issue while installation of jitsi admin without docker

[297297sid]

pls help me after cloning code and running bash ,also setting up keycloak client id,realm,password ,when opening base url of jitsiadmin which i provide during installation i am getting 500 internal server eroor how to fix it, also while setting keycloak we have to make realm, client nd obtain its secreat . Do we also have to setup user in keycloak ?

[holema]

Hello @297297sid,

which bash did you start? Do you have a keycloak server already installed and you have all keacloak credentials?

[297297sid]

i followed this step after cloning cd ~ wget https://github.com/H2-invent/jitsi-admin/raw/master/install.sh sudo bash install.sh

and i installed keycloak nd added realm client and got my client id also while installing jitsi admin pannel i get to enter few detail like base url which i enter http://admin-test.pune.sid.in/ my databse details and smtp detail nd my keycloak url http://keycloak.xyz.pune.sid.in/auth nd my realm clientidnd secret after that when navigating towards my base url i m getting internal server error please help me to fix it i dont want to install via docker and i m facing this issue from long time or provide me clear step by step to fix this

[holema]

Hello @297297sid that sounds strange to me.

1. When you enter your jitsi-admin url, ti the jitsi admin redirects you to the keycloak or is it stucking already before the redirect.
2. Is the internal Server erro is from the jitsi-admin, can you past the log here? the log is located in var/log/prod.log
3. Was the Ubtuntu empty at the eginning?

[297297sid]

1. when entering jitsi-admin url jitsiadmin redirects me to admin page only logo is visible on chrome tab nd on page it shows 500 internal server error
2. yea sure i will be sending u asap.
3. as i am trying on my virtal machine it is empty after then i installed mysql create databse then install keycloak added 1 realm nd client not user nd then clone code nd futher which i mentioned above

[holema]

Hello @297297sid, is it working now?

[297297sid]

no sir thats what iam asking u help me to fix it what i am doing mistake .is any step missing?

[holema]

I thought because you closed the issue.

can you set the jitsi-admin in dev mode. This can be done by set the APP_ENV=env and APP_DEBUG=1 so we can see your error messages in clear text.

[297297sid]

we have to setup dev mode ? when installing without docker?

[297297sid]

[297297sid]

cant find any prob.log file sidak@sidak-jitsi-admin-vm:/var/log$ ls alternatives.log auth.log btmp.1 dmesg faillog kern.log.1 nginx syslog ubuntu-advantage-timer.log.1 vmware-vmsvc-root.3.log wtmp alternatives.log.1 auth.log.1 cloud-init.log dmesg.0 installer landscape php8.1-fpm.log syslog.1 unattended-upgrades vmware-vmsvc-root.log apache2 bootstrap.log cloud-init-output.log dpkg.log journal lastlog php8.1-fpm.log.1 ubuntu-advantage.log vmware-vmsvc-root.1.log vmware-vmtoolsd-root.log apt btmp dist-upgrade dpkg.log.1 kern.log mysql private ubuntu-advantage-timer.log vmware-vmsvc-root.2.log websocket sidak@sidak-jitsi-admin-vm:/var/log$ cd apache2 sidak@sidak-jitsi-admin-vm:/var/log/apache2$ ls access.log error.log error.log.1 other_vhosts_access.log sidak@sidak-jitsi-admin-vm:/var/log/apache2$

[297297sid]

sidak@sidak-jitsi-admin-vm:/var/log/nginx$ cat access.log 10.208.11.121 - - [03/May/2023:04:46:06 +0000] "GET / HTTP/1.1" 500 843 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" sidak@sidak-jitsi-admin-vm:/var/log/nginx$ cat error.log 2023/05/03 04:45:36 [info] 3584968#3584968: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:61 sidak@sidak-jitsi-admin-vm:/var/log/nginx$

[297297sid]

after making public file it shows this now how do i fix

[297297sid]

sidak@sidak-jitsi-admin-vm:/var/log/nginx$ cat access.log 10.208.11.121 - - [03/May/2023:04:46:06 +0000] "GET / HTTP/1.1" 500 843 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.208.11.121 - - [03/May/2023:05:04:29 +0000] "GET / HTTP/1.1" 500 1748 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.208.11.121 - - [03/May/2023:05:04:29 +0000] "GET /build/app.1dfba98b.css HTTP/1.1" 200 507698 "http://admin-test-new.pune.cdac.in/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.208.11.121 - - [03/May/2023:05:04:30 +0000] "GET /build/fonts/poppins-v9-latin-regular.5224cd4c.woff2 HTTP/1.1" 200 7968 "http://admin-test-new.pune.cdac.in/build/app.1dfba98b.css" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.208.11.121 - - [03/May/2023:05:04:30 +0000] "GET /favicon.ico HTTP/1.1" 200 159038 "http://admin-test-new.pune.cdac.in/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.208.11.121 - - [03/May/2023:05:04:30 +0000] "GET /images/error/bg-error.jpg HTTP/1.1" 200 3852458 "http://admin-test-new.pune.cdac.in/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.208.11.121 - - [03/May/2023:05:06:17 +0000] "GET /build/app.1dfba98b.css HTTP/1.1" 304 0 "http://admin-test-new.pune.cdac.in/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" sidak@sidak-jitsi-admin-vm:/var/log/nginx$ cat error.log 2023/05/03 04:45:36 [info] 3584968#3584968: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:61 2023/05/03 05:04:21 [info] 3590765#3590765: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:61 sidak@sidak-jitsi-admin-vm:/var/log/nginx$

[holema]

Hello @297297sid,

can you write me an email to entwicklung@h2-invent.com so we can have a quick loock on your installation.

[297297sid]

sure

[297297sid]

send ..please check sir

[holema]

Great. I will reply later this day.

[297297sid]

please help me to fix it asap

[holema]

Hello, I wrote you an email back :)

[rakibulinux]

Hi, @holema, How are you? I am getting this error in the log file: var/log/prod.log

[2023-05-25T00:34:48.153988+00:00] security.DEBUG: Checking for guard authentication credentials. {"firewall_key":"main","authenticators":1} [] [2023-05-25T00:34:48.153990+00:00] security.DEBUG: Checking support on guard authenticator. {"firewall_key":"main","authenticator":"App\Security\GuardServiceKeycloak"} [] [2023-05-25T00:34:48.153995+00:00] security.DEBUG: Calling getCredentials() on guard authenticator. {"firewall_key":"main","authenticator":"App\Security\GuardServiceKeycloak"} [] [2023-05-25T00:34:48.163474+00:00] php.INFO: User Deprecated: Since symfony/security-guard 5.3: The "Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken" class is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-guard 5.3: The \"Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken\" class is deprecated, use the new authenticator system instead. at /var/www/jitsi-admin/vendor/symfony/security-guard/Token/PreAuthenticationGuardToken.php:16)"} [] [2023-05-25T00:34:48.163524+00:00] php.INFO: User Deprecated: Since symfony/security-guard 5.3: The "Symfony\Component\Security\Guard\Token\GuardTokenInterface" class is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-guard 5.3: The \"Symfony\Component\Security\Guard\Token\GuardTokenInterface\" class is deprecated, use the new authenticator system instead. at /var/www/jitsi-admin/vendor/symfony/security-guard/Token/GuardTokenInterface.php:16)"} [] [2023-05-25T00:34:48.163535+00:00] php.INFO: User Deprecated: Since symfony/security-core 5.4: Method "Symfony\Component\Security\Core\Authentication\Token\AbstractToken::setAuthenticated()" is deprecated {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-core 5.4: Method \"Symfony\Component\Security\Core\Authentication\Token\AbstractToken::setAuthenticated()\" is deprecated at /var/www/jitsi-admin/vendor/symfony/security-core/Authentication/Token/AbstractToken.php:156)"} [] [2023-05-25T00:34:48.163538+00:00] security.DEBUG: Passing guard token information to the GuardAuthenticationProvider {"firewall_key":"main","authenticator":"App\Security\GuardServiceKeycloak"} [] [2023-05-25T00:34:48.163550+00:00] php.INFO: User Deprecated: Since symfony/security-bundle 5.3: The "security.authentication.provider.guard.main" service is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-bundle 5.3: The \"security.authentication.provider.guard.main\" service is deprecated, use the new authenticator system instead. at /var/www/jitsi-admin/var/cache/prod/ContainerPxk4xiZ/App_KernelProdContainer.php:9412)"} [] [2023-05-25T00:34:48.163565+00:00] php.INFO: User Deprecated: Since symfony/security-guard 5.3: The "Symfony\Component\Security\Guard\Provider\GuardAuthenticationProvider" class is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-guard 5.3: The \"Symfony\Component\Security\Guard\Provider\GuardAuthenticationProvider\" class is deprecated, use the new authenticator system instead. at /var/www/jitsi-admin/vendor/symfony/security-guard/Provider/GuardAuthenticationProvider.php:32)"} [] [2023-05-25T00:34:48.163579+00:00] php.INFO: User Deprecated: Since symfony/security-core 5.3: The "Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface" interface is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-core 5.3: The \"Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface\" interface is deprecated, use the new authenticator system instead. at /var/www/jitsi-admin/vendor/symfony/security-core/Authentication/Provider/AuthenticationProviderInterface.php:17)"} [] [2023-05-25T00:34:48.166419+00:00] request.CRITICAL: Uncaught PHP Exception UnexpectedValueException: "Failed to parse JSON response: Syntax error" at /var/www/jitsi-admin/vendor/league/oauth2-client/src/Provider/AbstractProvider.php line 645 {"exception":"[object] (UnexpectedValueException(code: 0): Failed to parse JSON response: Syntax error at /var/www/jitsi-admin/vendor/league/oauth2-client/src/Provider/AbstractProvider.php:645)"} [] [2023-05-25T00:34:48.167526+00:00] php.INFO: User Deprecated: Since symfony/security-core 5.4: Not setting the 5th argument of "Symfony\Component\Security\Core\Authorization\AuthorizationChecker::construct" to "false" is deprecated. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-core 5.4: Not setting the 5th argument of \"Symfony\Component\Security\Core\Authorization\AuthorizationChecker::construct\" to \"false\" is deprecated. at /var/www/jitsi-admin/vendor/symfony/security-core/Authorization/AuthorizationChecker.php:50)"} [] [2023-05-25T00:34:48.167651+00:00] php.INFO: User Deprecated: Since symfony/framework-bundle 5.1: The "session.flash_bag" service is deprecated, use "$session->getFlashBag()" instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/framework-bundle 5.1: The \"session.flash_bag\" service is deprecated, use \"$session->getFlashBag()\" instead. at /var/www/jitsi-admin/var/cache/prod/ContainerPxk4xiZ/App_KernelProdContainer.php:9790)"} [] [2023-05-25T00:34:48.167921+00:00] php.INFO: User Deprecated: The Liip\ImagineBundle\Templating\FilterExtension class is deprecated since version 2.7 and will be removed in 3.0; configure "liip_imagine.twig.mode" to "lazy" instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: The Liip\ImagineBundle\Templating\FilterExtension class is deprecated since version 2.7 and will be removed in 3.0; configure \"liip_imagine.twig.mode\" to \"lazy\" instead. at /var/www/jitsi-admin/vendor/liip/imagine-bundle/Templating/FilterExtension.php:14)"} [] [2023-05-25T00:34:48.167946+00:00] php.INFO: User Deprecated: The Liip\ImagineBundle\Templating\FilterTrait trait is deprecated since version 2.7 and will be removed in 3.0; use Twig instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: The Liip\ImagineBundle\Templating\FilterTrait trait is deprecated since version 2.7 and will be removed in 3.0; use Twig instead. at /var/www/jitsi-admin/vendor/liip/imagine-bundle/Templating/FilterTrait.php:14)"} []

[holema]

Hello @rakibulinux,

do you use the jitsi-admin without docker? In this case you need a proper configured Keycloak server. In your log there is a critical error which says that the response of the keycloak is not a json

[2023-05-25T00:34:48.166419+00:00] request.CRITICAL: Uncaught PHP Exception UnexpectedValueException: "Failed to parse JSON response: Syntax error" at /var/www/jitsi-admin/vendor/league/oauth2-client/src/Provider/AbstractProvider.php line 645 {"exception":"[object] (UnexpectedValueException(code: 0): Failed to parse JSON response: Syntax error at /var/www/jitsi-admin/vendor/league/oauth2-client/src/Provider/AbstractProvider.php:645)"} []

Mostly this happens, because the Jitsi-admin needs access to the keycloak server.

Are you correcly redirectet to the keacloyk?

[rakibulinux]

Hi, @holema Yes, I am using without docker. Can you please share Keycloak config file so I can try it?

[holema]

You try to setup the keycloak on https but with a sefsigned certificate? Then this would never work, because the jitsi-admin trys to verify the certificate when he trys to gain the token.

https works only with correct certificats. This is not an issue with jitsi-admin its an issue with php_curl/symfony curl.

For this you have to add you certificate to the php_curl trusted store.

[rakibulinux]

Hi, @holema, I have added certificate to the php_curl trusted store but still not working getting same error

Obtain the certificate: Obtain the certificate file (in PEM format) that you want to add to the trusted store. You can typically obtain this certificate from the server you are connecting to or from a trusted certificate authority.

Determine the location of the trusted CA certificates bundle: In Ubuntu, the trusted CA certificates bundle is usually located at /etc/ssl/certs/ca-certificates.crt. You can check if this file exists by running the following command: [2023-05-25T10:22:35.139757+00:00] request.CRITICAL: Uncaught PHP Exception UnexpectedValueException: "Failed to parse JSON response: Syntax error" at /var/www/jitsi-admin/vendor/league/oauth2-client/src/Provider/AbstractProvider.php line 645 {"exception":"[object] (UnexpectedValueException(code: 0): Failed to parse JSON response: Syntax error at /var/www/jitsi-admin/vendor/league/oauth2-client/src/Provider/AbstractProvider.php:645)"} []

ls /etc/ssl/certs/ca-certificates.crt If the file does not exist, you may need to install the ca-certificates package using the following command:

sudo apt-get install ca-certificates Add the certificate to the trusted store: Open the trusted CA certificates bundle file using a text editor with administrative privileges. For example, you can use the nano editor:

sudo nano /etc/ssl/certs/ca-certificates.crt Scroll to the end of the file and paste the contents of the certificate file you obtained in step 1.

Save and exit the text editor: Press Ctrl + O to save the changes and then Ctrl + X to exit the text editor.

Update the trusted certificates: After adding the certificate, you need to update the trusted certificates using the update-ca-certificates command:

sudo update-ca-certificates This command updates the trusted CA certificates bundle file and generates the necessary symbolic links in the /etc/ssl/certs directory.

Restart PHP: Restart your PHP server or services that use PHP to ensure that the updated trusted store is used by cURL. For example, if you are using Apache with PHP, you can restart Apache with the following command:

sudo service nginx restart After following these steps, PHP cURL should recognize the added certificate as trusted when making requests to servers that present this certificate during SSL/TLS handshake.

Please note that the above instructions are specific to Ubuntu and may vary slightly for different Linux distributions. Additionally, it's important to ensure that the certificate you add to the trusted store is from a trusted source and is valid for the purpose you intend to use it for.

[rakibulinux]

Hi, @holema also I try with the LetsEncrypt certificate for keyclock. And I am using Keyclock in nginx as a reserve proxy

[rakibulinux]

My Nginx conf

cat /etc/nginx/sites-enabled/keycloak.conf 
server {
    server_name keycloak.gradark.pro;
    large_client_header_buffers 4 16k;

    location / {
        proxy_pass https://localhost:8443;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Adjust these proxy headers if necessary
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/keycloak.gradark.pro/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/keycloak.gradark.pro/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = keycloak.gradark.pro) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name keycloak.gradark.pro;
    return 404; # managed by Certbot

}

[holema]

what is your.env.prod.local file (especially the keacloak part). You can recplace the secrets with an x

[rakibulinux]

@holema Please take a look at my .env.prod.local file

Start: App\Command\Installer\BasicConfig

MERCURE_URL="http://localhost:3000/.well-known/mercure" MERCURE_PUBLIC_URL="https://super.gradark.pro" MERCURE_JWT_SECRET="4ff5c69fa115a4a180f9e08e307fe34f" WEBSOCKET_SECRET="4ff5c69fa115a4a180f9e08e307fe34f" VICH_BASE="https://super.gradark.pro" laF_baseUrl="https://super.gradark.pro"

End: App\Command\Installer\BasicConfig

Start: App\Command\Installer\DbConfig

DATABASE_URL="mysql://jitsiadmin:jitsiadmin@localhost:3306/jitsi-admin?serverVersion=5.7"

End: App\Command\Installer\DbConfig

Start: App\Command\Installer\SmtpConfig

MAILER_DSN="smtp://admin%40gradark.org:messff21@mail.gradark.org:465" DEFAULT_EMAIL="meet@gradark.org"

End: App\Command\Installer\SmtpConfig

Start: App\Command\Installer\KeycloakConfig

OAUTH_KEYCLOAK_CLIENT_ID="jitsi-admin" OAUTH_KEYCLOAK_CLIENT_SECRET="XFbeXXXXcAR4XXXXXlodjwX6XXXfzy" OAUTH_KEYCLOAK_SERVER="https://keycloak.gradark.pro" OAUTH_KEYCLOAK_REALM="jitsi-admin"

End: App\Command\Installer\KeycloakConfig

[holema]

Your env file looks good. Please write me a short message on entwicklung@h2-invent.com. Because it seems that your loadbalancer is not making a correct forwarding. After trying to register to your KC I get the error the there is a bad gateway.

[rakibulinux]

@holema please check I email you.