Kopano Meet - WebSocket the client is not using the websocket protocol


  • Hello!

    I’m trying to set up my first Kopano Meet application in my kopano groupware server, this is the current setup:

    Server:
    Virtualized KVM
    OS: Debian 9
    Kopano groupware version: 8.7.9
    Web server: Apache 2.4.25
    Hostname (fake one): mail.mytestserver.com
    Client: Google Chrome
    DNS server: An internal corporation domain controller which has the record for the server
    RAM: 4GB
    CPU: 2 cores
    This server is just for testing and that’s why only has 4GB’s and two cores

    All the kopano services are in one single server, those are the currently configured services:

    kopano-search                                                                
    kopano-server
    kopano-spooler
    kopano-kwmserverd
    kopano-monitor
    kopano-dagent                    
    kopano-gateway
    kopano-grapi
    kopano-ical
    kopano-kapid
    kopano-konnectd
    

    I made a reverse proxy config for all of the services using Apache, here is the configuration (Excluding the default for the webapp)

    It took me a lot of time just to make it work, mainly because of the openauth id
    The overall configuration is pretty much ugly and I’m sure there is something wrong with it (I swear it started to be pretty much decent, then ended up like this during the troubleshooting)

    I took a look at both the documentation and the forum for the issues I encountered since now, but I’m stuck here

    /sites-enabled/kopano.conf

    <VirtualHost *:80>
         ServerName mail.mytestserver.com
    </VirtualHost>
    <VirtualHost *:443>
        ServerName mail.mytestserver.com
        SSLProxyEngine On
        SSLProxyVerify None
        SSLProxyCheckPeerCN Off
        SSLProxyCheckPeerName Off
        Include /etc/apache2/ssl.conf
        RedirectMatch ^/$ /webapp
        Alias /webapp /usr/share/kopano-webapp
        Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php
        <IfModule mod_alias.c>
           AliasMatch (?i)/Autodiscover/Autodiscover.xml "/usr/share/z-push/autodiscover/autodiscover.php"
        </IfModule>
        Alias /meet /usr/share/kopano-meet/meet-webapp
        Alias /meet/service-worker.js /usr/share/webapps/kopano-meet/service-worker.js
        Alias /api/config/v1/kopano/meet/config.json /usr/share/doc/kopano-meet-webapp/config.json.in
    </VirtualHost>
    

    The main proxy configuration are in two files in conf-enabled
    I spent two hours just for finding out the single string I was missing (ProxyPreserveHost On)

    kopano-api.conf

    RewriteEngine Off
    ProxyPass /api/gc/ http://localhost:8039/api/gc/ retry=0
    ProxyPass /api/pubs/ http://localhost:8039/api/pubs/ retry=0
    ProxyPass /api/v1/websocket/ http://localhost:8039/api/v1/websocket/ retry=0
    ProxyPass /api/v1/ http://localhost:8039/api/v1/ retry=0
    ProxyPass /api/v1/rtm.connect/ http://localhost:8039/api/v1/rtm.connect/ retry=0
    ProxyPass /api/v1/rtm.turn/ http://localhost:8039/api/v1/rtm.turn/ retry=0
    ProxyPass /api/kvs http://localhost:8039/api/kvs retry=0
    ProxyPass /api/kwm/v2/ http://localhost:8778/api/kwm/v2/ retry=0
    ProxyPass /api/kvs/v1/ http://localhost:8778/api/kvs/v1/ retry=0
    

    kopano-konnect.conf

    ProxyPass /.well-known/openid-configuration http://localhost:8777/.well-known/openid-configuration retry=0
    ProxyPass /konnect/v1/jwks.json http://localhost:8777/konnect/v1/jwks.json retry=0
    ProxyPassReverse /konnect/v1/jwks.json http://localhost:8777/konnect/v1/jwks.json
    ProxyPass /konnect/v1/token http://localhost:8777/konnect/v1/token retry=0
    ProxyPassReverse /konnect/v1/token http://localhost:8777/konnect/v1/token
    ProxyPass /konnect/v1/userinfo http://localhost:8777/konnect/v1/userinfo retry=0
    ProxyPassReverse /konnect/v1/userinfo http://localhost:8777/konnect/v1/userinfo
    ProxyPass /konnect/v1/static http://localhost:8777/konnect/v1/static retry=0
    ProxyPassReverse /konnect/v1/static http://localhost:8777/konnect/v1/static
    ProxyPass /konnect/v1/session http://localhost:8777/konnect/v1/session retry=0
    ProxyPreserveHost On
    ProxyPass /signin/ http://localhost:8777/signin/ retry=0
    ProxyPassReverse /signin/ http://localhost:8777/signin/
    

    I got a valid SSL certificate made with letsencrypt, mail.mytestserver.com
    the OID is mail.mytestserver.com, configured as https://mail.mytestserver.com

    The error I get (from chrome) is
    Annotazione 2020-03-26 191313.jpg
    Yay for my paint skills!
    Annotazione 2020-03-26 191331.jpg

    The log from kopano-kwmserverd

    mar 26 18:52:30 do-mail01 systemd[1]: Started Kopano KWM Server.
    mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=info msg="serve start"
    mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=info msg="using external TURN service: https://turnauth.kopano.com/turnserverauth/"
    mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=warning msg="insecure mode, TLS client connections are susceptible to man-in-the-middle attacks"
    mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=debug msg="http2 client support is disabled (insecure mode)"
    mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=info msg="serve started"
    mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=debug msg="OIDC provider initialized" iss="https://mail.mytestserver.com"
    mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=warning msg="admin: using random admin tokens singing key - API endpoint admin disabled"
    mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=info msg="rtm: API endpoint enabled"
    mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=info msg="starting http listener" listenAddr="127.0.0.1:8778"
    mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=info msg="ready to handle requests"
    mar 26 18:55:27 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:55:29 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:55:32 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:55:40 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:55:57 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:56:19 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:56:20 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:56:23 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:56:31 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:56:48 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:57:19 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:57:30 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:58:01 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:58:33 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:59:05 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 18:59:31 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 19:00:02 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 19:02:32 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 19:02:33 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 19:02:37 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 19:02:46 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 19:03:05 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    mar 26 19:03:37 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
    

    First of all, I know I’m not using a TURN server, but I read this is not necessary as long it’s internal.
    It should work anyway, right?

    Thanks for the help!

  • Kopano

    Hi @haru,

    @haru said in Kopano Meet - WebSocket the client is not using the websocket protocol:

    First of all, I know I’m not using a TURN server, but I read this is not necessary as long it’s internal.
    It should work anyway, right?

    Yes, opening Meet will work regardless if you have a turn service configured or not. Turn will only make a difference once you start video meetings inside of Meet.

    One other thing first. Kopano Web is the recommended webserver for installation. It provides you with an out of the box secure installation for Meet and all its components and has an option to proxy request to old applications (such as WebApp and Z-Push) to another webserver such as Apache or Nginx.

    What you’re missing in your current configuration is an upgrade of the connection to kwmserver to a websocket connection. Something like the following should work:

    RewriteCond %{HTTP:Connection} Upgrade [NC]
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteRule /api/kwm/v2/(.*) ws://localhost:2015/api/kwm/v2/$1 [P,L]
    
    ProxyPass /api/kwm/v2/ http://localhost:2015/api/kwm/v2/ retry=0
    

  • @fbartels Hello Felix, thanks for the answer.

    Today I tried to improve the configuration and moved everything to the sites-available instead of conf-available in Apache, I know I could just use kopano-kwebd instead but I’m trying to learn how to do that with both

    The error I got now is

    kwm.js:5475 WebSocket connection to 'wss://mail.myserver.com/api/kwm/v2/rtm/websocket/WfUFL5pZhF2BAxFEuL1VVWevuVOmMgyf' failed: Error during WebSocket handshake: Invalid status line
    

    The apache config rn is

    <VirtualHost *:80>
        ServerName mail.myserver.com
        RewriteEngine On
        RewriteCond %{HTTP:Connection} Upgrade [NC]
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteRule /api/kwm/v2/rtm/websocket/(.*) ws://localhost:8778/api/kwm/v2/rtm/websocket/$1 [P,L]
    </VirtualHost>
    <VirtualHost *:443>
        ServerName mail.myserver.com
        SSLProxyEngine On
        SSLProxyVerify None
        SSLProxyCheckPeerCN Off
        SSLProxyCheckPeerName Off
        ProxyPreserveHost On
        RewriteEngine On
        Include /etc/apache2/ssl.conf
        RedirectMatch ^/$ /webapp
        Alias /webapp /usr/share/kopano-webapp
        Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php
        <IfModule mod_alias.c>
           AliasMatch (?i)/Autodiscover/Autodiscover.xml "/usr/share/z-push/autodiscover/autodiscover.php"
        </IfModule>
        Alias /meet /usr/share/kopano-meet/meet-webapp
        Alias /meet/service-worker.js /usr/share/webapps/kopano-meet/service-worker.js
        Alias /api/config/v1/kopano/meet/config.json /usr/share/doc/kopano-meet-webapp/config.json.in
        ProxyPass /api/gc/ http://localhost:8039/api/gc/ retry=0
        ProxyPass /api/pubs/ http://localhost:8039/api/pubs/ retry=0
        ProxyPass /api/v1/websocket/ http://localhost:8039/api/v1/websocket/ retry=0
        ProxyPass /api/v1/ http://localhost:8039/api/v1/ retry=0
        ProxyPass /api/v1/rtm.connect/ http://localhost:8039/api/v1/rtm.connect/ retry=0
        ProxyPass /api/v1/rtm.turn/ http://localhost:8039/api/v1/rtm.turn/ retry=0
        ProxyPass /api/kvs http://localhost:8039/api/kvs retry=0
        ProxyPass /api/kvs/v1/ http://localhost:8778/api/kvs/v1/ retry=0
        RewriteCond %{HTTP:Connection} Upgrade [NC]
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteRule /api/kwm/v2/rtm/websocket/(.*) wss://localhost:8778/api/kwm/v2/rtm/websocket/$1 [P,L]
        ProxyPass /api/kwm/v2/ http://localhost:8778/api/kwm/v2/ retry=0
        ProxyPass /.well-known/openid-configuration http://localhost:8777/.well-known/openid-configuration retry=0
        ProxyPass /konnect/v1/jwks.json http://localhost:8777/konnect/v1/jwks.json retry=0
        ProxyPass /konnect/v1/token http://localhost:8777/konnect/v1/token retry=0
        ProxyPass /konnect/v1/userinfo http://localhost:8777/konnect/v1/userinfo retry=0
        ProxyPass /konnect/v1/static http://localhost:8777/konnect/v1/static retry=0
        ProxyPass /konnect/v1/session http://localhost:8777/konnect/v1/session retry=0
        ProxyPass /signin/ http://localhost:8777/signin/ retry=0
    </VirtualHost>
    

    I put the wss rule on both 80 and 443 virtualhost

    As you can see I tried to proxy the /rtm/websocket/ instead of what you wrote (I also tried /api/kwm/v2 though) and changed the host port obviously.
    Also tried ws instead of wss and ws

    kwmserverd doesn’t report any log,

    apache log:

    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:06 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:06 +0100] "GET /api/kwm/v2/rtm/websocket/tFtyIeHGnL9Osf9rft_Ve7ExTArkDXMu HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:07 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:07 +0100] "GET /api/kwm/v2/rtm/websocket/hFk6O3uLVnVEsqcHRuTua8NjIYpN6FlQ HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:10 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:10 +0100] "GET /api/kwm/v2/rtm/websocket/3C9vjg4i-WbBRVtNHeOOcZ3ULtvyHCiI HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:18 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:18 +0100] "GET /api/kwm/v2/rtm/websocket/mGoS9fuzAU18BDwoAi3xRebi0rA2e6iU HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:28 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:28 +0100] "GET /api/kwm/v2/rtm/websocket/jeDyIH3E5HSaa8PxISnj4uJ9BDA2aiGY HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:37 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:37 +0100] "GET /api/kwm/v2/rtm/websocket/wSO-utzHd3eWFrzc23WkioUCSxrU84qH HTTP/1.1" 502 5654 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:51 +0100] "GET /signin/v1/identifier/_/authorize?client_id=kpop-https%3A%2F%2Fmail.myserver.com%2Fmeet%2F&redirect_uri=https%3A%2F%2Fmail.myserver.com%2Fmeet%2F%23oidc-silent-refresh&response_type=code&scope=openid%20profile%20email%20kopano%2Fkwm%20kopano%2Fgc%20kopano%2Fkvs&state=8c91c043e96445b09eff56588ed63303&code_challenge=IA0Pk184WprdCBuvTcXZQflJYCCZlYfCMjhuruHdo2o&code_challenge_method=S256&prompt=none&id_token_hint=eyJhbGciOiJQUzI1NiIsImtpZCI6IiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJrcG9wLWh0dHBzOi8vcG9zdGEuZHJlYW1vZmZpY2UuaXQvbWVldC8iLCJleHAiOjE1ODUzMTE1MjcsImlhdCI6MTU4NTMwNzkyNywiaXNzIjoiaHR0cHM6Ly9wb3N0YS5kcmVhbW9mZmljZS5pdCIsInN1YiI6Il9oeXVUYW5xRXhxdU41NFkyYllOQ19OSzVZTHloZjR3bkFrMkJwR0V1WkdSRTZxanlhRjF5Y0tYMHJ2enh2d1Vrb1piSjRKOVFDc3pBY3ZNZE82dE1nQGtvbm5lY3QiLCJhdF9oYXNoIjoiS0thbEVIVmRVa0NTQXJhajM2QTgxUSIsInByZWZlcnJlZF91c2VybmFtZSI6ImRvLWluZm8iLCJzaWQiOiJDcHVPUkpfTmoyMGd1dmpoRklTZXJrSG9BT1Nlc3E5YUVVVkhPdTFidS1JPSJ9.MtPBIC3HKkau6nb-ZBlGHu_SqSFvgdHluj1E3nkv0o41aMRZfzMOZ9l6xyHZcpwipRtz97pHnYkoDcIM3qkx8ZPboCyIoa_GagAE_HtDJtWp9ir1ijwGPtFIDL2sW0cXxyIKCkf1zGv-vXaH-0PcTB2-ek0FVLfPXRvnrn0O-vpFD1vahns_RkBKYBbJbJ3w2IeAOj9v5rs1yZT2rw9uV7LP6HDJK_TEtqwvp0EtIp2LmaAi0SwwJiMXCOeo9Ew-fWU74xsTmzFmKDx_qDhQjzlevvgO1TUV35u5EKkwVz7IMjNr-jnJLWTUCAbvLORxsekFY3FTOTzdhTTms5tRbw&response_mode=query&claims=%7B%22id_token%22%3A%7B%22name%22%3Anull%7D%7D HTTP/1.1" 302 913 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:51 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:51 +0100] "GET /api/kwm/v2/rtm/websocket/aT2djnKPPZX_6Ojj7P8Ngx5EA52N-2r_ HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:00 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:00 +0100] "GET /api/kwm/v2/rtm/websocket/DbPpweNVhgfChH_ZUtmZ8JvNlgi1HTEl HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:23 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:23 +0100] "GET /api/kwm/v2/rtm/websocket/On4o5_0IwfpvGWmFgAQUGi1wv6LnnHwg HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:32 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:32 +0100] "GET /api/kwm/v2/rtm/websocket/GYERwixsr-A7ldS4XjzKQUuiEh3PH6tZ HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKi
    t/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
    

    Manually putting the wss link I got from the kopano webapp to chrome here is what chrome says:

    ERR_DISALLOWED_URL_SCHEME

    It doesn’t look to me like the Proxy is working correctly, am I wrong?

  • Kopano

    @haru said in Kopano Meet - WebSocket the client is not using the websocket protocol:

    wss://localhost:8778

    Looking over your configuration this should be ws:// and not wss://.


  • Hello Felix, I tried with both

    Anyway I ended up using kopano-kwebd

    The only thing I do not quite understand is how the TURN server has to be set up, I tried COTURN but every connection kwmserverd says

    kopano-kwmserverd[1916]: level=error msg="rtm connect TURN config failed" error="invalid character '<' looking for beginning of value"  manager=rtm
    

    Turn server log

    332: HTTPS connection has been disabled due Vulnerability in the Web interface !!!
    332: session 000000000000000010: client socket to be closed in client handler: ss=0x7f5640004ac0
    332: session 000000000000000010: closed (2nd stage), user <> realm <mail.myserver.com> origin <>, local 172.16.3.52:3478, remote 172.16.3.24:2276, reason: general
    332: HTTPS connection has been disabled due Vulnerability in the Web interface !!!
    

    What TURN server do you recommend?

    Thanks

  • Kopano

    CoTurn is what we use as well, but setting up a turn server can be difficult. This is the reason why we are hosting such a service for your customers. You can request access at https://portal.kopano.com/content/turn-server-access-request.

    If you want to run your own turn, then I’d recommend reaching out to the Kopano support for assistance.

  • Kopano

    @haru said in Kopano Meet - WebSocket the client is not using the websocket protocol:

    The only thing I do not quite understand is how the TURN server has to be set up, I tried COTURN but every connection kwmserverd says

    kopano-kwmserverd[1916]: level=error msg="rtm connect TURN config failed" error="invalid character '<' looking for beginning of value"  manager=rtm
    

    This seems strange. I guess you have uses the --turn-service-url to point it somewhere which does not serve the right API (Kopano TURN service API). Maybe you have pointed it to your TURN server? If so, this is wrong. Use the shared secret TURN based integration if you use your own TURN server.

    I am not aware that we have published a server implementation of the TURN service API as of now. It is not very complicated to make one your own though (web service, protected by HTTP basic auth, returning JSON which can be decoded into https://stash.kopano.io/projects/KWM/repos/kwmserver/browse/turn/serverauth.go#33-38).


  • Thanks for the answers

    Anyway @longsleep I’m trying to figure out how COTURN works by myself, looks like there are at least two authentication methods which are not compatible each other, I read it’s something about namespace conflicts which COTURN doesn’t tell you in the documentation (found that in their forum) so that would not have worked at the first place

    Do you think I could do what you said using Apache?

    Also I would like to ask a question, is there anything planned to integrate Meet in the Kopano Webapp?

    Something like the old Web meetings plugin which lets you also plan web meetings from the calendar, if so, could I ask when?

  • Kopano

    Hi @haru,

    just to run Meet with your own turn server the auth service mentioned by @longsleep is not neccesary. What you need to configure are the following two settings: https://stash.kopano.io/projects/KWM/repos/kwmserver/browse/scripts/kwmserverd.cfg#74-83

    For the uri part its important that you actually specify a uri (which is something people seems to be struggling with). You can find examples of valid uris at https://tools.ietf.org/html/rfc7065#appendix-A.