FIXED: Healthcheck in Video Bridge not Working anymore

After we upgrade to version 2.1-304-g8488f77d the health checks no longer works from the outside.

$ nestat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      204/java            
tcp        0      0 172.16.23.227:31005     0.0.0.0:*               LISTEN      204/java            
udp        0      0 172.16.23.227:31005     0.0.0.0:*                           204/java            
udp        0      0 0.0.0.0:5000            0.0.0.0:*                           204/java            
udp6       0      0 :::5000                 :::*                                204/java       

$ curl -v localhost:8080/about/health
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /about/health HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.52.1
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Wed, 02 Sep 2020 18:59:16 GMT
< Content-Length: 0
< Server: Jetty(9.4.15.v20190215)
< 
* Curl_http_done: called premature == 0
* Connection #0 to host localhost left intact

$ hostname -i
172.16.23.227

# From another container

$ curl 172.16.23.227:8080/about/health
curl: (7) Failed to connect to 172.16.23.227 port 8080: Connection refused

This is our configuration for sip:

$ cat /config/sip-communicator.properties 
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=studio-prosody
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.my-domain.org
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=ThisIsNotASecret
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=jvbbrewery@internal-muc.my-domain.org
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=studio-jvb-575df4f584-t725w
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true

org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri
org.jitsi.videobridge.STATISTICS_INTERVAL=5000

org.jitsi.videobridge.ENABLE_REST_SHUTDOWN=true
org.jitsi.videobridge.shutdown.ALLOWED_SOURCE_REGEXP=127.0.0.1
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=31005
org.jitsi.videobridge.TCP_HARVESTER_PORT=31005
# /etc/services.d/jvb/run

$ cat /etc/services.d/jvb/run 
#!/usr/bin/with-contenv bash

# JVB baseport can be passed to this script.
if [[ -n "${JVB_POD_PORT}" ]]; then
  echo "Devspace deployment detected ..."
else
  BASE_PORT=32100
  # add jvb ID to the base port (e.g. 32100 + 1 = 32101)
  export JVB_POD_PORT=$(($BASE_PORT+${HOSTNAME##*-}))
fi

echo "Make harvester port ${JVB_POD_PORT}"
echo "org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=${JVB_POD_PORT}" >> /config/sip-communicator.properties
echo "org.jitsi.videobridge.TCP_HARVESTER_PORT=${JVB_POD_PORT}" >> /config/sip-communicator.properties

# Find external and local ip.
LOAD_BALANCER_ADDRESS=$(dig +short "${LOAD_BALANCER_HOST}" | head -1)
LOCAL_ADDRESS=$(hostname -I | cut -d " " -f1)

JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/ \
  -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=config \
  -Djava.util.logging.config.file=/config/logging.properties \
  -Dorg.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=$LOCAL_ADDRESS \
  -Dorg.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=$LOAD_BALANCER_ADDRESS"

DAEMON=/usr/share/jitsi-videobridge/jvb.sh
DEFAULT_DAEMON_OPTS="none"
DAEMON_OPTS=${JVB_ENABLE_APIS:=$DEFAULT_DAEMON_OPTS}

exec /bin/bash -c "JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON --apis=${DAEMON_OPTS}"

And the deployment pases JVB_ENABLE_APIS as rest

This is the setup by default and, although there have been some changes in this area, I don’t think we changed the default behavior.

If you want this server to bind on another address, you need to set org.jitsi.videobridge.rest.private.jetty.host in the legacy config, or, ideally: videobridge.http-servers.private.host in the new config (though I don’t think the Docker containers have been updated to use new config yet).

1 Like

Dear @bbaldino, thank you so much for your quick answer!

Should it be port or host?

Sorry! It should be host (edited the original response).

1 Like

Thank you so much for the quick help @bbaldino!

And thank you for all your hard work! I cannot emphasize enough how happy we are with this tool.

1 Like