Websockets 403 error after upgrade to latest unstable debian 10

Hi everyone,

I opened an issue here but it seems the community is better at responding and helping out here.

I decided to upgrade my jitsi-meet install (fresh install on a virgin debian buster) using the unstable packages.

I used to have webscockets working fine before, but on the new installation I see in the console logs that websockets are not working anymore

WebSocket connection to ‘wss://my-jitsi.com/xmpp-websocket?room=test4’ failed: Error during WebSocket handshake: Unexpected response code: 403

I also noticed that the old openBridgeChannel: ‘websocket’ parameter is now completely missing from config.js so I tried adding that manually but still getting the 403. Has the openBridgeChannel parameter been deprecated? I can’t seem to find any info on that. It’s just gone from your repo all of a sudden.

I installed jitsi-meet using the Quick Start guide (with nginx-full) and supposedly websockets now should work out of the box, but it’s not working for me…

I have in my jvb.conf:

videobridge {
http-servers {
public {
port = 9090
}

cc {
trust-bwe=false
}

}
websockets {
    enabled = true
    domain = "my.jitsi.domain:443"
    server-id = xxx.xxx.xxx.xxx (public IP)
    tls = true
}

}

In my nginx site.conf file I seem to have proper ws support:

xmpp websockets

location = /xmpp-websocket {
    proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    tcp_nodelay on;
}

# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
    proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    tcp_nodelay on;
}

and

websockets for subdomains

location ~ ^/([^/?&:'"]+)/xmpp-websocket {
    set $subdomain "$1.";
    set $subdir "$1/";
    set $prefix "$1";

    rewrite ^/(.*)$ /xmpp-websocket;
}

}

Any idea where I should look further to try and understand why websockets are no longer working for me?

Thanks

you should definitely look at the answer that was given to you in the closed issue; there is a discrepancy between the nginx configuration and the jvb.conf, remove the server-id line in the jvb.conf.

1 Like

Thanks guys.

I removed the server-id line, restarted jvb but still getting the same error message.

I must have changed something else. Will take another look tomorrow

you should look at the nginx logs also to see what is the requested URL when you get the 403.
Also, yes the openBridgeChannel parameter seems to be deprecated now.

commit 0f2be8c6421f4c6ce5552f54c5c2f3c557eeb637
Author: bgrozev <boris@jitsi.org>
Date:   Thu Dec 3 09:12:47 2020 -0600

    fix(config) remove openBridgeChannel

xmpp-websocket and jvb websocket are different. The messages you get are not related with JVB

you are correct of course, I missed that. xmpp websockets are more complicated to setup than jvb websockets and they are much more likely (almost certain) to be broken if updating system.

Hello again everyone,

I’m back trying to get this to work.
As stated above by @emrah, the problem seems to be in xmpp websockets.

In nginx the logs don’t really help much in trying to understand the 403:

[27/Feb/2021:13:36:20 +0100] “GET /libs/app.bundle.min.map HTTP/1.1” 200 10422931 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36”
[27/Feb/2021:13:36:20 +0100] “GET /xmpp-websocket?room=test HTTP/1.1” 403 284 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36”
[27/Feb/2021:13:36:22 +0100] “GET /pwa-worker.js HTTP/1.1” 200 1511 “https://my.jitsi.domain/pwa-worker.js” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36”

I updated prosody to version 0.11.8, added the smacks related configs as described here yet something is obviously broken…

apt list -a prosody
Listing… Done
prosody/stable,now 0.11.8-1~buster1 amd64 [installed,automatic]
prosody/stable,stable 0.11.2-1 amd64

Any idea on where I should look?

Answering my own question in order to help others with the same problem in the future.

My mistake was that I forgot to add these parameters to the prosody lua file:
cross_domain_websocket = true;
consider_websocket_secure = true;

All seems to work ok now.

Thanks to all those that helped

2 Likes