search

jitsi / jitsi-meet

Jitsi Meet - Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application.
https://jitsi.org/meet
Apache License 2.0
22.89k stars 6.69k forks source link

Stable broken on x86 and ppc64le #15146

Open uwzis opened 3 hours ago

uwzis commented 3 hours ago

What happened?

It will work normally until another client joins and then will tell the user there was a problem and it will an error in the log file. I am on IBM power 8 server using debian 12 with the latest java version. I have tested webrtc and tried multiple browsers and settings. This all started when I updated jitsi meet from the repo on 9/19.

X86 / amd64 result

JVB log:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
    ... 22 more

Jicofo log:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
    ... 22 more

Prosody log:
Sep 21 08:58:10 c2s55a5f6751db0 info    Client connected
Sep 21 08:58:10 c2s55a5f6751db0 info    Client disconnected: sslv3 alert certificate unknown

I get nothing but cert errors by choosing the Letsencript option and

PPC64le result:

Nginx failed during installation:

× nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Sat 2024-09-21 09:09:42 EDT; 1s ago
   Duration: 2h 37min 52.853s
       Docs: man:nginx(8)
    Process: 24693 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
        CPU: 0

Sep 21 09:09:42 meeting.test.com systemd[1]: Starting nginx.service - A high performance web server and a reverse proxy server...
Sep 21 09:09:42 meeting.test.com nginx[24693]: 2024/09/21 09:09:42 [warn] 24693#24693: duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/sites-enabled/meet.test.com.conf:5
Sep 21 09:09:42 meeting.test.com nginx[24693]: 2024/09/21 09:09:42 [emerg] 24693#24693: zone "upstreams" is too small in /etc/nginx/sites-enabled/meet.test.com.conf:9
Sep 21 09:09:42 meeting.test.com nginx[24693]: nginx: configuration file /etc/nginx/nginx.conf test failed
Sep 21 09:09:42 meeting.test.com systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Sep 21 09:09:42 meeting.test.com systemd[1]: nginx.service: Failed with result 'exit-code'.
Sep 21 09:09:42 meeting.test.com systemd[1]: Failed to start nginx.service - A high performance web server and a reverse proxy server.

If i fix this error by uploading the x86 version of the old webserver config it works and does the same thing.

I have spent around 24 hours troubleshooting this looking for fixes and to fix one issue and to create another. Anything helps, Thanks

Platform

Browser / app / sdk version

stable

Relevant log output

No response

Reproducibility

More details?

No response

uwzis commented 3 hours ago

I apologize, I forgot the prosody logs:

Sep 21 09:40:24 c2s55a5f68da9f0 info    Client connected
Sep 21 09:40:24 c2s55a5f68da9f0 info    Client disconnected: sslv3 alert certificate unknown
damencho commented 3 hours ago

Did you fix the cert issue?

You may try this, of course put your domain there. https://community.jitsi.org/t/is-it-possible-to-self-host-a-jitsi-server-off-internet/133402/21?u=damencho

uwzis commented 2 hours ago

Currently reached the timeout on my letsencrypt and generating a self signed doesn't play well with my web browser, you should be able to reproduce the issue just by following the guide https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart

damencho commented 2 hours ago

Are both 80 and 443 reaching the nginx?

uwzis commented 2 hours ago

yes, the install script doesn't look like its check for existing certs so troubleshooting this has made a new cert multiple times causing letsencrypt to give me a "timeout"

Error creating new order. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in 
the last 168 hours: (Domain) see https://letsencrypt.org/docs/d
uplicate-certificate-limit/",
  "status": 429
}