Clean install of version 0.75

[epigraphe]

Good day. What steps should I take to install version 0.75.8 on a clean server? Do I understand correctly that I need to download the archive with the release, then install the websocket according to the instructions, and then run bash install.sh?

[holema]

Hello @epigraphe , Sorry for the late reply, do you want to install the Jitsi-Admin in a docker environment? I would recoomend to install in the docker setup.

When you want to install the Version 0.75.0-RCX then you have to install the new websocket. For this, follow th instruction as described in the wiki: https://github.com/H2-invent/jitsi-admin/wiki/Websocket-installation

Then to install the jitsi-admin you can run install sh. Up to now this install script is not installing the websocket, but I will add this in the future. Thanks for the idea.

Then you have to setup the Apache Server to point to the public folder.

UP to now I haven`t installed the new version with the install script, because I only use the docker environment for testing.

[epigraphe]

I think I did everything. I have installed keycloak 20.0.0.3, apache with modrewrite, php 8.1 and websocket. I can login to keycloak, created a realm, a client and a secret there. I was able to open jitsy-admin main page, but when I click on the login button, I get a 404 with a gopher and a strange address in the line

The start looks like this: https://cp.xxx.yyy/keycloak.xxx.yyy/realms/jitsi-admin/protocol/openid-connect/auth?scope=ema...

And I can't start websocket, I get the following error:

systemd[1264]: jitsi-admin-websocket.service: Failed to set up standard output: No such file or directory systemd[1264]: jitsi-admin-websocket.service: Failed at step STDOUT spawning /usr/bin/node: No such file or directory systemd[1]: jitsi-admin-websocket.service: Main process exited, code=exited, status=209/STDOUT systemd[1]: jitsi-admin-websocket.service: Failed with result 'exit-code'.

In ENV.LOCAL I have the following value -

<WEBSOCKET CREDENTIALS

WEBSOCKET_SECRET=

- This is what I put in the websocket setup as a secret, because I don't have anything about mercury What could be my mistake?

[holema]

So you set up the KEAYCLOAK Enviroment Variables?

###> hwi/oauth-bundle ###
OAUTH_KEYCLOAK_CLIENT_ID=addHere
OAUTH_KEYCLOAK_CLIENT_SECRET=addHere
OAUTH_KEYCLOAK_SERVER=addHere/auth
OAUTH_KEYCLOAK_REALM=addHere
###< hwi/oauth-bundle ###

For Version 20 you should remove the /auth behind the URL. So it is only the URL of the Keycloak-Server. Keycloak changed here a lot on KC20

For the Websocket: There was a step missing : npm install and mkdir ....

I fixed the instruction and it worked in my envoironment. https://github.com/H2-invent/jitsi-admin/wiki/Websocket-installation

[epigraphe]

Thank you very much for your continued help in this matter.

KEAYCLOAK Enviroment Variables This block is filled during the installation script, I have data in it. /auth is not in this block, FQDN only

Thanks for the edits about the websocket, I did everything and got the active (running) status

But, unfortunately, the first problem persisted(

I see the main jitsi-admin page, hover over the login button and see the address https://cp.xxx.yyy/room/dashboard

But when i click on it, the url becomes https://cp.xxx.yyy/keycloak.xxx.yyy/realms/jitsi-admin/protocol/openid-connect/auth?sco........ ..... and I get a 404 error

cp.xxx.yyy is the jitsi-admin address, keycloak.xxx.yyy is the keycloak address

If I remove the jitsi address (сp.xxx.yyy) from this url and try to open a link starting with keycloak (keycloak.xxx.yyy/realms/jitsi-admin/protocol/openid-connect/auth?sco........), I get

"We are sorry... Invalid parameter: redirect_uri"

[holema]

Hello @epigraphe,

Great the websocket is now working. THanks for your help to improve the instruction We need this feedback. The second problem. In the .env.local file there must be a entry called OAUTH_KEYCLOAK_SERVER=addHere/auth Here should be the keycloak server url (https://your-keycloak.org) without the /auth at the ending. Can you check this for me. I think here is the jitsi-admin url somewhere included. Propably you forget to dd the https:// in the installation script. because then the cp.xxx.yyy is put infront of it.

Have you setup the redirect uri in the Keycloak? there is in the client tab a redirect field. There you have to set https://cp.xxx.yyy* to wildcard all URLs from the jitsi-admin.

I hope this will work.

[epigraphe]

This is what my block looks like:

###> hwi/oauth-bundle ###
OAUTH_KEYCLOAK_CLIENT_ID=jitsi_admin
OAUTH_KEYCLOAK_CLIENT_SECRET=dnDsrPP7ZS5kNjAY5XXXXXXXXXXX
OAUTH_KEYCLOAK_SERVER=https://keycloak.xxx.yyy
OAUTH_KEYCLOAK_REALM=jitsi-admin
###< hwi/oauth-bundle ###

Initially, OAUTH_KEYCLOAK_SERVER would have been specified without HTTPS, I added HTTPS and rebooted the entire server. Nothing changed and, Unfortunately, I keep getting 404 errors.

I get it even if I manually write the path like https in the address bar

In keycloak, I wrote in the settings what you wrote. The behavior has changed: now when I open a keycloak direct address, it asks me for a username and password. After entering and pressing the sign in, the button turns gray and nothing happens.

If after that I try again - I get an error 500

Full URL is

https://keycloak.xxx.yyy/realms/jitsi-admin/protocol/openid-connect/auth?scope=email&state=67c621cb503bdca5db0784dfed8a1930&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fcp.xxx.yyy%2Flogin%2Fkeycloak_login%2Fcheck&client_id=jitsi_admin

[holema]

Hello @epigraphe,

It is very strange, that in the keycloak URL you have both domeins. first the jitsi-admin domain is set and then the KC domain.

HEre we have to take a look from where this can come, because in our testcase this never happens.

The second problem seems to be a firewall issue. Is the jitsi-admin allowed to talk to the KC Server? and is the KC Server with an Lets-Encrypt Certificate or a selfsigned Certificate.

You can write me a email to entwicklung@h2-invent.com so we can have a small look on you problem.

[holema]

closed because of inactivity