docker help

[ufukdilan]

<VirtualHost *:443>
ServerAdmin [email protected]
ServerName jitsi.lokalchat.ch

# SSL Yapılandırması
SSLEngine On
SSLCertificateFile /www/server/panel/vhost/cert/jitsi.lokalchat.ch/fullchain.pem
SSLCertificateKeyFile /www/server/panel/vhost/cert/jitsi.lokalchat.ch/privkey.pem
SSLCipherSuite EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLProtocol All -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder On

# WebSocket yönlendirmesi
ProxyPass "/ws" "ws://localhost:32788/"
ProxyPassReverse "/ws" "ws://localhost:32788/"

# Ters Proxy Ayarları (Uygulama yönlendirmesi)
ProxyPreserveHost On
ProxyPass / "http://localhost:32788/"
ProxyPassReverse / "http://localhost:32788/"

# PHP İşleme ve Dosya Yolları
<FilesMatch \.php$>
    SetHandler "proxy:unix:/tmp/php-cgi-82.sock|fcgi://localhost"
</FilesMatch>

<Directory "/www/wwwroot/jitsi.lokalchat.ch/">
    Options FollowSymLinks
    AllowOverride All
    Require all granted
    DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>

# Error ve Access logları
ErrorLog "/www/wwwlogs/jitsi.lokalchat.ch-error_log"
CustomLog "/www/wwwlogs/jitsi.lokalchat.ch-access_log" combined

Hello, I installed jitse meet docker, everything works fine to connect to Kiwiirca, there is SSL, when I try to join the meeting, this error appears 2025-01-10T15:55:47.311Z [modules/statistics/statistics.js] <webpack_modules.325.Wo.sendAnalyticsAndLog>: {"type":"operational","action":"connection.failed","attributes":{"error_type":"connection.otherError","error_message":"The WebSocket connection could not be established or was disconnected. ","suspend_time":0,"time_since_last_success":null}}

[ufukdilan]

:/home/ufuk/Masaüstü/docker-jitsi-meet-stable-9909# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
85462c915703 jitsi/web:stable-9909 "/init" 3 seconds ago Up 2 seconds 0.0.0.0:32800->80/tcp, :::32788->80/tcp, 0.0.0.0:32789->443/tcp, :::32789->443/tcp docker-jitsi-meet-stable-9909-web-1
ba3c9b29e078 jitsi/jvb:stable-9909 "/init" 3 seconds ago Up 3 seconds 127.0.0.1:8080->8080/tcp, 0.0.0.0:10000->10000/udp, :::10000->10000/udp docker-jitsi-meet-stable-9909-jvb-1
1a22e262e0ad jitsi/jicofo:stable-9909 "/init" 3 seconds ago Up 3 seconds 127.0.0.1:8888->8888/tcp docker-jitsi-meet-stable-9909-jicofo-1
845885b93f9d jitsi/prosody:stable-9909 "/init" 3 seconds ago Up 3 seconds 5222/tcp, 5269/tcp, 5280/tcp, 5347/tcp docker-jitsi-meet-stable-9909-prosody-1
root@lokalchat:/home/ufuk/Masaüstü/docker-jitsi-meet-stable-9909#
Here you can see which ports are available. What should I do? I installed docker-jitsi-meet-stable-9909.tar.gz to make it work properly.

[ufukdilan]

Isn't there a jitsi meet help center? I don't understand why no one is helping?

[damencho]

https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#reverse-proxy-configuration

This is what you are missing

[ufukdilan]

<VirtualHost :80>
ServerAdmin [email protected]
DocumentRoot "/www/wwwroot/jitsi.lokalchat.ch"
ServerName 109220fb.jitsi.lokalchat.ch
ServerAlias jitsi.lokalchat.ch
#errorDocument 404 /404.html
ErrorLog "/www/wwwlogs/jitsi.lokalchat.ch-error_log"
CustomLog "/www/wwwlogs/jitsi.lokalchat.ch-access_log" combined
#HTTP_TO_HTTPS_START

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.) https://%{SERVER_NAME}$1 [L,R=301]

#HTTP_TO_HTTPS_END

#DENY FILES
 <Files ~ (\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)$>
   Order allow,deny
   Deny from all
</Files>

#PHP
<FilesMatch \.php$>
        SetHandler "proxy:unix:/tmp/php-cgi-82.sock|fcgi://localhost"
</FilesMatch>

#PATH
<Directory "/www/wwwroot/jitsi.lokalchat.ch">
    SetOutputFilter DEFLATE
    Options FollowSymLinks
    AllowOverride All
    Require all granted
    DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>

<IfModule mod_proxy.c>
    <IfModule mod_proxy_wstunnel.c>
        ProxyTimeout 900
        ProxyPass /xmpp-websocket ws://localhost:8000/xmpp-websocket
        ProxyPass /colibri-ws/ ws://localhost:8000/colibri-ws/
        ProxyPass / http://localhost:8000/
        ProxyPassReverse / http://localhost:8000/
    </IfModule>
</IfModule>

<VirtualHost *:443>
ServerAdmin [email protected]
DocumentRoot "/www/wwwroot/jitsi.lokalchat.ch/"
ServerName SSL.jitsi.lokalchat.ch
ServerAlias jitsi.lokalchat.ch
#errorDocument 404 /404.html
ErrorLog "/www/wwwlogs/jitsi.lokalchat.ch-error_log"
CustomLog "/www/wwwlogs/jitsi.lokalchat.ch-access_log" combined

#SSL
SSLEngine On
SSLCertificateFile /www/server/panel/vhost/cert/jitsi.lokalchat.ch/fullchain.pem
SSLCertificateKeyFile /www/server/panel/vhost/cert/jitsi.lokalchat.ch/privkey.pem
SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLProtocol All -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder On

#PHP
<FilesMatch \.php$>
        SetHandler "proxy:unix:/tmp/php-cgi-82.sock|fcgi://localhost"
</FilesMatch>

#DENY FILES
 <Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
   Order allow,deny
   Deny from all
</Files>

#PATH
<Directory "/www/wwwroot/jitsi.lokalchat.ch/">
    SetOutputFilter DEFLATE
    Options FollowSymLinks
    AllowOverride All
    Require all granted
    DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>

<IfModule mod_proxy.c>
    <IfModule mod_proxy_wstunnel.c>
        ProxyTimeout 900
        ProxyPass /xmpp-websocket ws://localhost:8000/xmpp-websocket
        ProxyPass /colibri-ws/ ws://localhost:8000/colibri-ws/
        ProxyPass / http://localhost:8000/
        ProxyPassReverse / http://localhost:8000/
    </IfModule>
</IfModule>

I did as you said but the connection is still disconnected.

[damencho]

Sorry, I'm not familiar with Apache. But definitely, the problem is that WebSocket is not being passed through your webserver.

[ufukdilan]

strophe.stream-management.js:224 WebSocket connection to 'wss://localhost:8443/xmpp-websocket?room=char' failed:

strophe.util.js:84 2025-01-11T22:47:55.668Z [modules/xmpp/strophe.util.js] <Dl.Ii.Strophe.log>: Strophe: Websocket error {"isTrusted":true} Websocket error {"isTrusted":true}
xmpp.js:311 2025-01-11T22:47:55.668Z [modules/xmpp/xmpp.js] <Dl.connectionHandler>: (TIME) Strophe connfail[The WebSocket connection could not be established or was disconnected.]: 3839.2000000001863
strophe.util.js:84 2025-01-11T22:47:55.668Z [modules/xmpp/strophe.util.js] <Dl.Ii.Strophe.log>: Strophe: Websocket closed unexcectedly Websocket closed unexcectedly Can't anyone solve this problem?

[ufukdilan]

I switched from Apache2 to Nginx, I still have the same problem, the connection is disconnected.

[damencho]

strophe.stream-management.js:224 WebSocket connection to 'wss://localhost:8443/xmpp-websocket?room=char' failed:

Your config.js says that the server is on localhost not a domain you were using, is this correct?

[ufukdilan]

Yes /root/.jitsi-meet-cfg/web is such a place but I can't access it because https://jitsi.lokalchat.ch

[ufukdilan]

It doesn't show to the external network. I can't log in to https://jitsi.lokalchat.ch, but I did everything.

[ufukdilan]

https://jitsi.lokalchat.ch/ 400 Bad Request
The plain HTTP request was sent to HTTPS port
This is coming up on nginx, how do I enter the external connection?

[ufukdilan]

oot@lokalchat:~/.jitsi-meet-cfg/web# ls
acme.sh config.js crontabs interface_config.js keys load-test nginx
The files are here, do I need to edit one of them?

[damencho]

You have not set the public url correctly in docker env.

[ufukdilan]

shellcheck disable=SC2034

################################################################################
################################################################################

Welcome to the Jitsi Meet Docker setup!

This sample .env file contains some basic options to get you started.

The full options reference can be found here:

https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker

################################################################################
################################################################################

Basic configuration options

Directory where all configuration will be stored

CONFIG=~/.jitsi-meet-cfg

Exposed HTTP port (will redirect to HTTPS port)

HTTP_PORT=8000

Exposed HTTPS port

HTTPS_PORT=8443

System time zone

TZ=UTC

Public URL for the web service (required)

Keep in mind that if you use a non-standard HTTPS port, it has to appear in the public URL

PUBLIC_URL=https://jitsi.lokalchat.ch:${HTTPS_PORT}

Media IP addresses to advertise by the JVB

This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs

See the "Running behind NAT or on a LAN environment" section in the Handbook:

https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment

JVB_ADVERTISE_IPS=192.168.1.134

Memory limits for Java components

#JICOFO_MAX_MEMORY=3072m
#VIDEOBRIDGE_MAX_MEMORY=3072m

JaaS Components (beta)

https://jaas.8x8.vc

Enable JaaS Components (hosted Jigasi)

NOTE: if Let's Encrypt is enabled a JaaS account will be automatically created, using the provided email in LETSENCRYPT_EMAIL

#ENABLE_JAAS_COMPONENTS=0

Let's Encrypt configuration

Enable Let's Encrypt certificate generation

#ENABLE_LETSENCRYPT=1

Domain for which to generate the certificate

LETSENCRYPT_DOMAIN=jitsi.lokalchat.ch

E-Mail for receiving important account notifications (mandatory)

LETSENCRYPT_EMAIL=[email protected]

Use the staging server (for avoiding rate limits while testing)

LETSENCRYPT_USE_STAGING=1

Etherpad integration (for document sharing)

Set the etherpad-lite URL in the docker local network (uncomment to enable)

#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001

Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)

#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/

Whiteboard integration

Set the excalidraw-backend URL in the docker local network (uncomment to enable)

#WHITEBOARD_COLLAB_SERVER_URL_BASE=http://whiteboard.meet.jitsi

Set the excalidraw-backend public URL (uncomment to enable)

#WHITEBOARD_COLLAB_SERVER_PUBLIC_URL=https://whiteboard.meet.my.domain

Basic Jigasi configuration options (needed for SIP gateway support)

SIP URI for incoming / outgoing calls

#JIGASI_SIP_URI=[email protected]

Password for the specified SIP account as a clear text

#JIGASI_SIP_PASSWORD=passw0rd

SIP server (use the SIP account domain if in doubt)

#JIGASI_SIP_SERVER=sip2sip.info

SIP server port

#JIGASI_SIP_PORT=5060

SIP server transport

#JIGASI_SIP_TRANSPORT=UDP

Authentication configuration (see handbook for details)

Enable authentication (will ask for login and password to join the meeting)

#ENABLE_AUTH=1

Enable guest access (if authentication is enabled, this allows for users to be held in lobby until registered user lets them in)

#ENABLE_GUESTS=1

Select authentication type: internal, jwt, ldap or matrix

#AUTH_TYPE=internal

JWT authentication

Application identifier

#JWT_APP_ID=my_jitsi_app_id

Application secret known only to your token generator

#JWT_APP_SECRET=my_jitsi_app_secret

(Optional) Set asap_accepted_issuers as a comma separated list

#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client

(Optional) Set asap_accepted_audiences as a comma separated list

#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2

LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)

LDAP url for connection

#LDAP_URL=ldaps://ldap.domain.com/

LDAP base DN. Can be empty

#LDAP_BASE=DC=example,DC=domain,DC=com

LDAP user DN. Do not specify this parameter for the anonymous bind

#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com

LDAP user password. Do not specify this parameter for the anonymous bind

#LDAP_BINDPW=LdapUserPassw0rd

LDAP filter. Tokens example:

%1-9 - if the input key is [email protected], then %1 is com, %2 is domain and %3 is mail

%s - %s is replaced by the complete service string

%r - %r is replaced by the complete realm string

#LDAP_FILTER=(sAMAccountName=%u)

LDAP authentication method

#LDAP_AUTH_METHOD=bind

LDAP version

#LDAP_VERSION=3

LDAP TLS using

#LDAP_USE_TLS=1

List of SSL/TLS ciphers to allow

#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC

Require and verify server certificate

#LDAP_TLS_CHECK_PEER=1

Path to CA cert file. Used when server certificate verify is enabled

#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt

Path to CA certs directory. Used when server certificate verify is enabled

#LDAP_TLS_CACERT_DIR=/etc/ssl/certs

Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://

LDAP_START_TLS=1

Security

Set these to strong passwords to avoid intruders from impersonating a service account

The service(s) won't start unless these are specified

Running ./gen-passwords.sh will update .env with strong passwords

You may skip the Jigasi and Jibri passwords if you are not using those

DO NOT reuse passwords

XMPP password for Jicofo client connections

JICOFO_AUTH_PASSWORD=Qm4@dL8p3v

XMPP password for JVB client connections

JVB_AUTH_PASSWORD=Pz1rTk7$4h

XMPP password for Jigasi MUC client connections

JIGASI_XMPP_PASSWORD=F3r&bV2wL9o

XMPP password for Jigasi transcriber client connections

JIGASI_TRANSCRIBER_PASSWORD=H7g@Jz4*Pq

XMPP recorder password for Jibri client connections

JIBRI_RECORDER_PASSWORD=R1sJ#Xn9Tq

XMPP password for Jibri client connections

JIBRI_XMPP_PASSWORD=G6uW8%pXyZ

Docker Compose options

Container restart policy

#RESTART_POLICY=unless-stopped

Jitsi image version (useful for local development)

#JITSI_IMAGE_VERSION=latest

[ufukdilan]

Do you think this is wrong? I did this conf like this.

[damencho]

Something is not right as the URL you see the error for comes from this config:

docker-jitsi-meet/web/rootfs/defaults/system-config.js

Line 65 in 3ba77e1

config.websocket = 'wss://{{ $PUBLIC_URL_DOMAIN }}/xmpp-websocket';

Which comes from PUBLIC_URL:

docker-jitsi-meet/web/rootfs/defaults/system-config.js

Line 8 in 3ba77e1

{{ $PUBLIC_URL_DOMAIN := .Env.PUBLIC_URL | default "https://localhost:8443" | trimPrefix "https://" | trimSuffix "/" -}}

And for the shared error the value was localhost:8443, so seems your env settings are not taken into account for the running instance you are testing with.

[ufukdilan]

So, should I write jitsi.lokalchat.ch here? Should I reset after writing?

[saghul]

Make sure PUBLIC_URL is set to the full public URL.