Unable to create conference: "l._allocateConferenceFocusError" after l.CreateConferenceIq returns a null sessionId

I’m running a Jitsi instance but can’t get anonymous or JWT authorized users to start a conference. When I get to the URL, I get into an error loop when the session attempts to join the room. There are no other users connected to Jitsi at the time.

I’ve been working on this for days. Any help would be appreciated. And if I forgot something, I’ll be happy to provide it.

Also, the example configuration for the scalable solution is gone.

Here are snippets from the browser’s console log:

Logger.js:154 2021-12-01T21:21:02.822Z [modules/xmpp/strophe.ping.js] <d.startInterval>:  XMPP pings will be sent every 10000 ms
Logger.js:154 2021-12-01T21:21:02.822Z [modules/xmpp/xmpp.js] <P.connectionHandler>:  (TIME) Strophe connected:	 3127.7000000011176
Logger.js:154 2021-12-01T21:21:02.823Z [modules/xmpp/xmpp.js] <P.connectionHandler>:  My Jabber ID: 7a58059e-468a-42c5-81bb-77f96b7ce76c@meet.mydomain.com/S7KJ0ZwQ
Logger.js:154 2021-12-01T21:21:02.831Z [modules/xmpp/xmpp.js] <P.createRoom>:  JID 7a58059e-468a-42c5-81bb-77f96b7ce76c@meet.mydomain.com/S7KJ0ZwQ using MUC nickname 7a58059e
Logger.js:154 2021-12-01T21:21:02.832Z [modules/xmpp/ChatRoom.js] <new b>:  Joined MUC as foldingincomesdanceexpectantly@conference.meet.mydomain.com/7a58059e
Logger.js:154 2021-12-01T21:21:02.833Z [modules/e2eping/e2eping.js] <new u>:  Initializing e2e ping; pingInterval=10000, analyticsInterval=60000.
Logger.js:154 2021-12-01T21:21:02.834Z [modules/connectivity/ParticipantConnectionStatus.js] <new g>:  RtcMuteTimeout set to: 10000
Logger.js:154 2021-12-01T21:21:02.835Z [modules/statistics/AvgRTPStatsReporter.js] <new g>:  Avg RTP stats will be calculated every 15 samples
Logger.js:154 2021-12-01T21:21:02.836Z [JitsiConference.js] <new ue>:  backToP2PDelay: 5
Logger.js:154 2021-12-01T21:21:02.836Z [JitsiConference.js] <new ue>:  End-to-End Encryption is supported
Logger.js:154 2021-12-01T21:21:02.839Z [JitsiConference.js] <ue._doReplaceTrack>:  _doReplaceTrack - no JVB JingleSession
Logger.js:154 2021-12-01T21:21:02.840Z [JitsiConference.js] <ue._doReplaceTrack>:  _doReplaceTrack - no P2P JingleSession
Logger.js:154 2021-12-01T21:21:02.842Z [JitsiConference.js] <ue._doReplaceTrack>:  _doReplaceTrack - no JVB JingleSession
Logger.js:154 2021-12-01T21:21:02.843Z [JitsiConference.js] <ue._doReplaceTrack>:  _doReplaceTrack - no P2P JingleSession
Logger.js:154 2021-12-01T21:21:02.872Z [modules/xmpp/moderator.js] <l.setFocusUserJid>:  Focus jid set to:  undefined
Logger.js:154 2021-12-01T21:21:02.873Z [modules/xmpp/moderator.js] <l.createConferenceIq>:  Session ID: null machine UID: 77c6effc35f63a175479502c8961e7d1
Logger.js:154 2021-12-01T21:21:02.883Z [features/base/tracks] Replace audio track - unmuted
Logger.js:154 2021-12-01T21:21:02.885Z [features/base/tracks] Replace video track - unmuted
Logger.js:154 2021-12-01T21:21:02.914Z [conference.js] Initialized with 2 local tracks

Here is the error that continously loops:

Logger.js:154 2021-12-01T21:21:03.169Z [modules/UI/videolayout/LargeVideoManager.js] hover in local
Logger.js:154 2021-12-01T21:21:04.058Z [modules/xmpp/moderator.js] <l.setFocusUserJid>:  Focus jid set to:  undefined
Logger.js:154 2021-12-01T21:21:04.058Z [modules/xmpp/moderator.js] <l.createConferenceIq>:  Session ID: null machine UID: 77c6effc35f63a175479502c8961e7d1
Logger.js:154 
        
       2021-12-01T21:21:04.111Z [JitsiMeetJS.js] <Object.getGlobalOnErrorHandler>:  UnhandledError: Focus error, retry after 2000 Script: null Line: null Column: null StackTrace:  Error: Focus error, retry after 2000
    at l._allocateConferenceFocusError (https://meet.mydomain.com/libs/lib-jitsi-meet.min.js?v=5415:10:180462)
    at https://meet.mydomain.com/libs/lib-jitsi-meet.min.js?v=5415:10:179513
    at w.Handler.handler (https://meet.mydomain.com/libs/lib-jitsi-meet.min.js?v=5415:1:32531)
    at w.Handler.run (https://meet.mydomain.com/libs/lib-jitsi-meet.min.js?v=5415:1:27830)
    at https://meet.mydomain.com/libs/lib-jitsi-meet.min.js?v=5415:1:36268
    at Object.forEachChild (https://meet.mydomain.com/libs/lib-jitsi-meet.min.js?v=5415:1:19492)
    at w.Connection._dataRecv (https://meet.mydomain.com/libs/lib-jitsi-meet.min.js?v=5415:1:36117)
    at O.Bosh._onRequestStateChange (https://meet.mydomain.com/libs/lib-jitsi-meet.min.js?v=5415:1:56102)

There does not appear to be any errors in jicofo or prosody when they startup. And I can see the client connecting and then disconnecting over BOSH.

Jicofo start:

Jicofo 2021-12-01 21:32:28.345 INFO: [1] Main.main#49: Starting Jicofo.
Jicofo 2021-12-01 21:32:28.527 INFO: [1] JitsiConfig.<clinit>#47: Initialized newConfig: merge of /etc/jitsi/jicofo/jicofo.conf: 1,system properties,reference.conf @ jar:file:/usr/share/jicofo/jicofo.jar!/reference.conf: 1
Jicofo 2021-12-01 21:32:28.528 INFO: [1] ReadOnlyConfigurationService.reloadConfiguration#51: loading config file at path /etc/jitsi/jicofo/sip-communicator.properties
Jicofo 2021-12-01 21:32:28.529 INFO: [1] ReadOnlyConfigurationService.reloadConfiguration#56: Error loading config file: java.io.FileNotFoundException: /etc/jitsi/jicofo/sip-communicator.properties (No such file or directory)
Jicofo 2021-12-01 21:32:28.530 INFO: [1] JitsiConfig.<clinit>#68: Initialized legacyConfig: sip communicator props (no description provided)
Jicofo 2021-12-01 21:32:28.531 INFO: [1] JitsiConfig$Companion.reloadNewConfig#94: Reloading the Typesafe config source (previously reloaded 0 times).
Jicofo 2021-12-01 21:32:28.953 WARNING: [1] FocusManager.start#115: Jicofo ID is not set correctly set (value=0). Configure a valid value [1-65535] by setting org.jitsi.jicofo.SHORT_ID in sip-communicator.properties or jicofo.octo.id in jicofo.conf. Future versions will require this for Octo.
Jicofo 2021-12-01 21:32:28.973 INFO: [1] JicofoServices.createAuthenticationAuthority#181: Starting authentication service with config=AuthConfig[enabled=true, type=JWT, loginUrl=meet.mydomain.com, logoutUrl=null, authenticationLifetime=PT24H, enableAutoLogin=true].
Jicofo 2021-12-01 21:32:28.979 INFO: [1] AbstractAuthAuthority.<init>#109: Auto login disabled
Jicofo 2021-12-01 21:32:28.979 INFO: [1] AbstractAuthAuthority.<init>#112: Authentication lifetime: PT1M
Jicofo 2021-12-01 21:32:29.166 INFO: [1] XmppServices.<init>#50: No dedicated Service XMPP connection configured, re-using the client XMPP connection.
Jicofo 2021-12-01 21:32:29.170 INFO: [1] XmppServices.<init>#65: No Jigasi detector configured.
Jicofo 2021-12-01 21:32:29.183 INFO: [1] BridgeSelector.<init>#86: Using org.jitsi.jicofo.bridge.SingleBridgeSelectionStrategy
Jicofo 2021-12-01 21:32:29.188 INFO: [1] [type=bridge brewery=jvbbrewery] BaseBrewery.<init>#100: Initialized with JID=jvbbrewery@internal.auth.prosody.jitsi.internal
Jicofo 2021-12-01 21:32:29.191 INFO: [1] JicofoServices.<init>#124: No Jibri detector configured.
Jicofo 2021-12-01 21:32:29.191 INFO: [1] JicofoServices.<init>#130: No SIP Jibri detector configured.
Jicofo 2021-12-01 21:32:29.198 INFO: [1] JicofoServices.<init>#145: Starting HTTP server with config: host=null, port=8888, tlsPort=8843, isTls=false, keyStorePath=null, sendServerVersion=true.
Jicofo 2021-12-01 21:32:29.271 INFO: [1] org.eclipse.jetty.util.log.Log.initialized: Logging initialized @1081ms to org.eclipse.jetty.util.log.Slf4jLog
Jicofo 2021-12-01 21:32:29.350 INFO: [1] org.eclipse.jetty.server.Server.doStart: jetty-9.4.41.v20210516; built: 2021-05-16T23:56:28.993Z; git: 98607f93c7833e7dc59489b13f3cb0a114fb9f4c; jvm 16.0.1+9-Ubuntu-120.04
Jicofo 2021-12-01 21:32:29.396 INFO: [19] [xmpp_connection=client] XmppProviderImpl.doConnect#206: Connected, JID= null
Jicofo 2021-12-01 21:32:29.482 INFO: [19] AvModerationHandler.registrationChanged#120: Discovered av_moderation component at avmoderation.meet.mydomain.com.
Jicofo 2021-12-01 21:32:29.516 INFO: [33] [type=bridge brewery=jvbbrewery] BaseBrewery.addInstance#358: Added brewery instance: jvbbrewery@internal.auth.prosody.jitsi.internal/ip-10-1-0-187
Jicofo 2021-12-01 21:32:29.523 INFO: [33] BridgeSelector.addJvbAddress#125: Added new videobridge: Bridge[jid=jvbbrewery@internal.auth.prosody.jitsi.internal/ip-10-1-0-187, relayId=null, region=null, stress=0.00]
Jicofo 2021-12-01 21:32:29.524 INFO: [33] JvbDoctor.addBridge#140: Scheduled health-check task for: jvbbrewery@internal.auth.prosody.jitsi.internal/ip-10-1-0-187
Jicofo 2021-12-01 21:32:29.561 INFO: [19] [type=bridge brewery=jvbbrewery] BaseBrewery.start#171: Joined the room.
Jicofo 2021-12-01 21:32:29.562 INFO: [19] [xmpp_connection=client] XmppProviderImpl.fireRegistrationStateChanged#331: Set replyTimeout=PT15S
Jicofo 2021-12-01 21:32:29.702 WARNING: [1] org.glassfish.jersey.server.wadl.WadlFeature.configure: JAXBContext implementation could not be found. WADL feature is disabled.
Jicofo 2021-12-01 21:32:29.782 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime: A provider org.jitsi.rest.Version registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.rest.Version will be ignored. 
Jicofo 2021-12-01 21:32:29.965 INFO: [1] org.eclipse.jetty.server.handler.ContextHandler.doStart: Started o.e.j.s.ServletContextHandler@65cf4d6d{/,null,AVAILABLE}
Jicofo 2021-12-01 21:32:29.973 INFO: [1] org.eclipse.jetty.server.AbstractConnector.doStart: Started ServerConnector@4a6c18ad{HTTP/1.1, (http/1.1)}{0.0.0.0:8888}
Jicofo 2021-12-01 21:32:29.973 INFO: [1] org.eclipse.jetty.server.Server.doStart: Started @1785ms

And here are my prosody logs from startup:

Dec 01 21:32:22 startup	info	Hello and welcome to Prosody version 0.11.4
Dec 01 21:32:22 startup	info	Prosody is using the epoll backend for connection handling
Dec 01 21:32:22 portmanager	info	Activated service 's2s' on [*]:5269, [::]:5269
Dec 01 21:32:22 mod_posix	info	Prosody is about to detach from the console, disabling further console output
Dec 01 21:32:22 mod_posix	error	Failed to daemonize: already-daemonized
Dec 01 21:32:22 mod_limits	error	Unable to parse burst for s2sin: "nil", using default burst interval (2s)
Dec 01 21:32:22 mod_limits	error	Unable to parse burst for c2s: "nil", using default burst interval (2s)
Dec 01 21:32:22 portmanager	info	Activated service 'c2s' on [*]:5222, [::]:5222
Dec 01 21:32:22 portmanager	info	Activated service 'legacy_ssl' on no ports
Dec 01 21:32:22 portmanager	info	Activated service 'http' on [*]:5280, [::]:5280
Dec 01 21:32:22 portmanager	error	Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Dec 01 21:32:22 portmanager	error	Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Dec 01 21:32:22 portmanager	info	Activated service 'https' on no ports
Dec 01 21:32:22 general	info	Starting conference duration timer for conference.meet.mydomain.com
Dec 01 21:32:22 conferenceduration.meet.mydomain.com:conference_duration_component	info	No muc component found, will listen for it: conference.meet.mydomain.com
Dec 01 21:32:22 general	info	Starting speakerstats for conference.meet.mydomain.com
Dec 01 21:32:22 speakerstats.meet.mydomain.com:speakerstats_component	info	No muc component found, will listen for it: conference.meet.mydomain.com
Dec 01 21:32:22 meet.mydomain.com:muc_lobby_rooms	info	Lobby component loaded lobby.meet.mydomain.com
Dec 01 21:32:22 avmoderation.meet.mydomain.com:av_moderation_component	info	Starting av_moderation for conference.meet.mydomain.com
Dec 01 21:32:22 avmoderation.meet.mydomain.com:av_moderation_component	info	No muc component found, will listen for it: conference.meet.mydomain.com
Dec 01 21:32:22 speakerstats.meet.mydomain.com:speakerstats_component	info	Hook to muc events on conference.meet.mydomain.com
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host lobby.meet.mydomain.com!
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host auth.meet.mydomain.com!
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host recorder.meet.mydomain.com!
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host internal.auth.prosody.jitsi.internal!
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host meet.mydomain.com!
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host avmoderation.meet.mydomain.com!
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host auth.prosody.jitsi.internal!
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host conference.meet.mydomain.com!
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host focus.meet.mydomain.com!
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host conferenceduration.meet.mydomain.com!
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host speakerstats.meet.mydomain.com!
Dec 01 21:32:22 avmoderation.meet.mydomain.com:av_moderation_component	info	Hook to muc events on conference.meet.mydomain.com
Dec 01 21:32:22 conferenceduration.meet.mydomain.com:conference_duration_component	info	Hook to muc events on conference.meet.mydomain.com
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host guest.meet.mydomain.com!
Dec 01 21:32:22 portmanager	info	Activated service 'component' on [127.0.0.1]:5347, [::1]:5347
Dec 01 21:32:22 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host jitsi-videobridge.prosody.jitsi.internal!

jicofo/config

# Jitsi Conference Focus settings
# sets the host name of the XMPP server
JICOFO_HOST=localhost

# sets the XMPP domain (default: none)
JICOFO_HOSTNAME=meet.mydomain.com

# sets the XMPP domain name to use for XMPP user logins
JICOFO_AUTH_DOMAIN=auth.meet.mydomain.com

# sets the username to use for XMPP user logins
JICOFO_AUTH_USER=focus

# sets the password to use for XMPP user logins
JICOFO_AUTH_PASSWORD=YE1nOH4LY56aYWuH

# extra options to pass to the jicofo daemon
JICOFO_OPTS=""

# adds java system props that are passed to jicofo (default are for home and logging config file)
JAVA_SYS_PROPS="-Dconfig.file=/etc/jitsi/jicofo/jicofo.conf -Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/jitsi/jicofo/logging.properties"

jicofo/jicofo.conf

# Jicofo HOCON configuration. See /usr/share/jicofo/jicofo.jar/reference.conf for
#available options, syntax, and default values.
jicofo {
  authentication: {
    enabled: true
    type: JWT
    login-url: meet.mydomain.com
  }
  xmpp: {
    client: {
      client-proxy: focus.meet.mydomain.com
    }
    trusted-domains: [ "recorder.meet.mydomain.com" ]
  }
  bridge: {
    brewery-jid: "JvbBrewery@internal.auth.prosody.jitsi.internal"
  }
}

prosody.cfg.lua

-- Prosody XMPP Server Configuration

---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts

admins = { "focus@auth.meet.mydomain.com", "focusUser@auth.meet.mydomain.com", "jvb@auth.meet.mydomain.com" }

network_backend = "epoll"

-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
modules_enabled = {

	-- Generally required
		"roster"; -- Allow users to have a roster. Recommended ;)
		"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
		"tls"; -- Add support for secure TLS on c2s/s2s connections
		"dialback"; -- s2s dialback support
		"disco"; -- Service discovery

	-- Not essential, but recommended
		"carbons"; -- Keep multiple clients in sync
		"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
		"private"; -- Private XML storage (for room bookmarks, etc.)
		"blocklist"; -- Allow users to block communications with other users
		"vcard4"; -- User profiles (stored in PEP)
		"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
		"limits"; -- Enable bandwidth limiting for XMPP connections

	-- Nice to have
		"version"; -- Replies to server version requests
		"uptime"; -- Report how long server has been running
		"time"; -- Let others know the time here on this server
		"ping"; -- Replies to XMPP pings with pongs
		--"register"; -- Allow users to register on this server using a client and change passwords
		--"mam"; -- Store messages in an archive and allow users to access it
		--"csi_simple"; -- Simple Mobile optimizations

	-- Admin interfaces
		"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
		--"admin_telnet"; -- Opens telnet console interface on localhost port 5582

	-- HTTP modules
		"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
		"websocket"; -- XMPP over WebSockets
		--"http_files"; -- Serve static files from a directory over HTTP

	-- Other specific functionality
		--"groups"; -- Shared roster support
		--"server_contact_info"; -- Publish contact information for this service
		--"announce"; -- Send announcement to all online users
		--"welcome"; -- Welcome users who register accounts
		--"watchregistrations"; -- Alert admins of registrations
		--"motd"; -- Send a message to users when they log in
		--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
		--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
}

-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
	"offline"; -- Store offline messages
	-- "c2s"; -- Handle client connections
	-- "s2s"; -- Handle server-to-server connections
	-- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
}

-- Disable account creation by default, for security
-- For more information see https://prosody.im/doc/creating_accounts
allow_registration = false

-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
ssl = {
    key = "/etc/prosody/certs/meet.mydomain.com.key";
    certificate = "/etc/prosody/certs/meet.mydomain.com.crt";
}

-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.

c2s_require_encryption = true

-- Force servers to use encrypted connections? This option will
-- prevent servers from authenticating unless they are using encryption.

s2s_require_encryption = true

-- Force certificate authentication for server-to-server connections?

s2s_secure_auth = false

-- Some servers have invalid or self-signed certificates. You can list
-- remote domains here that will not be required to authenticate using
-- certificates. They will be authenticated using DNS instead, even
-- when s2s_secure_auth is enabled.

s2s_insecure_domains = { "jitsi.internal" }

-- Even if you disable s2s_secure_auth, you can still require valid
-- certificates for some domains by specifying a list here.

--s2s_secure_domains = { "jabber.org" }

-- Enable rate limits for incoming client and server connections

limits = {
  c2s = {
    rate = "10kb/s";
  };
  s2sin = {
    rate = "30kb/s";
  };
}



-- Required for init scripts and prosodyctl
pidfile = "/var/run/prosody/prosody.pid"

-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.

-- authentication = "internal_hashed"
authentication = "anonymous"

archive_expires_after = "1w" -- Remove archived messages after 1 week

consider_bosh_secure = true

-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
log = {
	info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
	error = "/var/log/prosody/prosody.err";
	-- "*syslog"; -- Uncomment this for logging to syslog
	-- "*console"; -- Log to the console, useful for debugging with daemonize=false
}


-- Location of directory to find certificates in (relative to main config file):
certificates = "certs"

VirtualHost "meet.mydomain.com"

Include "conf.d/*.cfg.lua"

domain.cfg.lua

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "meet.mydomain.com";

external_service_secret = "itsasecrettoeverybody"
external_services = {
     { type = "stun", host = "meet.mydomain.com", port = 3478 },
     { type = "turn", host = "meet.mydomain.com", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
     { type = "turns", host = "meet.mydomain.com", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284

-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
    protocol = "tlsv1_2+";
    ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}

unlimited_jids = {
    "focus@auth.meet.mydomain.com",
    "focusUser@auth.meet.mydomain.com",
    "jvb@auth.meet.mydomain.com"
}

-- JWT Token Issuers and Audiences
asap_accepted_audiences = { 'com.mydomain.tv', 'com.mydomain.staffconnect', 'com.mydomain.pvs' }
asap_accepted_issuers = { 'com.mydomain', 'com.mycompanydomain', 'Company Name' }

VirtualHost "meet.mydomain.com"
    -- enabled = false -- Remove this line to enable this host
    -- authentication = "anonymous" -- uncomment to enable anonymous authentication
    
    -- Token (JWT) based authentication
    authentication = "token"
    app_id="com.mydomain.webrtc"
    app_secret="itsasecrettoeverybody"
    allow_empty_token = false

    -- Assign this host a certificate for TLS, otherwise it would use the one
    -- set in the global section (if any).
    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
    -- use the global one.
    ssl = {
            key = "/etc/prosody/certs/meet.mydomain.com.key";
            certificate = "/etc/prosody/certs/meet.mydomain.com.crt";
    }

    speakerstats_component = "speakerstats.meet.mydomain.com"
    conference_duration_component = "conferenceduration.meet.mydomain.com"
    -- we need bosh
    modules_enabled = {
        "bosh";
        "pubsub";
        "ping"; -- Enable mod_ping
        "speakerstats";
        "external_services";
        "conference_duration";
        "muc_lobby_rooms";
        "av_moderation";
    }

    c2s_require_encryption = false
    lobby_muc = "lobby.meet.mydomain.com"
    main_muc = "conference.meet.mydomain.com"
    -- muc_lobby_whitelist = { "recorder.meet.mydomain.com" } -- Here we can whitelist jibri to enter lobby enabled rooms

Component "conference.meet.mydomain.com" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        "token_verification";
    }
    admins = { "focus@auth.meet.mydomain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
-- Note: This is also used from jibris
Component "internal.auth.prosody.jitsi.internal" "muc"
    storage = "memory"
    modules_enabled = {
      "ping";
    }
    admins = { "focus@auth.meet.mydomain.com", "focusUser@auth.meet.mydomain.com", "jvb@auth.meet.mydomain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.meet.mydomain.com"
    ssl = {
        key = "/etc/prosody/certs/meet.mydomain.com.key";
        certificate = "/etc/prosody/certs/meet.mydomain.com.crt";
    }
    modules_enabled = {
        "limits_exception";
    }
    authentication = "internal_hashed"


-- section not present in vanilla install - Do we need this?
VirtualHost "auth.prosody.jitsi.internal"
    ssl = {
        key = "/etc/prosody/certs/meet.mydomain.com.key";
        certificate = "/etc/prosody/certs/meet.mydomain.com.crt";
    }
    authentication = "internal_hashed"

-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
Component "focus.meet.mydomain.com" "client_proxy"
    target_address = "focus@auth.meet.mydomain.com"

Component "jitsi-videobridge.prosody.jitsi.internal"
    component_secret = "itsasecrettoeverybody"
    ssl = {
        key = "/etc/prosody/certs/meet.mydomain.com.key";
        certificate = "/etc/prosody/certs/meet.mydomain.com.crt";
    }

Component "speakerstats.meet.mydomain.com" "speakerstats_component"
    muc_component = "conference.meet.mydomain.com"

Component "conferenceduration.meet.mydomain.com" "conference_duration_component"
    muc_component = "conference.meet.mydomain.com"

Component "avmoderation.meet.mydomain.com" "av_moderation_component"
    muc_component = "conference.meet.mydomain.com"

Component "lobby.meet.mydomain.com" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true

-- for Jibri
VirtualHost "recorder.meet.mydomain.com"
    modules_enabled = {
        "ping";
    }
    authentication = "internal_plain"
    c2s_require_encryption = false

VirtualHost "guest.meet.mydomain.com"
    authentication = "anonymous"
    c2s_require_encryption = false
    allow_empty_token = true

After careful consideration, we’ve decided to rollback to Jitsi 0.10 and apply the old working configuration. In the future, if we decide to upgrade Jitsi, we’ll probably use a Kubernetes deployment.