Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Jitsi web not receiving route behind traefik
See original GitHub issueI’m running jitsi together with workadventure on a single host. Because of this, I’m using traefik (v2.5) as a reverse proxy.
Workadventure works just fine with my setup. However, I can’t get jitsi to work right. When looking at the traefik logs and the dashboard, I can see that the jitsi web container is recognized and its config is found. The appropriate services and routers are created and configured. Still, traefik does not add the route for the jitsi instance, resulting in a 404.
I’m using a modified version of the traefik v2 example in jitsi’s compose file:
version: '3.5'
services:
# Frontend
web:
image: jitsi/web:stable-6173
restart: ${RESTART_POLICY}
# traefik handles the ports?
#ports:
# - '${HTTP_PORT}:80'
# - '${HTTPS_PORT}:443'
volumes:
- ${CONFIG}/web:/config:Z
- ${CONFIG}/web/letsencrypt:/etc/letsencrypt:Z
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
environment:
- [...(nothing changed here)...]
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik.net"
- "traefik.http.routers.jitsiweb.rule=Host(`${HOSTNAME}`)"
- "traefik.http.routers.jitsiweb.entryPoints=web"
- "traefik.http.services.jitsiweb.loadbalancer.server.port=80"
- "traefik.http.services.jitsiweb.loadbalancer.passhostheader=true"
- "traefik.http.routers.jitsiweb-ssl.service=jitsiweb"
- "traefik.http.routers.jitsiweb-ssl.rule=Host(`${HOSTNAME}`)"
- "traefik.http.routers.jitsiweb-ssl.entryPoints=websecure"
- "treafik.http.routers.jitsiweb-ssl.tls=true"
networks:
traefik.net:
meet.jitsi:
aliases:
- ${XMPP_DOMAIN}
# XMPP server
prosody:
image: jitsi/prosody:stable-6173
restart: ${RESTART_POLICY}
#[...]
networks:
meet.jitsi:
aliases:
- ${XMPP_SERVER}
# Focus component
jicofo:
image: jitsi/jicofo:stable-6173
restart: ${RESTART_POLICY}
#[...]
networks:
meet.jitsi:
# Video bridge
jvb:
image: jitsi/jvb:stable-6173
restart: ${RESTART_POLICY}
ports:
- '${JVB_PORT}:${JVB_PORT}/udp'
- '${JVB_TCP_MAPPED_PORT}:${JVB_TCP_PORT}'
#[...]
#labels:
# - "traefik.enable=true"
# - "traefik.udp.routers.jvb.entryPoints=video"
# - "traefik.udp.routers.jvb.service=jvb"
# - "traefik.udp.services.jvb.loadbalancer.server.port=10000"
networks:
traefik.net:
meet.jitsi:
aliases:
- jvb.meet.jitsi
# Custom network so all services can communicate using a FQDN
networks:
meet.jitsi:
traefik.net:
external: true
Jitsi uses this .env file:
#[...(security section omitted)...]
#
# Basic configuration options
#
# Directory where all configuration will be stored
CONFIG=/opt/jitsi-meet-cfg
# Exposed HTTP port
HTTP_PORT=8080
# Exposed HTTPS port
HTTPS_PORT=8443
# System time zone
TZ=Europe/Berlin
# Hostname for traefik
HOSTNAME=meet.my.domain.tld
# Public URL for the web service (required)
PUBLIC_URL=https://meet.my.domain.tld
# IP address of the Docker host
DOCKER_HOST_ADDRESS=10.10.10.10
ENABLE_XMPP_WEBSOCKET=0 # as suggested below
#[...(rest not relevant or not changed)...]
Traefik is set up using the following compose file:
version: "3.5"
services:
reverse-proxy:
image: traefik:latest
command:
- --log.level=${LOG_LEVEL}
#- --api.insecure=true
- --api.dashboard=true
- --providers.docker
- --providers.docker.exposedbydefault=false
- --providers.docker.network=traefik.net
- --providers.file.directory=/configs/
- --entryPoints.web.address=:${HTTP_PORT}
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entryPoints.websecure.address=:${HTTPS_PORT}
#- --entryPoints.video.address=:10000/udp
- --certificatesresolvers.dnsresolver.acme.email=${ACME_EMAIL}
- --certificatesresolvers.dnsresolver.acme.storage=/acme.json
# Let's Encrypt's staging server
# uncomment during testing to avoid rate limiting
#- --certificatesresolvers.dnsresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
# DNS challenge
- --certificatesresolvers.dnsresolver.acme.dnsChallenge.provider=rfc2136
ports:
- ${HTTP_PORT}:80
- ${HTTPS_PORT}:443
# The Web UI (enabled by --api.insecure=true)
#- "8080:8080"
environment:
- LEGO_EXPERIMENTAL_CNAME_SUPPORT
- RFC2136_TSIG_KEY
- RFC2136_TSIG_SECRET
- RFC2136_TSIG_ALGORITHM
- RFC2136_NAMESERVER
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${DATA_DIR}/letsencrypt/acme.json:/acme.json
- ${DATA_DIR}/traefik.yaml:/configs/traefik_tls.yaml
labels:
- "traefik.enable=true"
- "traefik.http.services.traefik.loadbalancer.server.port=888"
- "traefik.http.routers.traefik.rule=Host(`${ADMIN_HOST}`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=dnsresolver"
- "traefik.http.routers.traefik.tls.domains[0].main=${DOMAIN}"
- "traefik.http.routers.traefik.tls.domains[0].sans=*.${DOMAIN}"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=<credentials>."
networks:
traefik.net:
restart: unless-stopped
networks:
traefik.net:
With these variables:
#
# Basic configuration
#
DOMAIN=my.domain.tld
HTTP_PORT=80
HTTPS_PORT=443
DATA_DIR=/opt/traefik-data
ADMIN_HOST=admin.my.domain.tld
LOG_LEVEL=DEBUG
For comparison, here are the labels for one of the workadventure containers which works completely fine:
labels:
- "traefik.enable=true"
- "traefik.http.routers.front.rule=Host(`${FRONT_HOST}`)"
- "traefik.http.routers.front.entryPoints=web"
- "traefik.http.services.front.loadbalancer.server.port=80"
- "traefik.http.routers.front-ssl.rule=Host(`${FRONT_HOST}`)"
- "traefik.http.routers.front-ssl.entryPoints=websecure"
- "traefik.http.routers.front-ssl.service=front"
- "traefik.http.routers.front-ssl.tls=true"
I get the following log output from traefik:
# Config received from docker:
reverse-proxy_1 | time="2021-08-23T14:38:32Z" level=debug msg="Provider event received {Status:start ID:f22b7005a78f01bf1f0e2d6a057a9793566e18f4c75bdb417e4e8a6817953be7 From:jitsi/web:stable-6173 Type:container Action:start Actor:{ID:f22b7005a78f01bf1f0e2d6a057a9793566e18f4c75bdb417e4e8a6817953be7 Attributes:map[com.docker.compose.config-hash:be4ae0d6ace0211c24b773057dd327a520bd9b8710489503a28f996cce7c1c9e com.docker.compose.container-number:1 com.docker.compose.oneoff:False com.docker.compose.project:docker-jitsi-meet-stable-6173 com.docker.compose.service:web com.docker.compose.version:1.21.0 image:jitsi/web:stable-6173 name:docker-jitsi-meet-stable-6173_web_1 traefik.http.routers.jitsiweb-ssl.entryPoints:websecure traefik.http.routers.jitsiweb-ssl.rule:Host(`meet.my.domain.tld`) traefik.http.routers.jitsiweb-ssl.service:jitsiweb traefik.http.routers.jitsiweb.entryPoints:web traefik.http.routers.jitsiweb.rule:Host(`meet.my.domain.tld`) traefik.http.services.jitsiweb.loadbalancer.server.port:80 treafik.http.routers.jitsiweb-ssl.tls:true]} Scope:local Time:1629729512 TimeNano:1629729512594350361}" providerName=docker
reverse-proxy_1 | time="2021-08-23T14:38:32Z" level=debug msg="Configuration received from provider docker: {\"http\":{\"routers\":{\"jitsiweb\":{\"entryPoints\":[\"web\"],\"service\":\"jitsiweb\",\"rule\":\"Host(`meet.my.domain.tld`)\"},\"jitsiweb-ssl\":{\"entryPoints\":[\"websecure\"],\"service\":\"jitsiweb\",\"rule\":\"Host(`meet.my.domain.tld`)\"},\"traefik\":{\"entryPoints\":[\"websecure\"],\"middlewares\":[\"traefik-auth\"],\"service\":\"api@internal\",\"rule\":\"Host(`admin.my.domain.tld`)\",\"tls\":{\"certResolver\":\"dnsresolver\",\"domains\":[{\"main\":\"my.domain.tld\",\"sans\":[\"*.my.domain.tld\"]}]}}},\"services\":{\"jitsiweb\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.21.0.3:80\"}],\"passHostHeader\":true}},\"traefik\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.21.0.2:888\"}],\"passHostHeader\":true}}},\"middlewares\":{\"traefik-auth\":{\"basicAuth\":{\"users\":[\"<credentials>\"]}}}},\"tcp\":{},\"udp\":{\"routers\":{\"jvb\":{\"entryPoints\":[\"video\"],\"service\":\"jvb\"}},\"services\":{\"jvb\":{\"loadBalancer\":{\"servers\":[{\"address\":\"172.21.0.4:10000\"}]}}}}}" providerName=docker
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="No default certificate, generating one" tlsStoreName=default
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Adding certificate for domain(s) my.domain.tld,*.my.domain.tld"
# Creation of jitsi-relevant middleware and routers
# First for jitsiweb-ssl service over websecure
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" serviceName=jitsiweb entryPointName=websecure routerName=jitsiweb-ssl@docker middlewareName=pipelining middlewareType=Pipelining
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating load-balancer" entryPointName=websecure routerName=jitsiweb-ssl@docker serviceName=jitsiweb
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating server 0 http://172.21.0.3:80" serviceName=jitsiweb serverName=0 entryPointName=websecure routerName=jitsiweb-ssl@docker
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="child http://172.21.0.3:80 now UP"
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Propagating new UP status"
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Added outgoing tracing middleware jitsiweb" routerName=jitsiweb-ssl@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=websecure
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=websecure middlewareName=traefik-internal-recovery
# Then for jitsiweb over web
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" entryPointName=web routerName=jitsiweb@docker serviceName=jitsiweb middlewareName=pipelining middlewareType=Pipelining
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating load-balancer" serviceName=jitsiweb entryPointName=web routerName=jitsiweb@docker
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating server 0 http://172.21.0.3:80" routerName=jitsiweb@docker serverName=0 serviceName=jitsiweb entryPointName=web
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="child http://172.21.0.3:80 now UP"
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Propagating new UP status"
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Added outgoing tracing middleware jitsiweb" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=jitsiweb@docker
# Adding middleware for redirects
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Added outgoing tracing middleware noop@internal" routerName=web-to-websecure@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme entryPointName=web
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Setting up redirection to https 443" middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Adding tracing to middleware" middlewareName=redirect-web-to-websecure@internal entryPointName=web routerName=web-to-websecure@internal
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
# Stuff for traefik dashboard
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=websecure routerName=traefik@docker middlewareName=tracing middlewareType=TracingForwarder
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" middlewareName=traefik-auth@docker middlewareType=BasicAuth routerName=traefik@docker entryPointName=websecure
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Adding tracing to middleware" entryPointName=websecure routerName=traefik@docker middlewareName=traefik-auth@docker
# A webhook defined in an extra traefik config file (see comments below)
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" entryPointName=websecure routerName=webhook@file serviceName=webhook-websecure middlewareName=pipelining middlewareType=Pipelining
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating load-balancer" serviceName=webhook-websecure entryPointName=websecure routerName=webhook@file
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating server 0 http://hook.adventure.emergencity.de:1324" serviceName=webhook-websecure entryPointName=websecure serverName=0 routerName=webhook@file
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="child http://hook.some.domain.tld:1324 now UP"
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Propagating new UP status"
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Added outgoing tracing middleware webhook-websecure" entryPointName=websecure routerName=webhook@file middlewareType=TracingForwarder middlewareName=tracing
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
# Routes added for "hook." and "admin.", but not for "meet.":
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Adding route for hook.my.domain.tld with TLS options default" entryPointName=websecure
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Adding route for admin.my.domain.tld with TLS options default" entryPointName=websecure
# jvb's UDP entrypoint
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating UDP server 0 at 172.21.0.4:10000" serviceName=jvb entryPointName=video routerName=jvb@docker serverName=0
I’m not sure why meet. is the only DN which does not get its route added. When I pull up the workadventure stack which as a very similar configuration for traefik, the routes get added correctly.
Issue Analytics
- State:
- Created 2 years ago
- Comments:41 (17 by maintainers)
Top Results From Across the Web
Docker/Traefik network issues - Install & Config
I'm trying to setup my jitsi stack behind traefik on a Ubuntu 20.04 ... Internet -> ISP Gateway -> Host -> Docker |...
Read more >Traefik not routing jitsi correctly
Hey there, I'm trying to get Traefik running together with a dockerized Jitsi and workadventure. My workadventure containers work perfectly ...
Read more >Self-Hosting Guide - Docker | Jitsi Meet - GitHub Pages
In order to quickly run Jitsi Meet on a machine running Docker and Docker Compose, follow these steps: Download and extract the latest...
Read more >Set up ownCloud + Traefik as a Reverse Proxy with Let's ...
Integrating other docker images like WordPress, Jitsi, Mailman, ... The Traefik web interface with no other containers running yet.
Read more >Work-Adventure/install - Technologia Incognita
3 Understanding Docker and Traefik; 4 Installation instructions ... Of note is that the jitsi-setup does not provide a config for use with ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’ve now tried with Traefik 2.3 to 2.5 and sadly no luck with any of the versions. On a side note: This is what I see in the dashboard. Not sure if that is any indication as to what might be going wrong.
I’ll probably move to the traefik forums though and see if I can find a fix for this there. I’ll let you know if I have a working config.
I closed it because I thought those issues had the answer. Note the Traefik setup is not supported.