The nginx config for meet as given in the docs does not work



  • Hi,

    I am trying to convert from a fully working kweb setup to nginx. Everything except meet works well with the configurations as provided on documentation.kopano.io. I can login to meet but I get a little red icon in the top right corner which tells me I am not connected and placing calls also fails. I have pasted my nginx config as well as the error from the journal below and I’d appreciate any help you can provide, please.

    /etc/nginx/sites-enabled/meet.conf

    upstream konnect {
            server 127.0.0.1:8777;
    }
    
    upstream kapi {
            server 127.0.0.1:8039;
    }
    
    upstream kwmserver {
            server 127.0.0.1:8778;
    }
    
    server {
    
        charset utf-8;
        listen 443 ssl;
        server_name <FQDN>;
        ssl on;
        client_max_body_size 1024m;
        ssl_certificate /etc/ssl/kopano/<FQDN>.crt;
        ssl_certificate_key /etc/ssl/kopano/<FQDN>.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES12>
        ssl_prefer_server_ciphers on;
        #
        # ssl_dhparam require you to create a dhparam.pem, this takes a long time
        ssl_dhparam /etc/ssl/kopano/dhparam.pem;
    
    
    
    location /.well-known/openid-configuration {
            proxy_pass http://konnect/.well-known/openid-configuration;
    }
    
    location /konnect/v1/jwks.json {
            proxy_pass http://konnect/konnect/v1/jwks.json;
    }
    
    location /konnect/v1/token {
            proxy_pass http://konnect/konnect/v1/token ;
    }
    
    location /konnect/v1/userinfo {
            proxy_pass http://konnect/konnect/v1/userinfo;
    }
    
    location /konnect/v1/static {
            proxy_pass http://konnect/konnect/v1/static;
    }
    
    location /konnect/v1/session {
            proxy_pass http://konnect/konnect/v1/session;
    }
    
    location /signin/ {
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://konnect/signin/;
    }
    
    location /api/gc/ {
            proxy_pass http://kapi/api/gc/;
    }
    
    # kapi pubs
    location /api/pubs/ {
            proxy_pass http://kapi/api/pubs;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
    }
    
    # disable caching for the service-worker
    location /meet/service-worker.js {
            expires -1;
    }
    
    location /meet {
            rewrite ^/meet/r/(.*)$ /meet last;
            alias /usr/share/webapps/kopano-meet/;
    }
    
    location /api/config/v1/kopano/meet/config.json {
            # When using default values this setting can be kept as it is please adapt
            # the next line ap copy config.json to /etc/kopano if user modifications
            # are needed
            alias /usr/share/webapps/kopano-meet/config.json;
    }
    
    location /api/v1/websocket/ {
            proxy_pass http://kwmserver/api/v1/websocket/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
    }
    
    location /api/v1/ {
            proxy_pass http://kwmserver/api/v1/;
    }
    }
    

    This is taken straight from the docs here: link to meet install guide

    I have made two small adjustments:

    1. I have added a valid SSL config
    2. I have adjusted the aliases for my distribution’s paths (Arch Linux)

    All kopano services work without issue when used with kweb on the same machine.

    Errors in journal:

    Apr 04 02:19:24 testbench systemd[1]: Started A high performance web server and a reverse proxy server.
    Apr 04 02:19:35 testbench nginx[1174]: 2019/04/04 02:19:35 [error] 1176#1176: *1 open() "/etc/nginx/html/meet/service-worker.js" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "GET /meet/service-worker.js HTTP/1.1", host: "<FQDN>"
    Apr 04 02:19:36 testbench nginx[1174]: 2019/04/04 02:19:36 [error] 1176#1176: *1 open() "/etc/nginx/html/meet/service-worker.js" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "GET /meet/service-worker.js HTTP/1.1", host: "<FQDN>"
    Apr 04 02:19:42 testbench nginx[1174]: 2019/04/04 02:19:42 [error] 1176#1176: *19 open() "/etc/nginx/html/api/kvs/v1/kv/user/kopano-meet-recents" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "GET /api/kvs/v1/kv/user/kopano-meet-recents?recurse=1 HTTP/1.1", host: <FQDN>, referrer: "https://<FQDN>/meet/r/call"
    Apr 04 02:19:42 testbench nginx[1174]: 2019/04/04 02:19:42 [error] 1176#1176: *20 open() "/etc/nginx/html/api/kwm/v2/rtm/connect" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "POST /api/kwm/v2/rtm/connect HTTP/1.1", host: "<FQDN>", referrer: "https://<FQDN>/meet/r/call"
    Apr 04 02:19:43 testbench nginx[1174]: 2019/04/04 02:19:43 [error] 1176#1176: *1 open() "/etc/nginx/html/meet/service-worker.js" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "GET /meet/service-worker.js HTTP/1.1", host: "<FQDN>", referrer: "https://<FQDN>/meet/r/call"
    Apr 04 02:19:43 testbench nginx[1174]: 2019/04/04 02:19:43 [error] 1176#1176: *1 open() "/etc/nginx/html/api/kwm/v2/rtm/connect" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "POST /api/kwm/v2/rtm/connect HTTP/1.1", host: "<FQDN>", referrer: "https://<FQDN>/meet/r/call"
    Apr 04 02:19:44 testbench nginx[1174]: 2019/04/04 02:19:44 [error] 1176#1176: *1 open() "/etc/nginx/html/api/kwm/v2/rtm/connect" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "POST /api/kwm/v2/rtm/connect HTTP/1.1", host: "<FQDN>", referrer: "https://<FQDN>/meet/r/call"
    Apr 04 02:19:47 testbench nginx[1174]: 2019/04/04 02:19:47 [error] 1176#1176: *1 open() "/etc/nginx/html/api/kwm/v2/rtm/connect" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "POST /api/kwm/v2/rtm/connect HTTP/1.1", host: "<FQDN>", referrer: "https://<FQDN>/meet/r/call"
    Apr 04 02:19:50 testbench nginx[1174]: 2019/04/04 02:19:50 [error] 1176#1176: *1 open() "/etc/nginx/html/api/kwm/v2/rtm/connect" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "POST /api/kwm/v2/rtm/connect HTTP/1.1", host: "<FQDN>", referrer: "https://<FQDN>/meet/r/call"
    

  • Kopano

    @irreleph4nt said in The nginx config for meet as given in the docs does not work:

    /etc/nginx/html/meet/service-worker.js" failed (2: No such file or directory

    You seem to have some rule in your nginx configuration that overrules the config you have shown above.



  • @fbartels
    Hi and thank you for jumping in! My nginx config looks like this:

    /etc/nginx/nginx.conf

    user http;
    worker_processes  1;
    
    error_log  /var/log/nginx/error.log  info;
    
    events {
        worker_connections  1024;
    }
    
    http {
        server_names_hash_bucket_size 64;
        server_names_hash_max_size 1024;
    
        include       mime.types;
        default_type  application/octet-stream;
    
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
    
        access_log  /var/log/nginx/access.log  main;
    
        sendfile        on;
        keepalive_timeout 65;
    
        include /etc/nginx/sites-enabled/*;
    }
    

    I can’t spot anything that would overrule the Kopano config. If you can, please shout!
    By the way, that particular error can be worked around by adding an alias directive to the relevant nginx location, point right to where the file lives on the filesystem.
    The other error about /api/kwm however is worse. I don’t see anything in the Kopano config to handle that and can’t think of any proxy or location setting that would point it to the right place, given how I don’t even know where these requests are meant to go. :(

    Thanks for your help once again!



  • @fbartels
    I solved this. The issue is that the nginx config given in the kopano-meet installation guide is inclomplete. Looking through the overrides and proxy commands in kweb’s base.go file, I found that it contains a lot more such lines than the nginx config presented. To make meet work with nginx, the below entries had to be added. Please let me know in case I am still missing any not-so-obvious ones.

    # the alias is missing which makes nginx look for the service-worker.js file in the wrong place (/etc/nginx)
    location /meet/service-worker.js {
            alias /usr/share/webapps/kopano-meet/service-worker.js;
            expires -1;
    }
    
    # all of the below is missing, because of which meet fails to connect to kwmserverd and turnserver
    location /api/v1/rtm.connect/ {
            proxy_pass http://kwmserver/api/v1/rtm.connect/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
    }
    
    location /api/v1/rtm.turn/ {
            proxy_pass http://kwmserver/api/v1/rtm.turn/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
    }
    
    location /api/kwm/v2/ {
            proxy_pass http://kwmserver/api/kwm/v2/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
    }
    
    # technically works without this one but would be lacking call history if obmitted (i.e. recent calls always empty)
    location /api/kvs/ {
            proxy_pass http://kapi/api/kvs/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
    }
    

    EDIT: Follow-up question: Is there a way to ssl-encrypt the proxy_pass connections to the upstream kopano-services?


Log in to reply