Kopano Meet - WebSocket the client is not using the websocket protocol

haru

Hello!

I’m trying to set up my first Kopano Meet application in my kopano groupware server, this is the current setup:

Server:
Virtualized KVM
OS: Debian 9
Kopano groupware version: 8.7.9
Web server: Apache 2.4.25
Hostname (fake one): mail.mytestserver.com
Client: Google Chrome
DNS server: An internal corporation domain controller which has the record for the server
RAM: 4GB
CPU: 2 cores
This server is just for testing and that’s why only has 4GB’s and two cores

All the kopano services are in one single server, those are the currently configured services:

kopano-search                                                                
kopano-server
kopano-spooler
kopano-kwmserverd
kopano-monitor
kopano-dagent                    
kopano-gateway
kopano-grapi
kopano-ical
kopano-kapid
kopano-konnectd

I made a reverse proxy config for all of the services using Apache, here is the configuration (Excluding the default for the webapp)

It took me a lot of time just to make it work, mainly because of the openauth id
The overall configuration is pretty much ugly and I’m sure there is something wrong with it (I swear it started to be pretty much decent, then ended up like this during the troubleshooting)

I took a look at both the documentation and the forum for the issues I encountered since now, but I’m stuck here

/sites-enabled/kopano.conf

<VirtualHost *:80>
     ServerName mail.mytestserver.com
</VirtualHost>
<VirtualHost *:443>
    ServerName mail.mytestserver.com
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    Include /etc/apache2/ssl.conf
    RedirectMatch ^/$ /webapp
    Alias /webapp /usr/share/kopano-webapp
    Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php
    <IfModule mod_alias.c>
       AliasMatch (?i)/Autodiscover/Autodiscover.xml "/usr/share/z-push/autodiscover/autodiscover.php"
    </IfModule>
    Alias /meet /usr/share/kopano-meet/meet-webapp
    Alias /meet/service-worker.js /usr/share/webapps/kopano-meet/service-worker.js
    Alias /api/config/v1/kopano/meet/config.json /usr/share/doc/kopano-meet-webapp/config.json.in
</VirtualHost>

The main proxy configuration are in two files in conf-enabled
I spent two hours just for finding out the single string I was missing (ProxyPreserveHost On)

kopano-api.conf

RewriteEngine Off
ProxyPass /api/gc/ http://localhost:8039/api/gc/ retry=0
ProxyPass /api/pubs/ http://localhost:8039/api/pubs/ retry=0
ProxyPass /api/v1/websocket/ http://localhost:8039/api/v1/websocket/ retry=0
ProxyPass /api/v1/ http://localhost:8039/api/v1/ retry=0
ProxyPass /api/v1/rtm.connect/ http://localhost:8039/api/v1/rtm.connect/ retry=0
ProxyPass /api/v1/rtm.turn/ http://localhost:8039/api/v1/rtm.turn/ retry=0
ProxyPass /api/kvs http://localhost:8039/api/kvs retry=0
ProxyPass /api/kwm/v2/ http://localhost:8778/api/kwm/v2/ retry=0
ProxyPass /api/kvs/v1/ http://localhost:8778/api/kvs/v1/ retry=0

kopano-konnect.conf

ProxyPass /.well-known/openid-configuration http://localhost:8777/.well-known/openid-configuration retry=0
ProxyPass /konnect/v1/jwks.json http://localhost:8777/konnect/v1/jwks.json retry=0
ProxyPassReverse /konnect/v1/jwks.json http://localhost:8777/konnect/v1/jwks.json
ProxyPass /konnect/v1/token http://localhost:8777/konnect/v1/token retry=0
ProxyPassReverse /konnect/v1/token http://localhost:8777/konnect/v1/token
ProxyPass /konnect/v1/userinfo http://localhost:8777/konnect/v1/userinfo retry=0
ProxyPassReverse /konnect/v1/userinfo http://localhost:8777/konnect/v1/userinfo
ProxyPass /konnect/v1/static http://localhost:8777/konnect/v1/static retry=0
ProxyPassReverse /konnect/v1/static http://localhost:8777/konnect/v1/static
ProxyPass /konnect/v1/session http://localhost:8777/konnect/v1/session retry=0
ProxyPreserveHost On
ProxyPass /signin/ http://localhost:8777/signin/ retry=0
ProxyPassReverse /signin/ http://localhost:8777/signin/

I got a valid SSL certificate made with letsencrypt, mail.mytestserver.com
the OID is mail.mytestserver.com, configured as https://mail.mytestserver.com

The error I get (from chrome) is
Annotazione 2020-03-26 191313.jpg
Yay for my paint skills!
Annotazione 2020-03-26 191331.jpg

The log from kopano-kwmserverd

mar 26 18:52:30 do-mail01 systemd[1]: Started Kopano KWM Server.
mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=info msg="serve start"
mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=info msg="using external TURN service: https://turnauth.kopano.com/turnserverauth/"
mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=warning msg="insecure mode, TLS client connections are susceptible to man-in-the-middle attacks"
mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=debug msg="http2 client support is disabled (insecure mode)"
mar 26 18:52:30 do-mail01 kopano-kwmserverd[802]: level=info msg="serve started"
mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=debug msg="OIDC provider initialized" iss="https://mail.mytestserver.com"
mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=warning msg="admin: using random admin tokens singing key - API endpoint admin disabled"
mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=info msg="rtm: API endpoint enabled"
mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=info msg="starting http listener" listenAddr="127.0.0.1:8778"
mar 26 18:52:34 do-mail01 kopano-kwmserverd[802]: level=info msg="ready to handle requests"
mar 26 18:55:27 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:55:29 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:55:32 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:55:40 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:55:57 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:56:19 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:56:20 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:56:23 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:56:31 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:56:48 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:57:19 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:57:30 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:58:01 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:58:33 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:59:05 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 18:59:31 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 19:00:02 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 19:02:32 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 19:02:33 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 19:02:37 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 19:02:46 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 19:03:05 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"
mar 26 19:03:37 do-mail01 kopano-kwmserverd[802]: level=debug msg="websocket handshake error" error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header"

First of all, I know I’m not using a TURN server, but I read this is not necessary as long it’s internal.
It should work anyway, right?

Thanks for the help!

fbartels

Hi @haru,

@haru said in Kopano Meet - WebSocket the client is not using the websocket protocol:

First of all, I know I’m not using a TURN server, but I read this is not necessary as long it’s internal.
It should work anyway, right?

Yes, opening Meet will work regardless if you have a turn service configured or not. Turn will only make a difference once you start video meetings inside of Meet.

One other thing first. Kopano Web is the recommended webserver for installation. It provides you with an out of the box secure installation for Meet and all its components and has an option to proxy request to old applications (such as WebApp and Z-Push) to another webserver such as Apache or Nginx.

What you’re missing in your current configuration is an upgrade of the connection to kwmserver to a websocket connection. Something like the following should work:

RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /api/kwm/v2/(.*) ws://localhost:2015/api/kwm/v2/$1 [P,L]

ProxyPass /api/kwm/v2/ http://localhost:2015/api/kwm/v2/ retry=0

haru

@fbartels Hello Felix, thanks for the answer.

Today I tried to improve the configuration and moved everything to the sites-available instead of conf-available in Apache, I know I could just use kopano-kwebd instead but I’m trying to learn how to do that with both

The error I got now is

kwm.js:5475 WebSocket connection to 'wss://mail.myserver.com/api/kwm/v2/rtm/websocket/WfUFL5pZhF2BAxFEuL1VVWevuVOmMgyf' failed: Error during WebSocket handshake: Invalid status line

The apache config rn is

<VirtualHost *:80>
    ServerName mail.myserver.com
    RewriteEngine On
    RewriteCond %{HTTP:Connection} Upgrade [NC]
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteRule /api/kwm/v2/rtm/websocket/(.*) ws://localhost:8778/api/kwm/v2/rtm/websocket/$1 [P,L]
</VirtualHost>
<VirtualHost *:443>
    ServerName mail.myserver.com
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    ProxyPreserveHost On
    RewriteEngine On
    Include /etc/apache2/ssl.conf
    RedirectMatch ^/$ /webapp
    Alias /webapp /usr/share/kopano-webapp
    Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php
    <IfModule mod_alias.c>
       AliasMatch (?i)/Autodiscover/Autodiscover.xml "/usr/share/z-push/autodiscover/autodiscover.php"
    </IfModule>
    Alias /meet /usr/share/kopano-meet/meet-webapp
    Alias /meet/service-worker.js /usr/share/webapps/kopano-meet/service-worker.js
    Alias /api/config/v1/kopano/meet/config.json /usr/share/doc/kopano-meet-webapp/config.json.in
    ProxyPass /api/gc/ http://localhost:8039/api/gc/ retry=0
    ProxyPass /api/pubs/ http://localhost:8039/api/pubs/ retry=0
    ProxyPass /api/v1/websocket/ http://localhost:8039/api/v1/websocket/ retry=0
    ProxyPass /api/v1/ http://localhost:8039/api/v1/ retry=0
    ProxyPass /api/v1/rtm.connect/ http://localhost:8039/api/v1/rtm.connect/ retry=0
    ProxyPass /api/v1/rtm.turn/ http://localhost:8039/api/v1/rtm.turn/ retry=0
    ProxyPass /api/kvs http://localhost:8039/api/kvs retry=0
    ProxyPass /api/kvs/v1/ http://localhost:8778/api/kvs/v1/ retry=0
    RewriteCond %{HTTP:Connection} Upgrade [NC]
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteRule /api/kwm/v2/rtm/websocket/(.*) wss://localhost:8778/api/kwm/v2/rtm/websocket/$1 [P,L]
    ProxyPass /api/kwm/v2/ http://localhost:8778/api/kwm/v2/ retry=0
    ProxyPass /.well-known/openid-configuration http://localhost:8777/.well-known/openid-configuration retry=0
    ProxyPass /konnect/v1/jwks.json http://localhost:8777/konnect/v1/jwks.json retry=0
    ProxyPass /konnect/v1/token http://localhost:8777/konnect/v1/token retry=0
    ProxyPass /konnect/v1/userinfo http://localhost:8777/konnect/v1/userinfo retry=0
    ProxyPass /konnect/v1/static http://localhost:8777/konnect/v1/static retry=0
    ProxyPass /konnect/v1/session http://localhost:8777/konnect/v1/session retry=0
    ProxyPass /signin/ http://localhost:8777/signin/ retry=0
</VirtualHost>

I put the wss rule on both 80 and 443 virtualhost

As you can see I tried to proxy the /rtm/websocket/ instead of what you wrote (I also tried /api/kwm/v2 though) and changed the host port obviously.
Also tried ws instead of wss and ws

kwmserverd doesn’t report any log,

apache log:

mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:06 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:06 +0100] "GET /api/kwm/v2/rtm/websocket/tFtyIeHGnL9Osf9rft_Ve7ExTArkDXMu HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:07 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:07 +0100] "GET /api/kwm/v2/rtm/websocket/hFk6O3uLVnVEsqcHRuTua8NjIYpN6FlQ HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:10 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:10 +0100] "GET /api/kwm/v2/rtm/websocket/3C9vjg4i-WbBRVtNHeOOcZ3ULtvyHCiI HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:18 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:18 +0100] "GET /api/kwm/v2/rtm/websocket/mGoS9fuzAU18BDwoAi3xRebi0rA2e6iU HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:28 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:28 +0100] "GET /api/kwm/v2/rtm/websocket/jeDyIH3E5HSaa8PxISnj4uJ9BDA2aiGY HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:37 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:37 +0100] "GET /api/kwm/v2/rtm/websocket/wSO-utzHd3eWFrzc23WkioUCSxrU84qH HTTP/1.1" 502 5654 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:51 +0100] "GET /signin/v1/identifier/_/authorize?client_id=kpop-https%3A%2F%2Fmail.myserver.com%2Fmeet%2F&redirect_uri=https%3A%2F%2Fmail.myserver.com%2Fmeet%2F%23oidc-silent-refresh&response_type=code&scope=openid%20profile%20email%20kopano%2Fkwm%20kopano%2Fgc%20kopano%2Fkvs&state=8c91c043e96445b09eff56588ed63303&code_challenge=IA0Pk184WprdCBuvTcXZQflJYCCZlYfCMjhuruHdo2o&code_challenge_method=S256&prompt=none&id_token_hint=eyJhbGciOiJQUzI1NiIsImtpZCI6IiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJrcG9wLWh0dHBzOi8vcG9zdGEuZHJlYW1vZmZpY2UuaXQvbWVldC8iLCJleHAiOjE1ODUzMTE1MjcsImlhdCI6MTU4NTMwNzkyNywiaXNzIjoiaHR0cHM6Ly9wb3N0YS5kcmVhbW9mZmljZS5pdCIsInN1YiI6Il9oeXVUYW5xRXhxdU41NFkyYllOQ19OSzVZTHloZjR3bkFrMkJwR0V1WkdSRTZxanlhRjF5Y0tYMHJ2enh2d1Vrb1piSjRKOVFDc3pBY3ZNZE82dE1nQGtvbm5lY3QiLCJhdF9oYXNoIjoiS0thbEVIVmRVa0NTQXJhajM2QTgxUSIsInByZWZlcnJlZF91c2VybmFtZSI6ImRvLWluZm8iLCJzaWQiOiJDcHVPUkpfTmoyMGd1dmpoRklTZXJrSG9BT1Nlc3E5YUVVVkhPdTFidS1JPSJ9.MtPBIC3HKkau6nb-ZBlGHu_SqSFvgdHluj1E3nkv0o41aMRZfzMOZ9l6xyHZcpwipRtz97pHnYkoDcIM3qkx8ZPboCyIoa_GagAE_HtDJtWp9ir1ijwGPtFIDL2sW0cXxyIKCkf1zGv-vXaH-0PcTB2-ek0FVLfPXRvnrn0O-vpFD1vahns_RkBKYBbJbJ3w2IeAOj9v5rs1yZT2rw9uV7LP6HDJK_TEtqwvp0EtIp2LmaAi0SwwJiMXCOeo9Ew-fWU74xsTmzFmKDx_qDhQjzlevvgO1TUV35u5EKkwVz7IMjNr-jnJLWTUCAbvLORxsekFY3FTOTzdhTTms5tRbw&response_mode=query&claims=%7B%22id_token%22%3A%7B%22name%22%3Anull%7D%7D HTTP/1.1" 302 913 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:51 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:20:51 +0100] "GET /api/kwm/v2/rtm/websocket/aT2djnKPPZX_6Ojj7P8Ngx5EA52N-2r_ HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:00 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:00 +0100] "GET /api/kwm/v2/rtm/websocket/DbPpweNVhgfChH_ZUtmZ8JvNlgi1HTEl HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:23 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:23 +0100] "GET /api/kwm/v2/rtm/websocket/On4o5_0IwfpvGWmFgAQUGi1wv6LnnHwg HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:32 +0100] "POST /api/kwm/v2/rtm/connect HTTP/1.1" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
mail.myserver.com:443 172.16.3.24 - - [27/Mar/2020:12:21:32 +0100] "GET /api/kwm/v2/rtm/websocket/GYERwixsr-A7ldS4XjzKQUuiEh3PH6tZ HTTP/1.1" 502 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKi
t/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"

Manually putting the wss link I got from the kopano webapp to chrome here is what chrome says:

ERR_DISALLOWED_URL_SCHEME

It doesn’t look to me like the Proxy is working correctly, am I wrong?

fbartels

@haru said in Kopano Meet - WebSocket the client is not using the websocket protocol:

wss://localhost:8778

Looking over your configuration this should be ws:// and not wss://.

haru

Hello Felix, I tried with both

Anyway I ended up using kopano-kwebd

The only thing I do not quite understand is how the TURN server has to be set up, I tried COTURN but every connection kwmserverd says

kopano-kwmserverd[1916]: level=error msg="rtm connect TURN config failed" error="invalid character '<' looking for beginning of value"  manager=rtm

Turn server log

332: HTTPS connection has been disabled due Vulnerability in the Web interface !!!
332: session 000000000000000010: client socket to be closed in client handler: ss=0x7f5640004ac0
332: session 000000000000000010: closed (2nd stage), user <> realm <mail.myserver.com> origin <>, local 172.16.3.52:3478, remote 172.16.3.24:2276, reason: general
332: HTTPS connection has been disabled due Vulnerability in the Web interface !!!

What TURN server do you recommend?

Thanks

fbartels

CoTurn is what we use as well, but setting up a turn server can be difficult. This is the reason why we are hosting such a service for your customers. You can request access at https://portal.kopano.com/content/turn-server-access-request.

If you want to run your own turn, then I’d recommend reaching out to the Kopano support for assistance.

longsleep

@haru said in Kopano Meet - WebSocket the client is not using the websocket protocol:

The only thing I do not quite understand is how the TURN server has to be set up, I tried COTURN but every connection kwmserverd says
kopano-kwmserverd[1916]: level=error msg="rtm connect TURN config failed" error="invalid character '<' looking for beginning of value"  manager=rtm

This seems strange. I guess you have uses the --turn-service-url to point it somewhere which does not serve the right API (Kopano TURN service API). Maybe you have pointed it to your TURN server? If so, this is wrong. Use the shared secret TURN based integration if you use your own TURN server.

I am not aware that we have published a server implementation of the TURN service API as of now. It is not very complicated to make one your own though (web service, protected by HTTP basic auth, returning JSON which can be decoded into https://stash.kopano.io/projects/KWM/repos/kwmserver/browse/turn/serverauth.go#33-38).

haru

Thanks for the answers

Anyway @longsleep I’m trying to figure out how COTURN works by myself, looks like there are at least two authentication methods which are not compatible each other, I read it’s something about namespace conflicts which COTURN doesn’t tell you in the documentation (found that in their forum) so that would not have worked at the first place

Do you think I could do what you said using Apache?

Also I would like to ask a question, is there anything planned to integrate Meet in the Kopano Webapp?

Something like the old Web meetings plugin which lets you also plan web meetings from the calendar, if so, could I ask when?

fbartels

Hi @haru,

just to run Meet with your own turn server the auth service mentioned by @longsleep is not neccesary. What you need to configure are the following two settings: https://stash.kopano.io/projects/KWM/repos/kwmserver/browse/scripts/kwmserverd.cfg#74-83

For the uri part its important that you actually specify a uri (which is something people seems to be struggling with). You can find examples of valid uris at https://tools.ietf.org/html/rfc7065#appendix-A.