Cannot get JVB to function on AWS instance

Hello,
I have an instance of Jitsi running on an AWS server and it works well for P2P connections, however whenever the internet connection of the user is iffy or there are 3 participants the call fails with a black screen no audio, but still being able to see all participants. From what I understand this is an issue with the JVB. I am aware of the advanced settings section of the quickstart guide and have been assured by multiple members of the team that the ports 443, 4443 and 10000 are correctly forwarded. So I have come to the conclusion that we are setting the incorrect IP’s for the NAT_HARVESTER. We have tried user the public and private ip’s of the NAT gateway and we have tried using the private IP of the server jitsi is running on, however in EC2 that server does not have a public address so we also tried the IP of the bastion server that we use to SSH, and every combination of those.

As for logs jvb.log the logs are mostly sections like this:
JVB 2019-10-08 17:54:25.333 INFO: [16] org.jitsi.videobridge.Videobridge.log() CAT=stat create_conf,conf_id=5576711fbaca2100 conf_name=null,logging=false,conf_count=2,ch_count=0,v_streams=0

JVB 2019-10-08 17:54:25.360 INFO: [16] org.jitsi.videobridge.health.Health.log() Performed a successful health check in 27ms. Sticky failure: false

JVB 2019-10-08 17:54:25.571 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.103.77,port=55567,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.571 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.101.52,port=37997,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.571 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.102.179,port=52933,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.571 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.103.77,port=29831,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.571 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.102.179,port=24920,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.571 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.102.179,port=55178,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.571 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.103.77,port=7545,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.571 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.102.179,port=57809,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.571 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.103.77,port=39375,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.571 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.101.52,port=42655,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.571 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.101.52,port=23131,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.572 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.101.52,port=14766,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.572 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.103.77,port=18283,localport=4443]: End of stream!

JVB 2019-10-08 17:54:25.671 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.102.179,port=24782,localport=4443]: End of stream!

JVB 2019-10-08 17:54:28.674 INFO: [40] org.ice4j.ice.harvest.AbstractTcpListener.readFromChannel() Failed to handle TCP socket Socket[addr=/10.0.101.52,port=55543,localport=4443]: End of stream!

Which I have read in another thread is not an issue.

In Jicofo.log I found:
java.net.SocketException: Broken pipe (Write failed)
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)
at java.net.SocketOutputStream.write(SocketOutputStream.java:155)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
at java.io.BufferedWriter.flush(BufferedWriter.java:254)
at org.dom4j.io.XMLWriter.flush(XMLWriter.java:272)
at org.jivesoftware.whack.ExternalComponent.send(ExternalComponent.java:371)
at org.jivesoftware.whack.ExternalComponentManager.sendPacket(ExternalComponentManager.java:269)
at org.xmpp.component.AbstractComponent.send(AbstractComponent.java:925)
at org.jitsi.xmpp.component.ComponentBase.access$400(ComponentBase.java:36)
at org.jitsi.xmpp.component.ComponentBase$PingTask.run(ComponentBase.java:577)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)

Thank you for any help you can offer

You need to put there the private address of the EC2 instance, and its public address it is behind, and setup the security group that traffic udp 10000 goes to that machine. Have you done the forwarding?

Thank you for your reply,
We were able to take the issue a little further yesterday. It turned out that the private address was the one that can be found by sshing into the machine and running ifconfig as has been stated in other threads while the public ip address that worked was one of the IPs for our web facing load balancer.

The next question that arrises from this if there is a better way to set the org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS value. It seems wrong to use just 1 of 3 IPs provided by the load balancer, but more importantly these IPs are mutable where as only the DNS address is static. Is there a recommended way to deal with this situation?

I ended up using the DNS address, for some reason I was thinking the org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS had to be an IP address, this seems to address all my issues

I don’t think it’s a good idea to put JVB behind a load balancer and use DNS name to find it. You will break the conferences if different peers end up on different JVBs.

In AWS you can always get the private and the public IPs of a running instance. You can automate this and populate the NAT harvester values at boot time.

In my case there is only one JVB instance is this still a concern?

If it’s one JVB I guess it wouldn’t be a problem. I never used it this way, though. If it works for you, I guess it’s OK, as long as it’s only one JVB.