Fallback to port 443 does not work as expected

I reconfigured nginx a couple of minutes ago to default to turn and now it works for me.

    meet.blahblah.com web_backend;
    turn.blahblah.com turn_backend;
    default turn_backend;

Without defaulting, I do not receive the certificate. No clue why…

Edit: Sorry, it’s late, told it vice versa… :slight_smile: had to default to turn and not to web to make it work (changed it above in the thread). When defaulting to web I receive the meet.blahblah.com certificate altough requesting turn.blahblah.com

Good Night.

Same issue with using Firefox. Chrome works.

Are you reproducing this on meet.jit.si?

@damencho

Using Firefox on the one end and Edge on the other end on meet.jit.si works:

But this is the result on my own test-jitsi (freshly installed system for testing this issue:

I’ve blocked all outging UDP-traffic for Firefox via Windows Firewall.

There are no relay candidates in the non working example like those were not received from prosody … You can do APP.conference.saveLogs() when you repro and see were those sent … Is it configured in prosody?

Hi @damencho,

here are my logs: https://cloud.snejp.de/s/R5LZZkZKe9CJHtW

/etc/prosody/conf.avail/konf.snejp.de.cfg.lua:

external_service_secret = "xxxx";
external_services = {
     { type = "stun", host = "turn.snejp.de", port = 3478 },
     { type = "turn", host = "turn.snejp.de", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
     { type = "turns", host = "turn.snejp.de", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
};

Do you know a good documentation for setting up turnserver with jitsi? I need it for a company with an quite restrictive firewall which blocks all outgoing UDP-traffic.

Do you have external_services module enabled, like this: jitsi-meet/prosody.cfg.lua-jvb.example at 450c961e6846c16035c56a6a9880fe65a3f610db · jitsi/jitsi-meet · GitHub

Is the jvb there inside the restricted udp traffic network?

The best doc is do a clean install, it configures a turnserver by default and then using a second DNS configure that instance to use port 443 as described in the handbook.

I’ve did a test with Firefox 85 and everything works fine. But Firefox 88 fails.

I did just that today, on an EC2 Amazon, with all ports open;
But when I enable the module in nginx and change the port from 443 to 4444, it keeps giving error.

PS: It took me a while to understand that it is no longer necessary to enable the “turncredentials” module in prosody.