Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

the new nodejs websocket configuration #500

Open
baby-leo opened this issue Dec 13, 2023 · 6 comments
Open

the new nodejs websocket configuration #500

baby-leo opened this issue Dec 13, 2023 · 6 comments

Comments

@baby-leo
Copy link

i am using the latest jitsi admin, but i couldent get the new websocket configuration to wrok. i am assuming the configuration provided on https://github.com/H2-invent/jitsi-admin/wiki/Websocket-installation is by default getting configured while the the install.sh is excuted but still the websocket connection is not working what should i do
@holema
Copy link
Contributor

holema commented Dec 13, 2023

Hello @baby-leo,

ist the service running?
The websocket might be sometime quite tricky but we will get it done :)

Do you use any load balancer or reverse infront?

@baby-leo
Copy link
Author

baby-leo commented Dec 14, 2023
edited

thanks @holema
yes it is running and i realy dont use any load balancer on my jitsi admin server. and as a side note for testing purposes my serever does not have a public ip yet i am trying it on localserver

@holema
Copy link
Contributor

holema commented Dec 14, 2023

Hello @baby-leo,
So the service is running an the IP address is added to the jitsi-admin .env.local.
When you open the console in the browser you should see in the network tab a websocket connection try.

Have you double checked the websocket secret. This is a very likely error. The Websocket secret in the service must be the same as in the .env.local.

@baby-leo
Copy link
Author

yes the secret is the same. and here is my configurations

in my .env.local
MERCURE_URL="http://localhost:3000/.well-known/mercure"
MERCURE_PUBLIC_URL="https://my private ip"
MERCURE_JWT_SECRET="825601e6020b1cafeac664b7a18000e6"
WEBSOCKET_SECRET="825601e6020b1cafeac664b7a18000e6"

here is my apache config

<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/jitsi-admin/public

	# Add Headers
	Header always set X-Frame-Options "SAMEORIGIN"
	Header always set X-XSS-Protection "1; mode=block"
	Header unset Server
	Header unset x-powered-by

	# Client Configuration
	LimitRequestBody 10485760

<Directory /var/www/jitsi-admin/public>
	Options FollowSymLinks
	AllowOverride All
	Order Allow,Deny
	Allow from All
</Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLEngine on
    SSLCertificateFile /etc/apache2/certificate/apache-certificate.crt
    SSLCertificateKeyFile /etc/apache2/certificate/apache.key

Header always set Access-Control-Allow-Origin "https://myip http://myip:3000 https://meetjitsiurl"
Header always set Content-Security-Policy "style-src 'self' 'unsafe-inline'; connect-src *; font-src 'self' data:; frame-src *; frame-ancestors myip"

ProxyPass for /ws/.well-known/mercure

<Location "/ws/.well-known/mercure">
ProxyPass http://127.0.0.1:3000/.well-known/mercure
ProxyPassReverse http://127.0.0.1:3000/.well-known/mercure

Proxy settings for /healthz

<Location "/healthz">
ProxyPass http://127.0.0.1:3000/healthz
ProxyPassReverse http://127.0.0.1:3000/healthz

and here are the errors desplaying

  1. No route found for "GET https://myip/ws/"

  2. https://myip/ws/?token=eyJ0eXAiOiJKV1... 404(notfound)

@holema
Copy link
Contributor

holema commented Dec 14, 2023

Hello @baby-leo,
that was the reason, why we changed from apache to nginx ;) nginx is the prefered webserver when traffic should be reversed.

This is a structural problem. It is not possible to use https without an IP adresse. Https is domain based.

And there is a third reverse host missing. You also have to reverse proxy th /ws/ route to the websocket service. ON this proxypass you also have to send a upgrade Header with the apache server.
This is the original nginx configuration: https://github.com/H2-invent/jitsi-admin/wiki/NGINX-Configuration

This is the config translated from ChatGPT. Please double check the config and past your working config:

<VirtualHost *:80>
    ServerName mydomain.com
    DocumentRoot /var/www/jitsi-admin/public
    DirectoryIndex index.php

    # Add Headers
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
    Header unset Server
    Header unset X-Powered-By

    # Client Configuration
    LimitRequestBody 10485760

    # Default Symfony Location Configuration
    <Directory /var/www/jitsi-admin/public>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        RewriteEngine On
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^ index.php [QSA,L]
    </Directory>

    <LocationMatch "^/index\.php(/|$)">
        ProxyPass "unix:/var/run/php8.2-fpm.sock|fcgi://localhost/"
        SetEnvIf Request_URI "^/index\.php(/|$)" SCRIPT_FILENAME="/var/www/jitsi-admin/public/index.php"
        SetEnvIf Request_URI "^/index\.php(/|$)" DOCUMENT_ROOT="/var/www/jitsi-admin/public"
        ProxySet enablereuse=on
        ProxyPassMatch ^/(.*\.php(/.*)?)$ "unix:/var/run/php8.2-fpm.sock|fcgi://localhost/var/www/jitsi-admin/public/$1"
    </LocationMatch>

    <Location /ws/.well-known/mercure>
        ProxyPass "http://127.0.0.1:3000/.well-known/mercure"
        ProxyPassReverse "http://127.0.0.1:3000/.well-known/mercure"
        RequestHeader set Host $host
        RequestHeader set X-Real-IP $remote_addr
        RequestHeader set X-Forwarded-For $proxy_add_x_forwarded_for
    </Location>

    <Location /ws>
        ProxyPass "http://127.0.0.1:3000/ws"
        ProxyPassReverse "http://127.0.0.1:3000/ws"
        RequestHeader set Host $host
        RequestHeader set X-Real-IP $remote_addr
        RequestHeader set X-Forwarded-For $proxy_add_x_forwarded_for
        RequestHeader set Upgrade $http_upgrade
        RequestHeader set Connection "upgrade"
        ProxyTimeout 600
    </Location>

    <Location /.well-known/mercure>
        ProxyPass "http://127.0.0.1:3000/.well-known/mercure"
        ProxyPassReverse "http://127.0.0.1:3000/.well-known/mercure"
        RequestHeader set Host $host
        RequestHeader set X-Real-IP $remote_addr
        RequestHeader set X-Forwarded-For $proxy_add_x_forwarded_for
        ProxyTimeout 600
    </Location>

    <Location /realms>
        ProxyPass "http://127.0.0.1:8080"
        ProxyPassReverse "http://127.0.0.1:8080"
        SetEnvIf Request_URI "^/realms" no-gzip
        LimitRequestBody 262144000
        ProxyTimeout 360
        ProxySet "upgrade=on" "Connection=upgrade"
        RequestHeader set Host $http_host
        RequestHeader set X-Real-IP $remote_addr
        RequestHeader set X-Forwarded-For $proxy_add_x_forwarded_for
        RequestHeader set X-Forwarded-Proto $scheme
        Header always set X-Frame-Options "SAMEORIGIN"
    </Location>
</VirtualHost>

@baby-leo
Copy link
Author

ok i will get back to you after configuring it using nginx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@holema @baby-leo