Closed 297297sid closed 1 year ago
Hello @297297sid,
which bash did you start? Do you have a keycloak server already installed and you have all keacloak credentials?
i followed this step after cloning cd ~ wget https://github.com/H2-invent/jitsi-admin/raw/master/install.sh sudo bash install.sh
and i installed keycloak nd added realm client and got my client id also while installing jitsi admin pannel i get to enter few detail like base url which i enter http://admin-test.pune.sid.in/ my databse details and smtp detail nd my keycloak url http://keycloak.xyz.pune.sid.in/auth nd my realm clientidnd secret after that when navigating towards my base url i m getting internal server error please help me to fix it i dont want to install via docker and i m facing this issue from long time or provide me clear step by step to fix this
Hello @297297sid that sounds strange to me.
Hello @297297sid, is it working now?
no sir thats what iam asking u help me to fix it what i am doing mistake .is any step missing?
I thought because you closed the issue.
can you set the jitsi-admin in dev mode. This can be done by set the APP_ENV=env and APP_DEBUG=1 so we can see your error messages in clear text.
we have to setup dev mode ? when installing without docker?
cant find any prob.log file sidak@sidak-jitsi-admin-vm:/var/log$ ls alternatives.log auth.log btmp.1 dmesg faillog kern.log.1 nginx syslog ubuntu-advantage-timer.log.1 vmware-vmsvc-root.3.log wtmp alternatives.log.1 auth.log.1 cloud-init.log dmesg.0 installer landscape php8.1-fpm.log syslog.1 unattended-upgrades vmware-vmsvc-root.log apache2 bootstrap.log cloud-init-output.log dpkg.log journal lastlog php8.1-fpm.log.1 ubuntu-advantage.log vmware-vmsvc-root.1.log vmware-vmtoolsd-root.log apt btmp dist-upgrade dpkg.log.1 kern.log mysql private ubuntu-advantage-timer.log vmware-vmsvc-root.2.log websocket sidak@sidak-jitsi-admin-vm:/var/log$ cd apache2 sidak@sidak-jitsi-admin-vm:/var/log/apache2$ ls access.log error.log error.log.1 other_vhosts_access.log sidak@sidak-jitsi-admin-vm:/var/log/apache2$
sidak@sidak-jitsi-admin-vm:/var/log/nginx$ cat access.log 10.208.11.121 - - [03/May/2023:04:46:06 +0000] "GET / HTTP/1.1" 500 843 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" sidak@sidak-jitsi-admin-vm:/var/log/nginx$ cat error.log 2023/05/03 04:45:36 [info] 3584968#3584968: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:61 sidak@sidak-jitsi-admin-vm:/var/log/nginx$
after making public file it shows this now how do i fix
sidak@sidak-jitsi-admin-vm:/var/log/nginx$ cat access.log 10.208.11.121 - - [03/May/2023:04:46:06 +0000] "GET / HTTP/1.1" 500 843 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.208.11.121 - - [03/May/2023:05:04:29 +0000] "GET / HTTP/1.1" 500 1748 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.208.11.121 - - [03/May/2023:05:04:29 +0000] "GET /build/app.1dfba98b.css HTTP/1.1" 200 507698 "http://admin-test-new.pune.cdac.in/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.208.11.121 - - [03/May/2023:05:04:30 +0000] "GET /build/fonts/poppins-v9-latin-regular.5224cd4c.woff2 HTTP/1.1" 200 7968 "http://admin-test-new.pune.cdac.in/build/app.1dfba98b.css" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.208.11.121 - - [03/May/2023:05:04:30 +0000] "GET /favicon.ico HTTP/1.1" 200 159038 "http://admin-test-new.pune.cdac.in/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.208.11.121 - - [03/May/2023:05:04:30 +0000] "GET /images/error/bg-error.jpg HTTP/1.1" 200 3852458 "http://admin-test-new.pune.cdac.in/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.208.11.121 - - [03/May/2023:05:06:17 +0000] "GET /build/app.1dfba98b.css HTTP/1.1" 304 0 "http://admin-test-new.pune.cdac.in/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" sidak@sidak-jitsi-admin-vm:/var/log/nginx$ cat error.log 2023/05/03 04:45:36 [info] 3584968#3584968: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:61 2023/05/03 05:04:21 [info] 3590765#3590765: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:61 sidak@sidak-jitsi-admin-vm:/var/log/nginx$
Hello @297297sid,
can you write me an email to entwicklung@h2-invent.com so we can have a quick loock on your installation.
sure
send ..please check sir
Great. I will reply later this day.
please help me to fix it asap
Hello, I wrote you an email back :)
Hi, @holema, How are you? I am getting this error in the log file: var/log/prod.log
[2023-05-25T00:34:48.153988+00:00] security.DEBUG: Checking for guard authentication credentials. {"firewall_key":"main","authenticators":1} [] [2023-05-25T00:34:48.153990+00:00] security.DEBUG: Checking support on guard authenticator. {"firewall_key":"main","authenticator":"App\Security\GuardServiceKeycloak"} [] [2023-05-25T00:34:48.153995+00:00] security.DEBUG: Calling getCredentials() on guard authenticator. {"firewall_key":"main","authenticator":"App\Security\GuardServiceKeycloak"} [] [2023-05-25T00:34:48.163474+00:00] php.INFO: User Deprecated: Since symfony/security-guard 5.3: The "Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken" class is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-guard 5.3: The \"Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken\" class is deprecated, use the new authenticator system instead. at /var/www/jitsi-admin/vendor/symfony/security-guard/Token/PreAuthenticationGuardToken.php:16)"} [] [2023-05-25T00:34:48.163524+00:00] php.INFO: User Deprecated: Since symfony/security-guard 5.3: The "Symfony\Component\Security\Guard\Token\GuardTokenInterface" class is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-guard 5.3: The \"Symfony\Component\Security\Guard\Token\GuardTokenInterface\" class is deprecated, use the new authenticator system instead. at /var/www/jitsi-admin/vendor/symfony/security-guard/Token/GuardTokenInterface.php:16)"} [] [2023-05-25T00:34:48.163535+00:00] php.INFO: User Deprecated: Since symfony/security-core 5.4: Method "Symfony\Component\Security\Core\Authentication\Token\AbstractToken::setAuthenticated()" is deprecated {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-core 5.4: Method \"Symfony\Component\Security\Core\Authentication\Token\AbstractToken::setAuthenticated()\" is deprecated at /var/www/jitsi-admin/vendor/symfony/security-core/Authentication/Token/AbstractToken.php:156)"} [] [2023-05-25T00:34:48.163538+00:00] security.DEBUG: Passing guard token information to the GuardAuthenticationProvider {"firewall_key":"main","authenticator":"App\Security\GuardServiceKeycloak"} [] [2023-05-25T00:34:48.163550+00:00] php.INFO: User Deprecated: Since symfony/security-bundle 5.3: The "security.authentication.provider.guard.main" service is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-bundle 5.3: The \"security.authentication.provider.guard.main\" service is deprecated, use the new authenticator system instead. at /var/www/jitsi-admin/var/cache/prod/ContainerPxk4xiZ/App_KernelProdContainer.php:9412)"} [] [2023-05-25T00:34:48.163565+00:00] php.INFO: User Deprecated: Since symfony/security-guard 5.3: The "Symfony\Component\Security\Guard\Provider\GuardAuthenticationProvider" class is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-guard 5.3: The \"Symfony\Component\Security\Guard\Provider\GuardAuthenticationProvider\" class is deprecated, use the new authenticator system instead. at /var/www/jitsi-admin/vendor/symfony/security-guard/Provider/GuardAuthenticationProvider.php:32)"} [] [2023-05-25T00:34:48.163579+00:00] php.INFO: User Deprecated: Since symfony/security-core 5.3: The "Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface" interface is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-core 5.3: The \"Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface\" interface is deprecated, use the new authenticator system instead. at /var/www/jitsi-admin/vendor/symfony/security-core/Authentication/Provider/AuthenticationProviderInterface.php:17)"} [] [2023-05-25T00:34:48.166419+00:00] request.CRITICAL: Uncaught PHP Exception UnexpectedValueException: "Failed to parse JSON response: Syntax error" at /var/www/jitsi-admin/vendor/league/oauth2-client/src/Provider/AbstractProvider.php line 645 {"exception":"[object] (UnexpectedValueException(code: 0): Failed to parse JSON response: Syntax error at /var/www/jitsi-admin/vendor/league/oauth2-client/src/Provider/AbstractProvider.php:645)"} [] [2023-05-25T00:34:48.167526+00:00] php.INFO: User Deprecated: Since symfony/security-core 5.4: Not setting the 5th argument of "Symfony\Component\Security\Core\Authorization\AuthorizationChecker::construct" to "false" is deprecated. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-core 5.4: Not setting the 5th argument of \"Symfony\Component\Security\Core\Authorization\AuthorizationChecker::construct\" to \"false\" is deprecated. at /var/www/jitsi-admin/vendor/symfony/security-core/Authorization/AuthorizationChecker.php:50)"} [] [2023-05-25T00:34:48.167651+00:00] php.INFO: User Deprecated: Since symfony/framework-bundle 5.1: The "session.flash_bag" service is deprecated, use "$session->getFlashBag()" instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/framework-bundle 5.1: The \"session.flash_bag\" service is deprecated, use \"$session->getFlashBag()\" instead. at /var/www/jitsi-admin/var/cache/prod/ContainerPxk4xiZ/App_KernelProdContainer.php:9790)"} [] [2023-05-25T00:34:48.167921+00:00] php.INFO: User Deprecated: The Liip\ImagineBundle\Templating\FilterExtension class is deprecated since version 2.7 and will be removed in 3.0; configure "liip_imagine.twig.mode" to "lazy" instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: The Liip\ImagineBundle\Templating\FilterExtension class is deprecated since version 2.7 and will be removed in 3.0; configure \"liip_imagine.twig.mode\" to \"lazy\" instead. at /var/www/jitsi-admin/vendor/liip/imagine-bundle/Templating/FilterExtension.php:14)"} [] [2023-05-25T00:34:48.167946+00:00] php.INFO: User Deprecated: The Liip\ImagineBundle\Templating\FilterTrait trait is deprecated since version 2.7 and will be removed in 3.0; use Twig instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: The Liip\ImagineBundle\Templating\FilterTrait trait is deprecated since version 2.7 and will be removed in 3.0; use Twig instead. at /var/www/jitsi-admin/vendor/liip/imagine-bundle/Templating/FilterTrait.php:14)"} []
Hello @rakibulinux,
do you use the jitsi-admin without docker? In this case you need a proper configured Keycloak server. In your log there is a critical error which says that the response of the keycloak is not a json
[2023-05-25T00:34:48.166419+00:00] request.CRITICAL: Uncaught PHP Exception UnexpectedValueException: "Failed to parse JSON response: Syntax error" at /var/www/jitsi-admin/vendor/league/oauth2-client/src/Provider/AbstractProvider.php line 645 {"exception":"[object] (UnexpectedValueException(code: 0): Failed to parse JSON response: Syntax error at /var/www/jitsi-admin/vendor/league/oauth2-client/src/Provider/AbstractProvider.php:645)"} []
Mostly this happens, because the Jitsi-admin needs access to the keycloak server.
Are you correcly redirectet to the keacloyk?
Hi, @holema Yes, I am using without docker. Can you please share Keycloak config file so I can try it?
You try to setup the keycloak on https but with a sefsigned certificate? Then this would never work, because the jitsi-admin trys to verify the certificate when he trys to gain the token.
https works only with correct certificats. This is not an issue with jitsi-admin its an issue with php_curl/symfony curl.
For this you have to add you certificate to the php_curl trusted store.
Hi, @holema, I have added certificate to the php_curl trusted store but still not working getting same error
Obtain the certificate: Obtain the certificate file (in PEM format) that you want to add to the trusted store. You can typically obtain this certificate from the server you are connecting to or from a trusted certificate authority.
Determine the location of the trusted CA certificates bundle: In Ubuntu, the trusted CA certificates bundle is usually located at /etc/ssl/certs/ca-certificates.crt. You can check if this file exists by running the following command: [2023-05-25T10:22:35.139757+00:00] request.CRITICAL: Uncaught PHP Exception UnexpectedValueException: "Failed to parse JSON response: Syntax error" at /var/www/jitsi-admin/vendor/league/oauth2-client/src/Provider/AbstractProvider.php line 645 {"exception":"[object] (UnexpectedValueException(code: 0): Failed to parse JSON response: Syntax error at /var/www/jitsi-admin/vendor/league/oauth2-client/src/Provider/AbstractProvider.php:645)"} []
ls /etc/ssl/certs/ca-certificates.crt
If the file does not exist, you may need to install the ca-certificates package using the following command:
sudo apt-get install ca-certificates
Add the certificate to the trusted store: Open the trusted CA certificates bundle file using a text editor with administrative privileges. For example, you can use the nano editor:
sudo nano /etc/ssl/certs/ca-certificates.crt Scroll to the end of the file and paste the contents of the certificate file you obtained in step 1.
Save and exit the text editor: Press Ctrl + O to save the changes and then Ctrl + X to exit the text editor.
Update the trusted certificates: After adding the certificate, you need to update the trusted certificates using the update-ca-certificates command:
sudo update-ca-certificates This command updates the trusted CA certificates bundle file and generates the necessary symbolic links in the /etc/ssl/certs directory.
Restart PHP: Restart your PHP server or services that use PHP to ensure that the updated trusted store is used by cURL. For example, if you are using Apache with PHP, you can restart Apache with the following command:
sudo service nginx restart After following these steps, PHP cURL should recognize the added certificate as trusted when making requests to servers that present this certificate during SSL/TLS handshake.
Please note that the above instructions are specific to Ubuntu and may vary slightly for different Linux distributions. Additionally, it's important to ensure that the certificate you add to the trusted store is from a trusted source and is valid for the purpose you intend to use it for.
Hi, @holema also I try with the LetsEncrypt certificate for keyclock. And I am using Keyclock in nginx as a reserve proxy
My Nginx conf
cat /etc/nginx/sites-enabled/keycloak.conf
server {
server_name keycloak.gradark.pro;
large_client_header_buffers 4 16k;
location / {
proxy_pass https://localhost:8443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Adjust these proxy headers if necessary
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/keycloak.gradark.pro/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/keycloak.gradark.pro/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = keycloak.gradark.pro) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name keycloak.gradark.pro;
return 404; # managed by Certbot
}
what is your.env.prod.local file (especially the keacloak part). You can recplace the secrets with an x
@holema Please take a look at my .env.prod.local file
MERCURE_URL="http://localhost:3000/.well-known/mercure" MERCURE_PUBLIC_URL="https://super.gradark.pro" MERCURE_JWT_SECRET="4ff5c69fa115a4a180f9e08e307fe34f" WEBSOCKET_SECRET="4ff5c69fa115a4a180f9e08e307fe34f" VICH_BASE="https://super.gradark.pro" laF_baseUrl="https://super.gradark.pro"
DATABASE_URL="mysql://jitsiadmin:jitsiadmin@localhost:3306/jitsi-admin?serverVersion=5.7"
MAILER_DSN="smtp://admin%40gradark.org:messff21@mail.gradark.org:465" DEFAULT_EMAIL="meet@gradark.org"
OAUTH_KEYCLOAK_CLIENT_ID="jitsi-admin" OAUTH_KEYCLOAK_CLIENT_SECRET="XFbeXXXXcAR4XXXXXlodjwX6XXXfzy" OAUTH_KEYCLOAK_SERVER="https://keycloak.gradark.pro" OAUTH_KEYCLOAK_REALM="jitsi-admin"
Your env file looks good. Please write me a short message on entwicklung@h2-invent.com. Because it seems that your loadbalancer is not making a correct forwarding. After trying to register to your KC I get the error the there is a bad gateway.
@holema please check I email you.
pls help me after cloning code and running bash ,also setting up keycloak client id,realm,password ,when opening base url of jitsiadmin which i provide during installation i am getting 500 internal server eroor how to fix it, also while setting keycloak we have to make realm, client nd obtain its secreat . Do we also have to setup user in keycloak ?