Jitsi pulling up default ucs portal instead of jitsi

I have installed Jitsi and had it working fine. Then I setup external DNS, Let’s Encrypt, and port forwards in my firewall to get it working externally, and now it no longer works.

After some digging in the config files it seems that the Let’s Encrypt config restates the proxy configs and leaves out Jitsi for some reason. I had to add back the two ProxyPass statements from

/var/lib/univention-appcenter/apps/jitsimeet/config/vhost.con[f]

into

/etc/apache2/sites-enabled/univention-letsencrypt.conf

to make it work again.

Anyone have any idea why that would not be working automatically like it does with other apps? I’m guessing my simple fix is going to get blown away whenever UCS does it’s templated config generation routine.

4 Likes

Thank you for the hint.

Did you file a bug-report?

https://forge.univention.org/bugzilla/

Best, Bernd

I haven’t filed a bug report. I was kind of hoping someone had some more information. I take it from your post that you have the same issue?

Yes, you’re right - the same issue.

And your post is already linked in a second post (in german) around jitsi … so we’re not the only two.

Bug report filed.

https://forge.univention.org/bugzilla/show_bug.cgi?id=51365

1 Like

Hello @Kevo,

have you seen the comment at your bug report?

Apps that use the vhost feature from bug 45115 are probably incompatible with the current way the letsencrypt app handles the apache2 config.

In the apache2 config univention-letsencrypt.conf should be a line IncludeOptional /etc/apache2/ucs-sites.conf.d/*.conf

So it may be enough to link the jitsi apache2 config to that directory ln -s /var/lib/univention-appcenter/apps/jitsi/config/vhost.conf /etc/apache2/ucs-sites.conf.d/

Have you tried that and did it resolve your issue? Would be good to know. Thank you.

Best regards,
Nico

Hello @gulden and @Kevo

I have tried this. The proper command is:

ln -s /var/lib/univention-appcenter/apps/jitsimeet/config/vhost.conf /etc/apache2/ucs-sites.conf.d/

It kind of works but of course will redirect ALL letsencrypt-(sub-)domains on the toplevel to jitsi.
I would like to have just the ONE subdomain specified in the jitsi setup to redirect to jitsi… and maybe another one I can chose - but not all.

Best, Bernd

2 Likes

Hi,
I just install Jitsi on my master UCS and execute the command line “ln -s /var/lib/univention-appcenter/apps/jitsimeet/config/vhost.conf /etc/apache2/ucs-sites.conf.d/” to make it work.
However it redirect my UCS portal as well. Is it normal ?

I don’t think the solution you tried works. Try what I mentioned in the first post or check the bug report. There might be new info there. I am still using my original work around.

But I don’t understand how to fix my issue with your first post which is to add

    ProxyPass / http://localhost:8888/ retry=0
    ProxyPassReverse / http://localhost:8888/

From " /var/lib/univention-appcenter/apps/jitsimeet/config/vhost.con[f]" file into “/etc/apache2/sites-enabled/univention-letsencrypt.conf” file

Below the config of my file “/etc/apache2/sites-enabled/univention-letsencrypt.conf”

alias /.well-known/acme-challenge/ /var/www/.well-known/acme-challenge/
Directory /var/www/.well-known/acme-challenge/>

               AllowOverride None
               Options -Indexes
               Require all granted

Directory
IfModule mod_ssl.c
IfModule

Regarding bug report 51365 when adding the symlink it is working but redirect also my UCS portal.

I must had miss something from your post or from the bug report here. Any help would be appriciate.
Regards,
Jean-raoul

Are you using let’s encrypt? If not, then I don’t think any of this info applies. IIRC it was working fine before setting up let’s encrypt. You may be having a different issue.

Yes I am using let’s encrypt. I had installed it before Jitsi meeting application. I beleive here the reverse proxy is working but it is redirected all subdomain to Jitsi.

If you’re using let’s encrypt I would expect to see other info in your config file. You should have a virtual host section with the jitsi address. Your additional proxy lines would go there.

ProxyPass / http://localhost:8888/ retry=0
ProxyPassReverse / http://localhost:8888/

Yes for sure I am using let’s encrypt and I guess configuration file is on another file like default-ssl.conf.

For me adding the file univention-jitsi.conf into:

/etc/apache2/sites-available/

and the symbolic link into

/etc/apache2/sites-enabled/

did the job.

univention-jitsi.conf:

<VirtualHost *:443>
        ServerName jitsi.portal.fooba.ba
        SSLEngine on
        SSLProxyEngine on
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off

        SSLCertificateFile /etc/univention/letsencrypt/signed_chain.crt
        SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key

       ProxyPass / http://localhost:8888/ retry=0
       ProxyPassReverse / http://localhost:8888/

	ProxyPreserveHost On
	RequestHeader set X-Forwarded-Proto "https"
	RewriteEngine on
	RewriteCond %{HTTP:Connection} Upgrade [NC]
	RewriteCond %{HTTP:Upgrade} websocket [NC]
	RewriteRule ^/?(.*) "ws://127.0.0.1:8888/$1" [P,L]

</VirtualHost>

Workarround found in the bug 51365

1 Like
Mastodon