docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS POR TS NAMES
8bf617bb826c kopano/konnectd:latest “docker-entrypoint.s…” 19 seconds ago Up 13 seconds (health: starting) 677 7/tcp, 0.0.0.0:8777->8777/tcp konnectd.1.e4a8hjpfotbmieo7vj3m31pno
~# docker rm -f 8bf617bb826c
8bf617bb826c
~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7919d67f2ccf kopano/konnectd:latest “docker-entrypoint.s…” 1 second ago Created konnectd.1.zlxmztkbcjykrs5wi3d8f13tu
I don’t remember setting anything like that up… just wondering if you happen to know off the top of your head. If not I’ll start digging in.
the “docker pull kopano/konnectd” command grabs the image
the “docker service create …” command causes persistent instances. The moment one konnectd dies a new one is spawned, etc. Kill the image at a docker level, the service ensures it comes back because it was told its supposed to make sure.
the “docker service rm konnectd” does exactly what we might expect. It gets rid of konnectd and most all evidence that it ever existed.
Somewhere in there I obviously also did a build and I remember that’s around the time stuff started working for me. That being said – when I look at the CLI history on my web server around then … I also see I was messing around with some websocket stuff on my reverse-proxy. That box is actually what is in front of UCS.
I’m thinking that fixes to the RP is what actually fixed the multi-user issue I was having.
The konnect related stuff I what I was doing in parallel. Pretty sure I just left it behind when multi-user stuff started working. so it was purely coincidence and didn’t need to be there.
Will try the install now that stuff is out of the way.
"OpenID-Connect-Provider” is installed now. It would not do it through the app center but it worked through the command line it looks like. I’m able to make a CURL call to the ucs-sso URL
There is a self-signed certificate on the website right now it looks like.
I’ve moved on to trying to install Kopano Meet and its back to being stuck in the UI again. The log doesn’t show anything particularly useful. I’ll try again from the CLI and see what happens after I give it a bit more time to try and fail.
it complained about quitea bit of stuff but the CLI did install.
KopanMeet shows up in the landing page for the server and it does allow me to login. Everything shows as status of offline so its pretty-well broken right now. I’m assuming the errors below are much of what’s behind that.
Here’s the log from the CLI run:
root@blade:~# univention-app install kopano-meet
Going to install Kopano Meet (2.1.0_0-2)
Password for Administrator:
chmod: cannot access ‘/var/lib/univention-appcenter/apps/kopano-meet/machine.secret’: No such file or directory
Create kopano/docker/FQDN_MEET
Create kopano/docker/FQDN_SSO
Create kopano/docker/GRID_WEBAPP
Create kopano/docker/INSECURE
Create kopano/docker/MEET_GUEST_ALLOW
Create kopano/docker/MEET_GUEST_REGEXP
Create kopano/docker/TURN_PASSWORD
Create kopano/docker/TURN_USER
Create kopano/docker/TURN_SERVER_SHARED_SECRET
Create kopano/docker/TURN_SERVICE_URL
Create kopano/docker/TURN_URIS
Module: kopano-cfg
Creating data directories for kopano-meet…
Registering UCR for kopano-meet
Marking 4.3/kopano-meet=2.1.0_0-2 as installed
Module: kopano-cfg
File: /etc/univention/service.info/services/univention-appcenter.cfg
File: /usr/share/univention-portal/apps.json
Multifile: /etc/apache2/sites-available/000-default.conf
Multifile: /etc/apache2/sites-available/default-ssl.conf
Module: kopano-cfg
File: /etc/apache2/sites-available/univention-letsencrypt.conf
Adding localhost to LDAP object
Setting overview variables
Module: kopano-cfg
Module: create_portal_entries
Reloading apache2 configuration (via systemctl): apache2.service.
Registering the container host kopan-31090913 for kopano-meet
Module: kopano-cfg
Verifying Docker registry manifest for app image docker.software-univention.de/kopano-meet-kopano_grapi:2.1.0_0-2
Downloading app images
Running command: docker-compose -p kopano-meet pull
The GRID_WEBAPP variable is not set. Defaulting to a blank string.
The MEET_GUEST_BOOLALLOW variable is not set. Defaulting to a blank string.
The MEET_GUEST_ALLOW variable is not set. Defaulting to a blank string.
The clientsecret variable is not set. Defaulting to a blank string.
The MEET_GUEST_REGEXP variable is not set. Defaulting to a blank string.
The TURN_PASSWORD variable is not set. Defaulting to a blank string.
The TURN_USER variable is not set. Defaulting to a blank string.
The TURN_SERVICE_URL variable is not set. Defaulting to a blank string.
The TURN_URIS variable is not set. Defaulting to a blank string.
The TURN_SERVER_SHARED_SECRET variable is not set. Defaulting to a blank string.
Pulling web … done
Pulling kopano_kwmserver … done
Pulling kopano_grapi … done
Pulling kopano_kapi … done
Pulling kopano_meet … done
Pulling kopano_ssl … done
Pulling kopano_konnect … done
Initializing app image
Running command: docker-compose -p kopano-meet up -d --no-build --no-recreate
The MEET_GUEST_ALLOW variable is not set. Defaulting to a blank string.
The clientsecret variable is not set. Defaulting to a blank string.
The GRID_WEBAPP variable is not set. Defaulting to a blank string.
The MEET_GUEST_BOOLALLOW variable is not set. Defaulting to a blank string.
The MEET_GUEST_REGEXP variable is not set. Defaulting to a blank string.
The TURN_PASSWORD variable is not set. Defaulting to a blank string.
The TURN_USER variable is not set. Defaulting to a blank string.
The TURN_SERVICE_URL variable is not set. Defaulting to a blank string.
The TURN_URIS variable is not set. Defaulting to a blank string.
The TURN_SERVER_SHARED_SECRET variable is not set. Defaulting to a blank string.
The Docker Engine you’re using is running in swarm mode.
Compose does not use swarm mode to deploy services to multiple nodes in a swarm. All containers will be scheduled on the current node.
To deploy your application across the swarm, use docker stack deploy.
Creating network “kopano-meet_kopano-net” with driver “bridge”
Creating network “kopano-meet_default” with the default driver
Creating network “kopano-meet_web-net” with the default driver
Creating kopano_web … done
Creating kopano_ssl … done
Creating kopano_grapi … done
Creating kopano_kwmserver … done
Creating kopano_konnect … done
Creating kopano_kapi … done
Creating kopano_meet … done
After a lot of messing around I sort-of forced a few things and got a successful test between two LAN PCs
I put ucs-sso.domainremoved.org into the hosts file on a PC on my LAN that can hit my DMZ UCS server directly. That seems to work
Next I setup my Turn server in the config and got a host from outside my LAN that had access to ucs-sso temporarily to also work. Kopan-Meets seems to work in that instance - albeit it can’t stay that way.
It made me wonder why there’s no config for a STUN server anywhere… thoughts?
I skipped over that for now and started troubleshooting the Apache reverse proxy config for ucs-sso.domainremoved.org.
I had the right internal and external DNS. I have the needed /etc/hosts file entry on the reverse-proxy server and the right virtual hosts setup on the server, etc. Still if I point at the reverse-proxy hosts I only get so far. The calls as I try to authenticate fail every time.
After some research it looks like OpenID Connect requires an apache module to reverse-proxy it along with some detailed config.
I found a simple article here:
I was hoping for some help sorting out what the parameters are needed for the RP and how to find them in UCS.
That plus updating so users go to Kopano-Meets rather than webmeetings in the webapps seem to be the last few hurdles to using it more widely.
That is because the turn server in most cases also does stun. So no need to have two settings.
No, definitely not. Just proxy that whole domain to your internal system. Of you want to get fancy the have a look at the Apache configuration of the openid provider app for the exact routes.
I’m looking through the Apache config on UCS and I see where the ucs-sso vhost along with a proxy include.
Any thoughts on what must go into a reverse-proxy config to get it to work. Generically reverse proxying the entire site is not working. I can start a new thread for the discussion if you’d like although it is directly related to actually getting Kopano-meets working …
Is the trick hidden in duplicating the rewrite rules on the reverse-proxy rather than just hoping they will pass through?
I have already shared my thoughts on this with you. If you need concrete steps or a working example please get in contact with the Kopano support.
In the case of Meet you only need to specify the turn uri. A specific stun config is no longer needed. For Meet it is recommended to use the Kopano Turn Service (as it was already for Web Meetings) if you want to use your own turn and have problems with the configuration I recommend to get in touch with the Kopano support.
Thank you for the input on this. I will look up some info on Kopano Meets and STUN settings. It might be a trick to get the setting passed into the meets server on UCS – we can discuss that more once I find the info on STUN.
I went through all of the apache configs and includes on the UCS server. After some horsing around I managed to get OpenID connect to pass through my DMZ reverse-proxy over to my UCS server. I got the logins to work as well.
The problem I am seeing now – and I am not sure if this is a KopanoMeet issue or a reverse proxy issue yet – is that when I hit logoff on Meets it redirects me back to meets as the same user again with an active session. The only way that I can actually get a user out of meets on the client-side is to clear all of the cookies related to the meets URL and UCS-SSO URLs.
Also - I’d like to swap the webmeeting preference to Kopano-meets instead of spreed when logged into the webmail portal. What is the correct way to go about this?
ah, you’re referring to the Kopano WebApp. At the moment there is no (publicly available) integration of Kopano Meet into WebApp. I am currently not sure what the plans are in this regard. I have reached out internally to ask for a release date of the plugin.