Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    The nginx config for meet as given in the docs does not work

    Kopano Meet & WebMeetings
    5
    7
    1387
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • irreleph4nt
      irreleph4nt last edited by irreleph4nt

      Hi,

      I am trying to convert from a fully working kweb setup to nginx. Everything except meet works well with the configurations as provided on documentation.kopano.io. I can login to meet but I get a little red icon in the top right corner which tells me I am not connected and placing calls also fails. I have pasted my nginx config as well as the error from the journal below and I’d appreciate any help you can provide, please.

      /etc/nginx/sites-enabled/meet.conf

      upstream konnect {
              server 127.0.0.1:8777;
      }
      
      upstream kapi {
              server 127.0.0.1:8039;
      }
      
      upstream kwmserver {
              server 127.0.0.1:8778;
      }
      
      server {
      
          charset utf-8;
          listen 443 ssl;
          server_name <FQDN>;
          ssl on;
          client_max_body_size 1024m;
          ssl_certificate /etc/ssl/kopano/<FQDN>.crt;
          ssl_certificate_key /etc/ssl/kopano/<FQDN>.key;
          ssl_session_cache shared:SSL:1m;
          ssl_session_timeout 5m;
          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES12>
          ssl_prefer_server_ciphers on;
          #
          # ssl_dhparam require you to create a dhparam.pem, this takes a long time
          ssl_dhparam /etc/ssl/kopano/dhparam.pem;
      
      
      
      location /.well-known/openid-configuration {
              proxy_pass http://konnect/.well-known/openid-configuration;
      }
      
      location /konnect/v1/jwks.json {
              proxy_pass http://konnect/konnect/v1/jwks.json;
      }
      
      location /konnect/v1/token {
              proxy_pass http://konnect/konnect/v1/token ;
      }
      
      location /konnect/v1/userinfo {
              proxy_pass http://konnect/konnect/v1/userinfo;
      }
      
      location /konnect/v1/static {
              proxy_pass http://konnect/konnect/v1/static;
      }
      
      location /konnect/v1/session {
              proxy_pass http://konnect/konnect/v1/session;
      }
      
      location /signin/ {
              proxy_set_header Host $host;
              proxy_set_header X-Forwarded-Proto $scheme;
              proxy_set_header X-Forwarded-Port $server_port;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_pass http://konnect/signin/;
      }
      
      location /api/gc/ {
              proxy_pass http://kapi/api/gc/;
      }
      
      # kapi pubs
      location /api/pubs/ {
              proxy_pass http://kapi/api/pubs;
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection "Upgrade";
      }
      
      # disable caching for the service-worker
      location /meet/service-worker.js {
              expires -1;
      }
      
      location /meet {
              rewrite ^/meet/r/(.*)$ /meet last;
              alias /usr/share/webapps/kopano-meet/;
      }
      
      location /api/config/v1/kopano/meet/config.json {
              # When using default values this setting can be kept as it is please adapt
              # the next line ap copy config.json to /etc/kopano if user modifications
              # are needed
              alias /usr/share/webapps/kopano-meet/config.json;
      }
      
      location /api/v1/websocket/ {
              proxy_pass http://kwmserver/api/v1/websocket/;
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection "Upgrade";
      }
      
      location /api/v1/ {
              proxy_pass http://kwmserver/api/v1/;
      }
      }
      

      This is taken straight from the docs here: link to meet install guide

      I have made two small adjustments:

      1. I have added a valid SSL config
      2. I have adjusted the aliases for my distribution’s paths (Arch Linux)

      All kopano services work without issue when used with kweb on the same machine.

      Errors in journal:

      Apr 04 02:19:24 testbench systemd[1]: Started A high performance web server and a reverse proxy server.
      Apr 04 02:19:35 testbench nginx[1174]: 2019/04/04 02:19:35 [error] 1176#1176: *1 open() "/etc/nginx/html/meet/service-worker.js" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "GET /meet/service-worker.js HTTP/1.1", host: "<FQDN>"
      Apr 04 02:19:36 testbench nginx[1174]: 2019/04/04 02:19:36 [error] 1176#1176: *1 open() "/etc/nginx/html/meet/service-worker.js" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "GET /meet/service-worker.js HTTP/1.1", host: "<FQDN>"
      Apr 04 02:19:42 testbench nginx[1174]: 2019/04/04 02:19:42 [error] 1176#1176: *19 open() "/etc/nginx/html/api/kvs/v1/kv/user/kopano-meet-recents" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "GET /api/kvs/v1/kv/user/kopano-meet-recents?recurse=1 HTTP/1.1", host: <FQDN>, referrer: "https://<FQDN>/meet/r/call"
      Apr 04 02:19:42 testbench nginx[1174]: 2019/04/04 02:19:42 [error] 1176#1176: *20 open() "/etc/nginx/html/api/kwm/v2/rtm/connect" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "POST /api/kwm/v2/rtm/connect HTTP/1.1", host: "<FQDN>", referrer: "https://<FQDN>/meet/r/call"
      Apr 04 02:19:43 testbench nginx[1174]: 2019/04/04 02:19:43 [error] 1176#1176: *1 open() "/etc/nginx/html/meet/service-worker.js" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "GET /meet/service-worker.js HTTP/1.1", host: "<FQDN>", referrer: "https://<FQDN>/meet/r/call"
      Apr 04 02:19:43 testbench nginx[1174]: 2019/04/04 02:19:43 [error] 1176#1176: *1 open() "/etc/nginx/html/api/kwm/v2/rtm/connect" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "POST /api/kwm/v2/rtm/connect HTTP/1.1", host: "<FQDN>", referrer: "https://<FQDN>/meet/r/call"
      Apr 04 02:19:44 testbench nginx[1174]: 2019/04/04 02:19:44 [error] 1176#1176: *1 open() "/etc/nginx/html/api/kwm/v2/rtm/connect" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "POST /api/kwm/v2/rtm/connect HTTP/1.1", host: "<FQDN>", referrer: "https://<FQDN>/meet/r/call"
      Apr 04 02:19:47 testbench nginx[1174]: 2019/04/04 02:19:47 [error] 1176#1176: *1 open() "/etc/nginx/html/api/kwm/v2/rtm/connect" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "POST /api/kwm/v2/rtm/connect HTTP/1.1", host: "<FQDN>", referrer: "https://<FQDN>/meet/r/call"
      Apr 04 02:19:50 testbench nginx[1174]: 2019/04/04 02:19:50 [error] 1176#1176: *1 open() "/etc/nginx/html/api/kwm/v2/rtm/connect" failed (2: No such file or directory), client: 192.168.0.1, server: <FQDN>, request: "POST /api/kwm/v2/rtm/connect HTTP/1.1", host: "<FQDN>", referrer: "https://<FQDN>/meet/r/call"
      
      fbartels 1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @irreleph4nt last edited by fbartels

        @irreleph4nt said in The nginx config for meet as given in the docs does not work:

        /etc/nginx/html/meet/service-worker.js" failed (2: No such file or directory

        You seem to have some rule in your nginx configuration that overrules the config you have shown above.

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        irreleph4nt 2 Replies Last reply Reply Quote 0
        • irreleph4nt
          irreleph4nt @fbartels last edited by irreleph4nt

          @fbartels
          Hi and thank you for jumping in! My nginx config looks like this:

          /etc/nginx/nginx.conf

          user http;
          worker_processes  1;
          
          error_log  /var/log/nginx/error.log  info;
          
          events {
              worker_connections  1024;
          }
          
          http {
              server_names_hash_bucket_size 64;
              server_names_hash_max_size 1024;
          
              include       mime.types;
              default_type  application/octet-stream;
          
              log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                                '$status $body_bytes_sent "$http_referer" '
                                '"$http_user_agent" "$http_x_forwarded_for"';
          
              access_log  /var/log/nginx/access.log  main;
          
              sendfile        on;
              keepalive_timeout 65;
          
              include /etc/nginx/sites-enabled/*;
          }
          

          I can’t spot anything that would overrule the Kopano config. If you can, please shout!
          By the way, that particular error can be worked around by adding an alias directive to the relevant nginx location, point right to where the file lives on the filesystem.
          The other error about /api/kwm however is worse. I don’t see anything in the Kopano config to handle that and can’t think of any proxy or location setting that would point it to the right place, given how I don’t even know where these requests are meant to go. :(

          Thanks for your help once again!

          1 Reply Last reply Reply Quote 0
          • irreleph4nt
            irreleph4nt @fbartels last edited by irreleph4nt

            @fbartels
            I solved this. The issue is that the nginx config given in the kopano-meet installation guide is inclomplete. Looking through the overrides and proxy commands in kweb’s base.go file, I found that it contains a lot more such lines than the nginx config presented. To make meet work with nginx, the below entries had to be added. Please let me know in case I am still missing any not-so-obvious ones.

            # the alias is missing which makes nginx look for the service-worker.js file in the wrong place (/etc/nginx)
            location /meet/service-worker.js {
                    alias /usr/share/webapps/kopano-meet/service-worker.js;
                    expires -1;
            }
            
            # all of the below is missing, because of which meet fails to connect to kwmserverd and turnserver
            location /api/v1/rtm.connect/ {
                    proxy_pass http://kwmserver/api/v1/rtm.connect/;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "Upgrade";
            }
            
            location /api/v1/rtm.turn/ {
                    proxy_pass http://kwmserver/api/v1/rtm.turn/;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "Upgrade";
            }
            
            location /api/kwm/v2/ {
                    proxy_pass http://kwmserver/api/kwm/v2/;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "Upgrade";
            }
            
            # technically works without this one but would be lacking call history if obmitted (i.e. recent calls always empty)
            location /api/kvs/ {
                    proxy_pass http://kapi/api/kvs/;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "Upgrade";
            }
            

            EDIT: Follow-up question: Is there a way to ssl-encrypt the proxy_pass connections to the upstream kopano-services?

            1 Reply Last reply Reply Quote 0
            • Raven24
              Raven24 last edited by Raven24

              Sorry for reviving this old topic, but I came across this problem when setting up Kopano Meet (supported) on a Debian 9 with Nginx recently.
              Calls will apparently work just fine without service-worker.js, as I didn’t even notice the 502 error when the location wasn’t specified correctly in the config.

              Only when I started to set up guest access, I never was able to successfully join a conference with a guest user. It just redirected to the Meet spash-screen. The server produced those log messages, but no apparent errors:

              ... kopano-kwmserverd[10439]: level=debug msg="guest handler logon request" guest=1 manager=guest
              ... kopano-konnectd[13265]: level=error msg="inner authorize request failed"
              

              At that point I did open the browser console and I saw, that the only thing not able to be loaded was that one file, so I added the alias to the Nginx config and now everything works as expected.

              I also ran into a strange redirect issue, where guests would see the login page when they first opened the invite link, but the second time with the cookies set from the first attempt, they would be presented the steps for joining a group call. That was solved by the second part in the config snippet below which basically handles the redirect ‘internally’.

              # let nginx actually serve the JS file
              location /meet/service-worker.js {
                alias /usr/share/kopano-meet/meet-webapp/service-worker.js;
                expires -1;
              }
              
              # use try_files instead of a redirect
              location /meet {
                #rewrite ^/meet/r/(.*)$ /meet last;
                try_files $uri $uri/ /index.html =404;
                alias /usr/share/kopano-meet/meet-webapp;
              }  
              

              (I’m adding this posting, so other people might have it easier to google that particular problem)

              1 Reply Last reply Reply Quote 0
              • Coffee_is_life
                Coffee_is_life last edited by

                Hello @Raven24 ,

                funny thing is, i can join everyting, even with guests but im getting the same error message:

                Mar 24 16:29:08 <my_server> kopano-konnectd[452]: level=error msg="inner authorize request failed"
                

                im getting the error twice. Once if i click the link to join and kopano-meets shows me the Groupname
                second, when im creating the username and join the meeting.

                But everything seems to work fine (now, after i searched for hours, then corrected one space in registration.yaml). :|

                best regards,
                coffee_is_life

                longsleep 1 Reply Last reply Reply Quote 0
                • longsleep
                  longsleep Kopano @Coffee_is_life last edited by

                  @Coffee_is_life said in The nginx config for meet as given in the docs does not work:

                  funny thing is, i can join everyting, even with guests but im getting the same error message:
                  Mar 24 16:29:08 <my_server> kopano-konnectd[452]: level=error msg=“inner authorize request failed”

                  This seems to be a wrong error message (since there was no error). Thanks all for reporting - a fix will be made. For now this message can be ignored unless additional fields (other than msg and level) are present as well.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post