Buster, upgrate in LXC

Dear team,

Grate work for that software.

Debian Buster, LXC non privileges.

I’m trying to upgrade:

apt-get update && apt-get dist-upgrade

Upgrade breaks because coturn fails to start.

journalctl -xe

coturn.service: Failed to set up mount namespacing: Permission denied

Does coturn is absolutely necessary. It seems to be a new dependence.

Thanks for your help.

Regards,

Raphaël

For the record, I have setup a Jitsi meet server in a LXD Ubuntu 18.04 container on an Ubuntu 16.04 server and had no trouble installing the coturn stuff after fiddling a bit but my problem had nothing to do with containers. Anyway I removed it because it’s more trouble that it’s worth since the goal of coturn is to allow everything to go through port 443 (that is working without port 10000) and replacing UDP with TCP gives worse performance. Since you used jitsi before you used port 10000 already and so you can apt purge jitsi-meet-turnserver.
Edit: with Linux containers using LXC on Debian is somewhat a marginal solution since most devs are paid by Ubuntu and as such work primarily on LXD - your problems with LXC and coturn can be real and you could post it on the linuxcontainers.org forum if you care but you don’t need to.

But now I can have audio and video only through my local network. My LXC has a nated address.
My network is as follow:
A router with 443 and 4443 ports forrwarded
A Nginx on LXC as reverseproxy which listen on 443 with the certificat
an LXC with an other nginx and jitsi-meet.
In /etc/jitsi/videobridge/sip.community.properties:
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=192.168.1.x
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=xxx
I noticed with the upgraded version, no listning on port 4443.
Everything works as well with my old version which I conserved in a snapshot.

Regards,

Raphaël

Personnaly I’m still unclear about the advantages of using JitsiMeet behind a firewall blocking port 10000. I’m beginning to feel that using a coturn server on the host running jitsi allow clients behind a corporatey firewall - so blocked on UDP port 10000 - to access a jitsi meet instance, it must involve some nginx magic to encapsulate voice (RTP) trafic in HTTPS and route it through coturn toward jvb, but it’s still murky.

Reading this I’m beginning to suspect that the real magic happens in prosody and it can’t work anyway in my case since Ubuntu 18.04 ships with prosody 0.10. As you use buster you have 0.11 so I’d guess that forwarding to prosody from your proxy could help. But really I’m out of my (current) depth :slight_smile:

Sorry. I forgot to to precise all forwarded ports:
443 TCP to the LXC with the fronted Nginx
4443 TCP and 10000 - 20000 in UDP to the jitsi LXC.
I restored a snapshot with jitsi-meet 1.0.4101 which works correctly.
The port TCP 4443 and UDP 10000 appears as opened in netstat.
With the version 2.0.4384, only UDP 10000 is opened.
The last version seems to make a callback to TCP 4443.