search

jitsi / jitsi-meet

Jitsi Meet - Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application.
https://jitsi.org/meet
Apache License 2.0
23.31k stars 6.76k forks source link

Permissions issue #2521

Closed StreamTitan closed 6 years ago

StreamTitan commented 6 years ago

Hi,

I have a done an install which I believe has been installed successfully. My SSL resolves fine with sslchecker as well but I am getting a permissions issue when I try to access the site: Forbidden You don't have permission to access / on this server. Apache/2.4.18 (Ubuntu) Server at www.mydomain.com Port 443

Here is the log root@grt:~# sudo tail /var/log/apache2/error.log [Mon Feb 26 14:52:44.066198 2018] [ssl:warn] [pid 10859:tid 140629780068224] AH0 1909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches th e server name [Mon Feb 26 14:52:44.074582 2018] [ssl:warn] [pid 10860:tid 140629780068224] AH0 1909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches th e server name [Mon Feb 26 14:52:44.075304 2018] [mpm_event:notice] [pid 10860:tid 140629780068 224] AH00489: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming norma l operations [Mon Feb 26 14:52:44.075328 2018] [core:notice] [pid 10860:tid 140629780068224] AH00094: Command line: '/usr/sbin/apache2' [Mon Feb 26 14:52:49.163113 2018] [core:error] [pid 10864:tid 140629560514304] ( 13)Permission denied: [client 2803:1500:e01:4732:1cac:5e8:7b1a:fa9c:63066] AH000 35: access to / denied (filesystem path '/root/jitsi-meet') because search permi ssions are missing on a component of the path [Mon Feb 26 14:52:56.962946 2018] [core:error] [pid 10863:tid 140629468194560] ( 13)Permission denied: [client 2803:1500:e01:4732:1cac:5e8:7b1a:fa9c:63067] AH000 35: access to / denied (filesystem path '/root/jitsi-meet') because search permi ssions are missing on a component of the path [Mon Feb 26 14:53:16.051888 2018] [core:error] [pid 10863:tid 140629451409152] ( 13)Permission denied: [client 2803:1500:e01:4732:1cac:5e8:7b1a:fa9c:63074] AH000 35: access to / denied (filesystem path '/root/jitsi-meet') because search permi ssions are missing on a component of the path [Mon Feb 26 14:53:16.207523 2018] [core:error] [pid 10863:tid 140629443016448] ( 13)Permission denied: [client 2803:1500:e01:4732:1cac:5e8:7b1a:fa9c:63074] AH000 35: access to /favicon.ico denied (filesystem path '/root/jitsi-meet') because s earch permissions are missing on a component of the path [Mon Feb 26 14:54:00.928342 2018] [core:error] [pid 10864:tid 140629552121600] ( 13)Permission denied: [client 2803:1500:e01:4732:1cac:5e8:7b1a:fa9c:63077] AH000 35: access to / denied (filesystem path '/root/jitsi-meet') because search permi ssions are missing on a component of the path [Mon Feb 26 14:56:02.363820 2018] [core:error] [pid 10863:tid 140629434623744] ( 13)Permission denied: [client 2803:1500:e01:4732:1cac:5e8:7b1a:fa9c:63083] AH000 35: access to / denied (filesystem path '/root/jitsi-meet') because search permi ssions are missing on a component of the path

StreamTitan commented 6 years ago

My apache config file is also fine

  <VirtualHost *:80>
   ServerName mydomain.com
   Redirect permanent / https://www.mydomain.com/
   DocumentRoot /root/jitsi-meet
   </VirtualHost>

    <VirtualHost *:443>
    SSLEngine on
    SSLCACertificateFile  /etc/apache2/ssl/www.mydomain.com.ca-bundle
    SSLCertificateFile /etc/apache2/ssl/www.mydomain.com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.mydomain.com

ServerAdmin webmaster@localhost
DocumentRoot /root/jitsi-meet

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
   </VirtualHost>

    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
StreamTitan commented 6 years ago

To confirm the error and that SSL is working and installed properly I updated the document root in the Apache config file, back to default and it worked fine (no permissions issue): DocumentRoot /var/www/html

When I changed the document root back to: DocumentRoot /root/jitsi-meet I then got the permissions issue again

damencho commented 6 years ago

This expected, as apache is probably using a user different than root to run its process and that user cannot access /root, you need to move the jitsi-meet folder to a place where it can access it and make sure that folder permissions allow that apache user to read from there.

StreamTitan commented 6 years ago

I moved the folder from root/jitsi-meet to /var/www/html/jitsi-meet There are no more permission issues but now I have a grey screen and not the jitsi-meet homepage

This is my config file

<VirtualHost *:80>
   ServerName mydomain.com
   Redirect permanent / https://www.mydomain.com/
   DocumentRoot /var/www/html/jitsi-meet
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCACertificateFile  /etc/apache2/ssl/www.mydomain.ca-bundle
SSLCertificateFile /etc/apache2/ssl/www.mydomain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.mydomain.com

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/jitsi-meet

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
damencho commented 6 years ago

I think your config maybe wrong. Take a look at: https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet/jitsi-meet.example-apache

And also check your js console for errors.

StreamTitan commented 6 years ago

I updated my config file to reflect the example you linked to. When I tried to commit the changes by restarting Apache I got the following config error. rewrite module is enabled (a2enmod rewrite) The updated config file as is on server is below

root@grt:~# systemctl status apache2.service ● apache2.service - LSB: Apache2 web server Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled) Drop-In: /lib/systemd/system/apache2.service.d └─apache2-systemd.conf Active: failed (Result: exit-code) since Mon 2018-02-26 20:16:13 UTC; 5min ag Docs: man:systemd-sysv-generator(8) Process: 2097 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILU

Feb 26 20:16:13 grt apache2[2097]: * The apache2 configtest failed. Feb 26 20:16:13 grt apache2[2097]: Output of config test was: Feb 26 20:16:13 grt apache2[2097]: AH00526: Syntax error on line 21 of /et Feb 26 20:16:13 grt apache2[2097]: Invalid command 'Header', perhaps missp Feb 26 20:16:13 grt apache2[2097]: Action 'configtest' failed. Feb 26 20:16:13 grt apache2[2097]: The Apache error log may have more info Feb 26 20:16:13 grt systemd[1]: apache2.service: Control process exited, c Feb 26 20:16:13 grt systemd[1]: Failed to start LSB: Apache2 web server. Feb 26 20:16:13 grt systemd[1]: apache2.service: Unit entered failed state Feb 26 20:16:13 grt systemd[1]: apache2.service: Failed with result 'exit- lines 1-18/18 (END)

<VirtualHost *:80>
    ServerName mydomain.com
    Redirect permanent / https://www.mydomain.com/
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost *:443>

  ServerName mydomain.com

  SSLProtocol TLSv1 TLSv1.1 TLSv1.2
  SSLEngine on
  SSLProxyEngine on
  SSLCACertificateFile  /etc/apache2/ssl/www.mydomain.com.ca-bundle
  SSLCertificateFile /etc/apache2/ssl/www.mydomain.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key
  SSLCipherSuite

"EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED" SSLHonorCipherOrder on Header set Strict-Transport-Security "max-age=31536000"

  DocumentRoot "/var/www/html/jitsi-meet"
  <Directory "/var/www/html/jitsi-meet">
    Options Indexes MultiViews Includes FollowSymLinks
    AddOutputFilter Includes html
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>

  ErrorDocument 404 /static/404.html

  #Alias "/config.js" "/etc/jitsi/meet/jitsi-meet.example.com-config.js"
  Alias "/config.js" "/var/www/html/jitsi-meet.mydomain.com-config.js"
  <Location /config.js>
    Require all granted
  </Location>

  ProxyPreserveHost on
  ProxyPass /http-bind http://localhost:5280/http-bind/
  ProxyPassReverse /http-bind http://localhost:5280/http-bind/

  RewriteEngine on
  RewriteRule ^/([a-zA-Z0-9]+)$ /index.html
</VirtualHost>
StreamTitan commented 6 years ago

Also my config.js file is at: var/www/html/jitsi-meet/config.js

But this path is confusing in the above demo you linked: Alias "/config.js" "/etc/jitsi/meet/jitsi-meet.example.com-config.js

since the config file is config.js and not eg "jitsi-meet.example.com-config.js" as above. How should that be written if my config file path is /var/www/html/jitsi-meet/ --- then what?

damencho commented 6 years ago

You need to enable rewrite apache module. About the config you need to put the correct config.js. By default it is /etc/jitsi/meet/yourdomain-config.js and it is created and configured by the packages, but if you have configured the one from the checked out sources /var/www/html/jitsi-meet/config.js use that one, just make sure you have configured correctly the domain, the bosh domain and all that is needed.

StreamTitan commented 6 years ago

Ok, but the rewrite module was enabled (a2enmod rewrite). config path now: /var/www/html/jitsi-meet/config.js

Not able to restart apache to get the changes to the 000-default.conf file established.

StreamTitan commented 6 years ago

My config.js file now reads

/* eslint-disable no-unused-vars, no-var */

var config = {
    // Configuration
    //

    // Alternative location for the configuration.
    // configLocation: './config.json',

    // Custom function which given the URL path should return a room name.
    // getroomnode: function (path) { return 'someprefixpossiblybasedonpath'; },

    // Connection
    //

    hosts: {
        // XMPP domain.
        domain: 'jitsi-meet.mydomain.com',

        // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
        muc: 'conference.jitsi-meet.mydomain.com'

        // When using authentication, domain for guest users.
        // anonymousdomain: 'guest.example.com',

        // Domain for authenticated users. Defaults to <domain>.
        // authdomain: 'jitsi-meet.example.com',

        // Jirecon recording component domain.
        // jirecon: 'jirecon.jitsi-meet.example.com',

        // Call control component (Jigasi).
    // call_control: 'callcontrol.jitsi-meet.example.com',

    // Focus component domain. Defaults to focus.<domain>.
    // focus: 'focus.jitsi-meet.example.com',
    },

    // BOSH URL. FIXME: use XEP-0156 to discover it.
    bosh: '//jitsi-meet.mydomain.com/http-bind',

    // The name of client node advertised in XEP-0115 'c' stanza
    clientNode: 'http://jitsi.org/jitsimeet',

    // The real JID of focus participant - can be overridden here
    // focusUserJid: 'focus@auth.jitsi-meet.example.com',

    // Testing / experimental features.
    //

    testing: {
        // Enables experimental simulcast support on Firefox.
        enableFirefoxSimulcast: false,

        // P2P test mode disables automatic switching to P2P when there are 2
       // participants in the conference.
        p2pTestMode: false
    },

    // Disables ICE/UDP by filtering out local and remote UDP candidates in
   // signalling.
    // webrtcIceUdpDisable: false,

    // Disables ICE/TCP by filtering out local and remote TCP candidates in
    // signalling.
    // webrtcIceTcpDisable: false,

    // Media
   //

   // Audio

   // Disable measuring of audio levels.
   // disableAudioLevels: false,

   // Start the conference in audio only mode (no video is being received nor
   // sent).
   // startAudioOnly: false,

    // Every participant after the Nth will start audio muted.
    // startAudioMuted: 10,

    // Start calls with audio muted. Unlike the option above, this one is only
    // applied locally. FIXME: having these 2 options is confusing.
    // startWithAudioMuted: false,

    // Video

    // Sets the preferred resolution (height) for local video. Defaults to 720.
    // resolution: 720,

    // w3c spec-compliant video constraints to use for video capture. Currently
    // used by browsers that return true from lib-jitsi-meet's
    // util#browser#usesNewGumFlow. The constraints are independency from
    // this config's resolution value. Defaults to requesting an ideal aspect
    // ratio of 16:9 with an ideal resolution of 1080p.
    // constraints: {
    //     video: {
//         aspectRatio: 16 / 9,
//         height: {
//             ideal: 1080,
//             max: 1080,
//             min: 240
//         }
//     }
// },

// Enable / disable simulcast support.
// disableSimulcast: false,

// Suspend sending video if bandwidth estimation is too low. This may cause
// problems with audio playback. Disabled until these are fixed.
disableSuspendVideo: true,

// Every participant after the Nth will start video muted.
// startVideoMuted: 10,

// Start calls with video muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithVideoMuted: false,

// If set to true, prefer to use the H.264 video codec (if supported).
// Note that it's not recommended to do this because simulcast is not
// supported when  using H.264. For 1-to-1 calls this setting is enabled by
// default and can be toggled in the p2p section.
// preferH264: true,

// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,

// Desktop sharing

// Enable / disable desktop sharing
// disableDesktopSharing: false,

// The ID of the jidesha extension for Chrome.
desktopSharingChromeExtId: null,

// Whether desktop sharing should be disabled on Chrome.
desktopSharingChromeDisabled: true,

// The media sources to use when using screen sharing with the Chrome
// extension.
desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],

// Required version of Chrome extension
desktopSharingChromeMinExtVersion: '0.1',

// The ID of the jidesha extension for Firefox. If null, we assume that no
// extension is required.
desktopSharingFirefoxExtId: null,

// Whether desktop sharing should be disabled on Firefox.
desktopSharingFirefoxDisabled: false,

// The maximum version of Firefox which requires a jidesha extension.
// Example: if set to 41, we will require the extension for Firefox versions
// up to and including 41. On Firefox 42 and higher, we will run without the
// extension.
// If set to -1, an extension will be required for all versions of Firefox.
desktopSharingFirefoxMaxVersionExtRequired: 51,

// The URL to the Firefox extension for desktop sharing.
desktopSharingFirefoxExtensionURL: null,

// Optional desktop sharing frame rate options. Default value: min:5, max:5.
// desktopSharingFrameRate: {
//     min: 5,
//     max: 5
// },

// Try to start calls with screen-sharing instead of camera video.
// startScreenSharing: false,

// Recording

// Whether to enable recording or not.
// enableRecording: false,

// Type for recording: one of jibri or jirecon.
// recordingType: 'jibri',

// Misc

// Default value for the channel "last N" attribute. -1 for unlimited.
channelLastN: -1,

// Disables or enables RTX (RFC 4588) (defaults to false).
// disableRtx: false,

// Use XEP-0215 to fetch STUN and TURN servers.
// useStunTurn: true,

// Enable IPv6 support.
// useIPv6: true,

// Enables / disables a data communication channel with the Videobridge.
// Values can be 'datachannel', 'websocket', true (treat it as
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
// open any channel).
// openBridgeChannel: true,

// UI
//

// Use display name as XMPP nickname.
// useNicks: false,

// Require users to always specify a display name.
// requireDisplayName: true,

// Whether to use a welcome page or not. In case it's false a random room
// will be joined when no room is specified.
enableWelcomePage: true,

// Enabling the close page will ignore the welcome page redirection when
// a call is hangup.
// enableClosePage: false,

// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
// disable1On1Mode: false,

// The minimum value a video's height (or width, whichever is smaller) needs
// to be in order to be considered high-definition.
minHDHeight: 540,

// Default language for the user interface.
// defaultLanguage: 'en',

// If true all users without a token will be considered guests and all users
// with token will be considered non-guests. Only guests will be allowed to
// edit their profile.
enableUserRolesBasedOnToken: false,

// Message to show the users. Example: 'The service will be down for
// maintenance at 01:00 AM GMT,
// noticeMessage: '',

// Stats
//

// Whether to enable stats collection or not.
// disableStats: false,

// To enable sending statistics to callstats.io you must provide the
// Application ID and Secret.
// callStatsID: '',
// callStatsSecret: '',

// enables callstatsUsername to be reported as statsId and used
// by callstats as repoted remote id
// enableStatsID: false

// enables sending participants display name to callstats
// enableDisplayNameInStats: false

// Privacy
//

// If third party requests are disabled, no other server will be contacted.
// This means avatars will be locally generated and callstats integration
// will not function.
// disableThirdPartyRequests: false,

// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
//

p2p: {
    // Enables peer to peer mode. When enabled the system will try to
    // establish a direct connection when there are exactly 2 participants
    // in the room. If that succeeds the conference will stop sending data
    // through the JVB and use the peer to peer connection instead. When a
    // 3rd participant joins the conference will be moved back to the JVB
    // connection.
    enabled: true,

    // Use XEP-0215 to fetch STUN and TURN servers.
    // useStunTurn: true,

    // The STUN servers that will be used in the peer to peer connections
    stunServers: [
        { urls: 'stun:stun.l.google.com:19302' },
        { urls: 'stun:stun1.l.google.com:19302' },
        { urls: 'stun:stun2.l.google.com:19302' }
    ],

    // Sets the ICE transport policy for the p2p connection. At the time
    // of this writing the list of possible values are 'all' and 'relay',
    // but that is subject to change in the future. The enum is defined in
    // the WebRTC standard:
    // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
    // If not set, the effective value is 'all'.
    // iceTransportPolicy: 'all',

    // If set to true, it will prefer to use H.264 for P2P calls (if H.264
    // is supported).
    preferH264: true

    // If set to true, disable H.264 video codec by stripping it out of the
    // SDP.
    // disableH264: false,

    // How long we're going to wait, before going back to P2P after the 3rd
    // participant has left the conference (to filter out page reload).
    // backToP2PDelay: 5
},

// A list of scripts to load as lib-jitsi-meet "analytics handlers".
// analyticsScriptUrls: [
//      "libs/analytics-ga.js", // google-analytics
//      "https://example.com/my-custom-analytics.js"
// ],

// The Google Analytics Tracking ID
// googleAnalyticsTrackingId = 'your-tracking-id-here-UA-123456-1',

// Information about the jitsi-meet instance we are connecting to, including
// the user region as seen by the server.
deploymentInfo: {
    // shard: "shard1",
    // region: "europe",
    // userRegion: "asia"
}

// List of undocumented settings used in jitsi-meet
/**
 alwaysVisibleToolbar
 autoEnableDesktopSharing
 autoRecord
 autoRecordToken
 debug
 debugAudioLevels
 deploymentInfo
 dialInConfCodeUrl
 dialInNumbersUrl
 dialOutAuthUrl
 dialOutCodesUrl
 disableRemoteControl
 displayJids
 enableLocalVideoFlip
 etherpad_base
 externalConnectUrl
 firefox_fake_device
 iAmRecorder
 iAmSipGateway
 peopleSearchQueryTypes
 peopleSearchUrl
 requireDisplayName
 tokenAuthUrl
 */

// List of undocumented settings used in lib-jitsi-meet
/**
 _peerConnStatusOutOfLastNTimeout
 _peerConnStatusRtcMuteTimeout
 abTesting
 avgRtpStatsN
 callStatsConfIDNamespace
 callStatsCustomScriptUrl
 desktopSharingSources
 disableAEC
 disableAGC
 disableAP
 disableHPF
 disableNS
 enableLipSync
 enableTalkWhileMuted
 forceJVB121Ratio
 hiddenDomain
 ignoreStartMuted
 nick
 startBitrate
 */

};

/ eslint-enable no-unused-vars, no-var /

StreamTitan commented 6 years ago

Should I edit the config.js to read: hosts: { // XMPP domain. domain: 'jitsi-meet.mydomain.com', changed to - domain: 'mydomain.com',

AND muc: 'conference.jitsi-meet.mydomain.com' changed to - muc: 'conference.mydomain.com'

AND bosh: '//jitsi-meet.mydomain.com/http-bind', changed to - bosh: '//mydomain.com/http-bind',

StreamTitan commented 6 years ago

from the error log:

Feb 26 21:18:23 grt apache2[4123]: AH00526: Syntax error on line 21 of /etc/apache2/sites-enabled/000-default.conf: Feb 26 21:18:23 grt apache2[4123]: Invalid command 'Header', perhaps misspelled or defined by a module not included in the server configuration

Line 21 from the 000-default.conf file is: Header set Strict-Transport-Security "max-age=31536000"

StreamTitan commented 6 years ago

Finally able to restart apache. There are modules which were not stated that needed to be enabled.

a2enmod rewrite a2enmod headers a2enmod proxy

Now apache is able to restart but I'm back to the grey screen again. I can manage a laugh here. This is a challenge but I'm trying my best. The tutorial is going to be fun to write once I get this working.

StreamTitan commented 6 years ago

I think it comes down to the config.js file now This section

 hosts: {
    // XMPP domain.
    domain: 'jitsi-meet.mydomain.com',

    // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
    muc: 'conference.jitsi-meet.mydomain.com'

    // When using authentication, domain for guest users.
    // anonymousdomain: 'guest.example.com',

    // Domain for authenticated users. Defaults to <domain>.
    // authdomain: 'jitsi-meet.example.com',

    // Jirecon recording component domain.
    // jirecon: 'jirecon.jitsi-meet.example.com',

    // Call control component (Jigasi).
    // call_control: 'callcontrol.jitsi-meet.example.com',

    // Focus component domain. Defaults to focus.<domain>.
    // focus: 'focus.jitsi-meet.example.com',
},

// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: '//jitsi-meet.mydomain.com/http-bind',

Something here is causing the grey screen

StreamTitan commented 6 years ago

  1. as the following are subdomains, do I need to add A records for them to my domain? domain: 'jitsi-meet.mydomain.com', muc: 'conference.jitsi-meet.mydomain.com' bosh: '//jitsi-meet.mydomain.com/http-bind',

  2. Are these the only edits I need to make in the config.js file?

StreamTitan commented 6 years ago

My browser console is showing

(TIME) index.html loaded: 2387.000000104308 Logger.js:125 [modules/browser/BrowserCapabilities.js] : This appears to be chrome, ver: 64.0 languageDetector.web.js:23 Uncaught ReferenceError: interfaceConfig is not defined at Object. (languageDetector.web.js:23) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (actions.js:86) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (_global.js:6) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (actions.js:622) at Object. (actions.js:432) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (createClass.js:11) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (styled-components.es.js:7948) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (actionTypes.js:10) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (functions.js:87) at Object. (functions.js:9) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (AnalyticsEvents.js:461) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (actions.js:344) at Object. (actions.js:534) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (reducer.js:41) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (Video.js:219) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (actions.js:39) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (connection.js:144) at Object. (AuthHandler.js:227) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (connection.js:184) at Object. (connection.js:144) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (jquery.autosize.js:274) at Object. (conference.js:2839) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (Profile.js:191) at t (bootstrap 8670e5610d70b02c6654:19) at Object. (Profile.js:191) at t (bootstrap 8670e5610d70b02c6654:19) at bootstrap 8670e5610d70b02c6654:62 at bootstrap 8670e5610d70b02c6654:62

damencho commented 6 years ago

Is jitsi-meet.mydomain.com your domain name? You need to fix your config.js. And apparently, interface_config.js is not loaded for some reason (interfaceConfig is not defined).

StreamTitan commented 6 years ago

My domains on the config.js are now as below. Do they look ok? domain: 'mydomain.com', muc: 'conference.mydomain.com' bosh: '//mydomain.com/http-bind',

I have a subdomain now done for conference.mydomain.com

damencho commented 6 years ago

If that is what is configured and in prosody.

StreamTitan commented 6 years ago

Do this apply to the prosody config? https://www.adamhyde.net/tag/installing-jitsi-meet/

damencho commented 6 years ago

I haven't read it and I don't know. So, you want apache and custom jitsi-meet. The easiest way to do is to reuse as much as possible from the quick install. You are trying to setup stuff that is already done by the quick install. Here are steps that I believe if you execute on a clean machine will lead to what you want: ` apt-get install apache2 # add the jitsi debian repo

apt-get update apt-get install jitsi-meet cd /opt git clone https://github.com/jitsi/jitsi-meet.git # maybe install python as you had already find out cd jitsi-meet npm install make cd .. chown -R www-data:www-data jitsi-meet # Edit the file /etc/apache2/sites-available/YOURDOMAIN.conf # Just replace on two places "/usr/share/jitsi-meet" with "/opt/jitsi-meet". Restart apache`

And now you can start making changes in /opt/jitsi-meet.

And that's it, it will work with the commands above if logged in as root, do not change any other file permissions everything is handled by the packages automatically.

StreamTitan commented 6 years ago

Thanks! I have a feeling its ALMOST THERE. There is only now a permissions issue. Note: (rewrite, ssl, headers, proxy) mods all enabled and server restarted. Permissions on the opt/jitsi-meet folder is 755

I did all as you advised and got to the conf file. This is how my mydomain.com.conf file in /sites-available looks. It is the ONLY conf file I have edited (as you advised)

 <VirtualHost *:80>
     ServerName www.mydomain.com
     Redirect permanent / https://www.mydomain.com/
     RewriteEngine On
     RewriteCond %{HTTPS} off
     RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 </VirtualHost>

 <VirtualHost *:443>

  ServerName www.mydomain.com

  SSLProtocol TLSv1 TLSv1.1 TLSv1.2
  SSLEngine on
  SSLProxyEngine on
  SSLCACertificateFile  /etc/apache2/ssl/www.mydomain.com.ca-bundle
  SSLCertificateFile /etc/apache2/ssl/www.mydomain.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key
  SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED"
  SSLHonorCipherOrder on
  Header set Strict-Transport-Security "max-age=31536000"

  DocumentRoot "/opt/jitsi-meet"
  <Directory "/opt/jitsi-meet">
    Options Indexes MultiViews Includes FollowSymLinks
    AddOutputFilter Includes html
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>

  ErrorDocument 404 /static/404.html

  Alias "/config.js" "/etc/jitsi/meet/www.mydomain.com-config.js"
  <Location /config.js>
    Require all granted
  </Location>

  ProxyPreserveHost on
  ProxyPass /http-bind http://localhost:5280/http-bind/
  ProxyPassReverse /http-bind http://localhost:5280/http-bind/

  RewriteEngine on
  RewriteRule ^/([a-zA-Z0-9]+)$ /index.html
</VirtualHost>
damencho commented 6 years ago

I have no idea what is the problem with this forbidden message, you need to check your apache logs. Also what is the ouptut of ls -l /opt ?

StreamTitan commented 6 years ago

root@grt:~# ls -l /opt total 4 drwxr-xr-x 21 www-data www-data 4096 Feb 27 15:09 jitsi-meet

StreamTitan commented 6 years ago

root@grt:~# sudo tail /var/log/apache2/error.log [Tue Feb 27 15:49:32.010284 2018] [authz_core:error] [pid 15007:tid 139684608993024] [client 2803:1500:e01:4732:59e:6737:db66:d520:61664] AH01630: client denied by server configuration: /opt/jitsi-meet/ [Tue Feb 27 15:49:32.160116 2018] [authz_core:error] [pid 15007:tid 139684600600320] [client 2803:1500:e01:4732:59e:6737:db66:d520:61664] AH01630: client denied by server configuration: /opt/jitsi-meet/favicon.ico [Tue Feb 27 15:49:37.877732 2018] [authz_core:error] [pid 15006:tid 139684567029504] [client 2803:1500:e01:4732:59e:6737:db66:d520:61667] AH01630: client denied by server configuration: /opt/jitsi-meet/ [Tue Feb 27 15:49:38.029538 2018] [authz_core:error] [pid 15006:tid 139684558636800] [client 2803:1500:e01:4732:59e:6737:db66:d520:61667] AH01630: client denied by server configuration: /opt/jitsi-meet/favicon.ico [Tue Feb 27 15:49:43.768101 2018] [authz_core:error] [pid 15007:tid 139684592207616] [client 2803:1500:e01:4732:59e:6737:db66:d520:61668] AH01630: client denied by server configuration: /opt/jitsi-meet/ [Tue Feb 27 15:58:37.484009 2018] [authz_core:error] [pid 15006:tid 139684541851392] [client 72.48.156.244:35104] AH01630: client denied by server configuration: /opt/jitsi-meet/ [Tue Feb 27 15:58:38.073998 2018] [authz_core:error] [pid 15006:tid 139684533458688] [client 72.48.156.244:35104] AH01630: client denied by server configuration: /opt/jitsi-meet/favicon.ico, referer: https://www.mydomain.com/ [Tue Feb 27 15:58:43.261262 2018] [authz_core:error] [pid 15007:tid 139684550244096] [client 72.48.156.244:35149] AH01630: client denied by server configuration: /opt/jitsi-meet/ [Tue Feb 27 15:58:43.467632 2018] [authz_core:error] [pid 15007:tid 139684533458688] [client 72.48.156.244:35149] AH01630: client denied by server configuration: /opt/jitsi-meet/favicon.ico, referer: https://mydomain.com/ [Tue Feb 27 15:59:33.994072 2018] [authz_core:error] [pid 15007:tid 139684508280576] [client 72.48.156.244:35412] AH01630: client denied by server configuration: /opt/jitsi-meet/favicon.ico, referer: https://www.mydomain.com/http-bind

damencho commented 6 years ago

Can you check /opt folder permissions, maybe user www-data cannot read from there.

StreamTitan commented 6 years ago

root@grt:~# ls -la /opt total 12 drwxr-xr-x 3 root root 4096 Feb 27 14:56 . drwxr-xr-x 23 root root 4096 Feb 27 14:42 .. drwxr-xr-x 21 www-data www-data 4096 Feb 27 15:09 jitsi-meet

aaronkvanmeerten commented 6 years ago

This is likely a misconfiguration of apache. There must be a directive which grants access within apache to the /opt/jitsi-meet directory. Currently there is already one of these for /var/www/

StreamTitan commented 6 years ago

I just checked the directories.

Following the instructions you provided this install was in the directory: /opt and not /var/opt

Based on your comment above should it be in the /var/opt?

aaronkvanmeerten commented 6 years ago

OK so, here's some apache configuration tips. Feel free to google more about how to configure apache, there's plenty of more detail where you can learn how to manage your web server configuration.

apache normally is configured to serve files from /var/www

The default installation of jitsi-meet provides an extra bit of configuration which then grants more permission to /var/www/jitsi-meet

You are installing a custom version, into /opt/jitsi-meet, so you will also probably need to update the apache Directory configuration to grant permissions in this folder.

Directory entries look something like this:

<Directory [write_your_dir_here]> Options Indexes FollowSymLinks AllowOverride None Require all granted

So just ensure you have an Directory entry for /opt/jitsi-meet and you should be good to go.

StreamTitan commented 6 years ago

ok great. I believe this is the final hurdle here as all that was needed was installed, everything was built out, mods enabled etc. I'll finish up as you advised and I hope it gets done. Will do tutorial after. Thanks

StreamTitan commented 6 years ago

by the way I did have the change you stated in you last comment already done the in conf file above in this thread. I just did a grep to see the document roots currently root@grt:~# grep -R "DocumentRoot" /etc/apache2/sites-enabled /etc/apache2/sites-enabled/000-default.conf: DocumentRoot /var/www/html /etc/apache2/sites-enabled/www.mydomain.com.conf: DocumentRoot "/opt/jitsi-meet"

aaronkvanmeerten commented 6 years ago

It was the Directory entry I was suggesting you add. Your DocumentRoot had already been changed, so now you just a corresponding Directory entry to go with it.

StreamTitan commented 6 years ago

Ok, /sites-available has a third file: default-ssl.conf Should this be edited?

aaronkvanmeerten commented 6 years ago

That's up to you. We are not apache experts here, so all our comments are based on googling for answers. We would recommend you read some tutorials on apache if you wish to use it as a server beyond with the basic jitsi meet simple setup. In this case probably that file is similar to the default.conf file, but for SSL (port 443) service. It's up to you how you wish to use it or enable/disable it as you see fit.

StreamTitan commented 6 years ago

It works!

Editing the apache2.conf file as you advised and adding

<Directory /opt/jitsi-meet> Options Indexes FollowSymLinks AllowOverride None Require all granted

did the trick. Awesome! You did great Aaron, problem solving leading to a successful install. Now I'll get on the tutorial as this was a clean install from scratch that was built out and succeeded.

Thanks again

StreamTitan commented 6 years ago

One question.

After editing the files (homepage) changes would only show if I 'make' (build it out) correct? cd /opt/jitsi-meet make

damencho commented 6 years ago

Depends on the changes, if you change the content of index.html or everything that is in static folder no make is needed. Everything else needs a make.