Closed andyg1001 closed 2 years ago
erengms
commented
3 years ago Same issue, I use my server, Android 7,8,9,10 is working but android 11 not work.
[features/base/lib-jitsi-meet] Failed to load config from https://ai2.xxxx.com/config.js?room=Hello Error(TypeError){"message":"Network request failed"}
damencho
commented
3 years ago Why do you need alpn?
erengms
commented
3 years ago I don't use ALPN, I am using old android sdk, android 6 ... 11 work well, but new android sdk 3.6.0 android 11 not working. I am using same my server.
error: [features/base/lib-jitsi-meet] Failed to load config from https://ai2.xxxx.com/config.js?room=Hello Error(TypeError){"message":"Network request failed"}
andyg1001
commented
3 years ago Why do you need alpn?
Hi there, sorry to take so long to get back to you. Basically two reasons: firstly because I only have one internet FQDN and no possibility to provide sub-domains and because I need to be able to channel everything through port 443 to support corporate firewalls, I multiplex services on the one port and ALPN is the mechanism I am using (if there are other ways, I am happy to have suggestions); secondly, for security: I don't want just anything accessing my server and an easy way to weed out a lot of bots etc is to block anything with an "unrecognised" ALPN.
I have done a bit of digging. It seems that the jitsi app uses the okhttp library at version 3.12.1. According to the okhttp website, this library should support ALPN for you. However, it looks like there might be a compatibility issue with Android 11 here. I found this ticket on the okhttp github bug-tracker: https://github.com/square/okhttp/pull/5820. I cannot be sure that this is definitely the problem, but it might be worth a look.
I would be very happy to beta-test for you if that is helpful.
damencho
commented
3 years ago We used ALPN for the debian configuration and the turnserver in the past, but found that this is very unreliable and causing too many issues and that's why we stopped recommending that way. For example, the turns(TCP) chrome connections are also not setting ALPN we have reported that to Google, but I don't think that was fixed in chrome and if so that will also not work in such a setup. We have no plans of working on that at the moment, any PRs are welcome if you find a solution for the mobile app.
stale[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
saghul
commented
2 years ago This is not something we can turn on alas. It's a limitation at a lower layer.
Description:
It seems that the Android jitsi-meet app is not using ALPN in all situations. I host my own jitsi server. I only have one internet-facing domain name (with no possibility for sub-domains). I also have to multiplex various services over port 443 to enable access from work networks that firewall pretty much everything except port 443.
Therefore it is important to use ALPN to route the incoming connections to the right place.
Until now this has worked without issue. The jitsi-meet app both on Android and iOS has advertised h2 and http/1.1. However, the same app at the same version and same configuration on the new Samsung Android phone does not (seemingly) advertise anything via ALPN -- according to the nginx logs on the server.
The only difference I can find between this phone that doesn't work and all other Android phones, tablets, Chromebook devices, etc. all of which use the same jitsi-meet app is that the new Samsung phone is Android 11.
However, accessing the jitsi server via, say Chrome, on the Samsung phone does correctly negotiate its connection with ALPN (again, h2 and http/1.1) -- although of course this just simply ends up at a landing page that requests use of the app instead!
Steps to reproduce:
Expected behavior:
Normally this should work without problems (and does in all other cases!)
Actual behavior:
The jitsi-meet app immediate states that the connection is dropped with the message "You have been disconnected. You may want to check your network connection."
Checking the nginx logs on the server show that all communication over HTTPS has been without any ALPN protocols listed. In my case this means that the connection is routed to another service.
Server information:
Client information:
Additional information:
None