Allow jitsi-meet to run behind WAF

I have successfully installed jitsi meet and am trying to run jitsi meet behind WAF .

I have successfully setup Jitsi meet and works fine when proxy turned off.

As soon as I turn proxy, I can no longer access the Jitsi server.

nginx error log shows:

2020/04/20 17:57:14 [error] 11262#11262: *1119 recv() failed (104: Connection reset by peer) while proxying and reading from upstream, client: x.x.x.x, server: 0.0.0.0:443, upstream: β€œ127.0.0.1:4445”, bytes from/to client:2826/3608, bytes from/to upstream:3608/3080

1 Like

You need to remove the turn server multiplexing the traffic, as theproxy is not using http2 and breaks the multiplexing.
Move the nginx file that is in module-enabled and change the vhost nginx config to use port 443 and it should work.

Thank you for fast response.
I am new to jitsi meet, could you help me more with steps to fix the problem.

As i understand i have to go to /etc/nginx/modules-enabled/60-jitsi-meet.conf and change something here.
My file is below, Could you please tell me what to remove or change here?

stream {
upstream web {
server 127.0.0.1:4444;
}
upstream turn {
server 127.0.0.1:4445;
}
# since 1.13.10
map $ssl_preread_alpn_protocols $upstream {
β€œh2” web;
β€œhttp/1.1” web;
β€œh2,http/1.1” web;
default turn;

}

server {
    listen 443;

    # since 1.11.5
    ssl_preread on;
    proxy_pass $upstream;

    # Increase buffer to serve video
    proxy_buffer_size 10m;
}

}

Remove that file and go to /etc/nginx/site-available/your-conf and change it to listen on 443 instead of 4444 and restart nginx.

Thank you so much it works successfully. Really appreciate your support

This information was very helpful for me, thank you. One question in that context: Are there situations in which the removal of the turnserver multiplexing has negative effects and which are these?

Corporate networks where only tcp on port 443 are allowed.

works this way, but audio and video don’t work