HAProxy Issue with two Jitsi servers

Dears;

First of all, I would like to thank you for helping us.

I have two jitsi servers on Azure cloud (Two Shards) and one haproxy server in the same internal network.
Each jitsi server has its own public IP address.

The issue is, when I create a meeting room and invite 10 people, some of them routed to wrong server than on which the meeting on.

Here is the config of each server:

Jitsi 1
Local IP: 10.0.0.4
Hostname: meet.x.com

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.meet.x.com
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=yNJTWQOq
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.meet.x.com
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=3773290f-d0f3-4de6-9e7e-f48d7f45eb4c

Jitsi 2
Local IP: 10.0.0.5
Hostname: meet.x.com

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.meet.x.com
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=cC#H8ME9
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.meet.x.com
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=f96bdeaa-1d4f-4f2d-89e6-364b84a91db8

HAProxy
Local IP: 10.0.0.3
config:

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        tune.ssl.default-dh-param 1024

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend Jitsi_In
bind *:80
bind *:443 ssl crt /etc/ssl/meetcert-full.pem
http-request redirect scheme https unless { ssl_fc }
option forwardfor
default_backend Jitsi_SRVs

backend Jitsi_SRVs
balance source
stick-table type string len 256 size 200k expire 120m
stick on url_param(room) table Jitsi_SRVs
hash-type consistent
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server Jitsi01 10.0.0.4:443 check ssl verify none
server Jitsi02 10.0.0.5:443 check ssl verify none

your help is highly appreciated, thank you.

You need to make sure your haproxy config sticks sessions for participants based on URL parameter room to the same shard.
All participants from the same room will go to the same shard.

How? is there anything wrong in the mentioned haproxy config?

Sorry I’m not very familiar with haproxy, but I do not see in that config anything to respect the room URL parameter.

@damencho Thank you so much for your support, I’ll give it a try and see