sso.meet.coop is getting updates via Debian unattended upgrades, so has been getting important security updates all this time.
It is on Debian 11 which is still supported via the LTS program which ends in 9 months (31 Aug 2026).
I think we will push ahead with the Keycloak migration to a Web Architects VPS (as we would need to do two OS upgrades anyway and moving from U.S. providers to a UK worker co-op that’s involved in our community is a good approach in general) but it suddenly became a lot less critical.
It also gave me access to the OpenCollective sync scripts (they look to be well written in Python). I can’t upload them to git because they have lots of hardcoded secrets in them. Would need to be cleaned up quite a bit and use environmental variable to make that safe to move into version control.
This information allows me to update the current plan. The new priorities are:
Get new Big Blue Button server span up with ColloCall ASAP
Setup oauth from existing server with that so that clients have access to new server as soon as possible
Lock down old BBB servers to more safely facilitate data migration of recordings
Once those are done, we will have a much smaller attack surface and stable infra for the users. The rest of the subsequent tasks will be about achieving long term sustainability.
wrt WebTV, I don’t know what the agreement with them was about keeping stuff up to date and the details of the invoice they finally submitted to OC (Graham is the one who should know at least). But what I see in their invoice they uploaded to OC it is the cost of a dedicated server plus a small VPS for 5 months for around 550 Euro in total. I guess that doesn’t include any upgrading work, but was for the CA BBB server plus some small VPS for I don’t know what?
about subdomain names, what about “BBB”? A vote between the options would be nice. If time allows.
The keycloak set up for the new BBB would be urgent, as I think people are missing the service already! A default Jitsi is nice, but lacks quite some options. The whiteboard is an important feature in my experience.
Update from me. Sadly ColloCall have gone quiet. Over 2 weeks since my last boop to them. This is really disappointing and thrown the whole timeline back.
I just sent a email to them saying we have to go elsewhere if we don’t hear back from them soon.
Worst case scenario, we’ll just have to get Autonomic or some other co-op to setup and host the new BBB server. I was really hoping ColloCall would have us sorted by now.
I still think use sub-domains based on location makes most sense, de.meet.coop is in Germany and ca.meet.coop is in Canada — most sense for the users for picking a server that might have the lowest latency for the location of the call participants…
The ca.meet.coop server is provided by Koumbit:
I assume you haven’t had an issue contacting them or getting access to the server they host?
Assuming that is the case have you been able to progress this issue?
ColloCall got back in touch. We’ve put in the order for the new server. Hoping to get that up this week. @Graham is advising on how to make the payment work.
@chris makes a good point that we could just point de.meet.coop at the new server as it will also be hosted in Germany. I’ve been instructed not to spin down anything until the new ColloCall BBB server is up and ready to use.
However as we said before, the current plan has been to go down to one BBB server for the time being. We need to make sure everything is sustainable and well maintained for the moment before we add more servers to our new inventory.
We need to do the sso.meet.coop migration asap as well. Debian 11 is EOL soon (LTS ends in 31 Aug 2026) and the Keycloak version is very outdated. The plan for sso.meet.coop is moving to the new Web Architects hosted VPS with Keycloak installed via Docker/Co-op Cloud.
The Web Architects bit of this is sorted and I have begun briefing sysadmins at Autonomic on the SSO migration. Hoping we can start that next week too.
In summary, after the imminent migrations, our inventory will look like:
thanks for these updates @kawaiipunk Agree that it makes sense to keep de.meet.coop for the EU server, as it remains one in Germany. The DE server doesn’t seem to work in any case atm. Only the CA server still works with the Keycloak SSO authentication.
WRT keycloak, IIRC Autonomic colleagues have certain experience with that, but I don’t know who, and maybe they moved on. It seems the key thing now.
I have securely handed over the SSO credentials to ColloCall that were being used on the de.meet.coop server and switched over the domain to point at the ColloCall server. Now we just need ColloCall to spin up the new server. Hopefully they will do this on Monday/Tuesday. If not, as soon as they are back at work in Jan. I wasn’t able to get a specific deadline from them.
hi folks, glad to have found this thread, which I think explains why de.meet.coop is down (although it’s all way above my head)
This is all FYI:
rr.meet.coop is down since at least last Tuesday 23rd Dec, which I now assume is because de.meet.coop is down, which I only just worked out.
I haven’t seen any emails or posts warning about this, but until last week we hadn’t had any issues (on a once/week meeting, no recording). I don’t know who is the contact email at Radical Routes that would have received any notification and maybe the lack of info issue for RR users lies with RR not meet.coop
I spent a good 20 minutes trying to find any info on the website and forum before i found this thread, so please can someone put some announcement somewhere with a bunch of search terms in it, like ‘server down; de.meet.coop problem; can’t connect to de.meet.coop, can’t connect to server’, etc and the link to the jitsi server.
Thanks folks, hope you’re having a decent mid-winter
Yeah it’s a sticky one. It “should” be possible to reset the password using bootstrap-admin, or copying over a password from another user. Matrix me if you like!
Currently all BBB servers are down? Is this whole project near death?
Incidently I just tried a Jitsi meeting via jitsi.meet.coop, with just one other participant and the audio wasn’t reliable enough for it to be usable Is the server underpowered or perhaps there was an issue at the time with Hetzner who provide it?
It seems to me this is a crucial issue that should be fixed ASAP?
@wouter@Graham who has access to that server? is there any way i could help? if push comes to shove, i could probably get someone at Koumbit to access the console on that server, or just shut it down, if that helps…
From our perspective, at Tor, we’ve migrated off the server entirely, and it’s now a security liability we’d like to see removed from the network.
Ok, I have now brought on board a sysadmin friend of mine called Nick to provide additional support. I have sent over the new plan to @Graham and we are meeting in a call asap and will send out an update via email to all members.
The three old servers we have access to are locked now to only ssh access.
Me and Nick will finishing the backups of the three old servers and taking them offline within the week. The plan I have proposed to @Graham is that backups will be stored encrypted and offsite (using restic/Borgbase) for three months before being deleted. In the meantime, members can request copies of their recordings via the support email.
@anarcat we think we have found a way to delete specific Tor Project call recordings from the XML metadata files and will do that asap. Either tomorrow or on Monday. I’ll update you further via Matrix DM.
Is the server underpowered or perhaps there was an issue at the time with Hetzner who provide it? 
