What and Why is some client connecting/disconnecting for every 5 seconds?

Hi,

In the prosody.debug, it shows that there is some client connecting / disconnecting for every 5 seconds. I tried to search the community for its possible operation logic but no luck. Any hint is appreciated ! Thanks !

part of the messages in prosody.debug are shown below,

May 23 21:52:43 c2s22a2590 info Client connected
May 23 21:52:43 c2s22a2590 info Client disconnected: closed
May 23 21:52:48 c2s2555b50 info Client connected
May 23 21:52:48 c2s2555b50 info Client disconnected: closed
May 23 21:52:53 c2s2568c20 info Client connected
May 23 21:52:53 c2s2568c20 info Client disconnected: closed
May 23 21:52:58 c2s2605b20 info Client connected
May 23 21:52:58 c2s2605b20 info Client disconnected: closed
May 23 21:53:03 c2s2576220 info Client connected
May 23 21:53:03 c2s2576220 info Client disconnected: closed
May 23 21:53:08 c2s22d63f0 info Client connected
May 23 21:53:09 c2s22d63f0 info Client disconnected: closed
May 23 21:53:14 c2s24da450 info Client connected
May 23 21:53:14 c2s24da450 info Client disconnected: closed
May 23 21:53:19 c2s24b57c0 info Client connected
May 23 21:53:19 c2s24b57c0 info Client disconnected: closed
May 23 21:53:24 c2s23c8170 info Client connected
May 23 21:53:24 c2s23c8170 info Client disconnected: closed
May 23 21:53:29 c2s24c3520 info Client connected
May 23 21:53:29 c2s24c3520 info Client disconnected: closed

There is no component that would reconnect that often, unless something is malfunctioning. Have you checked jicofo and jigasi (if you’re running it) logs?

Hi, Saghul,

Thank you ! I found the following messages are repeating in jicofo log. It shows that I did not set DNS name (auth.AAAA.BBBBBBBB.CC). I will fix it. (Jigasi is not used.) Thanks again !

Jicofo 2019-05-24 17:43:58.182 INFO: [13] org.jitsi.jicofo.FocusManager.log() Focus idle timeout for XYZ@conference.AAAA.BBBBBBBB.CC
Jicofo 2019-05-24 17:43:58.182 INFO: [13] org.jitsi.jicofo.FocusManager.log() Focus idle timeout for aa@conference.AAAA.BBBBBBBB.CC
Jicofo 2019-05-24 17:44:00.579 INFO: [42195] org.jivesoftware.smack.java7.XmppHostnameVerifier.verify() Certificate does not match hostname
java.security.cert.CertificateException: No subject alternative DNS name matching auth.AAAA.BBBBBBBB.CC found. Tried: AAAA.BBBBBBBB.CC,
at org.jivesoftware.smack.java7.XmppHostnameVerifier.matchDns(XmppHostnameVerifier.java:159)
at org.jivesoftware.smack.java7.XmppHostnameVerifier.match(XmppHostnameVerifier.java:105)
at org.jivesoftware.smack.java7.XmppHostnameVerifier.verify(XmppHostnameVerifier.java:71)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:819)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1067)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:994)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1010)
at java.lang.Thread.run(Thread.java:748)
Jicofo 2019-05-24 17:44:00.580 SEVERE: [122] org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.doConnect().319 Failed to connect/login: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.AAAA.BBBBBBBB.CC
org.jivesoftware.smack.SmackException: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.AAAA.BBBBBBBB.CC
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1072)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:994)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1010)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.AAAA.BBBBBBBB.CC
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1067)
… 3 more
Jicofo 2019-05-24 17:44:00.587 WARNING: [42195] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[not-authenticated] (0) closed with error
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.AAAA.BBBBBBBB.CC
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:820)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1067)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:994)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1010)
at java.lang.Thread.run(Thread.java:748)

Oh, good to know!

This is not about DNS. This is that you are trying to connect to xmpp service auth.AAAA.BBBBBBBB.CC and the offered certificate is for AAAA.BBBBBBBB.CC, or the other way around.

The certificates for auth… domains when installing are handled automatically (slef-signed) and there is no need for DNS records for those domains that are virtual hosts in prosody, those are internal to the system and no resolution is needed for those. You just need for the main domain you use to conect to the service through https.

Hi, Damencho,

I changed to use free cert from Let’s encrypt after quick install.

Does this means that,
(1) It’s not required to create subdomain auth.AAA.BBBBBBBB.CC.

(2) The domain name in my letsencrypt cert is AAA.BBBBBBBB.CC, it is required for https://AAA.BBBBBBBB.CC (where AAA.BBBBBBBB.CC is the server URL).

(3) What I need to fix now is to create another cert (auth.AAA.BBBBBBBB.CC) for JICOFO. But, I have no idea how to do this. Would you kindly give some hints, Thanks !

Best Regards

  1. Yes
  2. Yes
  3. You don’t need to create any cert. The setup process is doing that for you, make sure the config uses the default cert that it creates during setup.

Hi, Damencho,

It is fixed exactly by this way. Thank you very much !

Best Regards