Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Kopano Meet - WebSocket the client is not using the websocket protocol

    Kopano Meet & WebMeetings
    3
    9
    791
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • haru
      haru last edited by

      Hello!

      I’m trying to set up my first Kopano Meet application in my kopano groupware server, this is the current setup:

      Server:
      Virtualized KVM
      OS: Debian 9
      Kopano groupware version: 8.7.9
      Web server: Apache 2.4.25
      Hostname (fake one): mail.mytestserver.com
      Client: Google Chrome
      DNS server: An internal corporation domain controller which has the record for the server
      RAM: 4GB
      CPU: 2 cores
      This server is just for testing and that’s why only has 4GB’s and two cores

      All the kopano services are in one single server, those are the currently configured services:

      kopano-search                                                                
      kopano-server
      kopano-spooler
      kopano-kwmserverd
      kopano-monitor
      kopano-dagent                    
      kopano-gateway
      kopano-grapi
      kopano-ical
      kopano-kapid
      kopano-konnectd
      

      I made a reverse proxy config for all of the services using Apache, here is the configuration (Excluding the default for the webapp)

      It took me a lot of time just to make it work, mainly because of the openauth id
      The overall configuration is pretty much ugly and I’m sure there is something wrong with it (I swear it started to be pretty much decent, then ended up like this during the troubleshooting)

      I took a look at both the documentation and the forum for the issues I encountered since now, but I’m stuck here

      /sites-enabled/kopano.conf

      <VirtualHost *:80>
           ServerName mail.mytestserver.com
      </VirtualHost>
      <VirtualHost *:443>
          ServerName mail.mytestserver.com
          SSLProxyEngine On
          SSLProxyVerify None
          SSLProxyCheckPeerCN Off
          SSLProxyCheckPeerName Off
          Include /etc/apache2/ssl.conf
          RedirectMatch ^/$ /webapp
          Alias /webapp /usr/share/kopano-webapp
          Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php
          <IfModule mod_alias.c>
             AliasMatch (?i)/Autodiscover/Autodiscover.xml "/usr/share/z-push/autodiscover/autodiscover.php"
          </IfModule>
          Alias /meet /usr/share/kopano-meet/meet-webapp
          Alias /meet/service-worker.js /usr/share/webapps/kopano-meet/service-worker.js
          Alias /api/config/v1/kopano/meet/config.json /usr/share/doc/kopano-meet-webapp/config.json.in
      </VirtualHost>
      

      The main proxy configuration are in two files in conf-enabled
      I spent two hours just for finding out the single string I was missing (ProxyPreserveHost On)

      kopano-api.conf

      RewriteEngine Off
      ProxyPass /api/gc/ http://localhost:8039/api/gc/ retry=0
      ProxyPass /api/pubs/ http://localhost:8039/api/pubs/ retry=0
      ProxyPass /api/v1/websocket/ http://localhost:8039/api/v1/websocket/ retry=0
      ProxyPass /api/v1/ http://localhost:8039/api/v1/ retry=0
      ProxyPass /api/v1/rtm.connect/ http://localhost:8039/api/v1/rtm.connect/ retry=0
      ProxyPass /api/v1/rtm.turn/ http://localhost:8039/api/v1/rtm.turn/ retry=0
      ProxyPass /api/kvs http://localhost:8039/api/kvs retry=0
      ProxyPass /api/kwm/v2/ http://localhost:8778/api/kwm/v2/ retry=0
      ProxyPass /api/kvs/v1/ http://localhost:8778/api/kvs/v1/ retry=0
      

      kopano-konnect.conf

      ProxyPass /.well-known/openid-configuration http://localhost:8777/.well-known/openid-configuration retry=0
      ProxyPass /konnect/v1/jwks.json http://localhost:8777/konnect/v1/jwks.json retry=0
      ProxyPassReverse /konnect/v1/jwks.json http://localhost:8777/konnect/v1/jwks.json
      ProxyPass /konnect/v1/token http://localhost:8777/konnect/v1/token retry=0
      ProxyPassReverse /konnect/v1/token http://localhost:8777/konnect/v1/token
      ProxyPass /konnect/v1/userinfo http://localhost:8777/konnect/v1/userinfo retry=0
      ProxyPassReverse /konnect/v1/userinfo http://localhost:8777/konnect/v1/userinfo
      ProxyPass /konnect/v1/static http://localhost:8777/konnect/v1/static retry=0
      ProxyPassReverse /konnect/v1/static http://localhost:8777/konnect/v1/static
      ProxyPass /konnect/v1/session http://localhost:8777/konnect/v1/session retry=0
      ProxyPreserveHost On
      ProxyPass /signin/ http://localhost:8777/signin/ retry=0
      ProxyPassReverse /signin/ http://localhost:8777/signin/
      

      I got a valid SSL certificate made with letsencrypt, mail.mytestserver.com
      the OID is mail.mytestserver.com, configured as https://mail.mytestserver.com

      The error I get (from chrome) is
      Annotazione 2020-03-26 191313.jpg
      Yay for my paint skills!
      Annotazione 2020-03-26 191331.jpg

      The log from kopano-kwmserverd

      mar 26 18:52:30 do-mail01 systemd[1]: Started Kopano KWM Server.
      mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=info msg="serve start"
      mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=info msg="using external TURN service: https://turnauth.kopano.com/turnserverauth/"
      mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=warning msg="insecure mode, TLS client connections are susceptible to man-in-the-middle attacks"
      mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=debug msg="http2 client support is disabled (insecure mode)"
      mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=info msg="serve started"
      mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=debug msg="OIDC provider initialized" iss="https://mail.mytestserver.com"
      mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=warning msg="admin: using random admin tokens singing key - API endpoint admin disabled"
      mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=info msg="rtm: API endpoint enabled"
      mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=info msg="starting http listener" listenAddr="127.0.0.1:8778"
      mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=info msg="ready to handle requests"
      mar 26 18:55:27 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:55:29 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:55:32 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:55:40 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:55:57 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:56:19 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:56:20 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:56:23 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:56:31 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:56:48 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:57:19 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:57:30 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:58:01 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:58:33 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:59:05 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 18:59:31 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 19:00:02 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 19:02:32 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 19:02:33 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 19:02:37 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 19:02:46 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 19:03:05 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      mar 26 19:03:37 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
      

      First of all, I know I’m not using a TURN server, but I read this is not necessary as long it’s internal.
      It should work anyway, right?

      Thanks for the help!

      fbartels 1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @haru last edited by

        Hi @haru,

        @haru said in Kopano Meet - WebSocket the client is not using the websocket protocol:

        First of all, I know I’m not using a TURN server, but I read this is not necessary as long it’s internal.
        It should work anyway, right?

        Yes, opening Meet will work regardless if you have a turn service configured or not. Turn will only make a difference once you start video meetings inside of Meet.

        One other thing first. Kopano Web is the recommended webserver for installation. It provides you with an out of the box secure installation for Meet and all its components and has an option to proxy request to old applications (such as WebApp and Z-Push) to another webserver such as Apache or Nginx.

        What you’re missing in your current configuration is an upgrade of the connection to kwmserver to a websocket connection. Something like the following should work:

        RewriteCond %{HTTP:Connection} Upgrade [NC]
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteRule /api/kwm/v2/(.*) ws://localhost:2015/api/kwm/v2/$1 [P,L]
        
        ProxyPass /api/kwm/v2/ http://localhost:2015/api/kwm/v2/ retry=0
        

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        haru 1 Reply Last reply Reply Quote 0
        • haru
          haru @fbartels last edited by

          @fbartels Hello Felix, thanks for the answer.

          Today I tried to improve the configuration and moved everything to the sites-available instead of conf-available in Apache, I know I could just use kopano-kwebd instead but I’m trying to learn how to do that with both

          The error I got now is

          kwm.js:5475 WebSocket connection to 'wss://mail.myserver.com/api/kwm/v2/rtm/websocket/WfUFL5pZhF2BAxFEuL1VVWevuVOmMgyf' failed: Error during WebSocket handshake: Invalid status line
          

          The apache config rn is

          <VirtualHost *:80>
              ServerName mail.myserver.com
              RewriteEngine On
              RewriteCond %{HTTP:Connection} Upgrade [NC]
              RewriteCond %{HTTP:Upgrade} websocket [NC]
              RewriteRule /api/kwm/v2/rtm/websocket/(.*) ws://localhost:8778/api/kwm/v2/rtm/websocket/$1 [P,L]
          </VirtualHost>
          <VirtualHost *:443>
              ServerName mail.myserver.com
              SSLProxyEngine On
              SSLProxyVerify None
              SSLProxyCheckPeerCN Off
              SSLProxyCheckPeerName Off
              ProxyPreserveHost On
              RewriteEngine On
              Include /etc/apache2/ssl.conf
              RedirectMatch ^/$ /webapp
              Alias /webapp /usr/share/kopano-webapp
              Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php
              <IfModule mod_alias.c>
                 AliasMatch (?i)/Autodiscover/Autodiscover.xml "/usr/share/z-push/autodiscover/autodiscover.php"
              </IfModule>
              Alias /meet /usr/share/kopano-meet/meet-webapp
              Alias /meet/service-worker.js /usr/share/webapps/kopano-meet/service-worker.js
              Alias /api/config/v1/kopano/meet/config.json /usr/share/doc/kopano-meet-webapp/config.json.in
              ProxyPass /api/gc/ http://localhost:8039/api/gc/ retry=0
              ProxyPass /api/pubs/ http://localhost:8039/api/pubs/ retry=0
              ProxyPass /api/v1/websocket/ http://localhost:8039/api/v1/websocket/ retry=0
              ProxyPass /api/v1/ http://localhost:8039/api/v1/ retry=0
              ProxyPass /api/v1/rtm.connect/ http://localhost:8039/api/v1/rtm.connect/ retry=0
              ProxyPass /api/v1/rtm.turn/ http://localhost:8039/api/v1/rtm.turn/ retry=0
              ProxyPass /api/kvs http://localhost:8039/api/kvs retry=0
              ProxyPass /api/kvs/v1/ http://localhost:8778/api/kvs/v1/ retry=0
              RewriteCond %{HTTP:Connection} Upgrade [NC]
              RewriteCond %{HTTP:Upgrade} websocket [NC]
              RewriteRule /api/kwm/v2/rtm/websocket/(.*) wss://localhost:8778/api/kwm/v2/rtm/websocket/$1 [P,L]
              ProxyPass /api/kwm/v2/ http://localhost:8778/api/kwm/v2/ retry=0
              ProxyPass /.well-known/openid-configuration http://localhost:8777/.well-known/openid-configuration retry=0
              ProxyPass /konnect/v1/jwks.json http://localhost:8777/konnect/v1/jwks.json retry=0
              ProxyPass /konnect/v1/token http://localhost:8777/konnect/v1/token retry=0
              ProxyPass /konnect/v1/userinfo http://localhost:8777/konnect/v1/userinfo retry=0
              ProxyPass /konnect/v1/static http://localhost:8777/konnect/v1/static retry=0
              ProxyPass /konnect/v1/session http://localhost:8777/konnect/v1/session retry=0
              ProxyPass /signin/ http://localhost:8777/signin/ retry=0
          </VirtualHost>
          

          I put the wss rule on both 80 and 443 virtualhost

          As you can see I tried to proxy the /rtm/websocket/ instead of what you wrote (I also tried /api/kwm/v2 though) and changed the host port obviously.
          Also tried ws instead of wss and ws

          kwmserverd doesn’t report any log,

          apache log:

          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:06 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:06 +0100] "GET /api/kwm/v2/rtm/websocket/tFtyIeHGnL9Osf9rft_Ve7ExTArkDXMu HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:07 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:07 +0100] "GET /api/kwm/v2/rtm/websocket/hFk6O3uLVnVEsqcHRuTua8NjIYpN6FlQ HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:10 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:10 +0100] "GET /api/kwm/v2/rtm/websocket/3C9vjg4i-WbBRVtNHeOOcZ3ULtvyHCiI HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:18 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:18 +0100] "GET /api/kwm/v2/rtm/websocket/mGoS9fuzAU18BDwoAi3xRebi0rA2e6iU HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:28 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:28 +0100] "GET /api/kwm/v2/rtm/websocket/jeDyIH3E5HSaa8PxISnj4uJ9BDA2aiGY HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:37 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:37 +0100] "GET /api/kwm/v2/rtm/websocket/wSO-utzHd3eWFrzc23WkioUCSxrU84qH HTTP/1.1" 502 5654 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:51 +0100] "GET /signin/v1/identifier/_/authorize?client_id=kpop-https%3A%2F%2Fmail.myserver.com%2Fmeet%2F&redirect_uri=https%3A%2F%2Fmail.myserver.com%2Fmeet%2F%23oidc-silent-refresh&response_type=code&scope=openid%20profile%20email%20kopano%2Fkwm%20kopano%2Fgc%20kopano%2Fkvs&state=8c91c043e96445b09eff56588ed63303&code_challenge=IA0Pk184WprdCBuvTcXZQflJYCCZlYfCMjhuruHdo2o&code_challenge_method=S256&prompt=none&id_token_hint=eyJhbGciOiJQUzI1NiIsImtpZCI6IiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJrcG9wLWh0dHBzOi8vcG9zdGEuZHJlYW1vZmZpY2UuaXQvbWVldC8iLCJleHAiOjE1ODUzMTE1MjcsImlhdCI6MTU4NTMwNzkyNywiaXNzIjoiaHR0cHM6Ly9wb3N0YS5kcmVhbW9mZmljZS5pdCIsInN1YiI6Il9oeXVUYW5xRXhxdU41NFkyYllOQ19OSzVZTHloZjR3bkFrMkJwR0V1WkdSRTZxanlhRjF5Y0tYMHJ2enh2d1Vrb1piSjRKOVFDc3pBY3ZNZE82dE1nQGtvbm5lY3QiLCJhdF9oYXNoIjoiS0thbEVIVmRVa0NTQXJhajM2QTgxUSIsInByZWZlcnJlZF91c2VybmFtZSI6ImRvLWluZm8iLCJzaWQiOiJDcHVPUkpfTmoyMGd1dmpoRklTZXJrSG9BT1Nlc3E5YUVVVkhPdTFidS1JPSJ9.MtPBIC3HKkau6nb-ZBlGHu_SqSFvgdHluj1E3nkv0o41aMRZfzMOZ9l6xyHZcpwipRtz97pHnYkoDcIM3qkx8ZPboCyIoa_GagAE_HtDJtWp9ir1ijwGPtFIDL2sW0cXxyIKCkf1zGv-vXaH-0PcTB2-ek0FVLfPXRvnrn0O-vpFD1vahns_RkBKYBbJbJ3w2IeAOj9v5rs1yZT2rw9uV7LP6HDJK_TEtqwvp0EtIp2LmaAi0SwwJiMXCOeo9Ew-fWU74xsTmzFmKDx_qDhQjzlevvgO1TUV35u5EKkwVz7IMjNr-jnJLWTUCAbvLORxsekFY3FTOTzdhTTms5tRbw&response_mode=query&claims=%7B%22id_token%22%3A%7B%22name%22%3Anull%7D%7D HTTP/1.1" 302 913 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:51 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:51 +0100] "GET /api/kwm/v2/rtm/websocket/aT2djnKPPZX_6Ojj7P8Ngx5EA52N-2r_ HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:00 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:00 +0100] "GET /api/kwm/v2/rtm/websocket/DbPpweNVhgfChH_ZUtmZ8JvNlgi1HTEl HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:23 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:23 +0100] "GET /api/kwm/v2/rtm/websocket/On4o5_0IwfpvGWmFgAQUGi1wv6LnnHwg HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:32 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:32 +0100] "GET /api/kwm/v2/rtm/websocket/GYERwixsr-A7ldS4XjzKQUuiEh3PH6tZ HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKi
          t/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
          

          Manually putting the wss link I got from the kopano webapp to chrome here is what chrome says:

          ERR_DISALLOWED_URL_SCHEME

          It doesn’t look to me like the Proxy is working correctly, am I wrong?

          fbartels 1 Reply Last reply Reply Quote 0
          • fbartels
            fbartels Kopano @haru last edited by

            @haru said in Kopano Meet - WebSocket the client is not using the websocket protocol:

            wss://localhost:8778

            Looking over your configuration this should be ws:// and not wss://.

            Regards Felix

            Resources:
            https://kopano.com/blog/how-to-get-kopano/
            https://documentation.kopano.io/
            https://kb.kopano.io/

            Support overview:
            https://kopano.com/support/

            longsleep 1 Reply Last reply Reply Quote 0
            • haru
              haru last edited by

              Hello Felix, I tried with both

              Anyway I ended up using kopano-kwebd

              The only thing I do not quite understand is how the TURN server has to be set up, I tried COTURN but every connection kwmserverd says

              kopano-kwmserverd[1916]: level=error msg="rtm connect TURN config failed" error="invalid character '<' looking for beginning of value"  manager=rtm
              

              Turn server log

              332: HTTPS connection has been disabled due Vulnerability in the Web interface !!!
              332: session 000000000000000010: client socket to be closed in client handler: ss=0x7f5640004ac0
              332: session 000000000000000010: closed (2nd stage), user <> realm <mail.myserver.com> origin <>, local 172.16.3.52:3478, remote 172.16.3.24:2276, reason: general
              332: HTTPS connection has been disabled due Vulnerability in the Web interface !!!
              

              What TURN server do you recommend?

              Thanks

              fbartels 1 Reply Last reply Reply Quote 0
              • fbartels
                fbartels Kopano @haru last edited by

                CoTurn is what we use as well, but setting up a turn server can be difficult. This is the reason why we are hosting such a service for your customers. You can request access at https://portal.kopano.com/content/turn-server-access-request.

                If you want to run your own turn, then I’d recommend reaching out to the Kopano support for assistance.

                Regards Felix

                Resources:
                https://kopano.com/blog/how-to-get-kopano/
                https://documentation.kopano.io/
                https://kb.kopano.io/

                Support overview:
                https://kopano.com/support/

                1 Reply Last reply Reply Quote 0
                • longsleep
                  longsleep Kopano @fbartels last edited by

                  @haru said in Kopano Meet - WebSocket the client is not using the websocket protocol:

                  The only thing I do not quite understand is how the TURN server has to be set up, I tried COTURN but every connection kwmserverd says

                  kopano-kwmserverd[1916]: level=error msg="rtm connect TURN config failed" error="invalid character '<' looking for beginning of value"  manager=rtm
                  

                  This seems strange. I guess you have uses the --turn-service-url to point it somewhere which does not serve the right API (Kopano TURN service API). Maybe you have pointed it to your TURN server? If so, this is wrong. Use the shared secret TURN based integration if you use your own TURN server.

                  I am not aware that we have published a server implementation of the TURN service API as of now. It is not very complicated to make one your own though (web service, protected by HTTP basic auth, returning JSON which can be decoded into https://stash.kopano.io/projects/KWM/repos/kwmserver/browse/turn/serverauth.go#33-38).

                  1 Reply Last reply Reply Quote 0
                  • haru
                    haru last edited by

                    Thanks for the answers

                    Anyway @longsleep I’m trying to figure out how COTURN works by myself, looks like there are at least two authentication methods which are not compatible each other, I read it’s something about namespace conflicts which COTURN doesn’t tell you in the documentation (found that in their forum) so that would not have worked at the first place

                    Do you think I could do what you said using Apache?

                    Also I would like to ask a question, is there anything planned to integrate Meet in the Kopano Webapp?

                    Something like the old Web meetings plugin which lets you also plan web meetings from the calendar, if so, could I ask when?

                    fbartels 1 Reply Last reply Reply Quote 0
                    • fbartels
                      fbartels Kopano @haru last edited by

                      Hi @haru,

                      just to run Meet with your own turn server the auth service mentioned by @longsleep is not neccesary. What you need to configure are the following two settings: https://stash.kopano.io/projects/KWM/repos/kwmserver/browse/scripts/kwmserverd.cfg#74-83

                      For the uri part its important that you actually specify a uri (which is something people seems to be struggling with). You can find examples of valid uris at https://tools.ietf.org/html/rfc7065#appendix-A.

                      Regards Felix

                      Resources:
                      https://kopano.com/blog/how-to-get-kopano/
                      https://documentation.kopano.io/
                      https://kb.kopano.io/

                      Support overview:
                      https://kopano.com/support/

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post