Setup JItsi URL and port


#1

I’ve installed Jitsi on my Ubuntu 14.04+Apache.
After installation, I can only access the Jitsi video conference from the URL of my site.
and cannot access my old web pages.

Please, advise me how I can config Jitsi to access via https: mysite.com/jitsi-meet?

Can I configure Jitsi to use non-443 port?

I think a clear guide is required to solve this problem.


#2

Can anyone clarify this issue?
What settings should I do to make my old pages accessible?
How I can change front end URL or port from 443?

PLEASE HELP ME!


#3

Hi,

Can you check your apache.conf? There should some entries related to Jitsi Meet index page. Try and setting your custom directory where you want to load the Jitsi Index page.

Abhijit


#4

I’ve modified my config files like below:

Apache2
/etc/apache2/sites-available/qqq.com.conf

<VirtualHost *:5555>
  ServerName qqq.com

Jitsi

/etc/jitsi/meet/qqq.com-config.js

bosh: '//qqq.com:5555/http-bind'``

Now video conference works OK for 2 participants in the local network
But when the 3rd user is connected video and audio stops

I feel like this is typical situation and typical questions
But the answers that I found on the Internet are quite confusing and incomprehensible (


#5

I’ve found this:

but it is still unclear what concrete changes I have make to change default 443 port for
typical Ubuntu 14.04+Apache?

  1. etc/apache2/sites-available/qqq.com.conf
    ???
  2. /etc/jitsi/meet/qqq.com-config.js
    ???
  3. ???

#6

My logs:

jicofo.log

Jicofo 2019-02-01 12:49:41.777 WARNING: [390] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[not-authenticated] (0) closed with error

jvb.log

JVB 2019-02-01 12:42:57.546 WARNING: [14] org.jitsi.videobridge.EndpointMessageTransport.log() SCTP connection with 16c3ecc485e69c54 not ready yet.
JVB 2019-02-01 12:42:57.546 WARNING: [14] org.jitsi.videobridge.EndpointMessageTransport.log() No available transport channel, can't send a message
JVB 2019-02-01 12:42:57.547 WARNING: [14] org.jitsi.videobridge.EndpointMessageTransport.log() SCTP connection with 90edc2ce77a1baef not ready yet.
JVB 2019-02-01 12:42:57.547 WARNING: [14] org.jitsi.videobridge.EndpointMessageTransport.log() No available transport channel, can't send a message

prosody.log

Feb 01 12:50:18 mod_component info Disconnecting component, <stream:error> is: <stream:error><host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>callcontrol.qqq.com does not match any configured external components</text></stream:error>

prosody.err

Feb 01 12:22:57 portmanager	error	Error binding encrypted port for https: error loading private key (No such file or directory)
Feb 01 12:22:57 certmanager	error	SSL/TLS: Failed to load '/etc/prosody/certs/172.26.123.126.key': Previous error (see logs), or other system error. (for https port 5281)
Feb 01 12:22:57 portmanager	error	Error binding encrypted port for https: error loading private key (system lib)
Feb 01 12:31:37 certmanager	error	SSL/TLS: Failed to load '/etc/prosody/certs/172.26.123.126.key': Check that the path is correct, and the file exists. (for *)
Feb 01 12:31:37 certmanager	error	SSL/TLS: Failed to load '/etc/prosody/certs/172.26.123.126.key': Check that the path is correct, and the file exists. (for localhost)
Feb 01 12:31:37 certmanager	error	SSL/TLS: Failed to load '/etc/prosody/certs/172.26.123.126.key': Previous error (see logs), or other system error. (for localhost)
Feb 01 12:31:37 certmanager	error	SSL/TLS: Failed to load '/etc/prosody/certs/172.26.123.126.key': Check that the path is correct, and the file exists. (for https port 5281)
Feb 01 12:31:37 portmanager	error	Error binding encrypted port for https: error loading private key (No such file or directory)
Feb 01 12:31:37 certmanager	error	SSL/TLS: Failed to load '/etc/prosody/certs/172.26.123.126.key': Previous error (see logs), or other system error. (for https port 5281)
Feb 01 12:31:37 portmanager	error	Error binding encrypted port for https: error loading private key (system lib)

#7

This is for jigasi, ignore.

You need to fix this. Your user and passowrd used by jicofo to establish a client connection is wrong. The username is focus. All configs about that are in /etc/jitsi/jicofo/config.


#8

Still cannot fix the problem

Error report:

Jicofo 2019-02-01 13:13:45.302 SEVERE: [41] org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.doConnect().319 Failed to connect/login: host-unknown You can read more about the meaning of this stream error at http://xmpp.org/rfcs/rfc6120.html#streams-error-conditions
<stream:error><host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text>This server does not serve auth.qqq.com</text></stream:error>
org.jivesoftware.smack.XMPPException$StreamErrorException: host-unknown You can read more about the meaning of this stream error at http://xmpp.org/rfcs/rfc6120.html#streams-error-conditions
<stream:error><host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text>This server does not serve auth.qqq.com</text></stream:error>
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1055)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:994)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1010)

My config files:

/etc/jitsi/jicofo/config

# Jitsi Conference Focus settings
# sets the host name of the XMPP server
JICOFO_HOST=localhost

# sets the XMPP domain (default: none)
JICOFO_HOSTNAME=qqq.com

# sets the secret used to authenticate as an XMPP component
JICOFO_SECRET=I@mAsJo8

# sets the port to use for the XMPP component connection
JICOFO_PORT=5347

# sets the XMPP domain name to use for XMPP user logins
JICOFO_AUTH_DOMAIN=auth.qqq.com

# sets the username to use for XMPP user logins
JICOFO_AUTH_USER=focus

# sets the password to use for XMPP user logins
JICOFO_AUTH_PASSWORD=I8dNa2MO

# extra options to pass to the jicofo daemon
JICOFO_OPTS=""

# adds java system props that are passed to jicofo (default are for home and logging config file)
JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/jitsi/jicofo/logging.properties"

/etc/prosody/conf.avail/qqq.com.cfg.lua

– Plugins path gets uncommented during jitsi-meet-tokens package install - that’s where token plugin is located
–plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

VirtualHost "qqq.com"
        -- enabled = false -- Remove this line to enable this host
        authentication = "anonymous"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        --app_id="example_app_id"
        --app_secret="example_app_secret"
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/qqq.com.key";
                certificate = "/etc/prosody/certs/qqq.com.crt";
        }
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
        }

        c2s_require_encryption = false

Component "conference.qqq.com" "muc"
    storage = "null"
    --modules_enabled = { "token_verification" }
admins = { "focus@auth.qqq.com" }

Component "jitsi-videobridge.qqq.com"
    component_secret = "@773ospp"

VirtualHost "auth.qqq.com"
    ssl = {
        key = "/etc/prosody/certs/auth.qqq.com.key";
        certificate = "/etc/prosody/certs/auth.qqq.com.crt";
    }
    -- authentication = "anonymous"
    authentication = "internal_plain"

Component "focus.qqq.com"
    component_secret = "I@mAsJo8"

#9

So you have auth.qqq.com in your config,

Jicofo will try to connect as focus@auth.qqq.com

Not sure why this is happening. Is it possible that your config is not active … Do you have /etc/prosody/conf.d/qqq.com.cfg.lua and prosody in main config file including all files from conf.d (Include “conf.d/*.cfg.lua”)?


#10

Check also prosody logs on restart … you may have some syntax error and it is not loading config.


#11

I get logs below on command service prosody restart :

/var/log/prosody/prosody.err -empty

/var/log/prosody/prosody.log

|Feb 01 17:06:12 mod_posix|warn|Received SIGTERM|
|---|---|---|
|Feb 01 17:06:12 general|info|Shutting down: Received SIGTERM|
|Feb 01 17:06:12 general|info|Shutting down...|
|Feb 01 17:06:12 general|info|Shutdown status: Cleaning up|
|Feb 01 17:06:12 general|info|Shutdown complete|
|Feb 01 17:06:12 general|info|Hello and welcome to Prosody version 0.9.1|
|Feb 01 17:06:12 general|info|Prosody is using the select backend for connection handling|
|Feb 01 17:06:12 portmanager|info|Activated service 'component' on [127.0.0.1]:5347, [::1]:5347|
|Feb 01 17:06:12 portmanager|info|Activated service 's2s' on [::]:5269, [*]:5269|
|Feb 01 17:06:12 portmanager|info|Activated service 'c2s' on [::]:5222, [*]:5222|
|Feb 01 17:06:12 portmanager|info|Activated service 'legacy_ssl' on no ports|
|Feb 01 17:06:12 mod_posix|info|Prosody is about to detach from the console, disabling further console output|
|Feb 01 17:06:12 mod_posix|info|Successfully daemonized to PID 2851|
|Feb 01 17:06:12 portmanager|info|Activated service 'http' on [::]:5280, [*]:5280|
|Feb 01 17:06:12 portmanager|info|Activated service 'https' on [::]:5281, [*]:5281|
|Feb 01 17:06:13 jcp227ff20|info|Incoming Jabber component connection|
|Feb 01 17:06:13 mod_component|info|Disconnecting component, <stream:error> is: <stream:error><host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>callcontrol.qqq.com does not match any configured external components</text></stream:error>|
|Feb 01 17:06:13 jcp227ff20|info|component disconnected: nil (false)|
|Feb 01 17:06:16 c2s2289b60|info|Client connected|
|Feb 01 17:06:16 c2s2289b60|info|Client disconnected: ssl handshake failed|

http-bind

https://qqq.com:5555/http-bind

It works! Now point your BOSH client to this URL to connect to Prosody.
For more information see [Prosody: Setting up BOSH](http://prosody.im/doc/setting_up_bosh).

#12

I’ve discovered the following on the Internet:
Ignore the errors in prosody log about callcontrol, this is for jigasi and you are not interested in it.

OK, So I’ve uninstalled jigasi

Now my prsosody.log looks like below:

RESTART

|Feb 01 17:31:20 mod_posix|warn|Received SIGTERM|
|---|---|---|
|Feb 01 17:31:20 general|info|Shutting down: Received SIGTERM|
|Feb 01 17:31:20 general|info|Shutting down...|
|Feb 01 17:31:20 general|info|Shutdown status: Cleaning up|
|Feb 01 17:31:20 general|info|Shutdown complete|
|Feb 01 17:31:20 general|info|Hello and welcome to Prosody version 0.9.1|
|Feb 01 17:31:20 general|info|Prosody is using the select backend for connection handling|
|Feb 01 17:31:20 portmanager|info|Activated service 'component' on [127.0.0.1]:5347, [::1]:5347|
|Feb 01 17:31:20 portmanager|info|Activated service 's2s' on [::]:5269, [*]:5269|
|Feb 01 17:31:20 portmanager|info|Activated service 'c2s' on [::]:5222, [*]:5222|
|Feb 01 17:31:20 portmanager|info|Activated service 'legacy_ssl' on no ports|
|Feb 01 17:31:20 mod_posix|info|Prosody is about to detach from the console, disabling further console output|
|Feb 01 17:31:20 mod_posix|info|Successfully daemonized to PID 12782|
|Feb 01 17:31:20 portmanager|info|Activated service 'http' on [::]:5280, [*]:5280|
|Feb 01 17:31:20 portmanager|info|Activated service 'https' on [::]:5281, [*]:5281|
|Feb 01 17:31:22 c2s104e3d0|info|Client connected|
|Feb 01 17:31:22 c2s104e3d0|info|Client disconnected: ssl handshake failed|
|Feb 01 17:31:27 c2s106e0a0|info|Client connected|
|Feb 01 17:31:27 c2s106e0a0|info|Client disconnected: ssl handshake failed|
|Feb 01 17:31:30 jcp10745b0|info|Incoming Jabber component connection|
|Feb 01 17:31:30 focus.qqq.com:component|info|External component successfully authenticated|
|Feb 01 17:31:32 c2s1083b10|info|Client connected|
|Feb 01 17:31:32 c2s1083b10|info|Client disconnected: ssl handshake failed|
|Feb 01 17:31:37 c2s1090540|info|Client connected|
|Feb 01 17:31:37 c2s1090540|info|Client disconnected: ssl handshake failed|
|Feb 01 17:31:37 jcp109eef0|info|Incoming Jabber component connection|
|Feb 01 17:31:37 jitsi-videobridge.qqq.com:component|info|External component successfully authenticated|
|Feb 01 17:31:37 c2s10ad1e0|info|Client connected|=AM
|Feb 01 17:31:37 c2s10ad1e0|info|Client disconnected: ssl handshake failed|
|Feb 01 17:31:42 c2s10bcb10|info|Client connected|

TRY TO CONNECT:

|Feb 01 17:32:11 mod_bosh|info|New BOSH session, assigned it sid '51109c8c-432c-4a7e-87d7-67d05f6f3ddf'|
|Feb 01 17:32:11 bosh51109c8c-432c-4a7e-87d7-67d05f6f3ddf|info|Authenticated as 1c052162-b4dd-4f01-abec-4d2eec5e492c@qqq.com|
|Feb 01 17:32:12 c2s1184be0|info|Client connected|
|Feb 01 17:32:12 c2s1184be0|info|Client disconnected: ssl handshake failed|
|Feb 01 17:32:17 c2s1192780|info|Client connected|
|Feb 01 17:32:17 c2s1192780|info|Client disconnected: ssl handshake failed|
|Feb 01 17:32:22 c2s11293d0|info|Client connected|
|Feb 01 17:32:22 c2s11293d0|info|Client disconnected: ssl handshake failed|

#13

Still can’t get jitsi to work with non-standard settings. (

Below is my /var/log/prosody/prosody.log:

3-users video chat

1st user joins a room

Feb 04 13:16:44 c2s2530a10	info	Client disconnected: ssl handshake failed
Feb 04 13:16:46 mod_bosh	info	New BOSH session, assigned it sid 'a2b3c695-488e-451f-8194-f5f11e3cf58e'
Feb 04 13:16:46 bosha2b3c695-488e-451f-8194-f5f11e3cf58e	info	Authenticated as a65dad61-ccdb-44d8-8a28-da770b309cfd@qqq.com
Feb 04 13:16:49 c2s23d1870	info	Client connected
Feb 04 13:16:49 c2s23d1870	info	Client disconnected: ssl handshake failed
...

2nd user joins the room - video call is working (direct p2p connection)

Feb 04 13:17:27 mod_bosh	info	New BOSH session, assigned it sid '7d1d482d-6764-4ec4-b523-75a3df1b3f0f'
Feb 04 13:17:27 bosh7d1d482d-6764-4ec4-b523-75a3df1b3f0f	info	Authenticated as c3a83cdb-988a-4e55-962c-5ee40c65b76d@qqq.com
Feb 04 13:17:29 c2s20ec4f0	info	Client connected
Feb 04 13:17:29 c2s20ec4f0	info	Client disconnected: ssl handshake failed
...

3rd user joins the room - video stops working

Feb 04 13:17:56 mod_bosh	info	New BOSH session, assigned it sid 'bdcb23af-0bd2-4642-aa9f-70ed343a8d4b'
Feb 04 13:17:57 boshbdcb23af-0bd2-4642-aa9f-70ed343a8d4b	info	Authenticated as 019b67a0-8281-48ea-b7a9-6e6b778e5960@qqq.com
Feb 04 13:17:59 c2s267df00	info	Client connected
Feb 04 13:17:59 c2s267df00	info	Client disconnected: ssl handshake failed
Feb 04 13:18:04 c2s23f0550	info	Client connected

Start/Stop services

jitsi-videobridge

service jitsi-videobridge restart
Starting jitsi-videobridge: jvb started.

/var/log/prosody/prosody.log:

Feb 04 13:12:59 jitsi-videobridge.qqq.com:component	info	External component successfully authenticated
Feb 04 13:14:37 c2s2510120	info	Client connected
Feb 04 13:14:37 jcp2524b30	info	Incoming Jabber component connection
NO ERROR MESSAGES

jicofo
This component seems to be a problem.

service jicofo restart
Starting jicofo: jicofo started.

Feb 04 13:14:37 focus.qqq.com:component	info	External component successfully authenticated
Feb 04 13:14:38 c2s2510120	info	Client disconnected: ssl handshake failed
Feb 04 13:14:40 c2s252df20	info	Client connected
Feb 04 13:14:40 c2s252df20	info	Client disconnected: ssl handshake failed
Feb 04 13:14:42 c2s24a9780	info	Client connected

(((


#14

This one you need to find why it appears. This means that your client is not able to establish a bosh connection, it breaks on the webpart, no need to check jicofo or jvb as the client cannot communicate with the system at all.

What do you see when you open your bosh connection URL, should look like https://meet.jit.si/http-bind.


#15

Screenshot%20from%202019-02-04%2014%3A35%3A52


#16

Then open the netwrok tab in the developer tools, open the url https://qqq.com:5555 and do you see a failing requests, which one, with is the output of the serve …


#17


#18

Look at the tab with name ‘Network’, do you see some failing requests?


#19

It seems I’ve got “jicofo ssl handshake error” (

After installing the latest version on Ubuntu14.04 on a clean machine I get this
“ssl handshake” error on start jicofo.
I tried everithing: check prosody configuration, regenerate certificates, check jitsi configurations,
keytool import … nothing helps. (((

Command “service jicofo start” leads to error:

Feb 05 13:26:12 c2scb9580	info	Client connected
Feb 05 13:26:12 jcpe3ab90	info	Incoming Jabber component connection
Feb 05 13:26:12 focus.mydomain.com:component	info	External component successfully authenticated
Feb 05 13:26:13 c2scb9580	info	Client disconnected: ssl handshake failed
Feb 05 13:26:18 c2sc67bd0	info	Client connected
Feb 05 13:26:18 c2sc67bd0	info	Client disconnected: ssl handshake failed

It seems like a lot of users encountered this error:




I think this is a bug or a serious lack of documentation.

Could you try to install the latest jitsi-meet on clean Ubuntu14.04 and check this issue?


#20

I’m not able to install it on ubuntu 14.04 due to init-system-helpers (>= 1.18~) but 1.14ubuntu1 is to be installed.
But this issue is not something we will work on, as since 14.04 there are two LTS releases which are recommended.

You don’t give any information why jicofo does not connect, the first thing to check is its log file under /var/log/jitsi.

If your error is “javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe” then you can easily workaround this by enabling “org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED”. Jicofo authentication error

It is also known that if you are using sun jdk and not openjdk the certificate changes that the packages do are not respected.

If you have better ideas about the documentation you can always contribute changes to the existing one. Thank you.