Unable to establish PROSODY - JICOFO connection (auth.sub_domain.my_domain.com does not match any configured external components)

I am trying to set up the Jitsi meet & other backend components (Prosody, Jicofo, and JVB) using these manual installation steps Self-Hosting Guide - Manual installation · Jitsi Meet Handbook. But, now stuck here in the Prosody-Jicofo connection establishment where prosody throws this error to JICOFO when trying to connect. (auth.sub_domain.my_domain.com does not match any configured external components). Any help regarding this would be appreciated.

Prosody config:

plugin_paths = { “/srv/jitsi-meet/resources/prosody-plugins/” }

– domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = “sub_domain.my_domain.com”;

turncredentials_secret = “QOPtPKKjI6BOsAnf”;

turncredentials = {
{ type = “stun”, host = “sub_domain.my_domain.com”, port = “3478” },
{ type = “turn”, host = “sub_domain.my_domain.com”, port = “3478”, transport = “udp” },
{ type = “turns”, host = “sub_domain.my_domain.com”, port = “5349”, transport = “tcp” }
};

cross_domain_bosh = true;
consider_bosh_secure = true;
– https_ports = { }; – Remove this line to prevent listening on port 5284

Mozilla SSL Configuration Generator

– ssl = {
– protocol = “tlsv1_2+”;
– ciphers = “ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384”
– }

VirtualHost “sub_domain.my_domain.com”
– enabled = false – Remove this line to enable this host
authentication = “anonymous”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/var/lib/prosody/sub_domain.my_domain.com.key”;
certificate = “/var/lib/prosody/sub_domain.my_domain.com.crt”;
}
speakerstats_component = “speakerstats.sub_domain.my_domain.com”
conference_duration_component = “conferenceduration.sub_domain.my_domain.com”
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
“speakerstats”;
“turncredentials”;
“conference_duration”;
“muc_lobby_rooms”;
}
c2s_require_encryption = false
lobby_muc = “lobby.sub_domain.my_domain.com”
main_muc = “conference.sub_domain.my_domain.com”
– muc_lobby_whitelist = { “recorder.sub_domain.my_domain.com” } – Here we can whitelist jibri to enter lobby enabled rooms

Component "conference.sub_domain.my_domain.com" "muc"
storage = "none"
modules_enabled = {
    "muc_meeting_id";
    "muc_domain_mapper";
    --"token_verification";
}
admins = { "focus@auth.sub_domain.my_domain.com" }
muc_room_locking = false
muc_room_default_public_jids = true

– internal muc component
Component “internal.auth.sub_domain.my_domain.com” “muc”
storage = “none”
modules_enabled = {
“ping”;
}
admins = { “focus@auth.sub_domain.my_domain.com”, “jvb@auth.sub_domain.my_domain.com” }
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “auth.sub_domain.my_domain.com”
ssl = {
key = “/etc/prosody/certs/auth.sub_domain.my_domain.com.key”;
certificate = “/etc/prosody/certs/auth.sub_domain.my_domain.com.crt”;
}
authentication = “internal_plain”

Component “focus.sub_domain.my_domain.com”
component_secret = “YOURSECRET2”

Component “speakerstats.sub_domain.my_domain.com” “speakerstats_component”
muc_component = “conference.sub_domain.my_domain.com”

Component “conferenceduration.sub_domain.my_domain.com” “conference_duration_component”
muc_component = “conference.sub_domain.my_domain.com”

Component “lobby.sub_domain.my_domain.com” “muc”
storage = “none”
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true

– Component “jitsi-videobridge.sub_domain.my_domain.com”
– component_secret = “YOURSECRET1”

Jicofo Config:

Jitsi Conference Focus settings

sets the host name of the XMPP server

JICOFO_HOST=localhost

sets the XMPP domain (default: none)

JICOFO_HOSTNAME=sub_domain.my_domain.com

sets the secret used to authenticate as an XMPP component

JICOFO_SECRET=YOURSECRET1

sets the port to use for the XMPP component connection

JICOFO_PORT=5347

sets the XMPP domain name to use for XMPP user logins

JICOFO_AUTH_DOMAIN=auth.sub_domain.my_domain.com

sets the username to use for XMPP user logins

JICOFO_AUTH_USER=focus

sets the password to use for XMPP user logins

JICOFO_AUTH_PASSWORD=YOURSECRET1

extra options to pass to the jicofo daemon

JICOFO_OPTS=""

adds java system props that are passed to jicofo (default are for home and logging config file)

JAVA_SYS_PROPS="-Dconfig.file=/etc/jitsi/jicofo/jicofo.conf -Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/jitsi/jicofo/logging.properties"

Jicofo Logs:

Jan 28, 2021 1:34:44 PM org.jitsi.utils.logging2.LoggerImpl log
INFO: Initialized newConfig: merge of system properties,reference.conf @ file:/home/ubuntu/jicofo/target/classes/reference.conf: 1
Jan 28, 2021 1:34:44 PM org.jitsi.utils.logging2.LoggerImpl log
INFO: net.java.sip.communicator.SC_HOME_DIR_LOCATION not set
Jan 28, 2021 1:34:44 PM org.jitsi.utils.logging2.LoggerImpl log
INFO: Initialized legacyConfig: sip communicator props (no description provided)
Jan 28, 2021 1:34:44 PM org.jitsi.utils.logging2.LoggerImpl log
INFO: Reloading the Typesafe config source (previously reloaded 0 times).
Jan 28, 2021 1:34:44 PM org.jitsi.utils.logging2.LoggerImpl log
INFO: No dedicated Service XMPP connection configured, re-using the client XMPP connection.
Jan 28, 2021 1:34:44 PM org.jitsi.utils.logging2.LoggerImpl log
INFO: Using org.jitsi.jicofo.bridge.SingleBridgeSelectionStrategy
Jan 28, 2021 1:34:44 PM org.jitsi.utils.logging2.LoggerImpl log
SEVERE: Failed to connect/login: host-unknown You can read more about the meaning of this stream error at http://xmpp.org/rfcs/rfc6120.html#streams-error-conditions
stream:errorauth.sub_domain.my_domain.com does not match any configured external components</stream:error>
org.jivesoftware.smack.XMPPException$StreamErrorException: host-unknown You can read more about the meaning of this stream error at http://xmpp.org/rfcs/rfc6120.html#streams-error-conditions
stream:errorauth.sub_domain.my_domain.com does not match any configured external components</stream:error>
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1059)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)

Jan 28, 2021 1:34:44 PM org.jivesoftware.smack.AbstractXMPPConnection callConnectionClosedOnErrorListener
WARNING: Connection XMPPTCPConnection[not-authenticated] (0) closed with error
org.jivesoftware.smack.XMPPException$StreamErrorException: host-unknown You can read more about the meaning of this stream error at http://xmpp.org/rfcs/rfc6120.html#streams-error-conditions
stream:errorauth.sub_domain.my_domain.com does not match any configured external components</stream:error>
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1064)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.lang.Thread.run(Thread.java:748)

Jan 28, 2021 1:34:44 PM org.jitsi.utils.logging2.LoggerImpl log
INFO: Starting FocusManager.
Jan 28, 2021 1:34:44 PM org.jitsi.utils.logging2.LoggerImpl log
WARNING: Jicofo ID is not set correctly set (value=0). Configure a valid value [1-65535] by setting org.jitsi.jicofo.SHORT_ID in sip-communicator.properties or jicofo.octo.id in jicofo.conf. Future versions will require this for Octo.
Jan 28, 2021 1:34:44 PM org.jitsi.utils.logging2.LoggerImpl log
INFO: Authentication service disabled.
Jan 28, 2021 1:34:44 PM org.jitsi.utils.logging2.LoggerImpl log
INFO: Registering IQ handlers with XmppConnection.
Jan 28, 2021 1:34:44 PM org.jitsi.utils.logging2.LoggerImpl log
INFO: Starting HTTP server with config: org.jitsi.rest.JettyBundleActivatorConfig@4416d64f.
Jan 28, 2021 1:34:45 PM org.eclipse.jetty.util.log.Log initialized
INFO: Logging initialized @1298ms to org.eclipse.jetty.util.log.Slf4jLog
Jan 28, 2021 1:34:45 PM org.eclipse.jetty.server.Server doStart
INFO: jetty-9.4.35.v20201120; built: 2020-11-20T21:17:03.964Z; git: bdc54f03a5e0a7e280fab27f55c3c75ee8da89fb; jvm 1.8.0_275-8u275-b01-0ubuntu1~18.04-b01
Jan 28, 2021 1:34:45 PM org.glassfish.jersey.internal.inject.Providers checkProviderRuntime
WARNING: A provider org.jitsi.rest.Version registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.rest.Version will be ignored.
Jan 28, 2021 1:34:46 PM org.eclipse.jetty.server.handler.ContextHandler doStart
INFO: Started o.e.j.s.ServletContextHandler@6293e39e{/,null,AVAILABLE}
Jan 28, 2021 1:34:46 PM org.eclipse.jetty.server.AbstractConnector doStart
INFO: Started ServerConnector@25bfcafd{HTTP/1.1, (http/1.1)}{0.0.0.0:8888}
Jan 28, 2021 1:34:46 PM org.eclipse.jetty.server.Server doStart
INFO: Started @2367ms

Prosody Logs:

Jan 28 13:34:44 jcp559b90a109d0 info Incoming Jabber component connection
Jan 28 13:34:44 mod_component info Disconnecting component, stream:error is: stream:errorauth.sub_domain.my_domain.com does not match any configured external components</stream:error>
Jan 28 13:34:44 jcp559b90a109d0 info component disconnected: nil (false)

Have you restarted prosody after editing the config?

Yeah. I did it using prosodyctl restart.

If you look at our netstat, here is our port status while doing the manual installation.

ubuntu@ip-xxx-xx-xx-xx:~$ netstat -an | grep 5347
tcp        0      0 127.0.0.1:5347          0.0.0.0:*               LISTEN
tcp6       0      0 ::1:5347                :::*                    LISTEN

We also have a server where we did quick installation & it’s working perfect.

root@ip-xxx-xx-xx-xxx:/etc/init.d# netstat -an | grep 5347
tcp        0      0 127.0.0.1:5347          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:5347          127.0.0.1:38544         ESTABLISHED
tcp6       0      0 ::1:5347                :::*                    LISTEN
tcp6       0      0 127.0.0.1:38544         127.0.0.1:5347          ESTABLISHED

But we do have an online collaboration tool that is going to be embedded into the app. That’s why we are going for manual installation. We will need to change the backend code to accommodate our collaboration & distribute in the WebSocket.

Check prosody logs on restart. Well jicofo connects but prosody says it does not know anything about this host that jicofo tries to use.
You can also do a clean install on some new machine with same domain just to compare logs and to see how things should be configured.

Maybe your prosody does not include that config … missing conf.d thingy in the main config of prosody
This is also handled by the debian packages: jitsi-meet/jitsi-meet-prosody.postinst at 8414e9d99f188f094499c865ba5a8962546c6d9b · jitsi/jitsi-meet · GitHub

You better use the debian packages to install and then do the modifications you need on top of that. That way you can later upgrade, as upgrades are very important.
Browsers change every six weeks, and in the past 2-3 years we have seen at least two breaking changes where not upgrading will mean no operation of the deployment.