Traefik and docker install

Thanks, that worked. I feel it should fail gracefully if such an error is encountered since it brings it into a non-working state. Interestingly, it won’t detect my microphone or webcam. At least now, I can try and roll this out to deployment after checking it works on localhost.

Has anyone got this working with load balancers? I tried plugging this into my current setup. I currently just get “Bad Gateway”. I can easily bring this up with TheLounge or Portainer but not Jitsi. I don’t see any obvious error messages in the logs:

Jitsi:

version: '3'


services:
    # Frontend
    web:
        image: quadeare/jitsi-web
        container_name: jitsi
        restart: unless-stopped
        security_opt: 
          - no-new-privileges:true
        networks:
          proxy:
              aliases:
                  - ${XMPP_DOMAIN}
        labels:
          - "traefik.enable=true"
          - "traefik.http.routers.jitsi.entrypoints=http"
          - "traefik.http.routers.jitsi.rule=Host(`jitsi.blah.com`)"
          - "traefik.http.middlewares.jitsi-https-redirect.redirectscheme.scheme=https"
          - "traefik.http.routers.jitsi.middlewares=jitsi-https-redirect"
          - "traefik.http.routers.jitsi-secure.entrypoints=https"
          - "traefik.http.routers.jitsi-secure.rule=Host(`jitsi.blah.com`)"
          - "traefik.http.routers.jitsi-secure.tls=true"
          - "traefik.http.routers.jitsi-secure.tls.certresolver=http"
          - "traefik.http.routers.jitsi-secure.service=jitsi"
          - "traefik.http.services.jitsi.loadbalancer.server.port=9000"
          - "traefik.docker.network=proxy"
        expose:
            - "80"
            - "443"
        volumes:
            - ./web:/config
            - ./transcripts:/usr/share/jitsi-meet/transcripts
        environment:
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - ENABLE_LETSENCRYPT
            - ENABLE_HTTP_REDIRECT
            - ENABLE_TRANSCRIPTIONS
            - DISABLE_HTTPS
            - JICOFO_AUTH_USER
            - LETSENCRYPT_DOMAIN
            - LETSENCRYPT_EMAIL
            - PUBLIC_URL
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_BOSH_URL_BASE
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_RECORDER_DOMAIN
            - ETHERPAD_URL_BASE
            - TZ
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - ENABLE_RECORDING

    # XMPP server
    prosody:
        image: quadeare/jitsi-prosody
        expose:
            - '5222'
            - '5347'
            - '5280'
        volumes:
            - ${CONFIG}/prosody:/config
        environment:
            - AUTH_TYPE
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - GLOBAL_MODULES
            - GLOBAL_CONFIG
            - LDAP_URL
            - LDAP_BASE
            - LDAP_BINDDN
            - LDAP_BINDPW
            - LDAP_FILTER
            - LDAP_AUTH_METHOD
            - LDAP_VERSION
            - LDAP_USE_TLS
            - LDAP_TLS_CIPHERS
            - LDAP_TLS_CHECK_PEER
            - LDAP_TLS_CACERT_FILE
            - LDAP_TLS_CACERT_DIR
            - LDAP_START_TLS
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MODULES
            - XMPP_MUC_MODULES
            - XMPP_INTERNAL_MUC_MODULES
            - XMPP_RECORDER_DOMAIN
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JIGASI_XMPP_USER
            - JIGASI_XMPP_PASSWORD
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - JWT_APP_ID
            - JWT_APP_SECRET
            - JWT_ACCEPTED_ISSUERS
            - JWT_ACCEPTED_AUDIENCES
            - JWT_ASAP_KEYSERVER
            - JWT_ALLOW_EMPTY
            - JWT_AUTH_TYPE
            - JWT_TOKEN_AUTH_MODULE
            - LOG_LEVEL
            - TZ
        networks:
            proxy:
                aliases:
                    - ${XMPP_SERVER}

    # Focus component
    jicofo:
        image: quadeare/jitsi-jicofo
        volumes:
            - ${CONFIG}/jicofo:/config
        environment:
            - ENABLE_AUTH
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JICOFO_RESERVATION_REST_BASE_URL
            - JVB_BREWERY_MUC
            - JIGASI_BREWERY_MUC
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - TZ
        depends_on:
            - prosody
        networks:
            proxy:

    # Video bridge
    jvb:
        image: quadeare/jitsi-jvb
        ports:
            - '${JVB_PORT}:${JVB_PORT}/udp'
        volumes:
            - ${CONFIG}/jvb:/config
        environment:
            - DOCKER_HOST_ADDRESS
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JVB_BREWERY_MUC
            - JVB_PORT
            - JVB_TCP_HARVESTER_DISABLED
            - JVB_TCP_PORT
            - JVB_STUN_SERVERS
            - JVB_ENABLE_APIS
            - TZ
        depends_on:
            - prosody
        networks:
            proxy:

# Custom network so all services can communicate using a FQDN
networks:
    proxy:
        external: true

Traefik:

version: '3'

services:
  traefik:
    env_file:
      - user.env
    image: traefik:v2.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`blah.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${USER}:${PASSWORD}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`blah.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

The line:
“traefik.http.services.jitsi.loadbalancer.server.port=9000”
should be:
“traefik.http.services.jitsi.loadbalancer.server.port=80”

You are telling Traefik which port from the container it should be connecting to. It appears you are doing SSL termination so you should be connecting to port 80 from the jitsi-web container as the nginx instance in that container is listening on port 80 for http requests.

Thanks, that worked and it’s now up and running.

There are several compose files posted here.
A bit confusing :wink:
Which one is a working version?
Is there a Github Repo with the working version?

I assume, this is not the latest working version here:

Thanks for all hints.

1 Like

Because of popular demand I post three files here:

instructions

  1. configure docker
    1. create the networks needed for traefik; here they are called meet.jitsi and ipv6nat. The latter only makes sense if you have ipv6 and want to use it. I run the meet.jitsi network without ipv6 support since I have to bypass traefik for the jvb udp port.
    2. disable docker’s userland proxy (ipv6nat needs that) by setting “userland-proxy”: false; in /etc/docker/daemon.json; restart docker after doing that
  2. create the directories for traefik
  3. create the directories for jitsi
  4. copy the attached files to the appropriate directories and rename them (strip the prefixes and the .txt suffixes I had to add to trick the upload filter) and rename env.txt to .env. Edit the files to suit your needs!
  5. cd to the directory where traefik’s docker-compose.yml lives and run docker-compose up -d
  6. cd to the directory where jitsi’s docker-compose.yml lives and run docker-compose up -d
    That should do it.

directory layout

After creating all directories you should have something like this:

traefik/
        basicauth/
        docker-compose.yml
        letsencrypt/
jitsi/
      config/
      docker-compose.yml
      .env

Hope that helps :smile:

4 Likes

Dear @jogi,
after the necessary adjustments I got the containers up but Jitsi is faulty. When I connect with chrome to my Jitsi URL the Jitsi session manager (selection of available sessions, creating new sessions) shows up.
When I connect to a meeting room then my webcam video stream comes up for a second followed ba an error window saying:
"Unfortunately, something went wrong. We’re trying to fix this. Reconnecting in …"

Is this related to the UDP connection passing by Jitsi?

Can you see anything from the docker config reported further below?

Thank you.

My adjustments, amendments and comments to your scripts:

I have not set any explicit JVB_UDP_PORT.

Creating missing config dirs:

mkdir -p ~/.jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb,jigasi,jibri}

I am not using ipv6 (at least I think I am not).
The file /etc/docker/daemon.json does not exist on my machine.

I renamed the network in the config files: ipv6uva -> stuff and created the networks:

docker network create meet.jitsi
docker network create stuff

My current docker setup

$ docker ps

CONTAINER ID        IMAGE                           COMMAND                  CREATED             STATUS                         PORTS                                      NAMES
689e03fe4410        quadeare/jitsi-jvb:stable       "/init"                  32 minutes ago      Restarting (1) 4 seconds ago                                              jitsi_jvb_1
5296783b0d41        quadeare/jitsi-jicofo:stable    "/init"                  32 minutes ago      Restarting (1) 4 seconds ago                                              jitsi_jicofo_1
fef3a27153c3        quadeare/jitsi-web:stable       "/init"                  32 minutes ago      Up 32 minutes                  80/tcp, 443/tcp                            jitsi_web_1
71a945c99958        quadeare/jitsi-prosody:stable   "/init"                  32 minutes ago      Up 32 minutes                  5222/tcp, 5269/tcp, 5280/tcp, 5347/tcp     jitsi_prosody_1
12e79e8eb21e        containous/whoami               "/whoami"                33 minutes ago      Up 33 minutes                  80/tcp                                     whoami
d54cb4fb29cf        traefik:v2.2                    "/entrypoint.sh --ap…"   33 minutes ago      Up 33 minutes                  0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   traefik

$ docker network ls

NETWORK ID          NAME                DRIVER              SCOPE
6d1645b0d990        bridge              bridge              local
447936f29d7f        host                host                local
2e26a44a5dbd        meet.jitsi          bridge              local
78c787af8782        none                null                local
5fc3419c1962        stuff               bridge              local

$ docker network inspect meet.jitsi

[
    {
        "Name": "meet.jitsi",
        "Id": "2e26a44a5dbd722d90d363ea36f4694d1b203743bb492ba57aa30ee4f596a324",
        "Created": "2020-04-19T11:19:03.206710461+02:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.23.0.0/16",
                    "Gateway": "172.23.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "71a945c99958779f76da863dda7726ffbf3c33128eb7a467a916b321a4938edf": {
                "Name": "jitsi_prosody_1",
                "EndpointID": "eb814493b1b80e76ced81f09498b1e323ed48280084b59e80f863ec36b4f5817",
                "MacAddress": "02:42:ac:17:00:04",
                "IPv4Address": "172.23.0.4/16",
                "IPv6Address": ""
            },
            "d54cb4fb29cf886acec167d0ff1187745d7f2033f1c74feabaf871ce6fcaf49d": {
                "Name": "traefik",
                "EndpointID": "3b57e2a471349315542a8f5a005ebec64f38d52a11b64fe9d11aa25632719fbc",
                "MacAddress": "02:42:ac:17:00:02",
                "IPv4Address": "172.23.0.2/16",
                "IPv6Address": ""
            },
            "fef3a27153c3c2e398ba1beca502f0ae0f019c9b3935c2e207a4e37f6f42e062": {
                "Name": "jitsi_web_1",
                "EndpointID": "bc3b309647aca2bc9134455e654cb51f28c09a85e5b77900c3d1cc845953ae3c",
                "MacAddress": "02:42:ac:17:00:03",
                "IPv4Address": "172.23.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

$ docker inspect jitsi_jvb_1

[
    {
        "Id": "689e03fe4410db82ef378c8a125275af439602bfee340895f18678066c135818",
        "Created": "2020-04-19T09:53:25.638986581Z",
        "Path": "/init",
        "Args": [],
        "State": {
            "Status": "restarting",
            "Running": true,
            "Paused": false,
            "Restarting": true,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 0,
            "ExitCode": 1,
            "Error": "",
            "StartedAt": "2020-04-19T10:32:31.910122856Z",
            "FinishedAt": "2020-04-19T10:32:35.55189294Z"
        },
        "Image": "sha256:5c983e7944e36135dc6f68fea1f632bd1abe0be431e2ac0ca47f5611c40c1a52",
        "ResolvConfPath": "/var/lib/docker/containers/689e03fe4410db82ef378c8a125275af439602bfee340895f18678066c135818/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/689e03fe4410db82ef378c8a125275af439602bfee340895f18678066c135818/hostname",
        "HostsPath": "/var/lib/docker/containers/689e03fe4410db82ef378c8a125275af439602bfee340895f18678066c135818/hosts",
        "LogPath": "/var/lib/docker/containers/689e03fe4410db82ef378c8a125275af439602bfee340895f18678066c135818/689e03fe4410db82ef378c8a125275af439602bfee340895f18678066c135818-json.log",
        "Name": "/jitsi_jvb_1",
        "RestartCount": 45,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "docker-default",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "/home/docker/.jitsi-meet-cfg/jvb:/config:rw"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "meet.jitsi",
            "PortBindings": {
                "10000/udp": [
                    {
                        "HostIp": "",
                        "HostPort": "10000"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "unless-stopped",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": [],
            "CapAdd": null,
            "CapDrop": null,
            "Capabilities": null,
            "Dns": null,
            "DnsOptions": null,
            "DnsSearch": null,
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "shareable",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": null,
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/11a58e0003256860076e22f56accd46a69f500be959b386074d973fe5781d531-init/diff:/var/lib/docker/overlay2/caa3cc6f932fc09a06aa00dc95368671989bf6df8d938cdf0b3679e9bed8104a/diff:/var/lib/docker/overlay2/ce749e1a2f9b20dfedd69143646d47dc480236192f5894ccd1d010a6b3b33f56/diff:/var/lib/docker/overlay2/919020ddb1b3255c85a99bbb0c8cec5b61a8bd672e074cca853154a039d439a9/diff:/var/lib/docker/overlay2/2783071874fa30e565543f179458eb701b240381a643c81d6ddd109f682818a2/diff:/var/lib/docker/overlay2/cef8305af061eb9a07aa3b00c78b6c41f1b25520010934a3ad535ea59df05aa8/diff:/var/lib/docker/overlay2/4f1b7ff2d236ca9041c38a7532dbc9cea8a8b5d055ed103401d4a329abfd8461/diff:/var/lib/docker/overlay2/7ab308b290979bcb225269f75623bc3ab7325b4dfe213783dcb6f1796b18e833/diff:/var/lib/docker/overlay2/1d68c3445a1e14bcb95011141796d9126b13c4e82537ea46f4e6c01ea5c4f605/diff:/var/lib/docker/overlay2/662a9101a71190a743998b25c1934c0794b92884ce4019247f3a3b41c48fa3e2/diff",
                "MergedDir": "/var/lib/docker/overlay2/11a58e0003256860076e22f56accd46a69f500be959b386074d973fe5781d531/merged",
                "UpperDir": "/var/lib/docker/overlay2/11a58e0003256860076e22f56accd46a69f500be959b386074d973fe5781d531/diff",
                "WorkDir": "/var/lib/docker/overlay2/11a58e0003256860076e22f56accd46a69f500be959b386074d973fe5781d531/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [
            {
                "Type": "bind",
                "Source": "/home/docker/.jitsi-meet-cfg/jvb",
                "Destination": "/config",
                "Mode": "rw",
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
        "Config": {
            "Hostname": "689e03fe4410",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "10000/udp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "DOCKER_HOST_ADDRESS=PUBLIC_IPV4_ADDRESS",
                "XMPP_AUTH_DOMAIN=auth.meet.jitsi",
                "XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi",
                "XMPP_SERVER=xmpp.meet.jitsi",
                "JVB_AUTH_USER=jvb",
                "JVB_AUTH_PASSWORD=",
                "JVB_BREWERY_MUC=jvbbrewery",
                "JVB_PORT=10000",
                "JVB_TCP_HARVESTER_DISABLED=true",
                "JVB_TCP_PORT=4443",
                "JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443",
                "JVB_ENABLE_APIS",
                "TZ=Europe/Vienna",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "S6_BEHAVIOUR_IF_STAGE2_FAILS=2"
            ],
            "Cmd": null,
            "Image": "quadeare/jitsi-jvb:stable",
            "Volumes": {
                "/config": {}
            },
            "WorkingDir": "",
            "Entrypoint": [
                "/init"
            ],
            "OnBuild": null,
            "Labels": {
                "com.docker.compose.config-hash": "4dc11070d8833db2585d9a63a86a64755a37eafa8ac3547ae0a2454c40ae12ab",
                "com.docker.compose.container-number": "1",
                "com.docker.compose.oneoff": "False",
                "com.docker.compose.project": "jitsi",
                "com.docker.compose.project.config_files": "docker-compose.yml",
                "com.docker.compose.project.working_dir": "/home/docker/Install/Jogi/jitsi",
                "com.docker.compose.service": "jvb",
                "com.docker.compose.version": "1.25.5"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "094dd20c4833335c183f53bcf4d0c8a2cc048dfc63690a11534bdef8f43853dc",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/094dd20c4833",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "meet.jitsi": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "689e03fe4410",
                        "jvb"
                    ],
                    "NetworkID": "2e26a44a5dbd722d90d363ea36f4694d1b203743bb492ba57aa30ee4f596a324",
                    "EndpointID": "",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "",
                    "DriverOpts": null
                }
            }
        }
    }
]

@Rolllo - I’m also facing this same problem with previously working deployments using the latest stable release.

It used to work with the exact deployment files I pasted earlier, except with the load balancer port fix which was suggested to me. I try copying these scripts over to a new deployment and the latest containers fail for me.

I checked the logs and I’m seeing a lot of these:

jicofo_1   | Jicofo 2020-04-19 16:38:14.472 SEVERE: [28] org.jitsi.jicofo.health.Health.log() No MUC service found on XMPP domain or Jicofo has not finished initial components discovery yet
jicofo_1   | Jicofo 2020-04-19 16:38:14.472 SEVERE: [28] org.jitsi.jicofo.health.Health.log() Health check failed in PT0.001S:
jvb_1      | SEVERE: org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
jvb_1      | org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
jvb_1      | 	at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:292)
jvb_1      | 	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1100)
jvb_1      | 	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
jvb_1      | 	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
jvb_1      | 	at java.lang.Thread.run(Thread.java:748)

Is this what you’re seeing too?

Interestingly, I’ve found my deployment works on Digital Ocean but not on Scaleway! I’m wondering if we have some difference in the firewall settings.

EDIT: CONFIRMED. Edited my firewall and it works.

@finn This could also be the solution to my problem! Would you be willing to share your firewall settings? Thank you!
Best
Rolf

At the moment I’ve opened everything and I’m about to start closing things down :slight_smile:

Hello Rolllo,

Traefik docker compose worked fine, can’t see to get jitsi up and working.

system: Linode one-click docker debian 9.

this is what I’m getting back from my terminal

ERROR: Named volume "PATH_TO_CONFIG_DIRECTORY/web:/config:rw" is used in service "web" but no declaration was found in the volumes section.

can you steer me in the right direction?

Hi @Michelb855

in the Jitsi config file .env you simply have to initialize the variable CONFIG with the right config directory root. In my case it is:

# Directory where all configuration will be stored.
#CONFIG=PATH_TO_CONFIG_DIRECTORY
CONFIG=~/.jitsi-meet-cfg

You have to create the config directories first, e.g.

mkdir -p ~/.jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb,jigasi,jibri}

In my case the user home directory would be /home/docker

After the execution of mkdir -p ... and executing the docker-compose for Jitsi the following directory tree is created:

$ sudo tree /home/docker/.jitsi-meet-cfg/
/home/docker/.jitsi-meet-cfg/
├── jibri
├── jicofo
├── jigasi
├── jvb
├── prosody
│   ├── certs
│   │   ├── auth.meet.jitsi.crt
│   │   ├── auth.meet.jitsi.key
│   │   ├── meet.jitsi.crt
│   │   └── meet.jitsi.key
│   ├── conf.d
│   │   └── jitsi-meet.cfg.lua
│   ├── data
│   │   └── prosody.pid
│   ├── prosody.cfg.lua
│   └── saslauthd.conf
├── transcripts
└── web
    ├── config.js
    ├── interface_config.js
    ├── keys
    ├── letsencrypt
    └── nginx
        ├── meet.conf
        ├── nginx.conf
        ├── site-confs
        │   └── default
        └── ssl.conf

When you reconfigure Jitsi it is recommended to delete the dir tree first and create it again. Otherwise it might happen that new config settings are not written into the config files.

Dear @jogi , @finn , @Michelb855

:smiley: I got it up and running! It was my configuration fault. It was not a routing problem!

:warning: All relevant _PASSWORD variables in .env have to be initialized. None must be blank!

These are at least JVB_AUTH_PASSWORD and JICOFO_AUTH_PASSWORD.

There are more passwords to be set if you want to activate additional components, e.g. JIGASI_XMPP_PASSWORD, JIBRI_RECORDER_PASSWORD, JIBRI_XMPP_PASSWORD and JIGASI_SIP_PASSWORD.

I recognized the problem when I executed docker ps repeatedly.
The containers of jvb and jicofo were respawned every few seconds, which could be seen from the STATUS field of the docker ps command output.

To create a log file I ran docker-compose without the -d option (detach, daemon) so that it stood attached to the terminal. I split the output so that I could read the messages on the terminal and write them to a file simultaneously for later analysis:

$ docker-compose up | tee my.log`

In the log file the authentication failures because of missing passwords became obvious.

A trivial and kind of embarrassing summary for myself:
:warning: Read the config file .env very dilligently and apply all necessary modifications!

I would like to thank all of you very much!

1 Like

thanks for the reply, i got it up and running.

Heh, that password problem also tripped me up initially. If you read their official repo, the instructions come with a gen_password.sh script.

If I have time, I would like to have a poke around the containers. The deployment could definitely be improved.

Very valuable insights. Will save a lot of heads :stuck_out_tongue_winking_eye:
Was this also reported to containous?
Haven’t seen any issues on GitHub or threads in their forum about UDP not working in Traefik 2.2

Edit: This is currently the only open issue for Traefik 2.2 labeled with area/udp on GitHub.
But i have no clue if this is the problem?

1 Like

Actually it works with UDP.
I’m not quite sure what mattvoss missed though.

What I did to get it working:

  1. define an entrypoint for UDP in traefik.toml
  2. put some labels on the jvb service
  3. set the Docker Host IP for JVB in .env

Snippet traefik.toml:

    [entryPoints.jitsi-video-bridge]
      address = ":10000/udp"

Snippet docker-compose.yml:

    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik_network"
      - "traefik.udp.routers.jitsi-vb.service=jitsi-vb"
      - "traefik.udp.routers.jitsi-vb.entrypoints=jitsi-video-bridge"
      - "traefik.udp.services.jitsi-vb.loadbalancer.server.port=10000"

Snippet .env:

DOCKER_HOST_ADDRESS=987.654.321.098

Thats all I did.
Traefik is now routing the UDP-traffic for JVB, handles the TLS-Termination for Web and ensures everyone get on the correct service.

Oh, and yes. Remove the ports from the docker-compose.yml as everything facing the outside world is handled by Traefik.

1 Like

Also read the documentaion careful as it states right there:

Security note

This setup used to have default passwords for internal accounts used across components. In order to make the default setup secure by default these have been removed and the respective containers won’t start without having a password set.

It also states to use the gen-password.sh for that task and how to.

Side note: I edited the gen-password.sh to generate password strings longer than 16 characters (128 to be precise). Because why not. And it feels stronger and thus safer.

Thanks @Mephman for sharing this information.
I haven’t tried the Traefik 2.2 setup yet, because i was discouraged by the experience from @mattvoss