Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I just followed the "Quick Start" instructions here:
https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
and then did the changes below:
diff --git a/.env b/.env
index 6216b49..4e5e235 100644
--- a/.env
+++ b/.env
## -10,22 +10,22 ##
#
# XMPP component password for Jicofo
-JICOFO_COMPONENT_SECRET=
+JICOFO_COMPONENT_SECRET=633e7a05fe12956618dac1d41ce8c1d1
# XMPP password for Jicofo client connections
-JICOFO_AUTH_PASSWORD=
+JICOFO_AUTH_PASSWORD=8d17f2200b8110a8dd67a8a9fb30f197
# XMPP password for JVB client connections
-JVB_AUTH_PASSWORD=
+JVB_AUTH_PASSWORD=bc78308fa2850a548e842c2d1db3542d
# XMPP password for Jigasi MUC client connections
-JIGASI_XMPP_PASSWORD=
+JIGASI_XMPP_PASSWORD=de411859c3ef5b093bc45c921d59f243
# XMPP recorder password for Jibri client connections
-JIBRI_RECORDER_PASSWORD=
+JIBRI_RECORDER_PASSWORD=a42fdf73c35d978e33fb353cff108df6
# XMPP password for Jibri client connections
-JIBRI_XMPP_PASSWORD=
+JIBRI_XMPP_PASSWORD=564450347551ff8d5a0217e09a6b576d
#
## -36,16 +36,16 ## JIBRI_XMPP_PASSWORD=
CONFIG=~/.jitsi-meet-cfg
# Exposed HTTP port
-HTTP_PORT=8000
+HTTP_PORT=80
# Exposed HTTPS port
-HTTPS_PORT=8443
+HTTPS_PORT=443
# System time zone
TZ=UTC
# Public URL for the web service (required)
-#PUBLIC_URL=https://meet.example.com
+PUBLIC_URL=https://jitsi.mydummyserver.com
# IP address of the Docker host
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
## -63,16 +63,16 ## TZ=UTC
#
# Enable Let's Encrypt certificate generation
-#ENABLE_LETSENCRYPT=1
+ENABLE_LETSENCRYPT=1
# Domain for which to generate the certificate
-#LETSENCRYPT_DOMAIN=meet.example.com
+LETSENCRYPT_DOMAIN=jitsi.mydummyserver.com
# E-Mail for receiving important account notifications (mandatory)
-#LETSENCRYPT_EMAIL=alice#atlanta.net
+LETSENCRYPT_EMAIL=contact#mydummyserver.com
# Use the staging server (for avoiding rate limits while testing)
-#LETSENCRYPT_USE_STAGING=1
+LETSENCRYPT_USE_STAGING=1
#
## -353,4 +353,4 ## JIBRI_LOGS_DIR=/config/logs
RESTART_POLICY=unless-stopped
# Authenticate using external service or just focus external auth window if there is one already.
-# TOKEN_AUTH_URL=https://auth.meet.example.com/{room}
+# TOKEN_AUTH_URL=https://auth.jitsi.mydummyserver.com/{room}
\ No newline at end of file
but I got the error: "You have been disconnected".
The website loads and the HTTPS is working fine, though.
Any idea on what's going on and how can I fix this?
Thanks!
I have been facing the same issue with Jitsi Meet docker on RedHat installation.
Configuring two things in .env solved my issue
# Public URL for the web service (required)
PUBLIC_URL=<PUBLIC_URL_WITH_CERTS>
# IP address of the Docker host
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
DOCKER_HOST_ADDRESS=<YOUR_PRIVATE_IP>
Also, the PUBLIC_URL is the Reverse Proxy URL which has the certificate configured.
<MY_HOST>:443 --> <DOCKER_HOST>:8443
PRIVATE IP address in case you are using cloud-like AWS/Azure/GCP
I had same reconnect-message in infinite loop. Using "stable-5076" did not help me. But when I change .env-file in one string it helped me. I uncomment PUBLIC_URL string and write PRIVATE IP of computer where is jitsi installed. enter image description here
While waiting for a new version :
image: jitsi/{web,prosody,jicofo,jvb}:stable-5076 work perfectly.
I had the same problems as you before using the version there
Related
I've set up my turn server, and tested on IceTricklePage.
The non-secure port 3478 works just fine, I can gather a candidate with type "relay".
But with the secure port (TLS) 5349, it always failed.
The server turn:xx.xx.xx.xx:5349?transport=tcp returned an error with code=701.
Below is my turnserver.conf file:
# /etc/turnserver.conf
# STUN server port is 3478 for UDP and TCP, and 5349 for TLS.
# Allow connection on the UDP port 3478
listening-port=3478
# and 5349 for TLS (secure)
tls-listening-port=5349
external-ip= xx.xx.xx.xx
listening-ip=0.0.0.0
allow-loopback-peers
no-multicast-peers
min-port = 49152
max-port = 49365
verbose
# Require authentication
fingerprint
lt-cred-mech
# We will use the longterm authentication mechanism, but if
# you want to use the auth-secret mechanism, comment lt-cred-mech and
# uncomment use-auth-secret
# Check: https://github.com/coturn/coturn/issues/180#issuecomment-364363272
#The static auth secret needs to be changed, in this tutorial
# we'll generate a token using OpenSSL
#use-auth-secret
# static-auth-secret=replace-this-secret
# ----
# If you decide to use use-auth-secret, After saving the changes, change the auth-secret using the following command:
# sed -i "s/replace-this-secret/$(openssl rand -hex 32)/" /etc/turnserver.conf
# This will replace the replace-this-secret text on the file with the generated token using openssl.
# Specify the server name and the realm that will be used
# if is your first time configuring, just use the domain as name
server-name=turn.mydomain.com
realm=turn.mydomain.com
#
# Important:
# Create a test user if you want
# You can remove this user after testing
user=user:password
total-quota=100
stale-nonce=600
# Path to the SSL certificate and private key. In this example we will use
# the letsencrypt generated certificate files.
cert=/etc/coturn/turn_cert/turn.mydomain.com/cert.pem
pkey=/etc/coturn/turn_cert/turn.mydomain.com/privkey.pem
# Specify the allowed OpenSSL cipher list for TLS/DTLS connections
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
# Specify the process user and group
proc-user=turnserver
proc-group=turnserver
# Log file path
log-file=/var/log/turnserver.log
simple-log
#syslog
I also config my router to port-redirect any transport to public xx.xx.xx.xx:5349 to the internal server running TURN server (similar to the way I did with 3478).
Below is the config:
Anyone get an idea how to fix this? Thanks
Try telnet xx.xx.xx.xx 5349 to see whether connecting successfully or not. If you got telnet: Unable to connect to remote host: Connection refused then your network config is incorrect and need to be changed. Here is something related
I have my stun / turn server running on local pc (CoTurn). It is tested on "https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/" and works. I have a domain name and configured the modem with public ip. I configured apache2 to make the site visible to the world. I have active and valid letsencript certificates. Everything works in short. But the test application starts the connection (the external pc communicates with the local via socket.io) but then the video is not seen and the console returns the error: ICE failed, your TURN server appears to be broken, see about:webrtc for more details.
The link of the application that I use as a test, because with my original I had no comparisons to make. First time with socket.io. But socket.io send and receive messages so these not appear a problem for now.
https://github.com/anoek/webrtc-group-chat-example
P.S.:
Ok. Server is behind the nat. My app (but linked app too) work very fine on local network (sorry I checked this point first before). These with my turn/stun server, than with public stun/turns google servers. This evidently indicates a bad setting of apache2 server or/and turn server. Where could I find a guide about it?
My server situation: myServerIpLocal-xxx.xxx.xxx.xxx -> nat/router/modem WithPublicIpStatic-xx.xx.xx.xx. I can see my sites from all the world, but turn server not work outside the local network. Inside local network work ok.
these my turn config:
listening-port=3478
tls-listening-port=5349
alt-listening-port=3479
alt-tls-listening-port=5350
listening-ip=xxx.xxx.xxx.xxx /*mylocal ip*/
relay-ip=xxx.xxx.xxx.xxx /*mylocal ip*/
external-ip=xx.xx.xx.xx /*my public ip on nat/ruter/modem */
min-port=49152
max-port=65535
verbose
fingerprint
userdb=/var/lib/turn/turndb
realm=mysite.com
cert=/etc/ssl/certificate.pem
pkey=/etc/ssl/private.key
dh-file=/etc/turn/dhparam.pem
no-stdout-log
log-file=/myhome/.turn/turn.log
lt-cred-mech
user=myusername:mypasswd
# Turn OFF the CLI support.
# By default it is always ON.
# See also options cli-ip and cli-port.
#
no-cli
#Local system IP address to be used for CLI server endpoint. Default value
# is 127.0.0.1.
#
cli-ip=127.0.1.1
# CLI server port. Default is 5766.
#
cli-port=5766
# CLI access password. Default is empty (no password).
#
cli-password=logen
no-sslv3
no-tlsv1
my old code on turn.conf:
lt-cred-mech
user=myusername:mypasswd
but turn work only locally .... probabily because I use:
sudo turnserver -L myPublicIp -o -a myrealm
at every coturn start command ....
actually I try not use the command "turnserver" and I try to use onlu sudo coturn start .....
basically in my turn.conf file I change these:
lt-cred-mech
user=mypasswd:myusername /***** mind the gap ;) *****/
these because my index.js file debug never see my external connection as authrized user ..... magically at these time my app perform webrtc multiple connection with every pc and mobile .... inside and outside my lan .... (I try connect my appa from phone in barcelona spain to other one in london with good result).
May be coturn wiki need to update?
Finally I would like to thank the serverfault and super-user guys who rejected my question. Since I had to make arrangements, I was able to acquire new and interesting information on this subject.
regards
I have registered a free domain name from freenom.com and added nameservers from AWS route53. Now my domain <blabla>.ga successfully redirects to EC2 python flask server. But I really can't figure out how to add ssl by using lets encrypt. I am following the link https://ivopetkov.com/b/let-s-encrypt-on-ec2/ for SLLifying my ec2.after running letsencrypt-auto I add domain names and press enter, then I get
[ec2-user#ip-172-31-40-218 letsencrypt]$ cd /opt/letsencrypt/
[ec2-user#ip-172-31-40-218 letsencrypt]$ ./letsencrypt-auto
Requesting to rerun ./letsencrypt-auto with root privileges...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): iotserver.ga www.iotserver.ga
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for iotserver.ga
http-01 challenge for www.iotserver.ga
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
A similar question is asked here, but I've already done most part explained in both of the answers. Can anyone assist me on what I am missing here ?
try following tutorials:
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps
Make sure that you able to access said web app without https, then try to install SSL. As I can see you are getting following error
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
There must be some configuration issue. Please debug it and let me know.
Ubuntu 16.04 / ROS v1.3.0
I am attempting to configure my ROS to use secure SSL connections.
If I do not make any changes to the configuration.yml - ROS is fine. I can sync and use the dashboard as I would expect.
I have obtained an SSL cert from Letsencrypt. I used the CertBot in standalone mode so that I did not have to install or configure Nginx. (My preference is to not install yet another tech/layer - keep it clean!)
I have the following certificates/key stored in this folder:
/etc/letsencrypt/live/data.mydomain.net/cert.pem
/etc/letsencrypt/live/data.mydomain.net/chain.pem
/etc/letsencrypt/live/data.mydomain.net/fullchain.pem
/etc/letsencrypt/live/data.mydomain.net/privkey.pem
As soon as I enable HTTPS in the configuration.yml I am unable to launch ROS.
There are no error messages written to:
/var/log/realm-object-server.log
Here is a copy of the proxy section of configuration.yml.
http:
## Whether or not to enable the HTTP proxy module. It enables multiplexing requests
## by forwarding incoming requests on a single port to all services.
# enable: true
## The address/interface on which the HTTP proxy module should listen. This defaults
## to 127.0.0.1. If you wish to listen on all available interfaces,
## uncomment the following line.
# listen_address: '::'
## The port that the HTTP proxy module should bind to.
# listen_port: 9080
https:
## Whether or not to enable the HTTPS proxy module. It enables multiplexing requests
## by forwarding incoming requests on a single port to all services.
## Note that even if it enabled, the HTTPS proxy will only start if supplied
## with a valid pair of certificates through certificate_path and private_key_path below.
enable: true
## The path to the certificate and private keys (in PEM format) that will be used
## to set up the HTTPS server accepting connections.
## These configuration options are MANDATORY to start the HTTPS proxy module.
certificate_path: '/etc/letsencrypt/live/data.mydomain.net/fullchain.pem'
private_key_path: '/etc/letsencrypt/live/data.mydomain.net/privkey.pem'
## The address/interface on which the HTTPS proxy module should listen. This defaults
## to 127.0.0.1. If you wish to listen on all available interfaces,
## uncomment the following line.
# listen_address: '::'
## The port that the HTTPS proxy module should bind to.
listen_port: 9443
As I mention. The issue appears to be that as soon as I configure HTTPS the ROS server fails to start. If I disable the HTTPS then the ROS server starts without issue.
The reason I believe ROS is failing to start is - if I attempt curl 127.0.0.1:9080 or curl 127.0.0.1:9443 from the terminal I get the message curl: (7) Failed to connect to 127.0.0.1 port 9443: Connection refused
I'd love to hear your ideas/thoughts/suggestions on how I can get this to work. Cheers. Ian
Thanks to user #Radu - the answer was Permissions.
The realm user did not have permission to read the .pem files.
I picked up the answer from this answer.
Https Proxy for Realm Object Server not working
#Radu - is the man!
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Im new to hosting sites with ssl certificates and i wanted to know, if the server is running an iis server with a site and i now install apache on the same server, does the certificate apply to both hosts and if not, if i use the same dns/site address will it then apply?
After the responces i have gotten i would like to add that in order to run apache and iis i have to change the port number of the apache site, does the cert apply to this, so if iis is host www.123.co.za and apache www.123.co.za:8080 - does the cert apply, espicially considering ssl is on its own port ??
On the conceptual side, an SSL certificate establishes identity; that is it verifies that the person or organization who owns a particular domain name (hostname) approves of the actual server that the client is communicating with. Thus, the certificate itself is not tied to any particular server, but it is tied to a hostname or set of hostnames (for example, a *.example.com certificate would be valid for www.example.com and test.example.com.
On the practical side, if both server programs are set up with the certificate, and both have domain names within the scope of the certificate, it should work just fine.
An SSL certificate in this context is used to certify the host name. As long as you have the key pair and the certificate, you should be able to use the same certificate in IIS, Apache or any other SSL server.
You will however run into problems if you want to run several sites under different host names on the same ip and tcp port.
So, from a technical point it should be perfectly possible to use the same certificate in IIS running on www.123.co.za:443 and Apache running on www.123.co.za:9443.
It depends on type of your certificate (is it a wildcard certificate?) and a license you bought it under.
As far as I can see a typical cheap certificate apply for any ports on the host it is issued for. So, yes, www.example.com and www.example.com:8080 can both use same certificate.