely stopping all the services for a minute then clearing out the logs and then restarting them fixed the crash issue, but I am still not being prompted for a user name or password

Prosody Log: pastebin dot com/7p0dKqTL (I think I’ve been rate limited on links or something it won’t let me post this normally)
Jicofo log is still too big for a pastebin I’ll have to split it in two

prosody.err:

Feb 10 15:14:17 portmanager error Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Feb 10 15:14:17 portmanager error Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281

Jicofo Log Part 1: pastebin dot com/AY0bBNWG
Jicofo Log Part2: pastebin dot com/dLG9fFAf

I appreciate all the help!

Well my config shouldn’t be old, I did not touch that section at all, that was already filled in from the installation and this installation is only a couple of days old. I tried changing it to internal_hashed again since it stopped crashing when multiple people connect, and then it started crashing again, so I switched it once again back to internal_plain and the crashing stopped (for now anyway I am going to check again a bit later to make sure it was just that setting and not something else that might trip it up after it’s been running for a while)

Thank You