We setup 2 Jitsi servers (including meet, jvb, jicofo and prosody on each) behind haproxy, our backend part looks something like that:
backend be_jitsi mode http balance url_param room server server1 ... server server2 ... ...
We also use token authentication.
Every once in a while our users will experience problems connecting to the room and have to reload the browser to do so. The console shows the following warning:
Strophe: Server did not yet offer a supported authentication mechanism. Sending a blank poll request.
And after a while this error:
Strophe: request id 2.1 error 504 happened
When setting one of the servers to maintenance mode in haproxy the problem disappears.
Looking at the calls we send to the servers we found out that:
- The Initial call goes to https:// our.domain/RoomName?jwt=whatever
- A bunch of other calls are then going to https:// our.domain/http-bind?room=RoomName?token=whatever?jwt=whatever or https:// our.domain/http-bind?room=RoomName?token=whatever
My assumption is the following:
- the initial call not having a room= parameter cause haproxy to use roundrobin, and pick randomly one of the servers
- the following calls which have the room= parameter are then allocating those requests to a specific server (picked by hashing the RoomName and dividing it by the amount of our servers)
Which ultimately means they might or might not end up on the server that received the initial call, leading to this error.
What would you recommend to do in this case? Is there any other parameter/header which we could rely on, that have the same value among all the users trying to connect to the same call but is also unique among other rooms (to prevent flooding one server) and exists in every call we send to those servers?
Thank you in advance