Turn server Config in jitsi meet

exactly I don’t see USERNAME anywhere and also I don’t see the URL of the API to call

The URL will be in host I believe…

This is what I am looking for …how these credentials then fit into the format if it is not a good practice to expose credentials in config.js

as I am able to see Jun 11 21:52:14 portmanager info Activated service ‘c2s’ on [::]:5222, []:5222
Jun 11 21:52:14 portmanager info Activated service ‘legacy_ssl’ on no ports
Jun 11 21:52:14 portmanager info Activated service ‘s2s’ on [::]:5269, [
]:5269
Jun 11 21:52:14 mod_posix info Prosody is about to detach from the console, disabling further console output
Jun 11 21:52:14 mod_posix info Successfully daemonized to PID 5437
Jun 11 21:52:14 portmanager info Activated service ‘http’ on [::]:5280, []:5280
Jun 11 21:52:14 portmanager info Activated service ‘https’ on [::]:5281, [
]:5281
Jun 11 21:52:14 recorder.mydomain.com:turncredentials error turncredentials not configured
Jun 11 21:52:14 auth.mydomain.com:turncredentials error turncredentials not configured
Jun 11 21:52:14 portmanager info Activated service ‘component’ on [127.0.0.1]:5347, [::1]:5347
Jun 11 21:52:14 localhost:turncredentials error turncredentials not configured

turncredentials are now enabled…we just need to configure the mod_turncredentials. I will look into this and let you know soon @ckwsoft

This is XEP-0215 and there is no username just a shared secret between xmpp server and turn server.

Ok …we have just got the password…not any secret key …

–use-auth-secret between XMPP & TURN SERVER required to mention in mod_turncredentials @ckwsoft…you won’t be able to use USERNAME & PASSWORD here.

We have some documentation about turn in the jitsi-meet repo here that explains how it’s possible to not include a user/pass in the configuration.

Actually it’s ok if it expose the credentials if mentioned in config.js because I am using free ver. credentials. So doesn’t matter to me much.

Hello,

I have just done step by step the addition of the module “mod_turncredentials” i. e. :

1- I have copied the file “mod_turncredentials” in the folder “/usr/lib/prosody/modules/” and I have uncommented + modified the “turncredentials_secret” and the “turncredentials”.

2- I have activated “mod_turncredentials” in the file “/etc/prosody/prosody/prosody.cfg.lua”.

3- I restarted “prosody”.

but when I look at the “prosody status” I get it wrong and I don’t know how to fix it???

Thank you in advance for your help

Hello,

I have just done step by step the addition of the module “mod_turncredentials” i. e. :

1- I have copied the file “mod_turncredentials” in the folder “/usr/lib/prosody/modules/” and I have uncommented + modified the “turncredentials_secret” and the “turncredentials”.

2- I have activated “mod_turncredentials” in the file “/etc/prosody/prosody/prosody.cfg.lua”.

3- I restarted “prosody”.

but when I look at the “prosody status” I get it wrong and I don’t know how to fix it???

Thank you in advance for your help

Please be sure that you have used coturn server secret auth key and not the password you got alongwith username. Also verify the config and the host. It is recommended that you have valid dns and certificate for that domain. Check your config.

Hi rishabhchd19

thank you for your response.

I don’t have a coTurn server,

i use " Xirsys: WebRTC TURN Server Cloud Provider (https://xirsys.com/)"

this service provides me with an API credentials with (an identifier, a secret code and a channel).

You will find attached my files “mod_turncredentials.lua”, “prosody.cfg.lua”.

by looking at these files can you tell me where I made mistakes.

Thank you for your help.

mod_turncredentials.lua.txt (3.1 KB)

prosody.cfg.lua.txt (11.0 KB)

config seems ok to me. Have you tried host without “turn:”? Because it’s displaying turn credentials not configured…may be config not allowing to proceed further, credentials may be correct but not config. What your prosody logs says?

Also the lua file says : local secret = module:get_option_string(“turncredentials_secret”);
local ttl = module:get_option_number(“turncredentials_ttl”, 86400);
local hosts = module:get_option(“turncredentials”) or {};
if not (secret) then
module:log(“error”, “turncredentials not configured”)

if turncredentials_secret conflicts it throws an error. I have to investigate this matter as some specific auth key worked here.

I just tested “mod_credentials” without putting “turn:” in “host” but it doesn’t work too.

voici ce je vois dans “/var/log/prosody/prosody.log”:

Jun 14 14:24:37 general info Prosody is using the select backend for connection handling
Jun 14 14:24:37 portmanager info Activated service ‘s2s’ on [::]:5269, []:5269
Jun 14 14:24:37 portmanager info Activated service ‘component’ on [127.0.0.1]:5347, [::1]:5347
Jun 14 14:24:37 portmanager info Activated service ‘c2s’ on [::]:5222, [
]:5222
Jun 14 14:24:37 portmanager info Activated service ‘legacy_ssl’ on no ports
Jun 14 14:24:37 portmanager info Activated service ‘http’ on [::]:5280, :5280
Jun 14 14:24:37 certmanager error SSL/TLS: Failed to load ‘/etc/prosody/certs/localhost.key’: Check that the permissions allow Prosody to read this file. (for https port 5281)
Jun 14 14:24:37 portmanager error Error binding encrypted port for https: error loading private key (Permission denied)
Jun 14 14:24:37 certmanager error SSL/TLS: Failed to load ‘/etc/prosody/certs/localhost.key’: Previous error (see logs), or other system error. (for https port 5281)
Jun 14 14:24:37 portmanager error Error binding encrypted port for https: error loading private key (system lib)
Jun 14 14:24:37 portmanager info Activated service ‘https’ on no ports
Jun 14 14:24:37 mod_posix info Prosody is about to detach from the console, disabling further console output
Jun 14 14:24:37 mod_posix info Successfully daemonized to PID 19062
Jun 14 14:24:37 auth.@.@.@.@:turncredentials error turncredentials not configured
Jun 14 14:24:37 @.@.@.@:turncredentials error turncredentials not configured
Jun 14 14:24:41 jcp55a96abbb260 info Incoming Jabber component connection
Jun 14 14:24:41 focus.@.@.@.@:component info External component successfully authenticated
Jun 14 14:24:43 c2s55a96aac1b00 info Client connected
Jun 14 14:24:43 c2s55a96aac1b00 info Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
Jun 14 14:24:43 c2s55a96aac1b00 info Authenticated as focus@auth.@.@.@.@
Jun 14 14:24:43 jitsi-videobridge.@.@.@.@:component warn Component not connected, bouncing error for:
Jun 14 14:24:45 jcp55a96aba8c60 info Incoming Jabber component connection
Jun 14 14:24:45 jitsi-videobridge.@.@.@.@:component info External component successfully authenticated
Jun 14 14:28:58 mod_bosh info Client tried to use sid ‘de567c45-10ea-4825-8399-c705b06f86cc’ which we don’t know about
Jun 14 14:29:50 mod_posix info Received SIGHUP
Jun 14 14:29:50 general info Reloading configuration file
Jun 14 14:29:50 general info Re-opening log files

and in “/var/log/prosody/prosody.err”:

Jun 14 11:51:14 @.@.@.@:turncredentials error turncredentials not configured
Jun 14 12:18:01 certmanager error SSL/TLS: Failed to load ‘/etc/prosody/certs/localhost.key’: Check that the permissions allow Prosody to read this file. (for localhost)
Jun 14 12:18:01 localhost:tls error Error creating context for c2s: error loading private key (Permission denied)
Jun 14 12:18:01 certmanager error SSL/TLS: Failed to load ‘/etc/prosody/certs/localhost.key’: Previous error (see logs), or other system error. (for localhost)
Jun 14 12:18:01 localhost:tls error Error creating contexts for s2sout: error loading private key (system lib)
Jun 14 12:18:01 certmanager error SSL/TLS: Failed to load ‘/etc/prosody/certs/localhost.key’: Previous error (see logs), or other system error. (for localhost)
Jun 14 12:18:01 localhost:tls error Error creating contexts for s2sin: error loading private key (system lib)
Jun 14 12:33:01 certmanager error SSL/TLS: Failed to load ‘/etc/prosody/certs/localhost.key’: Check that the permissions allow Prosody to read this file. (for https port 5281)
Jun 14 12:33:01 portmanager error Error binding encrypted port for https: error loading private key (Permission denied)
Jun 14 12:33:01 certmanager error SSL/TLS: Failed to load ‘/etc/prosody/certs/localhost.key’: Previous error (see logs), or other system error. (for https port 5281)
Jun 14 12:33:01 portmanager error Error binding encrypted port for https: error loading private key (system lib)
Jun 14 12:33:01 auth.@.@.@.@:turncredentials error turncredentials not configured
Jun 14 12:33:01 @.@.@.@:turncredentials error turncredentials not configured
Jun 14 12:36:42 certmanager error SSL/TLS: Failed to load ‘/etc/prosody/certs/localhost.key’: Check that the permissions allow Prosody to read this file. (for https port 5281)
Jun 14 12:36:42 portmanager error Error binding encrypted port for https: error loading private key (Permission denied)
Jun 14 12:36:42 certmanager error SSL/TLS: Failed to load ‘/etc/prosody/certs/localhost.key’: Previous error (see logs), or other system error. (for https port 5281)
Jun 14 12:36:42 portmanager error Error binding encrypted port for https: error loading private key (system lib)
Jun 14 12:36:42 auth.@.@.@.@:turncredentials error turncredentials not configured
Jun 14 12:36:42 @.@.@.@:turncredentials error turncredentials not configured
Jun 14 14:24:37 certmanager error SSL/TLS: Failed to load ‘/etc/prosody/certs/localhost.key’: Check that the permissions allow Prosody to read this file. (for https port 5281)
Jun 14 14:24:37 portmanager error Error binding encrypted port for https: error loading private key (Permission denied)
Jun 14 14:24:37 certmanager error SSL/TLS: Failed to load ‘/etc/prosody/certs/localhost.key’: Previous error (see logs), or other system error. (for https port 5281)
Jun 14 14:24:37 portmanager error Error binding encrypted port for https: error loading private key (system lib)
Jun 14 14:24:37 auth.@.@.@.@:turncredentials error turncredentials not configured
Jun 14 14:24:37 @.@.@.@:turncredentials error turncredentials not configured

Any updates?

No, nothing new, I can’t fix this bug

@ckwsoft I’d install the mod_turncredentials.lua source file in /usr/lib/prosody/modules without any modifications (I’m genuinely curious where you got this idea from) and then add my TURN credentials in the main prosody configuration file.