Allow to choose your server on mobile apps

[ldidry]

On mobile apps (at least on Android, I don't have an Apple device to check), you can just choose the room you want to use, but you can't choose your server.

At Framasoft (non-profit organisation), we deployed our jitsi-meet server under the name of Framatalk (we name all our services frama-something) and users asked us for an Android app for our server. Instead of just changing the server address and recompiling the app, it seems smarter to have a setting allowing to change the server.

[lyubomir]

Thank you very much, @ldidry! We plan to add the feature in the future. In the meantime, contributions are welcome!

On a slightly related note, did you know that the mobile app supports opening full URLs? Firstly, users may type a full URL instead of just a room name.

Secondly and that's where choosing a server gets a little bit complicated, the mobile app declares that it handles URLs from specific domains. But that's got to be declared in the app's manifest and on iOS the server has to declare the app as well. In order to provide a full experience for your app and your server, one should not only change the default server address used by the app but should also modify the manifests of the Android and the iOS apps. While the first step can obviously be configurable through the app's UI, the second step must be done before building the app.

[ldidry]

On a slightly related note, did you know that the mobile app supports opening full URLs?

No, I didn't, thx for the tip 🙂

the mobile app declares that it handles URLs from specific domains.

I understand. I think that our users would not be too disappointed, that's a very small problem.

But would it possible to add framatalk.org to the URLs of your manifest? What are your criterias for accepting a demand like that?

on iOS the server has to declare the app as well.

How do you do that?

[saghul]

@ldidry Here is how you do it for iOS: https://developer.apple.com/library/content/documentation/General/Conceptual/AppSearch/UniversalLinks.html

[SeveHo]

hey, where do I have to change the default server domain in order to use our own jitsi server for the mobile app? Why does changing the domain in the projects config.js not work?

[saghul]

hey, where do I have to change the default server domain in order to use our own jitsi server for the mobile app?

You'd need to make your own build. Right now there are 2 ways to use your own server:

• give the full URL in the room text field
• create URL of the form "org.jitsi.meet:https://your-server/room" and follow said link.

Why does changing the domain in the projects config.js not work?

The apps default to meet.jit.si, which can be changed by recompiling, or as I mentioned above.

[cui1061651778]

i want to visit my server(my local domain https://jitsi.example.com) with react-native app(ios),i modify the three place code
1:react/features/app/components/AbstractApp.js` const config = this.props.config;

    if (typeof config === 'object') {
        const hosts = config.hosts;

        if (typeof hosts === 'object') {
            const domain = hosts.domain;

            if (domain) {
                return `https://${domain}`;
            }
        }
    }

    return `'https://jitsi.example.com';

2:at react/features/app/reducer.js
` if (domain === 'beta.jitsi.example.com') {
if (typeof window === 'object') {
const windowLocation = window.location;

        if (windowLocation) {
            // React Native doesn't have a window.location at the time of
            // this writing, let alone a window.location.protocol.
            boshProtocol = windowLocation.protocol;
        }
    }
    boshProtocol || (boshProtocol = 'http:');
}`

3:modify xcode project info.plist file at the item App Transport Security Settings ->
'

jitsi.example.com NSTemporaryExceptionAllowsInsecureHTTPLoads localhost NSTemporaryExceptionAllowsInsecureHTTPLoads ' at the ios device the red error: console.error:'failed to load /config.js from https://jitsi.example.com',{line:20920,'colum':29,'sourceURL:'......}

if i dont modify the server domain(meet.jit.si) to my server domain (jitsi.example.com) everything is all right.

note:my chrome visit my server meeting is ok. i set local service domain agency throught fiddler,my ios device set wifi 's http agency,so ios device can visit my domain server

i want you give me some help to resolve that error thanks

[gulteking]

Hi @cui1061651778 , we have faced same problem just a few hours ago. We are using self signed certificate for development server. So, android and ios operating system doesn't allow to connect to untrusted server.

If you are using self signed certificate, you have to install a valid certificate to solve this error. Or add your certificate to your device as trusted.

To add certificate as trusted on android 6, settings->general->security->certificate management->install from sd card-> then point your .crt file.

After doing this, try to join conference again from your app. Or, you can also download jitsi meet app from the market and enter your server's full url,(https://your-url.com/roomname) it will join the conference.

Regards

[cui1061651778]

tks ,i will try it ,

[IreneBond007]

Hi @cui1061651778,have you resolved that error? We have faced same problem.

[cr7xiaoyu]

in your server:

step1: cp /etc/jitsi/meet/*.crt /usr/share/jitsi-meet

step2: use your iOS safari or Android chrome ,and visit https://xx.xx.xx/*.crt

step3: install the crt to your mobile phone,when complete,you can use your server in jitsi meet app

(after install in iOS,in about,IOS certificate,Check yes with crt)

(you can send the *.crt to your users by mail instead of step1 and step2 )

[thefallman]

Gents, we have a hard time to connect Jitsi iOS React native client to our server.
We're able to setup all the variables to point the client to our in-house infrastructure:

1. jitsi-meet/config.js

var config = {
...
    hosts: {
        domain: 'video.ourdomain.com',
        anonymousdomain: 'guest.video.ourdomain.com',
        muc: 'conference.video.ourdomain.com', 
        bridge: 'jitsi-videobridge.video.ourdomain.com',
    },
...
}

2. jitsi-meet/react/features/app/components/AbstractApp.js

_getDefaultURL() {
...
return 'https://video.ourdomain.com';
}

In our scenario the client is connecting to existing conference anonymously. And that connection always fails. Here's part of the console log which we believe describes internal reason of the problem:

2017-05-25 11:13:49.463 [info][tid:com.facebook.react.JavaScript] '[modules/xmpp/xmpp.js]', ': ', '(TIME) Strophe connfail[x-strophe-bad-non-anon-jid]:\t', 0
2017-05-25 11:13:49.463310-0400 jitsi-meet[735:509408] '[modules/xmpp/xmpp.js]', ': ', '(TIME) Strophe connfail[x-strophe-bad-non-anon-jid]:\t', 0
2017-05-25 11:13:49.464 [info][tid:com.facebook.react.JavaScript] '[modules/xmpp/xmpp.js]', ': ', '(TIME) Strophe disconnecting[x-strophe-bad-non-anon-jid]:\t', 0
2017-05-25 11:13:49.463687-0400 jitsi-meet[735:509408] '[modules/xmpp/xmpp.js]', ': ', '(TIME) Strophe disconnecting[x-strophe-bad-non-anon-jid]:\t', 0

And what about server side? Here we go. Here's the prosody's log when Jitsi-meet iOS client is trying to connect to:

May 25 22:44:29 mod_bosh info New BOSH session, assigned it sid 'f293fd7c-01d6-4d67-9756-e140c2e490b5'
May 25 22:44:29 video.ourdomain.com:saslauth info MECHANISM: PLAIN nil
May 25 22:44:29 video.ourdomain.com:saslauth info MECHANISM: DIGEST-MD5 nil
May 25 22:44:29 video.ourdomain.com:saslauth info MECHANISM: SCRAM-SHA-1 nil
May 25 22:44:29 boshf293fd7c-01d6-4d67-9756-e140c2e490b5 info BOSH client disconnected

And this is a log extras from the same server for "good" session (XMPP client on Matrix):

May 25 22:45:35 mod_bosh info New BOSH session, assigned it sid 'cb43858a-1c7f-446c-9d7e-7eb55d066481'
May 25 22:45:35 guest.video.ourdomain.com:saslauth info MECHANISM: ANONYMOUS nil
May 25 22:45:35 boshcb43858a-1c7f-446c-9d7e-7eb55d066481 info Authenticated as 8cb2dcbc-315e-4ab2-bd80-d18ef54bcfde@guest.video.ourserver.com

It looks like while connecting to Prosody iOS client does not:
A. use value for anonymousdomain at all?
B. provide any interface to set sasl auth mode?

Does it make sense?
Are we missing something?
Thank you.

[lyubomir]

• As of e08d240 which is shipped in Jitsi Meet for Android v1.10 (and, hopefully, will soon be shipped in Jitsi Meet for iOS v1.10), authenticated deployments aka secure domains are supported.

• Please note that there's still no support for deployments with self-signed certificates. With the ease of Let's Encrypt It and taking into consideration the expected research and development it would take to convince react-native, Android, and iOS to support self-signed certificates, I'd encourage interested parties to please contribute the support.

[lyubomir]

341e7e0 adds a setDefaultURL method to Jitsi Meet SDK for Android and a defaultURL property to Jitsi Meet SDK for iOS which allow SDK clients/consumers to set their own default base URL without modifying the JavaScript source code.

[Mrmerluzzo]

@lyubomir I've hardly tried putting the full url of my private server (https://meet.codcast.it) in the room field of the Android app, but as I push the Join button the app simply empties the field and nothing more happens.

When I connect from a PC or even from mobile chrome (asking desktop version) it works.

Any suggestions?

[saghul]

Do you type the full room URL, including the room? I just tried the “foo” room and worked for me.

[Mrmerluzzo]

@saghul , have you typed in the Jitsi Meet App? Android App? Because, even for me Jitsi works in PC and even in app's Chrome, if I ask the desktop version of the site. But not in the app.

I've settled up Jistsi Meet in Android Studio. The emulator report an error "Failed to load config from https://meet.codcast.it/config.js?room=foo". I'm using a valid certificate released by Thawte.

Suggestions?

[saghul]

@Mrmerluzzo I tried on iOS. I'll give Android a test later today.

[Mrmerluzzo]

@saghul, thank you so much

[Mrmerluzzo]

@saghul, yap! you right, it works on iOS but not in Android. I'm using Pixel 6P with Android 8

[saghul]

Can you try to use another certificate? Does the builtin browser give you a warning? If the cert is not in the trust store, the connection will fail.

[Mrmerluzzo]

@saghul, No I had only the Tahwte certificate, but in any browser (Android or PC) I receive no warnings; all green! The cert has been installed by Jitsi itself, during the setup process. And it is in the trust store of the server (/etc/ssl/certs).

There are weird symptoms on Android:

• If I type https://meet.codcast.it/foo Jitsi revert immediately to the welcome screen (the one with the box for type in the room name);
• If I type only meet.codcast.it/foo (without the https:// part) the connection starts, the screen grays a bit, the rounding circle round, and round, and round .... until I stop it pressing the red phone.

I'm puzzled.

[lyubomir]

The problem with https://meet.codcast.it/foo is the certificate. It worked for @saghul and it didn't work for @Mrmerluzzo because you two used at least two different certificate chains/stores on your respective phones to verify the certificate's authority. I did test on two Android devices with multiple browsers and https://meet.codcast.it cannot be verified by some of them. For example, Google Chrome on S8 does not complain about it but Samsung's "Internet" browser on the same S8 complains about it with NET::ERR_CERT_AUTHORITY_INVALID. On an older LG with Android 6 even Google Chrome declares the certificate's authority invalid. As Jitsi Meet is using the operating system's certificate verification, Jitsi Meet fails just like the other app on the phone which do not override the operating system's certificate verification (e.g. Samsung's "Internet" browser on my S8). You can fix the issue on your device by updating you operating system's certificates so that they are able to verify the authority of your certificate.

[Mrmerluzzo]

@lyubomir , thank you for you time, I really appreciate.

Thawte, which I consider a primary CA, releases the certificate to meet.codcast.it. In the Adroid certificate store Thawte is present with 3 certificates. I manually add the certificate and also an intermediate.crt certificate that Thawte istself "suggest" to install server side. But nothing change.

This intermediate certificate, I downloaded it form Thawte and put in the server certificate store (/etc/ssl/certs). Usually, at this point, in Apache I have to write the appropriate key in config file, but I can't find the same key in Prosody. Maybe the intermediate certificate is essential and is not correctly installed at server side. Do you have any clue?

Because, on other hand, to install certificate on every devices is not a very confortable way to proceed, don't you think?

[lyubomir]

The operating systems of the devices will verify certificates based on their locally installed root certificates and there's nothing we can do about it. What we can do is figure out how to override the certificate verification inside the app and, for example, (1) ship additional root certificates inside our app and use them in the overridden verification and/or (2) alert the user that the certificate's authority is invalid but allow the user to continue anyway (what browsers like Google Chrome, Safari, and Samsung's "Internet" browser on my S8 do). We do have (2) in our backlog but I don't have an ETA for it at the time of this writing.

[Mrmerluzzo]

Finally! It works! Certificate and key must be installed in two places: 1) Prosody and 2) Videobridge! Videobridge wants a copy of the certificate in JKS format. At this link I found the script that installs crt certificate in videobridge. https://github.com/jitsi/jitsi-meet/blob/master/resources/install-letsencrypt-cert.sh.

I suggest to add a clue of this in docs.

Thank you all for the assistance. Yeah!

[lyubomir]

Jitsi Meet for Android and iOS support server URL in Settings and, consequently, throughout the app now so I think we may close this issue.

[anshad]

@Mrmerluzzo Do you have the prosody and video bridge configuration sample to understand where the certificate need to be added?

Running the script didn't solve the issue for me.

[haofanning]

@cr7xiaoyu I tried , It did't work

[IreneBond007]

你的来信已收到。谢谢你