Jitsi pulling up default ucs portal instead of jitsi

Kevo · May 23, 2020, 6:44pm

I have installed Jitsi and had it working fine. Then I setup external DNS, Let’s Encrypt, and port forwards in my firewall to get it working externally, and now it no longer works.

After some digging in the config files it seems that the Let’s Encrypt config restates the proxy configs and leaves out Jitsi for some reason. I had to add back the two ProxyPass statements from

/var/lib/univention-appcenter/apps/jitsimeet/config/vhost.con[f]

into

/etc/apache2/sites-enabled/univention-letsencrypt.conf

to make it work again.

Anyone have any idea why that would not be working automatically like it does with other apps? I’m guessing my simple fix is going to get blown away whenever UCS does it’s templated config generation routine.

lebernd · May 27, 2020, 8:28pm

Thank you for the hint.

Did you file a bug-report?

https://forge.univention.org/bugzilla/

Best, Bernd

Kevo · May 27, 2020, 8:45pm

I haven’t filed a bug report. I was kind of hoping someone had some more information. I take it from your post that you have the same issue?

lebernd · May 27, 2020, 8:50pm

Yes, you’re right - the same issue.

And your post is already linked in a second post (in german) around jitsi … so we’re not the only two.

Kevo · May 27, 2020, 9:17pm

Bug report filed.

https://forge.univention.org/bugzilla/show_bug.cgi?id=51365

gulden · May 29, 2020, 7:13am

Hello @Kevo,

have you seen the comment at your bug report?

Apps that use the vhost feature from bug 45115 are probably incompatible with the current way the letsencrypt app handles the apache2 config.

In the apache2 config univention-letsencrypt.conf should be a line IncludeOptional /etc/apache2/ucs-sites.conf.d/*.conf

So it may be enough to link the jitsi apache2 config to that directory ln -s /var/lib/univention-appcenter/apps/jitsi/config/vhost.conf /etc/apache2/ucs-sites.conf.d/

Have you tried that and did it resolve your issue? Would be good to know. Thank you.

Best regards,
Nico

lebernd · May 29, 2020, 7:56am

Hello @gulden and @Kevo

I have tried this. The proper command is:

ln -s /var/lib/univention-appcenter/apps/jitsimeet/config/vhost.conf /etc/apache2/ucs-sites.conf.d/

It kind of works but of course will redirect ALL letsencrypt-(sub-)domains on the toplevel to jitsi.
I would like to have just the ONE subdomain specified in the jitsi setup to redirect to jitsi… and maybe another one I can chose - but not all.

Best, Bernd

jra · August 26, 2020, 9:27am

Hi,
I just install Jitsi on my master UCS and execute the command line “ln -s /var/lib/univention-appcenter/apps/jitsimeet/config/vhost.conf /etc/apache2/ucs-sites.conf.d/” to make it work.
However it redirect my UCS portal as well. Is it normal ?

Kevo · August 26, 2020, 12:20pm

I don’t think the solution you tried works. Try what I mentioned in the first post or check the bug report. There might be new info there. I am still using my original work around.

jra · August 26, 2020, 1:16pm

But I don’t understand how to fix my issue with your first post which is to add

    ProxyPass / http://localhost:8888/ retry=0
    ProxyPassReverse / http://localhost:8888/

From " /var/lib/univention-appcenter/apps/jitsimeet/config/vhost.con[f]" file into “/etc/apache2/sites-enabled/univention-letsencrypt.conf” file

Below the config of my file “/etc/apache2/sites-enabled/univention-letsencrypt.conf”

alias /.well-known/acme-challenge/ /var/www/.well-known/acme-challenge/
Directory /var/www/.well-known/acme-challenge/>

               AllowOverride None
               Options -Indexes
               Require all granted

Directory
IfModule mod_ssl.c
IfModule

Regarding bug report 51365 when adding the symlink it is working but redirect also my UCS portal.

I must had miss something from your post or from the bug report here. Any help would be appriciate.
Regards,
Jean-raoul

Kevo · August 26, 2020, 1:32pm

Are you using let’s encrypt? If not, then I don’t think any of this info applies. IIRC it was working fine before setting up let’s encrypt. You may be having a different issue.

jra · August 26, 2020, 6:22pm

Yes I am using let’s encrypt. I had installed it before Jitsi meeting application. I beleive here the reverse proxy is working but it is redirected all subdomain to Jitsi.

Kevo · August 26, 2020, 6:55pm

If you’re using let’s encrypt I would expect to see other info in your config file. You should have a virtual host section with the jitsi address. Your additional proxy lines would go there.

ProxyPass / http://localhost:8888/ retry=0
ProxyPassReverse / http://localhost:8888/

jra · August 28, 2020, 5:51pm

Yes for sure I am using let’s encrypt and I guess configuration file is on another file like default-ssl.conf.

santiago · October 6, 2021, 6:43am

For me adding the file univention-jitsi.conf into:

/etc/apache2/sites-available/

and the symbolic link into

/etc/apache2/sites-enabled/

did the job.

univention-jitsi.conf:

<VirtualHost *:443>
        ServerName jitsi.portal.fooba.ba
        SSLEngine on
        SSLProxyEngine on
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off

        SSLCertificateFile /etc/univention/letsencrypt/signed_chain.crt
        SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key

       ProxyPass / http://localhost:8888/ retry=0
       ProxyPassReverse / http://localhost:8888/

	ProxyPreserveHost On
	RequestHeader set X-Forwarded-Proto "https"
	RewriteEngine on
	RewriteCond %{HTTP:Connection} Upgrade [NC]
	RewriteCond %{HTTP:Upgrade} websocket [NC]
	RewriteRule ^/?(.*) "ws://127.0.0.1:8888/$1" [P,L]

</VirtualHost>

Workarround found in the bug 51365