search

jitsi / docker-jitsi-meet

Jitsi Meet on Docker
https://hub.docker.com/u/jitsi/
Apache License 2.0
3.04k stars 1.35k forks source link

Nginx cannot connect to server #427

Closed arminWel closed 3 years ago

arminWel commented 4 years ago

Hi,

I want to use the use this server with an nginx-proxy, which is already running. What I did so far: After pulling the image I changed the .env in the following way:

PUBLIC_URL=https://meet.mydomain.de
DOCKER_HOST_ADDRESS=htts://meet.mydomain.de
DISABLE_HTTPS=1

Moreover in the docker-compose.yml:

 version: '3'
 services:
    web:
         image: jitsi/web
         expose:
             - '${HTTP_PORT}'
         volumes:
             ...
         environment:
             ...    
             - VIRTUAL_HOST=meet.mydomain.de
             - VIRTUAL_PORT=80
         networks:
            - meet.jitsi
             - proxy_network
...
networks:
     meet.jitsi:
     proxy_network:
         external: true

But now I get a 502(Bad Gateway). In the configuration of the nginx, the following is created: 

upstream meet.mydomain.de {
                # Cannot connect to network of this container
                server 127.0.0.1 down;
                # Cannot connect to network of this container
                server 127.0.0.1 down;
}
server {
    server_name meet.mydomain.de;
    listen 80 ;
    access_log /var/log/nginx/access.log vhost;
    include /etc/nginx/vhost.d/default;
    location / {
        proxy_pass http://meet.mydomain.de;
    }
}
server {
    server_name meet.arminwells.de;
    listen 443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    return 500;
    ssl_certificate /etc/nginx/certs/default.crt;
    ssl_certificate_key /etc/nginx/certs/default.key;
}

Which further indicates, that the proxy cannot connect to the jitsi-server.

For reference here the configuration of nginx:

  proxy:
    image: jwilder/nginx-proxy:alpine
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
    container_name: nextcloud-proxy
    networks:
      - proxy_network
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./proxy/conf.d:/etc/nginx/conf.d:rw
      - ./proxy/vhost.d:/etc/nginx/vhost.d:rw
      - ./proxy/html:/usr/share/nginx/html:rw
      - ./proxy/certs:/etc/nginx/certs:ro
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
    restart: always

Anybody got an idea what I am doing wrong here?

cristobaltapia commented 4 years ago

Hey @arminWel, have you found a solution for this?

arminWel commented 4 years ago

Not yet.

cristobaltapia commented 4 years ago

Too bad. I have tried also the recommendations in #22 without success.

EZEDSEA commented 4 years ago

Also trying to get this to work with jwilder/nginx-proxy

I think the main problem is that if you leave the default jitsi_meet network, it can no longer access an internal proxy for http://*.meet.jitsi.

Struggling with how to configure this... perhaps add an extra conf file like in #484?

ishapkin commented 4 years ago

@EZEDSEA HI!

I use docker-jitsi-meet with nginx-proxy and it work for me right now with the following confingure:

 version: '3'

services:
  # Frontend
  web:
    image: jitsi/web:latest
    restart: ${RESTART_POLICY}
    expose:
      - 80
      - 443
    volumes:
      - ${CONFIG}/web:/config:Z
      - ${CONFIG}/web/letsencrypt:/etc/letsencrypt:Z
      - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
    environment:
      - ENABLE_AUTH
      - ENABLE_GUESTS
      - ENABLE_LETSENCRYPT=0
      - ENABLE_HTTP_REDIRECT
      - ENABLE_TRANSCRIPTIONS
      - DISABLE_HTTPS
      - JICOFO_AUTH_USER
      - LETSENCRYPT_DOMAIN
      - PUBLIC_URL
      - XMPP_DOMAIN
      - XMPP_AUTH_DOMAIN
      - XMPP_BOSH_URL_BASE
      - XMPP_GUEST_DOMAIN
      - XMPP_MUC_DOMAIN
      - XMPP_RECORDER_DOMAIN
      - ETHERPAD_URL_BASE
      - ETHERPAD_PUBLIC_URL
      - TZ
      - JIBRI_BREWERY_MUC
      - JIBRI_PENDING_TIMEOUT
      - JIBRI_XMPP_USER
      - JIBRI_XMPP_PASSWORD
      - JIBRI_RECORDER_USER
      - JIBRI_RECORDER_PASSWORD
      - ENABLE_RECORDING
      - VIRTUAL_HOST=meet.domain.org
      - LETSENCRYPT_HOST=meet.domain.org
      - LETSENCRYPT_EMAIL=mail@example.com
    networks:
      meet.jitsi:
        aliases:
          - ${XMPP_DOMAIN}
      default:

  # XMPP server
  prosody:
    image: jitsi/prosody:latest
    restart: ${RESTART_POLICY}
    expose:
      - '5222'
      - '5347'
      - '5280'
    volumes:
      - ${CONFIG}/prosody/config:/config:Z
      - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
    environment:
      - AUTH_TYPE
      - ENABLE_AUTH
      - ENABLE_GUESTS
      - ENABLE_LOBBY
      - GLOBAL_MODULES
      - GLOBAL_CONFIG
      - LDAP_URL
      - LDAP_BASE
      - LDAP_BINDDN
      - LDAP_BINDPW
      - LDAP_FILTER
      - LDAP_AUTH_METHOD
      - LDAP_VERSION
      - LDAP_USE_TLS
      - LDAP_TLS_CIPHERS
      - LDAP_TLS_CHECK_PEER
      - LDAP_TLS_CACERT_FILE
      - LDAP_TLS_CACERT_DIR
      - LDAP_START_TLS
      - XMPP_DOMAIN
      - XMPP_AUTH_DOMAIN
      - XMPP_GUEST_DOMAIN
      - XMPP_MUC_DOMAIN
      - XMPP_INTERNAL_MUC_DOMAIN
      - XMPP_MODULES
      - XMPP_MUC_MODULES
      - XMPP_INTERNAL_MUC_MODULES
      - XMPP_RECORDER_DOMAIN
      - JICOFO_COMPONENT_SECRET
      - JICOFO_AUTH_USER
      - JICOFO_AUTH_PASSWORD
      - JVB_AUTH_USER
      - JVB_AUTH_PASSWORD
      - JIGASI_XMPP_USER
      - JIGASI_XMPP_PASSWORD
      - JIBRI_XMPP_USER
      - JIBRI_XMPP_PASSWORD
      - JIBRI_RECORDER_USER
      - JIBRI_RECORDER_PASSWORD
      - JWT_APP_ID
      - JWT_APP_SECRET
      - JWT_ACCEPTED_ISSUERS
      - JWT_ACCEPTED_AUDIENCES
      - JWT_ASAP_KEYSERVER
      - JWT_ALLOW_EMPTY
      - JWT_AUTH_TYPE
      - JWT_TOKEN_AUTH_MODULE
      - LOG_LEVEL
      - TZ
    networks:
      meet.jitsi:
        aliases:
          - ${XMPP_SERVER}

  # Focus component
  jicofo:
    image: jitsi/jicofo:latest
    restart: ${RESTART_POLICY}
    volumes:
      - ${CONFIG}/jicofo:/config:Z
    environment:
      - AUTH_TYPE
      - ENABLE_AUTH
      - XMPP_DOMAIN
      - XMPP_AUTH_DOMAIN
      - XMPP_INTERNAL_MUC_DOMAIN
      - XMPP_SERVER
      - JICOFO_COMPONENT_SECRET
      - JICOFO_AUTH_USER
      - JICOFO_AUTH_PASSWORD
      - JICOFO_RESERVATION_REST_BASE_URL
      - JVB_BREWERY_MUC
      - JIGASI_BREWERY_MUC
      - JIGASI_SIP_URI
      - JIBRI_BREWERY_MUC
      - JIBRI_PENDING_TIMEOUT
      - TZ
    depends_on:
      - prosody
    networks:
      meet.jitsi:

  # Video bridge
  jvb:
    image: jitsi/jvb:latest
    restart: ${RESTART_POLICY}
    ports:
      - '${JVB_PORT}:${JVB_PORT}/udp'
      - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
    volumes:
      - ${CONFIG}/jvb:/config:Z
    environment:
      - DOCKER_HOST_ADDRESS
      - XMPP_AUTH_DOMAIN
      - XMPP_INTERNAL_MUC_DOMAIN
      - XMPP_SERVER
      - JVB_AUTH_USER
      - JVB_AUTH_PASSWORD
      - JVB_BREWERY_MUC
      - JVB_PORT
      - JVB_TCP_HARVESTER_DISABLED
      - JVB_TCP_PORT
      - JVB_STUN_SERVERS
      - JVB_ENABLE_APIS
      - TZ
    depends_on:
      - prosody
    networks:
      meet.jitsi:

# Custom network so all services can communicate using a FQDN
networks:
  meet.jitsi:
  default:
    external:
      name: nginx-proxy

Try to update your nginx-proxy + docker-letsencrypt-nginx-proxy-companion for last version, because I have same problem before it. My problem was with End of Life Plan for ACMEv1: https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/1 and after update nginx-proxy + docker-letsencrypt-nginx-proxy-companion and recreate web-container it is work very well

My docker-compose example and steps for install: https://github.com/ishapkin/jitsti-nginx-proxy