holema
commented
11 months ago Hello @baby-leo,
ist the service running? The websocket might be sometime quite tricky but we will get it done :)
Do you use any load balancer or reverse infront?
Open baby-leo opened 11 months ago
holema
commented
11 months ago Hello @baby-leo,
ist the service running? The websocket might be sometime quite tricky but we will get it done :)
Do you use any load balancer or reverse infront?
baby-leo
commented
11 months ago thanks @holema yes it is running and i realy dont use any load balancer on my jitsi admin server. and as a side note for testing purposes my serever does not have a public ip yet i am trying it on localserver
holema
commented
11 months ago Hello @baby-leo, So the service is running an the IP address is added to the jitsi-admin .env.local. When you open the console in the browser you should see in the network tab a websocket connection try.
Have you double checked the websocket secret. This is a very likely error. The Websocket secret in the service must be the same as in the .env.local.
baby-leo
commented
11 months ago yes the secret is the same. and here is my configurations
in my .env.local MERCURE_URL="http://localhost:3000/.well-known/mercure" MERCURE_PUBLIC_URL="https://my private ip" MERCURE_JWT_SECRET="825601e6020b1cafeac664b7a18000e6" WEBSOCKET_SECRET="825601e6020b1cafeac664b7a18000e6"
here is my apache config
<VirtualHost *:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/jitsi-admin/public
# Add Headers
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header unset Server
Header unset x-powered-by
# Client Configuration
LimitRequestBody 10485760
<Directory /var/www/jitsi-admin/public>
Options FollowSymLinks
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/certificate/apache-certificate.crt
SSLCertificateKeyFile /etc/apache2/certificate/apache.keyHeader always set Access-Control-Allow-Origin "https://myip http://myip:3000 https://meetjitsiurl" Header always set Content-Security-Policy "style-src 'self' 'unsafe-inline'; connect-src ; font-src 'self' data:; frame-src ; frame-ancestors myip"
<Location "/ws/.well-known/mercure"> ProxyPass http://127.0.0.1:3000/.well-known/mercure ProxyPassReverse http://127.0.0.1:3000/.well-known/mercure
<Location "/healthz"> ProxyPass http://127.0.0.1:3000/healthz ProxyPassReverse http://127.0.0.1:3000/healthz
and here are the errors desplaying
No route found for "GET https://myip/ws/"
https://myip/ws/?token=eyJ0eXAiOiJKV1... 404(notfound)
holema
commented
11 months ago Hello @baby-leo, that was the reason, why we changed from apache to nginx ;) nginx is the prefered webserver when traffic should be reversed.
This is a structural problem. It is not possible to use https without an IP adresse. Https is domain based.
And there is a third reverse host missing. You also have to reverse proxy th /ws/ route to the websocket service. ON this proxypass you also have to send a upgrade Header with the apache server. This is the original nginx configuration: https://github.com/H2-invent/jitsi-admin/wiki/NGINX-Configuration
This is the config translated from ChatGPT. Please double check the config and past your working config:
<VirtualHost *:80>
ServerName mydomain.com
DocumentRoot /var/www/jitsi-admin/public
DirectoryIndex index.php
# Add Headers
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header unset Server
Header unset X-Powered-By
# Client Configuration
LimitRequestBody 10485760
# Default Symfony Location Configuration
<Directory /var/www/jitsi-admin/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
</Directory>
<LocationMatch "^/index\.php(/|$)">
ProxyPass "unix:/var/run/php8.2-fpm.sock|fcgi://localhost/"
SetEnvIf Request_URI "^/index\.php(/|$)" SCRIPT_FILENAME="/var/www/jitsi-admin/public/index.php"
SetEnvIf Request_URI "^/index\.php(/|$)" DOCUMENT_ROOT="/var/www/jitsi-admin/public"
ProxySet enablereuse=on
ProxyPassMatch ^/(.*\.php(/.*)?)$ "unix:/var/run/php8.2-fpm.sock|fcgi://localhost/var/www/jitsi-admin/public/$1"
</LocationMatch>
<Location /ws/.well-known/mercure>
ProxyPass "http://127.0.0.1:3000/.well-known/mercure"
ProxyPassReverse "http://127.0.0.1:3000/.well-known/mercure"
RequestHeader set Host $host
RequestHeader set X-Real-IP $remote_addr
RequestHeader set X-Forwarded-For $proxy_add_x_forwarded_for
</Location>
<Location /ws>
ProxyPass "http://127.0.0.1:3000/ws"
ProxyPassReverse "http://127.0.0.1:3000/ws"
RequestHeader set Host $host
RequestHeader set X-Real-IP $remote_addr
RequestHeader set X-Forwarded-For $proxy_add_x_forwarded_for
RequestHeader set Upgrade $http_upgrade
RequestHeader set Connection "upgrade"
ProxyTimeout 600
</Location>
<Location /.well-known/mercure>
ProxyPass "http://127.0.0.1:3000/.well-known/mercure"
ProxyPassReverse "http://127.0.0.1:3000/.well-known/mercure"
RequestHeader set Host $host
RequestHeader set X-Real-IP $remote_addr
RequestHeader set X-Forwarded-For $proxy_add_x_forwarded_for
ProxyTimeout 600
</Location>
<Location /realms>
ProxyPass "http://127.0.0.1:8080"
ProxyPassReverse "http://127.0.0.1:8080"
SetEnvIf Request_URI "^/realms" no-gzip
LimitRequestBody 262144000
ProxyTimeout 360
ProxySet "upgrade=on" "Connection=upgrade"
RequestHeader set Host $http_host
RequestHeader set X-Real-IP $remote_addr
RequestHeader set X-Forwarded-For $proxy_add_x_forwarded_for
RequestHeader set X-Forwarded-Proto $scheme
Header always set X-Frame-Options "SAMEORIGIN"
</Location>
</VirtualHost>
ok i will get back to you after configuring it using nginx
i am using the latest jitsi admin, but i couldent get the new websocket configuration to wrok. i am assuming the configuration provided on https://github.com/H2-invent/jitsi-admin/wiki/Websocket-installation is by default getting configured while the the install.sh is excuted but still the websocket connection is not working what should i do