Jitsi server: ClientDeniedByServerConfiguration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all

I'm running Apache/2.4.38 (Debian).  I've installed Jitsi server on
Debian 10 and am getting this error:

[Wed Feb 10 20:37:11.043925 2021] [access_compat:error] [pid 26568]
[client 82.65.117.234:55678] AH01797: client denied by server
configuration: proxy:http://localhost:5280/http-bind/, referer:
https://meet.mydomain.com/test

I've tried everything that seems relevant in
https://cwiki.apache.org/confluence/display/httpd/ClientDeniedByServerConfiguration
making my changes to /etc/apache2/sites-available/meet.mydomain.com.conf
and nothing shifts the error.

After every config change I restart Apache.  Is that enough to put it
into effect?

The Jitsi side of things looks to be OK.  How can I debug this?

/etc/apache2/sites-available/meet.mydomain.com.conf:

<VirtualHost *:80>
    ServerName meet.mydomain.com
    Redirect permanent / https://meet.mydomain.com/
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName meet.mydomain.com

    # enable HTTP/2, if available
    Protocols h2 http/1.1

    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /etc/letsencrypt/live/meet.mydomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/meet.mydomain.com/privkey.pem

    Header always set Strict-Transport-Security "max-age=63072000"

    DocumentRoot "/usr/share/jitsi-meet"
    # AY changed from 2.2 to 2.4 'Require all granted'
    <Directory "/usr/share/jitsi-meet">
        Options Indexes MultiViews Includes FollowSymLinks
        AddOutputFilter Includes html
        Require all granted
    </Directory>

    ErrorDocument 404 /static/404.html

    Alias "/config.js" "/etc/jitsi/meet/meet.mydomain.com-config.js"
    <Location /config.js>
        Require all granted
    </Location>

    Alias "/external_api.js"
    "/usr/share/jitsi-meet/libs/external_api.min.js"
    <Location /external_api.js> Require all granted
    </Location>

    ProxyPreserveHost on
    ProxyPass /http-bind http://localhost:5280/http-bind/
    ProxyPassReverse /http-bind http://localhost:5280/http-bind/

    # see https://www.netnea.com/cms/apache-tutorial-9_setting-up-a-reverse-proxy/
    <Proxy http://localhost:5280/http-bind/> Require all granted
    Options None </Proxy>

    # see https://cwiki.apache.org/confluence/display/httpd/ClientDeniedByServerConfiguration
    <Location /http-bind> 
        Require all granted
    </Location>

    RewriteEngine on
    RewriteRule ^/([a-zA-Z0-9]+)$ /index.html
</VirtualHost>

# Mozilla Guideline v5.4, Apache 2.4.41, OpenSSL 1.1.1d, intermediate
configuration, no OCSP SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off SSLSessionTickets   off

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux