Error: The request could not be authenticated.

[NK0D1NG]

I set up the high performance backend including nextcloud-spreed according to this article: https://www.dogado.de/vps/vserver-anwendungsfaelle/nextcloud-talk-auf-vserver-installieren

Everything seems to work just fine. These are my docker logs:

Attaching to spreedbackend, nats, coturn, janus
janus            | Janus commit: not-a-git-repo
janus            | Compiled on:  Sat Jan  7 17:02:18 UTC 2023
janus            |
janus            | Logger plugins folder: /usr/local/lib/janus/loggers
janus            | [WARN]       Couldn't access logger plugins folder...
janus            | ---------------------------------------------------
janus            |   Starting Meetecho Janus (WebRTC Server) v0.11.8
janus            | ---------------------------------------------------
janus            |
janus            | Checking command line arguments...
janus            | Debug/log level is 4
janus            | Debug/log timestamps are disabled
janus            | Debug/log colors are enabled
janus            | Adding 'vmnet' to the ICE ignore list...
janus            | Using 172.18.0.13 as local IP...
janus            | Token based authentication disabled
janus            | Initializing recorder code
janus            | Initializing ICE stuff (Full mode, ICE-TCP candidates disabled, full-trickle, IPv6 support disabled)
janus            | TURN REST API backend: (disabled)
janus            | [WARN] Janus is deployed on a private address (172.18.0.13) but you didn't specify any STUN server! Expect trouble if this is supposed to work over the internet and not just in a LAN...
janus            | Crypto: OpenSSL >= 1.1.0
janus            | No cert/key specified, autogenerating some...
janus            | Fingerprint of our certificate: A7:E0:2C:3E:29:94:3B:4F:0F:A0:AC:2C:5D:55:91:78:29:37:33:14:48:40:0D:CB:A2:8D:4D:F2:D1:93:E4:3A
janus            | Event handlers support disabled
janus            | Plugins folder: /usr/local/lib/janus/plugins
janus            | Joining Janus requests handler thread
janus            | Loading plugin 'libjanus_streaming.so'...
janus            | JANUS Streaming plugin initialized!
janus            | Loading plugin 'libjanus_voicemail.so'...
janus            | JANUS VoiceMail plugin initialized!
janus            | Loading plugin 'libjanus_nosip.so'...
janus            | JANUS NoSIP plugin initialized!
janus            | Loading plugin 'libjanus_echotest.so'...
janus            | Sessions watchdog started
janus            | JANUS EchoTest plugin initialized!
janus            | Loading plugin 'libjanus_recordplay.so'...
janus            | JANUS Record&Play plugin initialized!
janus            | Loading plugin 'libjanus_videoroom.so'...
janus            | JANUS VideoRoom plugin initialized!
janus            | Loading plugin 'libjanus_videocall.so'...
janus            | JANUS VideoCall plugin initialized!
janus            | Loading plugin 'libjanus_textroom.so'...
janus            | JANUS TextRoom plugin initialized!
janus            | Transport plugins folder: /usr/local/lib/janus/transports
janus            | Loading transport plugin 'libjanus_websockets.so'...
janus            | [WARN] libwebsockets has been built without IPv6 support, will bind to IPv4 only
janus            | libwebsockets logging: 0
janus            | Websockets server started (port 8188)...
janus            | JANUS WebSockets transport plugin initialized!
janus            | Loading transport plugin 'libjanus_pfunix.so'...
janus            | WebSockets thread started
janus            | [WARN] No Unix Sockets server started, giving up...
janus            | [WARN] The 'janus.transport.pfunix' plugin could not be initialized
janus            | Creating new session: 5936245918689244; 0x7fc0c7331e70
janus            | Creating new handle in session 5936245918689244: 3498157524563696; 0x7fc0c7331e70 0x7fc0c5dd11d0
nats             | [1] 2023/01/07 20:13:24.801284 [INF] Starting nats-server
nats             | [1] 2023/01/07 20:13:24.801405 [INF]   Version:  2.2.1
nats             | [1] 2023/01/07 20:13:24.801409 [INF]   Git:      [0bdd8f8]
nats             | [1] 2023/01/07 20:13:24.801417 [INF]   Name:     NAIKAQ3X2VKD3POE7S742OFWX3PHGSZAQCNRRLAV6X45JFXHA3QONYOR
nats             | [1] 2023/01/07 20:13:24.801423 [INF]   ID:       NAIKAQ3X2VKD3POE7S742OFWX3PHGSZAQCNRRLAV6X45JFXHA3QONYOR
nats             | [1] 2023/01/07 20:13:24.801431 [INF] Using configuration file: /config/gnatsd.conf
nats             | [1] 2023/01/07 20:13:24.803791 [INF] Listening for client connections on 0.0.0.0:4222
nats             | [1] 2023/01/07 20:13:24.804197 [INF] Server is ready
nats             | [1] 2023/01/07 20:13:24.804231 [INF] Cluster name is qK3Bu8WMq8IcHBwCKi7Orv
nats             | [1] 2023/01/07 20:13:24.804235 [WRN] Cluster name was dynamically generated, consider setting one
nats             | [1] 2023/01/07 20:13:24.804265 [INF] Listening for route connections on 0.0.0.0:4244
coturn           | Cannot create pid file: /var/run/turnserver.pid: Permission denied
coturn           | 0: : Config file found: //etc/turnserver.conf
coturn           | 0: : Config file found: //etc/turnserver.conf
coturn           | 0: : 0 bytes per second allowed, combined server capacity
coturn           | 0: : Config file found: //etc/turnserver.conf
coturn           | 0: :
coturn           | RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
coturn           | Version Coturn-4.6.1 'Gorst'
coturn           | 0: :
coturn           | Max number of open files/sockets allowed for this process: 1048576
coturn           | 0: :
coturn           | Due to the open files/sockets limitation,
coturn           | max supported number of TURN Sessions possible is: 524000 (approximately)
coturn           | 0: :
coturn           |
coturn           | ==== Show him the instruments, Practical Frost: ====
coturn           |
coturn           | 0: : TLS supported
coturn           | 0: : DTLS supported
coturn           | 0: : DTLS 1.2 supported
coturn           | 0: : TURN/STUN ALPN supported
coturn           | 0: : Third-party authorization (oAuth) supported
coturn           | 0: : GCM (AEAD) supported
coturn           | 0: : OpenSSL compile-time version: OpenSSL 1.1.1n  15 Mar 2022 (0x101010ef)
coturn           | 0: :
coturn           | 0: : SQLite supported, default database location is /var/lib/coturn/turndb
coturn           | 0: : Redis supported
coturn           | 0: : PostgreSQL supported
coturn           | 0: : MySQL supported
coturn           | 0: : MongoDB supported
coturn           | 0: :
coturn           | 0: : Default Net Engine version: 3 (UDP thread per CPU core)
coturn           |
coturn           | =====================================================
coturn           |
coturn           | 0: : Domain name:
coturn           | 0: : Default realm: signalling.mydomain.com
coturn           | 0: : ERROR:
coturn           | CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
coturn           | 0: : WARNING: cannot find certificate file: turn_server_cert.pem (1)
coturn           | 0: : WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
coturn           | 0: : WARNING: cannot find private key file: turn_server_pkey.pem (1)
coturn           | 0: : WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
coturn           | 0: : NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
coturn           | 0: : ===========Discovering listener addresses: =========
coturn           | 0: : Listener address to use: 127.0.0.1
coturn           | 0: : Listener address to use: 172.18.0.14
coturn           | 0: : =====================================================
coturn           | 0: : Total: 1 'real' addresses discovered
coturn           | 0: : =====================================================
coturn           | 0: : NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
coturn           | 0: : ===========Discovering relay addresses: =============
coturn           | 0: : Relay address to use: 172.18.0.14
coturn           | 0: : =====================================================
coturn           | 0: : Total: 1 relay addresses discovered
coturn           | 0: : =====================================================
coturn           | 0: : Cannot create pid file: /var/run/turnserver.pid
coturn           | 0: : pid file created: /var/tmp/turnserver.pid
coturn           | 0: : IO method (main listener thread): epoll (with changelist)
coturn           | 0: : WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
coturn           | 0: : Wait for relay ports initialization...
coturn           | 0: :   relay 172.18.0.14 initialization...
coturn           | 0: :   relay 172.18.0.14 initialization done
coturn           | 0: : Relay ports initialization done
coturn           | 0: : IO method (general relay thread): epoll (with changelist)
coturn           | 0: : turn server id=0 created
coturn           | 0: : IO method (general relay thread): epoll (with changelist)
coturn           | 0: : turn server id=1 created
coturn           | 0: : IO method (general relay thread): epoll (with changelist)
coturn           | 0: : turn server id=2 created
coturn           | 0: : IO method (general relay thread): epoll (with changelist)
coturn           | 0: : turn server id=3 created
coturn           | 0: : IO method (general relay thread): epoll (with changelist)
coturn           | 0: : turn server id=4 created
coturn           | 0: : IO method (general relay thread): epoll (with changelist)
coturn           | 0: : turn server id=5 created
coturn           | 0: : IO method (general relay thread): epoll (with changelist)
coturn           | 0: : turn server id=6 created
coturn           | 0: : IO method (general relay thread): epoll (with changelist)
coturn           | 0: : turn server id=7 created
coturn           | 0: : Total General servers: 8
coturn           | 0: : IO method (auth thread): epoll (with changelist)
coturn           | 0: : IO method (auth thread): epoll (with changelist)
coturn           | 0: : IO method (auth thread): epoll (with changelist)
coturn           | 0: : IO method (auth thread): epoll (with changelist)
coturn           | 0: : IO method (admin thread): epoll (with changelist)
coturn           | 0: : SQLite DB connection success: /var/lib/coturn/turndb
coturn           | 0: : Prometheus collector disabled, not started.
spreedbackend    | Starting signaling server with /config/server.conf ...
spreedbackend    | main.go:133: Starting up version 5c9fdf8d4ec02ae4e5b7846b0e7ec3b4f01623db/go1.19.4 as pid 1
spreedbackend    | main.go:142: Using a maximum of 8 CPUs
spreedbackend    | natsclient.go:108: Connection established to nats://nats:4222 (NAIKAQ3X2VKD3POE7S742OFWX3PHGSZAQCNRRLAV6X45JFXHA3QONYOR)
spreedbackend    | grpc_common.go:167: WARNING: No GRPC server certificate and/or key configured, running unencrypted
spreedbackend    | grpc_common.go:169: WARNING: No GRPC CA configured, expecting unencrypted connections
spreedbackend    | hub.go:172: WARNING: The sessions hash key should be 32 or 64 bytes but is 24 bytes
spreedbackend    | hub.go:189: WARNING: No shared secret has been set for internal clients.
spreedbackend    | backend_storage_static.go:72: Backend backend-1 added for https://nc.mydomain.com/
spreedbackend    | hub.go:201: Using a maximum of 8 concurrent backend connections per host
spreedbackend    | hub.go:208: Using a timeout of 10s for backend connections
spreedbackend    | hub.go:304: Not using GeoIP database
spreedbackend    | mcu_janus.go:294: Connected to Janus WebRTC Server 0.11.8 by Meetecho s.r.l.
spreedbackend    | mcu_janus.go:300: Found JANUS VideoRoom plugin 0.0.9 by Meetecho s.r.l.
spreedbackend    | mcu_janus.go:305: Data channels are supported
spreedbackend    | mcu_janus.go:309: Full-Trickle is enabled
spreedbackend    | mcu_janus.go:311: Maximum bandwidth 1048576 bits/sec per publishing stream
spreedbackend    | mcu_janus.go:312: Maximum bandwidth 2097152 bits/sec per screensharing stream
spreedbackend    | mcu_janus.go:318: Created Janus session 5936245918689244
spreedbackend    | mcu_janus.go:325: Created Janus handle 3498157524563696
spreedbackend    | main.go:263: Using janus MCU
spreedbackend    | hub.go:386: Using a timeout of 10s for MCU requests
spreedbackend    | backend_server.go:95: Using configured TURN API key
spreedbackend    | backend_server.go:96: Using configured shared TURN secret
spreedbackend    | backend_server.go:98: Adding "turn:coturn:3478?transport=udp" as TURN server
spreedbackend    | backend_server.go:98: Adding "turn:coturn:3478?transport=tcp" as TURN server
spreedbackend    | backend_server.go:105: No IPs configured for the stats endpoint, only allowing access from 127.0.0.1
spreedbackend    | main.go:339: Listening on spreedbackend:8080
spreedbackend    | client.go:282: Client from xx.xxx.xx.xxx has RTT of 121 ms (121.150538ms)
spreedbackend    | capabilities.go:151: Capabilities expired for https://nc.mydomain.com/ocs/v2.php/cloud/capabilities, updating
spreedbackend    | capabilities.go:214: Received capabilities map[config:map[attachments:map[allowed:false] chat:map[max-length:32000 read-privacy:0] conversations:map[can-create:false] previews:map[max-gif-size:3.145728e+06] signaling:map[session-ping-limit:200]] features:[audio video chat-v2 conversation-v4 guest-signaling empty-group-room guest-display-names multi-room-users favorites last-room-activity no-ping system-messages delete-messages mention-flag in-call-flags conversation-call-flags notification-levels invite-groups-and-mails locked-one-to-one-rooms read-only-rooms listable-rooms chat-read-marker chat-unread webinary-lobby start-call-flag chat-replies circles-support force-mute sip-support chat-read-status phonebook-search raise-hand room-description rich-object-sharing temp-user-avatar-api geo-location-sharing voice-message-sharing signaling-v3 publishing-permissions clear-history direct-mention-flag notification-calls conversation-permissions rich-object-list-media rich-object-delete unified-search]] from https://nc.vjupix.com/ocs/v2.php/cloud/capabilities
spreedbackend    | client.go:282: Client from xx.xxx.xx.xxx has RTT of 83 ms (83.884326ms)
spreedbackend    | client.go:282: Client from xx.xxx.xx.xxx has RTT of 32 ms (32.532127ms)
spreedbackend    | client.go:282: Client from xx.xxx.xx.xxx has RTT of 41 ms (41.873136ms)

The Nextcloud Talk settings are all correct and working:

But if I join a conversation I can't chat or start a call (button disabled). Also get errors about problems with the signalling server. If I look into the browser dev tools I see this in the websocket connection request/response cycle:

So there is something wrong about the request coming from the nextcloud and spreed refuses to authenticate? But I just don't know why. I am logged in and I created the conversation by myself. It doesn't matter which conversation I try - I always get errors about the signaling server connection and always the same result in the browser dev console / network tab.

Can someone help me out what's going wrong or is this a bug? I did not find any authentication settings for nextcloud talk and I triple-checked the (shared) secrets. Also the connection seems to work just fine and Nextcloud gives positive feedback about the TURN/STUN and HPB Settings..

[fancycode]

The Nextcloud Talk settings are all correct and working:

I notice there is no shared secret configured here. Was this removed for the screenshot or is it really empty? There should be something configured here and match the backend configuration in the signaling server.

[WildWeasel35]

@NK0D1NG , were you able to resolve this? I face same issue, only with NC 27. I have NC 25 instance pointed to same signaling server that works. Both 25 and 27 are behind identical haproxy configurations. Provisioned three signaling servers in different networks to test, NC 25 works on all, NC 27 works on none

[fancycode]

Closing due to the lack of feedback, feel free to reopen if you have more information.