• Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by yinzer

  1. woops, i misread your description and though you were using domain.net because you didn't have a real domain. Both errors appear to be related to files in /data, which should map to your appdata folder. Do you have any strange permission issues with appdata? All these changes should not be necessary in a default setting, and should be generated automatically. It seems like something in the setup is failing to allow the files to be written to appdata correctly.
  2. thanks @spyd4r I'll add that above. I didnt have to make that change and it 'just works' but I'll at least note it unless othesr are having the same issue. The joys of living, actively-developed codebases The other error sounds like an SSL problem. If you don't actually own the domain, you can't use LetsEncrypt to provision your certificates (since it verifies ownership). You should be able to get a full-HTTP setup -- edit all your configs and replace http with https for internal services, and adjust ports accordingly (443 to 80 or whatever you are using). If you run HTTPSEverywhere in your browser, expect problems!
  3. Yes, Jitsi is working fine for me. If you enable Jitsi authentication, I haven't figure out how to pass that in, yet. You can work around this by not exposing the Jitsi web UI to the public and letting all the setup occur inside your docker network between the riot server and jitsi server. A couple thoughts: Is your channel encrypted? Bots wont work on encrypted channels. If you want to run your own bot, you need to figure out how to host your own Matrix Integrations Server, and run the bots there. I haven't gotten that far yet. If you figure it out, please share!
  4. No shame there, a life without silly gifs is a life I don't want to live! I just tried it out and it worked fine without any issues. The Firefox javascript console was a lot of help in getting it all sorted out. There might be some hints there.
  5. You found my mistake in the write-up, congrats My setup forwards 8448 to 1443 rather than exposing 8448 directly -- that way it goes through LetsEncrypt and you dont get cert warnings, and you don't need to make Matrix listen on 8448. Nice catch! I'll update the guide to reflect that. Edit: to make that more clear: The guide originally said to forward WAN 8448 to LAN 8448, which is wrong. It SHOULD have said to forward WAN 8448 to LAN 1443, so that LetsEncrypt redirects the traffic back to the HTTP port of the Matrix service on 8008.
  6. Did you also add `listen 8448 ssl;` to your matrix.subdomain.conf nginx proxy? Edit: test it -- from an external network, brows to https://yourdomain:8448/ and see what you see. If you cant connect, your FW isn't setup or nginx isnt listening on the port. If you see the Nginx landing page, your port forward isn't setup. If you see a gateway error, your forward is setup incorrectly.
  7. For anyone else who was wondering how to support multiple domains via a single LetsEncrypt Docker, this can be accomplished via the `EXTRA_DOMAINS` Docker environment variable (see https://github.com/linuxserver/docker-letsencrypt/blob/master/README.md). In your Unraid docker setup, `Add another Path, Port, Variable, Label or Device`. Select Config Type = `Variable`. Set the Key to `EXTRA_DOMAINS`. Set the Value to your comma-separated list of domains (NO WILDCARDS!). Add and Apply, verify that it all worked.
  8. I didn't get the RiotBot message either, as I'm pretty sure that depends on Integrations working at the point (bots are integrations). To be clear,. have you opened the Integrations (tcp 8448 -> LetsEncrypt IP, and modify `letsencrypt/nginx/site-confs/default` to also handle port 8448 requests) port on your FW? If you have, check your browser's javascript console, which will likely show you where the failure is
  9. I'm not sure. Do you get the Javascript 'Joining Room' with spiny wheel thing at all? When joining large rooms, it may take a minute for server-to-server syndication to complete, as your local Matrix servers pulls in all the user's, their stats, and the new room's chat history. The integrations may be related. It involves getting LetsEncrypt to also listen (ssl) on 8448, and proxying that into matrix. I didn't test this until AFTER I made that change, but it works for me. See the updates I made in the original post and give it a shot!
  10. If both need to be publicly exposed, then this is 100% correct and you should try changing the STUN ports in the Matrix docker config and configuring the Jitsi TURN service to redirect to the corresponding port. Most users probably don't want to expose the UniFI STUN service outside their public router, as its typically used for adoption/management of devices on the same private network. I'd personally connect any remotely managed sites via a VPN for this, but your in advanced use-case territory at this point and are therefore likely capable of figuring out a solution that fits your network.
  11. Nice catch! I'm a Unifi users as well, but my controller runs on the USG. The Matrix container config does give you the option to reassign the STUN ports, so you can give that a shot and reflect the settings in your TURN config. If anyone has to do this, please report back if there are any issues! Worst case, you can pick one of the conflicting dockers and set their network type to 'Host'. Unrelated note: this configuration has an issue with enabling integrations. I think I can work around this by adding another port-forward rule and another entry to the Matrix nginx proxy config. Will update once I figure it out!
  12. Slight update, for those who already followed along: I forgot one step Forward in both TCP and UDP ports 3478 to your unraid server Then in your matrix/homeserver.yaml file, configure TURN to point to your bridge, and give it a good secret using the methods described above: This is for the Matrix TURN server, which is used to connect VoIP/video calls correctly. Turning a riot chat into a video conference may fail with only 2 users if this isn't done!
  13. Thanks! If you need to get in touch with the support team via Riot, you can connect directly to their main matrix server using their Riot install https://riot.im/app/ I just tested creating a matrix.org account via my hosted Riot client and didn't have any issues. Make sure your FW/NAT is allowing access from outside the firewall using the URL you intend to use for your Riot client.
  14. That's a great question, and being kinda new to docker-composer, I'm not quite sure yet since i haven't had it up long enough to need to worry about that yet. When you bring up the containers with docker-compose, they download the images. I wonder if the following will do the trick: ``` cd /path/to/docker-jitsi-meet docker-compose pull docker-compose restart ``` Since its using images, that should 'in theory' pull down the latest images. If there are any config changes, it might be a good idea to do a `docker-compose build` as well. If anyone knows better, please chime in!
  15. haha i just figured this out on my own today and was putting together a guide, along with linking it to Riot Chat Looks like we settled on a very similar approach! I'll link my guide to this video, as you did a great job covering some of the bases that I didn't get into, like authentication. Awesome video as always! My guide for integrating jitsi with Riot/Matrix -
  16. I posted this on the serverbuilds.net forums, and noticed that several users here were interested, so cross-posting! This a somewhat complex yet in-demand installation, so I figured I'd share my steps in getting a Riot.im chat server syndicated through a Matrix bridge that supports a Jitsi voip/video conference bridge. The end result is a self-hosted discord-like chat server where any chat room can become a video conference with a single click! It has some other neat features like end-to-end encryption and syndication with other matrix server AND other types of chat servers (you can have a chat room that links to a discord room, irc channel, etc). We'll do almost all of this using apps from the Unraid Community Applications repo! Summary: We'll setup some domains for each of our components, then use a LetsEncrypt proxy to generate certificates. Matrix will run the back-end, Riot Chat will run the front-end, and Jitsi will handle the A/V. DNS Setup: You're gonna want a few subdomains, even if you have a dyndns setup pointing to your host. Then can all point to the same IP, or you can use CNAME or ALIAS records to point to the root domain. A DNS setup for somedomain.gg might look like this: Type - Host - Value A - @ - (Your WAN IP) CNAME - bridge - somedomain.gg CNAME - chat - somedomain.gg CNAME - meet - somedomain.gg In the above-the `@` A-record will set the IP for your domain root, and the CNAME-records will cause the 3 subdomains to resolved to whatever domain name you point them at (the root domain, this this case). Each domain will host the following: bridge: matrix - The core communications protocol chat: riot - The chat web UI meet: jitsi - The video conferencing bridge Firewall Setup: You'll need the following ports forwarded from you WAN to you Unraid server: LetsEncrypt: WAN TCP 80 -> LAN 180 , WAN TCP 443 -> LAN 1443, WAN TCP 8448 -> LAN 1443, all on your Unraid server IP - 80: Used by LetsEncrypt to validate your certificate signing request -- this can be disabled after setup, then only enabled when you need to renew a certificate. - 443: LetsEncrypt proxy for encrypted web, duh - 8448: Matrix Integrations port for enabling plugins. Also proxied via LetsEncrypt. Make sure this points to 1443, not 8443! STUN: TCP and UDP 3478 on WAN -> 3478 on Unraid (or changed to suit your needs) Jitsi: UDP Port 10000 -> 10000 on Unraid We'll be assuming you used these ports in the rest of the guide, so if you needed to change any, compensate as needed! Docker Networking: This is a fairly complex configuration that will use at least 7 docker containers. To make this easier we'll create a custom docker network that these containers will all live on, so that they can communicate between each other without having to worry about exposing unnecessary ports to your LAN: 1. In Unraid, go to Settings->Docker. 2. Disable docker so you can make changes: set `Enable Docker` to `No` 3. Set `Preserve user defined networks` to `Yes` 4. Re-enable Docker 5. Open the Unraid console or SSH in. 6. Create a new Docker network by executing `docker network --subnet create sslproxy` or whatever subnet works for you (adjusted below as needed). We're now done with the pre-install stuff! I'd suggest testing your DNS and that the ports are all open on your FW and are getting directed to the right places. If everything looks good, then lets get some dockers! LetsEncrypt Install: Before proceeding, wait for your DNS server to update and make sure you can resolve the 3 subdomains remotely. This is REQUIRED for LetsEncrypt to validate the domains! LetsEncrypt will need listen on port 80 and port 443 of your WAN (public-facing) interface so that it can validate your ownership of the domains. We're going to use a Docker from the Unraid Community Applications docker. But before we do, we need to enabled user defined networks in our Docker settings. But first, 1. In Community Applications, search for `LetsEncrypt` and install the container from `linuxserver` 2. Set the `Network Type` to `Custom: ssl proxy` 3. Set the `Fixed IP address` to `` (or whatever works for you) 4. Make sure `Privileged` is set to `On` 5. Set the `http` port to `180` and the `https` port to `1443` 6. Supply an email 7. Enter your domain name, ie `somedomain.gg` 8. Enter your subdomains: `chat,bridge,meet` (and any others you want to encrypt) 9. Optional: set `Only Subdomains` to false if you want the root domain to also have a cert! The rest of the options should be fine as-is. If you do NOT have a domain, but use a dynamic dns service, you can still mange but might be limited to a single domain. Make sure `Only Subdomains` is set to `True`, otherwise your install will fail as LetsEncrypt will expect you have be running on your dyndns services web server! The following steps will also require you to do some nginx subdirectory redirection instead of domain proxying. SpaceInvader has a great video that demonstrates this in detail. Once you've created the docker instance, review the log. It might take a minute or two to generate the certificates. Let it finished and make sure there are no errors. It should say `Server ready` at the end if all goes well! Try browsing to your newly encrypted page via https://somedomain.gg (your domain) and make sure all looks right. You should see a letsencrypt landing page for now. If all went well, your LetsEncrypt certificates and proxy configuration files should be available in /mnt/user/appdata/letsencrypt/ LetsEncrypt Proxy Configuration: LetsEncrypt listens on ports 80 and 443, but we also need it to listen on port 8448 in order for Riot integrations via the public integration server to work property. Integrations let your hosted chatrooms include bots, helper commands (!gif etc), and linking to other chat services (irc, discord, etc). This is optional! If you're happy with vanilla Riot, you can skip this. Also, you can run your own private Integrations server, but I'm not getting into that here. So assuming you want to use the provided integrations, we need to get nginx listening on port 8448. To do that, edit `/mnt/user/appdata/letsencrypt/nginx/site-confs/default` and make the following change: Original: New: Next, we are going to need 3 proxy configurations inside LetsEncrypt's nginx server (one for matrix, riot and jitsi). These live in `/mnt/user/appdata/letsencrypt/mnt/user/appdata/letsencrypt/`. Create the following file: matrix.subdomain.conf: riot-web.subdomain.conf: jitsi.subdomain.conf: ^^^ NOTE!!! Make sure you saw the `CHANGE THIS` part of the `$upstream_app` setting. This should be the LAN IP of your Unraid server! Done! To test, trying visiting https://<subdomain>.somedomain.gg/ and you should bet a generic gateway error message. This means that the proxy files attempted to route you to their target services, which don't yet exist. If you got the standard LetsEncrypt landing page, then something is wrong! Matrix A Matrix container is available from avhost in Community Applications. 1. In Community Applications, search for `Matrix` and install the container from `avhost` 2. Set the `Network Type` to `Custom: ssl proxy` 3. Set the `Fixed IP address` to `` or whatever works for you 4. Set the `Server Name` to `bridge.somedomain.gg` (your domain) 5. The rest of the settings should be fine, and I suggest not changing the ports if you can get away with it. Create the container and run it. Now we need to edit our Matrix config. 1. Edit `/mnt/user/appdata/matrix/homeserver.yaml` 2. Change `server_name: "bridge.somedomain.gg"` 3. Change `public_baseurl: https://bridge.somedomain.gg/"` 4. Under `listeners:` and `- port: 8008` change `bind_address: ['']` 5. Change `enable_registration: true` 6. Change `registration_shared_secret: xxxx` to some random value. It doesn't matter what it is, just don't use the one from the default config! 7. Change `turn_uris` to point to your domain, ie `"turn:bridge.somedomain.gg:3478?transport=udp"` 8. Set a good long random value for `turn_shared_secret` If you have errors at start-up about your turnserver.pid file or database, you can try editing your /mnt/user/appdata/matrix/turnserver.conf file and adding: pidfile=/data/turnserver.pid userdb=/data/turnserver.db There are a ton of other settings you can play with, but I'd wait until after it working to get too fancy! Now restart the Matrix container, and check that https://bridge.somedomain.gg/ now shows the Matrix landing page. If not, something's wrong! Riot Chat Riot Chat servers as we web front-end chat interface. There's also a great mobile app called RiotIM. For the web interface, there's an Community Applications image for that! 1. Before we start, we need to manually create the config path and pull in the default config. So open a console/SSH to your server. 2. Create the config path by executing `mkdir -p /mnt/user/appdata/riot-web/config` 3. Download the default config by executing `wget -O /mnt/user/appdata/riot-web/config/config.json https://raw.githubusercontent.com/vector-im/riot-web/develop/config.sample.json` (**NOTE**: This is a different URL than the one suggested in the Docker!) 4. In Community Applications, search for `riot web` and install the container from `vectorim`. Watch you, there are two -- use the one with the fancy icon, which doesn't end with an asterisk (`*`)! 5. Set the `Network Type` to `Custom: ssl proxy` 6. Set the `Fixed IP address` to `` (or whatever) 7. The rest of the settings should be fine. Create the container and run it. Now lets edit our Riot config. It's a JSON file, so make sure you respect JSON syntax 1. Edit ` /mnt/user/appdata/riot-web/config/config.json` 2. Change `"base_url": "https://bridge.somedomain.gg",` 3. Change `"server_name": "somedomain.gg",` 4. Under the `"Jitsi:"` subsection near the bottom, change `"preferredDomain": "meet.somedomain.gg"` If all went well, you should see the Riot interface at http://chat.somedomain.gg! If not, figure out why... Now lets create our first account! 1. From the welcome page, click `Create Account` 2. If the prior config was correct, `Advanced` should already be selected and it should say something like `Create your Matrix account on somedomain.gg`. If the `Free` option is set, then your RiotChat web client is using the public matrix.org service instead of your private instance! Make sure your `base_url` setting in your config.json is correct. Or just click Advanced, and enter `https://bridge.somedomain.gg` in the `Other Servers: Enter your custom homeserver URL` box. 3. Set your username and password 4. Setup encryption by following the prompts (or skip if you don't care). This may require that you whitelist any browser script blockers that you have running. Done! You now have a privately hosted Discord-alternative! Lets add some voice and video chat so we can stop using Zoom 😛 Jitsi This part doesn't have a solid Docker image in the Community Application store, so there's a few more steps involved. We're gonna need to clone their docker setup, which uses docker-compose. 1. Open a console/SSH to your server 2. Install docker-compose by executing `curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose` 3. Make it executable: `chmod u+x /usr/local/bin/docker-compose` 4. Move to your appdata folder : `cd /mnt/user/appdata` 5. Make and enter a folder for you docker-compose projctes: `mkdir docker-compose; cd docker-compose` 6. Clone and enter the `docker-jitsi-meet` repo: `git clone https://github.com/jitsi/docker-jitsi-meet ; cd docker-jitsi-meet` 7. Create an install environment: `cp env.example .env` 8. Populate some random secrets in your environment: `./gen-passwords.sh` 9. Edit the install environment (I'm using nano, but edit however you want): nano .env 10. Change `CONFIG=/mnt//mnt/user/appdata/jitsi-meet/` 11. Set TZ to your timezome, ie `TZ=America/Denver` 12. Change `PUBLIC_URL=https://meet.somedomain.gg` 13. Change `DOCKER_HOST_ADDRESS=` or whatever the LAN address of your Unraid server is 14. Create the CONFIG path that you defined in step 10: `mkdir /mnt//mnt/user/appdata/jitsi-meet/` 15. Create and start the containers: `docker-compose -p jitsi-meet -f docker-compose.yml -f etherpad.yml up -d` 16. This will create 4 Jitsi containers are part of a Docker Stack -- see your list of dockers. You can't edit them, but take note of the `jitsi-meet_web_1` ports, which should be `8000` and `8443`. If you got any errors, it's likely a port conflict somewhere, so find the corresponding setting in your `.env` file and adjust as needed, reflecting any relevant changes in the next step. When we were setting up our Nginx proxy configs, you'll recall that the Jitsi config `$upstream_app` had to be set manually, rather than relying on the internal DNS. That's because the docker-compose stack names are not 100% predicatble, so it's better to just hard-code it. You might want to double-check that setting if you have in uses from here on. To test Jitsi, go to https://meet.somedomain.gg/ and hopfully you see the Jitsi page. Try to create a meeting. In the future, it may be wise to enable Authentication on your Jitsi server if you dont want any random person to be able to host conferences on your sever! See the docs (or SpaceInvader's video) for details on that. Now find a friend and get them to register a Riot account on your server at https://chat.somedomain.gg (or use the mobile app and connect to the custom host). Get in a chat room together, then click the Video icon next to the text input box and make sure it works. It's worth noting that Jitsi works differently when there are only 2 people chatting -- they'll communicate directly. With 3 or more, they'll communicate with the Jitsi server and use the TURN service. So it's a good idea to try to get a 3rd person to join as well, just to test out everything. Thats it, hope this helps! Enjoy! To Do: * Custom Integrations Server * Etherpad Integration Edit: While I was making this guide, SpaceInvader came out with a great video covering the Jitsi part! It covers some authentication options that I didn't get into, but would highly suggest. Check it out!
  17. Update: I re-downloaded a new ISO image and got past this issue! I'm not sure if my original image was corrupted or not. The main difference: the image that gave me problems contained installers for Win 10 32 and 64 bit. This time I'm just using the 64bit installer ISO. So if anyone else encounters this problem: If you are using the 64/32 installer, try JUST the 64bit ISO instead. Otherwise, verify the checksum of the ISO and look for any signs of corruption.
  18. it does not. I'm toying with rebooting and specifying isolation via syslinux.cfg. Any idea if that might help or just make things worse? edit: isolation didn't fix the issue
  19. I'm trying to setup a Windows 10 Professional VM using an ISO that I recently crated via Microsoft Media Creation Tool. The VM starts the installation, but shortly after starting to load the GUI portion of the installer, I get a BSoD with stop code: "CRITICAL PROCESS DIED". This is with default VM settings after choosing Windows 10 as the VM type, as well as trying to tweak various options in the Basic settings, and making some CPU flag changes in the XML -- always the same result. Linux and even OSX VM's run just fine. I've also tried using the installer safe mode and no-GUI modes (F8 at load time) with the same results. My host is running a dual Xeon E5-2651 v2 on a Supermicro X9DRi-LN4+ motherboard with 64GB of DDR with ECC. I'm not passing through any additional hardware -- pretty vanilla installation. Any help on how to troubleshoot this? My unraid trail expires this week and hoping to at least get windows VM's working before buying in. Thanks!