Closed sualko closed 4 years ago
Interesting information, thanks, if that is the cases possibly fix is simpler than working around chromes security stuff, I'll see maybe I can figure out some modifications to nginx confs then.
but after enabling I can still not access the container via port 443. Even from the outside I get "Connection reset by peer". My guess is that the nginx config breaks without letsencrypt.
Forgot to delete the config after changing the env file. Now nginx is listening on port 443. Now I also see the chrome ssl warning:
[0403/085912.457416:ERROR:cert_verify_proc_nss.cc(1011)] CERT_PKIXVerifyCert for meet.jitsi failed err=-8172
[0403/085912.457725:ERROR:ssl_client_socket_impl.cc(969)] handshake failed; returned -1, SSL error code 1, net_error -202
So I have some own wildcard certificates, and tried editing .env
XMPP_SERVER=xmpp.meet.jitsi
to XMPP_SERVER=video.test.ours.com
though keeping ~/.jitsi-meet-cfg
close to as is (well certs for web are mine, and changed domain in couple nginx and prosody confs), but now calls drop just as soon as second person joins. but maybe I just need to edit more of configs in there. Or do XMPP_DOMAIN
, XMPP_SERVER
, XMPP_MUC_DOMAIN
, etc. have to be related in some "subtringy way" ? And thus do I need to also edit there? Will try some more on Monday. How is https://meet.jit.si/ set up ? :)
Try edit .env
Look for: meet.jitsi Change to: video.test.ours.com
After docker is up give a try to connect on Prosody port like this:
telnet xmpp.video.test.ours.com 5222
I have deployed all into kubernetes. Now, I cannot record and there is an error message on the client but no error on the servers.
2020-04-03 11:41:26.089 BRT 2020-04-03 07:41:26.088 FINE: [30] org.jitsi.xmpp.extensions.DefaultPacketExtensionProvider.parse() Could not add a provider for element busy-status from namespace http://jitsi.org/protocol/jibri
2020-04-03 11:41:26.089 BRT 2020-04-03 07:41:26.089 FINE: [30] org.jitsi.xmpp.extensions.DefaultPacketExtensionProvider.parse() Could not add a provider for element health-status from namespace http://jitsi.org/protocol/health
That is the last thing is logged on jibri. It looks like my start recording request is not getting to jibri.
And this is somewhere in the middle:
"2020-04-03 07:41:25.365 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime() A provider org.jitsi.jibri.api.http.HttpApi registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.jibri.api.http.HttpApi will be ignored.
Does anyone know what could be?
Cheers
Check Prosody logs
If Jibri connects properly should be something like this:
c2s55edc956de50 info Authenticated as jibri@auth.meet.jitsi
And in Jibri logs
2020-04-03 10:44:15.878 INFO: [19] org.jitsi.xmpp.mucclient.MucClient.log() [MucClient id=xmpp.meet.jitsi hostname=xmpp.meet.jitsi] connected
2020-04-03 10:44:17.051 INFO: [19] org.jitsi.xmpp.mucclient.MucClient.log() Joined MUC: jibribrewery@internal-muc.meet.jitsi
At this time Jibri is avaliable for recording
@primoitt83 Thanks!!
It is all right there in the logs. But still jibri is not getting the start recording request.
One thing to notice, they are all behind a NAT and the only service that is exposed is the jitsi-meet one.
Would that be a problem?
Not at all.. do you have a valid domain? Did you set a true Letsencrypt CA?
Do you have something like this on Jibri logs?
2020-03-27 20:37:15.794 SEVERE: [48] org.jitsi.jibri.selenium.JibriSelenium.run() An error occurred while joining the call: org.openqa.selenium.WebDriverException: <unknown>: Failed to read the 'localStorage' property from 'Window': Access is denied for this document.
(Session info: chrome=80.0.3987.149)
(Driver info: chromedriver=80.0.3987.106 (f68069574609230cf9b635cd784cfb1bf81bb53a-refs/branch-heads/3987@{#882}),platform=Linux 3.10.0-1062.18.1.el7.x86_64 x86_64) (WARNING: The server did not provide any stacktrace information)
@primoitt83
Yeap, a valid domain with a valid CA. public-live.harmony.chat
Nope. That is all I have.
2020-04-03 08:09:02.570 INFO: [1] org.jitsi.jibri.Main.main() Jibri run with args [--config, /etc/jitsi/jibri/config.json]
2020-04-03 08:09:02.651 INFO: [1] org.jitsi.jibri.Main.main() Using config file /etc/jitsi/jibri/config.json
2020-04-03 08:09:02.654 INFO: [1] org.jitsi.jibri.Main.main() Using port 3333 for internal HTTP API
2020-04-03 08:09:02.670 INFO: [1] org.jitsi.jibri.Main.main() Using port 2222 for the HTTP API
2020-04-03 08:09:09.039 INFO: [1] org.jitsi.jibri.Main.loadConfig() Parsed config:
JibriConfig(recordingDirectory=/config/recordings, singleUseMode=false, enabledStatsD=true, finalizeRecordingScriptPath=/config/finalize.sh, xmppEnvironments=[XmppEnvironmentConfig(name=prod environment, xmppServerHosts=[localhost], xmppDomain=public-live.harmony.chat, controlLogin=XmppCredentials(domain=auth.public-live.harmony.chat, username=jibri, password=), controlMuc=XmppMuc(domain=internal-muc.public-live.harmony.chat, roomName=publicliveharmonychat, nickname=jibri-instanse-publicliveharmonychat), sipControlMuc=null, callLogin=XmppCredentials(domain=record.public-live.harmony.chat, username=recorder, password=), stripFromRoomDomain=muc., usageTimeoutMins=0, trustAllXmppCerts=true)])
2020-04-03 08:09:11.137 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime() A provider org.jitsi.jibri.api.http.internal.InternalHttpApi registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.jibri.api.http.internal.InternalHttpApi will be ignored.
2020-04-03 08:09:11.837 INFO: [1] org.jitsi.jibri.api.xmpp.XmppApi.updatePresence() Jibri reports its status is now JibriStatus(busyStatus=IDLE, health=OverallHealth(healthStatus=HEALTHY, details={})), publishing presence to connections
2020-04-03 08:09:11.840 INFO: [1] org.jitsi.xmpp.mucclient.MucClientManager.log() Setting a presence extension: org.jitsi.xmpp.extensions.jibri.JibriStatusPacketExt@771158fb
2020-04-03 08:09:11.854 INFO: [1] org.jitsi.jibri.api.xmpp.XmppApi.start() Connecting to xmpp environment on localhost with config XmppEnvironmentConfig(name=prod environment, xmppServerHosts=[localhost], xmppDomain=public-live.harmony.chat, controlLogin=XmppCredentials(domain=auth.public-live.harmony.chat, username=jibri, password=), controlMuc=XmppMuc(domain=internal-muc.public-live.harmony.chat, roomName=publicliveharmonychat, nickname=jibri-instanse-publicliveharmonychat), sipControlMuc=null, callLogin=XmppCredentials(domain=record.public-live.harmony.chat, username=recorder, password=), stripFromRoomDomain=muc., usageTimeoutMins=0, trustAllXmppCerts=true)
2020-04-03 08:09:11.861 INFO: [1] org.jitsi.jibri.api.xmpp.XmppApi.start() The trustAllXmppCerts config is enabled for this domain, all XMPP server provided certificates will be accepted
2020-04-03 08:09:11.893 FINE: [19] org.jitsi.xmpp.mucclient.MucClient.log() Initializing a new MucClient for [ org.jitsi.xmpp.mucclient.MucClientConfiguration id=localhost domain=auth.public-live.harmony.chat hostname=localhost username=jibri mucs=[publicliveharmonychat@internal-muc.public-live.harmony.chat] mucNickname=jibri-instanse-publicliveharmonychat disableCertificateVerification=true]
2020-04-03 08:09:11.944 WARNING: [19] org.jitsi.xmpp.mucclient.MucClient.log() Disabling certificate verification!
2020-04-03 08:09:12.089 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime() A provider org.jitsi.jibri.api.http.HttpApi registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.jibri.api.http.HttpApi will be ignored.
2020-04-03 08:09:12.093 FINE: [19] org.jitsi.xmpp.mucclient.MucClient.log() [MucClient id=localhost hostname=localhost] about to connect and login.
2020-04-03 08:09:12.590 INFO: [19] org.jitsi.xmpp.mucclient.MucClient.log() [MucClient id=localhost hostname=localhost] connected
2020-04-03 08:09:12.715 FINE: [19] org.jitsi.xmpp.mucclient.MucClient.log() [MucClient id=localhost hostname=localhost] authenticated, b=false
2020-04-03 08:09:12.717 FINE: [19] org.jitsi.xmpp.mucclient.MucClient.log() [MucClient id=localhost hostname=localhost] about to join MUCs.
2020-04-03 08:09:12.779 INFO: [19] org.jitsi.xmpp.mucclient.MucClient.log() Joined MUC: publicliveharmonychat@internal-muc.public-live.harmony.chat
2020-04-03 08:09:12.784 FINE: [30] org.jitsi.xmpp.extensions.DefaultPacketExtensionProvider.parse() Could not add a provider for element busy-status from namespace http://jitsi.org/protocol/jibri
2020-04-03 08:09:12.785 FINE: [30] org.jitsi.xmpp.extensions.DefaultPacketExtensionProvider.parse() Could not add a provider for element health-status from namespace http://jitsi.org/protocol/health
Cheers
Your Jibri looks good...
Try to click on Record button on Jitsi-meet and see what it changes on Jibri's logs..
I'm out of ideas here..
Yeah, tried a couple of times. nothing is logged on Jibri. It seems the request from jitsi-meet is not passing to Jibri somehow.
@rodrigopavezi Is your Jibri running on Docker? Or is it a standalone install like this?
https://github.com/jitsi/jibri
In my experience Jibri needs 3 services: jibri-xorg, jibri-icewm and jibri
Can you check if this services are running?
@primoitt83 I think they are all running correctly. I am using this docker image: image: jitsi/jibri
Here is the list of jibri processes:
root 228 1 0 08:08 ? 00:00:00 s6-supervise 30-jibri
jibri 231 229 0 08:08 ? 00:00:00 /usr/bin/icewm-session
jibri 232 227 0 08:08 ? 00:00:02 /usr/lib/xorg/Xorg -nocursor -noreset +extension RANDR +extension RENDER -logfile /tmp/xorg.log -config /etc/jitsi/jibri/xorg-video-dummy.conf :0
jibri 236 228 0 08:08 ? 00:00:09 java -Djava.util.logging.config.file=/etc/jitsi/jibri/logging.properties -jar /opt/jitsi/jibri/jibri.jar --config /etc/jitsi/jibri/config.json
jibri 248 231 0 08:08 ? 00:00:00 icewmbg
jibri 249 231 0 08:08 ? 00:00:04 icewm --notify
jibri 267 231 0 08:09 ? 00:00:00 icewmtray --notify
Try connect to Jibri and on its console type:
# lsmod | grep snd_aloop
It is there I configured the nodes.
snd_aloop 24576 0
snd_pcm 98304 1 snd_aloop
snd 81920 3 snd_timer,snd_aloop,snd_pcm
Yeah.. that's correct
Maybe
# /etc/init.d/jibri-xorg status
# /etc/init.d/jibri-icewm status
# /etc/init.d/jibri status
They aren't there in the container. not sure they should though
I see jitsi-meet sending this:
<body rid='2876005789' xmlns='http://jabber.org/protocol/httpbind' sid='c53110ee-aa59-487e-9339-ceb488aceb30'>
<iq to='harmonychatmldhahkbxmxxqesafgeneral@muc.public-live.harmony.chat/focus' type='set' xmlns='jabber:client' id='314476fa-460c-49fc-a4b2-7355775a4c28:sendIQ'>
<jibri xmlns='http://jitsi.org/protocol/jibri' action='start' app_data='{"file_recording_metadata":{"share":true}}' recording_mode='file'/>
</iq>
</body>
And the result is this:
<body xmlns='http://jabber.org/protocol/httpbind' xmlns:stream='http://etherx.jabber.org/streams' sid='2887f8b9-41f6-408f-b488-d565adc982cd'>
<iq to='3719bcf8-898a-467e-b64f-ca8aa5e917b8@public-live.harmony.chat/p2GFpP15' from='harmonychatmldhahkbxmxxqesafgeneral@muc.public-live.harmony.chat/focus' id='98a0a076-243e-4ea7-9b46-a05c3a22ae0b:sendIQ' xmlns='jabber:client' type='error'>
<error type='cancel'>
<item-not-found xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
</error>
</iq>
</body>
Don't know..
maybe xmpp address is not correct?
From a container try:
# telnet xmpp.public-live.harmony.chat 5222
* One example is 'item-not-found' error thrown by Prosody when the BOSH session
* times out after 60 seconds of inactivity. On the other hand 'item-not-found'
* could also happen when BOSH request is sent to the server with the session-id
* that is not know to the server. But this should not happen in lib-jitsi-meet
* case as long as the service is configured correctly (there is no bug).
*/
this works
# telnet public-live.harmony.chat 5222
Maybe you need to make it works on
telnet xmpp.public-live.harmony.chat 5222
is public-live.harmony.chat your main domain?
Ah, I see it could be. Yeap it is the main domain
If your domain is meet.jitsi so your xmpp server should be xmpp.meet.jitsi
So if your domain is public-live.harmony.chat xmpp server should be xmpp.public-live.harmony.chat
Hi, I tried to put my real certificate (coming from traefik reverse proxy) to nginx jitsi-web. Then from jiti-jibri , i can curl jitsi-web:
root@a36b9a941352:/# curl -v https://mydomain
* Rebuilt URL to: https://mydomain
* Trying 10.0.74.2...
* TCP_NODELAY set
* Connected to mydomain (10.0.74.2) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=mydomain
* start date: Mar 27 14:46:29 2020 GMT
* expire date: Jun 25 14:46:29 2020 GMT
* subjectAltName: host "mydomain" matched cert's "mydomain"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: mydomain
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.10.3
< Date: Sat, 04 Apr 2020 11:15:16 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
<
Then i relaunch nginx inside docker and tried to record a meeting, but still getting the same error on jirbri's logs:
2020-04-03 18:07:36.072 FINE: [39] org.jitsi.xmpp.mucclient.MucClient.log() Received an IQ with type set: IQ Stanza (jibri http://jitsi.org/protocol/jibri) [to=jibri@auth.mydomain/F_pEdIef,from=jibribrewery@internal-muc.mydomain/focus,id=amlicmlAYXV0aC5qaXRzaS5iZW5lbG9zLmV1L0ZfcEVkSWVmAG9xUlhBLTMyNjIAiID2mxClhpzJAOCePD+E4A==,type=set,]
2020-04-03 18:07:36.072 INFO: [39] org.jitsi.jibri.api.xmpp.XmppApi.handleJibriIq() Received JibriIq
I don't understand theese errors coming from chrome driver:
Only local connections are allowed. Please protect ports used by ChromeDriver and related test frameworks to prevent access by malicious code.
Do I have to allow chrome to get secure connection to jitsi's room (jitsi web) ? and this one coming from selenium:
DevToolsActivePort file doesn't exist)
Do you have any other idea to investigate ?
Is it a docker or standalone Jibri?
Please protect ports used by ChromeDriver and related test frameworks to prevent access by malicious code.
2020-04-03 18:07:36.249 SEVERE: [40] org.jitsi.jibri.api.xmpp.XmppApi.run() Error starting Jibri service : org.openqa.selenium.WebDriverException: unknown error: Chrome failed to start: crashed.
(unknown error: DevToolsActivePort file doesn't exist)
(The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)
Check Chrome and Chrome driver version. They need to match.
It is the official docker one. I use the latest tag. Inside jibri's container i can only see: X.Org X Server 1.19.2 xorg-server 2:1.19.2-1+deb9u5 pixman: 0.34.0 chromedriver=80.0.3987.106
Idon't know where to check google-chrome version, but in the official dockerfile used to make dockerhub images, it's used to be the "latest" version so does chrome driver.
I think i do have an issue with xorg maybe it's related to chrome, i've got this error: Failed to connect to the bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
i've find my google-chrome version : root@19b6d899239f:/# google-chrome --version Google Chrome 80.0.3987.149 Which is not exactly the same than chromedriver...
Yeah. They match.
So if xorg is running properly now I'm out of ideas.. Sorry
So in summary to fix this issue we need
And it'll all start working again?
But the nginx config is just dummy and doesn't actually need to do anything?
Claims they have fixed this with simply:
replace meet.jitsi with my domain.com in .env file
Can anyone verify?
How can we change this setting without a GUI, can anyone help?
Replacing meet.jitsi in the .env file with domain.com only seems to works if you don't use an external HTTPS handler ( means HTTPS is handled directly in the jitsi/web container).
In case of an external handler for HTTPS like traefik or an external nginx is used, the TLS certificate of this external HTTPS handler should also be configured in the nginx of the jitsi/web container.
Even if meet.jitsi in the .env file is replaced with domain.com jibri still will access the nginx of the jitsi/web container. So the chrome in the Jibri should either accept all certificates or learn to trust the self generated certificate of the jitsi/web container by importing.
If we can mange that Jibri will accept all certificates or trust the self generated certificate of the jitsi/web container there will be no need to change meet.jitsi in the .env file with domain.com anymore.
Claims they have fixed this with simply:
replace meet.jitsi with my domain.com in .env file
Can anyone verify?
Can confirm, changing that works but not as a self-signed certificate. Once we got the letsencrypt certs and did the replacement it worked fine.
(However ENABLE_LETSENCRYPT was breaking for us so we just went and manually got them, copied them into config folder, and did chattr +i then restarted web instance as suggested above somewhere)
Claims they have fixed this with simply:
replace meet.jitsi with my domain.com in .env file
Can anyone verify?
Can confirm, changing that works but not as a self-signed certificate. Once we got the letsencrypt certs and did the replacement it worked fine.
(However ENABLE_LETSENCRYPT was breaking for us so we just went and manually got them, copied them into config folder, and did chattr +i then restarted web instance as suggested above somewhere)
Could you please give step by step guide on your workaround ? I still can't work it out ;( i.e. what you changed in env file, where you moved certs from and too?
I use an automated letsencrypt enabled Nginx reverse proxy docker. I think I can work out where the certs are in that but no idea what to do with them. Thanks!
Go to jitsi-web container.
Take a look here to change CA:
# cat /config/nginx/ssl.conf
For blocking cookies thing, I actually tried it couple days ago via policy in jibri docker image (and restarting container) but it did not seem to work.
https://www.chromium.org/administrators/policy-list-3#BlockThirdPartyCookies
Adding to file:
/etc/opt/chrome/policies/managed/managed_policies.json
which already contains option to ignore certain security warnings - cert warnings. Maybe I did something wrong? Others could try and report?
Go to jitsi-web container.
Take a look here to change CA:
# cat /config/nginx/ssl.conf
Thank you @primoitt83 - what to change it to?
I managed to fix it with self-signed ceriticate. It's in my branch, here: https://github.com/teowoz/docker-jitsi-meet/commit/8f5a05cdb44b354da715d686e4efa46edebb0bb3 This commit contains additional unrelated change: ability to build and use jibri jar without relying on Debian packages, because I needed to change the YouTube RTMP prefix to my own RTMP server.
The changes needed to fix the certificate problem are:
subjectAltNames
with meet.jitsi
internal domain is required) in web/rootfs/etc/cont-init.d/10-config
jibri/rootfs/etc/cont-init.d/11-get-https-cert
libnss3-tools
APT package in jibri/Dockerfile
@teowoz sounds quite workable, will give it a try!
Hi Teowoz, Thank you for the help. I've tried your fix but my jibri's container failed. Do you have an idea about what i did wrong ? Here are the logs :
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-set-timezone: executing...
[cont-init.d] 01-set-timezone: exited 0.
[cont-init.d] 10-config: executing...
stat: cannot stat '/dev/snd/pcmC0D0p': No such file or directory
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
mentioned by the -G option without removing
him/her from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-R, --root CHROOT_DIR directory to chroot into
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-v, --add-subuids FIRST-LAST add range of subordinate uids
-V, --del-subuids FIRST-LAST remove range of subordinate uids
-w, --add-subgids FIRST-LAST add range of subordinate gids
-W, --del-subgids FIRST-LAST remove range of subordinate gids
-Z, --selinux-user SEUSER new SELinux user mapping for the user account
chmod: cannot access '/config/finalize.sh': No such file or directory
[cont-init.d] 10-config: exited 0.
[cont-init.d] 11-get-https-cert: executing...
depth=0 CN = meet.jitsi
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = meet.jitsi
verify return:1
DONE
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Adding debian:meet.pem
done.
done.
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
Failed to generate minidump.Illegal instruction (core dumped)
rm: cannot remove '/tmp/s.png': No such file or directory
[cont-init.d] 11-get-https-cert: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
Le mar. 7 avr. 2020 à 13:58, morphles notifications@github.com a écrit :
@teowoz https://github.com/teowoz sounds quite workable, will give it a try!
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/jitsi/docker-jitsi-meet/issues/240#issuecomment-610344422, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJTZLKW7PS5X5ZQYCAYN67DRLMIN3ANCNFSM4LQFBZCA .
@nyok92
stat: cannot stat '/dev/snd/pcmC0D0p': No such file or directory
Probably you don't have ALSA configured as stated in jibri README, or you started jibri container without required options (/dev/snd bind mount).
I'm using this command:
docker-compose -f docker-compose.yml -f jibri.yml up -d
and everything works. The jibri.yml
file has all needed options included.
Also, remember to rebuild Docker images:
make build JITSI_SERVICE=web
make build JITSI_SERVICE=jibri
@teowoz Great job! Thx!
Is it possible to change how ffmpeg record the conferences?
I want to create a pool of Jibri and need to lower the quality of recording..
Lesser CPU hungry solution.. maybe use some GPU
teowoz@8f5a05c
Thank you @teowoz - is there a way with git I can just apply your patch to my installation with one command?
@maltokyo
is there a way with git I can just apply your patch to my installation with one command?
I've created branch with solely this fix: fix-certs-web-jibri
https://github.com/teowoz/docker-jitsi-meet/tree/fix-certs-web-jibri
To patch it without updating docker-jitsi-meet to the newest version, you'll need to cherry-pick.
Then, rebuild Docker images:
make build JITSI_SERVICE=web
make build JITSI_SERVICE=jibri
@primoitt83
Is it possible to change how ffmpeg record the conferences?
Checkout my jibri-fixes
branch. Then download jibri sources as a submodule:
git submodule update --init --recursive --remote
and change what you want in sources in jibri/jibri
directory. ffmpeg command line is generated in src/main/kotlin/org/jitsi/jibri/capture/ffmpeg/Commands.kt
. In src/main/kotlin/org/jitsi/jibri/service/impl/StreamingJibriService.kt
you can change the big and greedy corporation YouTube to some other output, e.g. self-hosted :grin:
Then build Docker image for building, and build jar:
in main directory:
make build JITSI_SERVICE=jarbuild
- this is a hack specific to my branch
make build JITSI_SERVICE=jibri
and it should work.
@teowoz thank you so much! I'll try it soon!
Have the same issue, using a front nginx-proxy with letsencrypt certificates.
Any idea how to setup this ?
Hi teowoz, do you use docker compose or docker stack deploy ? I've got errors using your branch ( using stack deploy):
[s6-init] making user provided files available at /var/run/s6/etc...exited 0., [s6-init] ensuring user provided files have correct perms...exited 0., [fix-attrs.d] applying ownership & permissions fixes..., [fix-attrs.d] done., [cont-init.d] executing container initialization scripts..., [cont-init.d] 01-set-timezone: executing... , [cont-init.d] 01-set-timezone: exited 0., [cont-init.d] 10-config: executing... , chmod: changing permissions of '/config/finalize.sh': Read-only file system, [cont-init.d] 10-config: exited 0., [cont-init.d] 11-get-https-cert: executing... , depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3, verify return:1, depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3, verify return:1, depth=0 CN = my.domain, verify return:1, DONE, Updating certificates in /etc/ssl/certs..., 1 added, 0 removed; done., Running hooks in /etc/ca-certificates/update.d..., , Adding debian:meet.pem, done., done., Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted, Failed to generate minidump.Illegal instruction (core dumped), rm: cannot remove '/tmp/s.png': No such file or directory, [cont-init.d] 11-get-https-cert: exited 1., [cont-finish.d] executing container finish scripts..., [cont-finish.d] done., [s6-finish] waiting for services., [s6-finish] sending all processes the TERM signal., [s6-finish] sending all processes the KILL signal and exiting.,
Do you have any idea ? Maybe it's related to the cap_add SYS_admin and NET_BIND_SERVICE which are not taken by docker stack deploy...
1-OK I've managed to get it working , by adding --no-sandbox on google-come driver flags 2-I'm not using meet.jitsi, so I've changed all reference to this by my.domain in rootfs files. 3- then rebuilding jar and building jibri's container. Now on container's start:
[0410/133530.055186:ERROR:command_buffer_proxy_impl.cc(125)] ContextResult::kTransientFailure: Failed to send GpuChannelMsg_CreateCommandBuffer., Fontconfig warning: "/etc/fonts/fonts.conf", line 100: unknown element "blank", [0410/133530.271697:WARNING:audio_manager_linux.cc(52)] Falling back to ALSA for audio output. PulseAudio is not available or could not be initialized., xcb_connection_has_error() returned true, [0410/133530.608491:ERROR:web_contents_delegate.cc(218)] WebContentsDelegate::CheckMediaAccessPermission: Not supported., [0410/133530.608521:ERROR:web_contents_delegate.cc(218)] WebContentsDelegate::CheckMediaAccessPermission: Not supported., ALSA lib pcm_direct.c:1605:(_snd_pcm_direct_get_slave_ipc_offset) Invalid value for card, [0410/133530.683077:ERROR:alsa_util.cc(204)] PcmOpen: default,No such device, [0410/133530.683270:ERROR:alsa_util.cc(204)] PcmOpen: plug:default,No such device, [0410/133530.684965:ERROR:alsa_util.cc(204)] PcmOpen: default,No such device, [0410/133530.685166:ERROR:alsa_util.cc(204)] PcmOpen: plug:default,No such device
4 - Then when i start a recording, Jibri manage to connect to my session but, i've got some new issues with ffmpeg, maybe related to the first ones:
2020-04-10 14:00:24.076 INFO: [151] org.jitsi.jibri.capture.ffmpeg.FfmpegCapturer.onFfmpegProcessUpdate() Ffmpeg quit abruptly. Last output line: plug:bsnoop: Input/output error, 2020-04-10 14:00:24.075 FINE: [54] org.jitsi.jibri.util.ProcessStatePublisher.ffmpeg.invoke() Process ffmpeg hasn't written in 2 seconds, publishing periodic update, 2020-04-10 14:00:19.073 INFO: [148] org.jitsi.jibri.util.JibriSubprocess.ffmpeg.launch() Starting ffmpeg with command ffmpeg -y -v info -f x11grab -draw_mouse 0 -r 30 -s 1280x720 -thread_queue_size 4096 -i :0.0+0,0 -f alsa -thread_queue_size 4096 -i plug:bsnoop -acodec aac -strict -2 -ar 44100 -c:v libx264 -preset veryfast -profile:v main -level 3.1 -pix_fmt yuv420p -r 30 -crf 25 -g 60 -tune zerolatency -f mp4 /config/recordings/cidbvmsuyibtewph/test_2020-04-10-14-00-16.mp4 ([ffmpeg, -y, -v, info, -f, x11grab, -draw_mouse, 0, -r, 30, -s, 1280x720, -thread_queue_size, 4096, -i, :0.0+0,0, -f, alsa, -thread_queue_size, 4096, -i, plug:bsnoop, -acodec, aac, -strict, -2, -ar, 44100, -c:v, libx264, -preset, veryfast, -profile:v, main, -level, 3.1, -pix_fmt, yuv420p, -r, 30, -crf, 25, -g, 60, -tune, zerolatency, -f, mp4, /config/recordings/cidbvmsuyibtewph/test_2020-04-10-14-00-16.mp4]), 2020-04-10 14:00:19.053 INFO: [148] org.jitsi.jibri.service.impl.FileRecordingJibriService.invoke() Selenium joined the call, starting the capturer, 2020-04-10 14:00:19.053 INFO: [148] org.jitsi.jibri.selenium.JibriSelenium.onSeleniumStateChange() Transitioning from state Starting up to Running, 2020-04-10 14:00:19.044 INFO: [148] org.jitsi.jibri.selenium.pageobjects.CallPage.visit() Waited 1095 milliseconds for call page to load, 2020-04-10 14:00:17.602 FINE: [148] org.jitsi.jibri.selenium.pageobjects.CallPage.visit() Visiting url https://**my.domain**/test#config.iAmRecorder=true&config.externalConnectUrl=null&config.startWithAudioMuted=true&config.startWithVideoMuted=true&interfaceConfig.APP_NAME="Jibri"&config.analytics.disabled=true&config.p2p.enabled=false, 2020-04-10 14:00:34.123 INFO: [151] org.jitsi.jibri.capture.ffmpeg.FfmpegCapturer.onFfmpegProcessUpdate() Ffmpeg quit abruptly. Last output line: plug:bsnoop: Input/output error, 2020-04-10 14:00:34.123 FINE: [54] org.jitsi.jibri.util.ProcessStatePublisher.ffmpeg.invoke() Process ffmpeg hasn't written in 2 seconds, publishing periodic update, 2020-04-10 14:00:34.123 INFO: [54] org.jitsi.jibri.selenium.JibriSelenium.run() Jibri client receive bitrates: {}, all clients muted? false, 2020-04-10 14:00:32.075 INFO: [151] org.jitsi.jibri.capture.ffmpeg.FfmpegCapturer.onFfmpegProcessUpdate() Ffmpeg quit abruptly. Last output line: plug:bsnoop: Input/output error, 2020-04-10 14:00:32.075 FINE: [54] org.jitsi.jibri.util.ProcessStatePublisher.ffmpeg.invoke() Process ffmpeg hasn't written in 2 seconds, publishing periodic update, 2020-04-10 14:00:30.075 INFO: [151] org.jitsi.jibri.capture.ffmpeg.FfmpegCapturer.onFfmpegProcessUpdate() Ffmpeg quit abruptly. Last output line: plug:bsnoop: Input/output error, 2020-04-10 14:00:30.075 FINE: [54] org.jitsi.jibri.util.ProcessStatePublisher.ffmpeg.invoke() Process ffmpeg hasn't written in 2 seconds, publishing periodic update, 2020-04-10 14:00:28.075 INFO: [151] org.jitsi.jibri.capture.ffmpeg.FfmpegCapturer.onFfmpegProcessUpdate() Ffmpeg quit abruptly. Last output line: plug:bsnoop: Input/output error, 2020-04-10 14:00:28.075 FINE: [54] org.jitsi.jibri.util.ProcessStatePublisher.ffmpeg.invoke() Process ffmpeg hasn't written in 2 seconds, publishing periodic update, 2020-04-10 14:00:26.076 INFO: [151] org.jitsi.jibri.capture.ffmpeg.FfmpegCapturer.onFfmpegProcessUpdate() Ffmpeg quit abruptly. Last output line: plug:bsnoop: Input/output error, 2020-04-10 14:00:26.075 FINE: [54] org.jitsi.jibri.util.ProcessStatePublisher.ffmpeg.invoke() Process ffmpeg hasn't written in 2 seconds, publishing periodic update
Hi everyone, I tried to enable jibri and encountered some problems. First I got the following error message:
But this was easy to fix. I just created a file in my config folder, but now I get the following:
I think the problem is that
Window
is different fromwindow
, but I don't know where to find the code. Can you help me?Complete log
``` 2020-03-20 09:15:16.071 FINE: [35] org.jitsi.xmpp.mucclient.MucClient.log() Received an IQ with type set: IQ Stanza (jibri http://jitsi.org/protocol/jibri) [to=jibri@auth.meet.jitsi/edAXYQ94,from=jibribrewery@internal-muc.meet.jitsi/focus,id=amlicmlAYXV0aC5tZWV0LmppdHNpL2VkQVhZUTk0ADBCVGx1LTI1NABVsWt3X1n/o6vD6m2Rlbe7,type=set,] 2020-03-20 09:15:16.073 INFO: [35] org.jitsi.jibri.api.xmpp.XmppApi.handleJibriIq() Received JibriIq