Docker + NAT + reverse proxy not working (no video no sound except locally)

Hey
So I’ve followed the instructions but still can’t have the system working. It works locally but can’t go through the NAT although ports 10.000 udp and fallback 4443 tcp are open for JVB.
Jitsi Web is seen from outside thanks to a reverse proxy “jitsi.mywebsite.com” on port 443 that is translated to 8443 to reach the proper docker container.
Here is the schematics… can you tell me if antyhing is wrong in this drawing?


Thanks for your help !

can you share your .env config file ?
also can you do docker-compose ps and share your containers and port configs ?

Hi thanks for the interest :slight_smile:

Docker-compose ps results in

Name Command State Ports
docker-jitsi-meet_jicofo_1 /init Up
docker-jitsi-meet_jvb_1 /init Up 0.0.0.0:10000->10000/udp,
0.0.0.0:4443->4443/tcp
docker-jitsi-meet_prosody_1 /init Up 5222/tcp, 5269/tcp, 5280/tcp,
5347/tcp
docker-jitsi-meet_web_1 /init Up 0.0.0.0:8443->443/tcp,
0.0.0.0:8000->80/tcp

Full .env file is attached.
env.txt (8.6 KB)

Here are the main config lines according to me

Exposed HTTP port
HTTP_PORT=8000

Exposed HTTPS port
HTTPS_PORT=8443

PUBLIC_URL=https://jitsi.mywebsite.com # this lets me reach jitsi web from outside and create/enter a room

IP address of the Docker host
DOCKER_HOST_ADDRESS=192.168.1.91 #the IP of the NAS that hosts the docker containers with jitsi. I’ve also tried with the external IP (12.34.56.78)

STUN servers used to discover the server’s public IP
JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443,stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 #I’ve noticed that documentation was not consistent and added new and old stun servers

Media port for the Jitsi Videobridge
JVB_PORT=10000

TCP Fallback for Jitsi Videobridge for when UDP isn’t available
JVB_TCP_HARVESTER_DISABLED=false #this means it falls back to tcp 4443 when udp 10000 doesn’t work right ?
JVB_TCP_PORT=4443

Last, here are some screenshots of the container configuration as seen in syno UI :

Jitsi Web

Jitsi Videobridge

Jicofo

Jitsi Prosody

With this setup I can :

  • access jitsi web from anywhere (LAN or outside LAN) and create a room or join a room.
  • chat with all users connected, whether on LAN or outside LAN
  • have video and audio ONLY on LAN

I can’t :

  • have audio and video outside the LAN

I wasn’t able to try with more than 2 clients at the same time, I will try once it works with 2 users first…

Thanks for your help

I am going to keep looking but in the meantime can you enable http_redirect ?
this setting will redirect all http requests to https. The reason why I am saying this is because I have seen the same behavior when the client connects through http. Audio and video wont work.
This might not be the issue, but it is good to get it out of the way.
ENABLE_HTTP_REDIRECT=1

Also try commenting out the stun servers.

So I’ve enable HTTP redirect

Stun servers were not commented, so… I don’t know what I should have changed ?
JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443,stun.l.google.com:19302, …

I restarted… which means :
docker-compose down
rm config directory
mkdir config directory
docker-compose up -d

still the same behaviour (no audio/video from outside)

#JVB_STUN_SERVERS

ah okay
I’ve done that and restarted.
No change

:frowning:
if you restart the server, try to connect from outside and look at all 4 logs, do you see any errors ?
docker-compose logs -f web
docker-compose logs -f jicofo
docker-compose logs -f prosody
docker-compose logs -f jvb

I get this error
WARNING: no logs are available with the ‘db’ log driver

Ok I did some digging in the syno UI and found the relevant logs.

Here is what the log should show

  • booting up
  • entering a room called “boireamontpar” with my computer on the LAN with firefox
  • trying to join that room from my phone with the jitsi app and using 4G
  • closing connections and room

docker-jitsi-meet_jvb_1.txt (41.1 KB) docker-jitsi-meet_prosody_1-4.txt (7.5 KB) docker-jitsi-meet_jicofo_1-4.txt (44.3 KB) docker-jitsi-meet_web_1-4.txt (22.8 KB)

I tried again.
I don’t understand why my setup tries to make a stream with this ip 100.111.183.13 ??

INFO: Add remote candidate for stream-c4a82822.RTP: 100.111.183.13:64750/tcp/host stderr

UPDATE

It works… if I don’t use Firefox.

If I use the jitsi meet electron stand alone app… there is no problem for 2 (haven’t tried more people).
However it’s very pixellated… sound is perfect though.

1 Like

Hi guys,
I am getting this error from docker-compose logs -f web

| 2020/06/25 05:29:34 [error] 225#225: *1 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 190.236.197.185, server: meet.jitsi, request: “POST /http-bind?room=prueba_123456_123456 HTTP/2.0”, upstream: “http://172.18.0.3:5280/http-bind?room=prueba_123456_123456”, host: “meet.mysite.com:8443”, referrer: “https://meet.mysite.com:8443/Prueba_123456_123456

why I am getting this error with this IP 172.18.0.3? i did not configure it.
I have the local network with IP address: 172.18.0.1
my docker0 IP address 172.17.0.1 (according ifconfig)
What IP address should I use for DOCKER_HOST_ADDRESS?

I tried with all of this address including the external IP address.

Please could you advise?
thanks

Regards