Colibri WebSocket doesn't work with default Jitsi Docker setup

I have a standard Jitsi Meet Docker setup on AWS EC2. Everything seems to be working well but when the meeting participants are more than 2, the video quality drops down to the lowest. I read somewhere in Jitsi Forum that this is potentially due to Colibri. I keep getting the following set of errors as Colibri WebSocket does not work.

I’d greatly appreciate any pointers to help fix the issue.

Please let me know if any additional information is required.

Jitsi Web Logs

2021/09/27 12:48:48 [error] 259#259: *100 upstream timed out (110: Connection timed out) while connecting to upstream, client: 172.31.67.133, server: _, request: "GET /colibri-ws/172.21.0.5/477c6fda2f5f712e/93ecfab9?pwd=5ukh8fj956sbsfcvvrf7gsvdld HTTP/1.1", upstream: "http://172.21.0.5:9090/colibri-ws/172.21.0.5/477c6fda2f5f712e/93ecfab9?pwd=5ukh8fj956sbsfcvvrf7gsvdld", host: "meet.nbl.one"
172.31.67.133 - - [27/Sep/2021:12:48:48 +0000] "GET /colibri-ws/172.21.0.5/477c6fda2f5f712e/93ecfab9?pwd=5ukh8fj956sbsfcvvrf7gsvdld HTTP/1.1" 504 590 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"

Chrome Screenshot

Is JVB hosted separately?

No, all the components are on the same machine (EC2). I brought them up via docker-compose up -d.

Did you make changes to your nginx? Looks like the referenced IP is wrong. Share your nginx config.

I didn’t change anything in nginx. It is the default that comes with the offical docker image.

server_name _;

client_max_body_size 0;

root /usr/share/jitsi-meet;

# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;

index index.html index.htm;
error_page 404 /static/404.html;

# Security headers
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";




add_header Permissions-Policy "interest-cohort=()";


location = /config.js {
    alias /config/config.js;
}

location = /interface_config.js {
    alias /config/interface_config.js;
}

location = /external_api.js {
    alias /usr/share/jitsi-meet/libs/external_api.min.js;
}

# ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
    add_header 'Access-Control-Allow-Origin' '*';
    alias /usr/share/jitsi-meet/$1/$2;
}


# colibri (JVB) websockets
location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
    proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    tcp_nodelay on;
}


# BOSH
location = /http-bind {
    proxy_pass http://xmpp.meet.jitsi:5280/http-bind;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host meet.jitsi;
}


# xmpp websockets
location = /xmpp-websocket {
    proxy_pass http://xmpp.meet.jitsi:5280/xmpp-websocket;
    proxy_http_version 1.1;

    proxy_set_header Connection "upgrade";
    proxy_set_header Upgrade $http_upgrade;

    proxy_set_header Host meet.jitsi;
    proxy_set_header X-Forwarded-For $remote_addr;
    tcp_nodelay on;
}


location ~ ^/([^/?&:'"]+)$ {
    try_files $uri @root_path;
}

location @root_path {
    rewrite ^/(.*)$ / break;
}

I do not have nginx setup on my EC2. I expose port 80 to a target group directly (the target group is linked to a listener on my ALB).

I’m not familiar with docker, but this block here is typically for remote JVBs

Try commenting out that whole block and adding this instead, see if it works:

# colibri (JVB) websockets 
    location ~ ^/colibri-ws/default-id/(.*) {
        proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        tcp_nodelay on;
    }

Don’t forget to restart Nginx and JVB

Sure, will try and get back to you in a moment.

That didn’t work. I am still getting the error in my browser. In nginx, I am getting a 404 now:

172.31.44.140 - - [28/Sep/2021:07:45:29 +0000] "GET /colibri-ws/172.21.0.5/c17b7438c78b4da4/dea6b14b?pwd=3jbb8jkdb0o21kjjmfmkqgdjfi HTTP/1.1" 404 445 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"

Is this the IP of your docker container?

Neither Docker containers nor any AWS resource.

Looks like this has to do with your IP configuration. Websockets are trying to connect on through that IP. If it’s not valid for your container (not sure how docker handles IP addresses), then that’s a problem.

Ah, it is docker_gwbridge IP.

Yeah, so I think that’s where the issue is. Search through the forum, I think I’ve seen a couple of posts on docker IP specification/configuration. I strongly suspect that’s where your solution lies.

Thanks for the pointers, Freddie. I’ll do some more reading regarding this and get back.

Thanks for the help, Freedie. It indeed was related to IP configuration.

Great! :+1:t5:

See also Docker Swarm.