sso.meet.coop is getting updates via Debian unattended upgrades, so has been getting important security updates all this time.
It is on Debian 11 which is still supported via the LTS program which ends in 9 months (31 Aug 2026).
I think we will push ahead with the Keycloak migration to a Web Architects VPS (as we would need to do two OS upgrades anyway and moving from U.S. providers to a UK worker co-op that’s involved in our community is a good approach in general) but it suddenly became a lot less critical.
It also gave me access to the OpenCollective sync scripts (they look to be well written in Python). I can’t upload them to git because they have lots of hardcoded secrets in them. Would need to be cleaned up quite a bit and use environmental variable to make that safe to move into version control.
This information allows me to update the current plan. The new priorities are:
Get new Big Blue Button server span up with ColloCall ASAP
Setup oauth from existing server with that so that clients have access to new server as soon as possible
Lock down old BBB servers to more safely facilitate data migration of recordings
Once those are done, we will have a much smaller attack surface and stable infra for the users. The rest of the subsequent tasks will be about achieving long term sustainability.
wrt WebTV, I don’t know what the agreement with them was about keeping stuff up to date and the details of the invoice they finally submitted to OC (Graham is the one who should know at least). But what I see in their invoice they uploaded to OC it is the cost of a dedicated server plus a small VPS for 5 months for around 550 Euro in total. I guess that doesn’t include any upgrading work, but was for the CA BBB server plus some small VPS for I don’t know what?
about subdomain names, what about “BBB”? A vote between the options would be nice. If time allows.
The keycloak set up for the new BBB would be urgent, as I think people are missing the service already! A default Jitsi is nice, but lacks quite some options. The whiteboard is an important feature in my experience.
Update from me. Sadly ColloCall have gone quiet. Over 2 weeks since my last boop to them. This is really disappointing and thrown the whole timeline back.
I just sent a email to them saying we have to go elsewhere if we don’t hear back from them soon.
Worst case scenario, we’ll just have to get Autonomic or some other co-op to setup and host the new BBB server. I was really hoping ColloCall would have us sorted by now.
I still think use sub-domains based on location makes most sense, de.meet.coop is in Germany and ca.meet.coop is in Canada — most sense for the users for picking a server that might have the lowest latency for the location of the call participants…
The ca.meet.coop server is provided by Koumbit:
I assume you haven’t had an issue contacting them or getting access to the server they host?
Assuming that is the case have you been able to progress this issue?
ColloCall got back in touch. We’ve put in the order for the new server. Hoping to get that up this week. @Graham is advising on how to make the payment work.
@chris makes a good point that we could just point de.meet.coop at the new server as it will also be hosted in Germany. I’ve been instructed not to spin down anything until the new ColloCall BBB server is up and ready to use.
However as we said before, the current plan has been to go down to one BBB server for the time being. We need to make sure everything is sustainable and well maintained for the moment before we add more servers to our new inventory.
We need to do the sso.meet.coop migration asap as well. Debian 11 is EOL soon (LTS ends in 31 Aug 2026) and the Keycloak version is very outdated. The plan for sso.meet.coop is moving to the new Web Architects hosted VPS with Keycloak installed via Docker/Co-op Cloud.
The Web Architects bit of this is sorted and I have begun briefing sysadmins at Autonomic on the SSO migration. Hoping we can start that next week too.
In summary, after the imminent migrations, our inventory will look like:
thanks for these updates @kawaiipunk Agree that it makes sense to keep de.meet.coop for the EU server, as it remains one in Germany. The DE server doesn’t seem to work in any case atm. Only the CA server still works with the Keycloak SSO authentication.
WRT keycloak, IIRC Autonomic colleagues have certain experience with that, but I don’t know who, and maybe they moved on. It seems the key thing now.
I have securely handed over the SSO credentials to ColloCall that were being used on the de.meet.coop server and switched over the domain to point at the ColloCall server. Now we just need ColloCall to spin up the new server. Hopefully they will do this on Monday/Tuesday. If not, as soon as they are back at work in Jan. I wasn’t able to get a specific deadline from them.
hi folks, glad to have found this thread, which I think explains why de.meet.coop is down (although it’s all way above my head)
This is all FYI:
rr.meet.coop is down since at least last Tuesday 23rd Dec, which I now assume is because de.meet.coop is down, which I only just worked out.
I haven’t seen any emails or posts warning about this, but until last week we hadn’t had any issues (on a once/week meeting, no recording). I don’t know who is the contact email at Radical Routes that would have received any notification and maybe the lack of info issue for RR users lies with RR not meet.coop
I spent a good 20 minutes trying to find any info on the website and forum before i found this thread, so please can someone put some announcement somewhere with a bunch of search terms in it, like ‘server down; de.meet.coop problem; can’t connect to de.meet.coop, can’t connect to server’, etc and the link to the jitsi server.
Thanks folks, hope you’re having a decent mid-winter
Yeah it’s a sticky one. It “should” be possible to reset the password using bootstrap-admin, or copying over a password from another user. Matrix me if you like!
Currently all BBB servers are down? Is this whole project near death?
Incidently I just tried a Jitsi meeting via jitsi.meet.coop, with just one other participant and the audio wasn’t reliable enough for it to be usable Is the server underpowered or perhaps there was an issue at the time with Hetzner who provide it?
It seems to me this is a crucial issue that should be fixed ASAP?
@wouter@Graham who has access to that server? is there any way i could help? if push comes to shove, i could probably get someone at Koumbit to access the console on that server, or just shut it down, if that helps…
From our perspective, at Tor, we’ve migrated off the server entirely, and it’s now a security liability we’d like to see removed from the network.
Ok, I have now brought on board a sysadmin friend of mine called Nick to provide additional support. I have sent over the new plan to @Graham and we are meeting in a call asap and will send out an update via email to all members.
The three old servers we have access to are locked now to only ssh access.
Me and Nick will finishing the backups of the three old servers and taking them offline within the week. The plan I have proposed to @Graham is that backups will be stored encrypted and offsite (using restic/Borgbase) for three months before being deleted. In the meantime, members can request copies of their recordings via the support email.
@anarcat we think we have found a way to delete specific Tor Project call recordings from the XML metadata files and will do that asap. Either tomorrow or on Monday. I’ll update you further via Matrix DM.
Hi @kawaiipunk wrt to the configurations, yesterday we noted that the screen is unmirrorred, and we lack the option to mirror. IIRC previously we will have had “mirror by default” your own webcam, to make it feel more natural to participants.
Then there is the default whiteboard. We had collectively developed this one: meet.coop_default_whiteboard_screen_15-06-22.jpg - Nextcloud (I see that Collocall also followed the logic of presenting a whiteboard that immediately helps newcomers to find the main buttons ;-))
If you make me BBB admin again, I can help out with some of the UI configurations.
Thanks so much for this feedback! In fact, we should make a separate thread to collect all these config requests. Our top todo is to add the meet.coop branding but any tips members can share would be greatly appreciated.
Hi all! Eduardo a.k.a. @flancian from the Social.coop Tech Working Group here. First of all, thank you for all the work you have done here for Meet.coop and its users!
We have received several reports from Social coop members who were using Meet coop through the socialcoop\.meet\.coop subdomain who are unable to log in with their credentials in either available server (e.g. de\.meet\.coop). socialcoop\.meet\.coop is known to be down but we were hoping that users would still be able to use de\.meet\.coop going forward, either until socialcoop\.meet\.coop is restored or indefinitely if the intention is to consolidate onto a simpler production setup.
Could you please let us know what are the next steps towards restoring service for Social\.coop users, and whether we can help in any way?
(Meta/aside: I had to rework this post with those awkward backslashes because Discourse told me each post can have a maximum of two links, and didn’t offer another obvious way to not autolink these domains. This is the first time I encounter such a limitation and it felt like it increased the barrier of entry to participation in this forum; if this is a Discourse setting maybe it should be relaxed.)
Me and Nick worked on the servers again today. Everything me and Nick have access to is now backed up now using encrypted backups (Restic and Borgbase).
Have you asked Komubit to root the ca.meet.coop server for you? This should be a straight forward matter of them shutting it down and appending your SSH public keys to /root/.ssh/authorized_keys and checking that /etc/ssh/sshd_config allows logins with keys and then restarting it?
Hi Eduardo @flancian great to see you here! The max links for new users on this discourse forum was set to 2 (to reduce harm by spammer I guess); I just found the setting and increased it to 5.
In any case, now you are welcomed and got some likes and badges, you are not so new anymore
(I’m just an old time volunteer who steps in to help sometimes, after having been operational member from May 2020 till end 2022)
Is the server underpowered or perhaps there was an issue at the time with Hetzner who provide it? 
