Help configuring jvb websockets

Hello community,

I’m having some trouble using jvb websocket (ws-colibri) on tcp port 443.

I installed docker version of jitsi-meet (version stable-5142-4).

I want to run jitsi-meet on this way:

  • web ui on HTTPS (443/tcp)
  • jvb on port 10000/udp for RTP media over UDP
  • jvb on port 443/tcp for RTP media over TCP
  • NO P2P functionality

If i block all UDP traffic from my clients, I can access any room but there is no audio/video.
In my clients, under “Network Section” of my browser I can see:

  • wss://videochat.mydomain.eu/xmpp-websocket?room=www (status code 101 - connection works)

then many of the following calls (the first 4 with status code 101 - the others with Error code 403 during websocket handshake)

  • wss://videochat.mydomain.eu/colibri-ws/172.21.0.5/166a7c967417f936/edb742ac?pwd=7orvb3lhho8h8psr7sabhs4u5s (status code 101)
    {"colibriClass":"ReceiverVideoConstraint","maxFrameHeight":2160} SENT
    {"colibriClass":"PinnedEndpointChangedEvent","pinnedEndpoint":null} SENT
    {"colibriClass":"SelectedEndpointsChangedEvent","selectedEndpoints":["3d772bf6"]} SENT
    {"colibriClass":"ReceiverVideoConstraint","maxFrameHeight":2160} SENT
    {"colibriClass":"ServerHello"} RECEIVED
    {"colibriClass":"DominantSpeakerEndpointChangeEvent","dominantSpeakerEndpoint":"edb742ac"} RECEIVED
    {"colibriClass":"SenderVideoConstraints", "videoConstraints":{"idealHeight":1080,"preferredFps":30.0,"preferredHeight":360}} RECEIVED
    {"colibriClass":"EndpointMessage","msgPayload":{"type":"e2e-ping-request","id":1},"to":"3d772bf6"} SENT
    {"colibriClass":"ReceiverVideoConstraint","maxFrameHeight":2160} SENT
    {"colibriClass":"EndpointMessage","from":"3d772bf6","to":"edb742ac","msgPayload":{"type":"e2e-ping-response","id":1}} RECEIVED
    {"colibriClass":"EndpointMessage","msgPayload":{"type":"e2e-ping-request","id":2},"to":"3d772bf6"} SENT
    {"colibriClass":"EndpointMessage","from":"3d772bf6","to":"edb742ac","msgPayload":{"type":"e2e-ping-request","id":2}} RECEIVED
    {"colibriClass":"EndpointMessage","msgPayload":{"type":"e2e-ping-response","id":2},"to":"3d772bf6"} SENT
    {"colibriClass":"EndpointMessage","from":"3d772bf6","to":"edb742ac","msgPayload":{"type":"e2e-ping-response","id":2}} RECEIVED
    {"colibriClass":"EndpointConnectivityStatusChangeEvent","endpoint":"edb742ac","active":"false"} RECEIVED
    {"colibriClass":"EndpointConnectivityStatusChangeEvent","endpoint":"3d772bf6","active":"false"} RECEIVED

The last two messages are then repeated a A LOT of times.

  • wss://videochat.mydomain.eu/colibri-ws/172.21.0.5/166a7c967417f936/edb742ac?pwd=3heef6jvl6ree4k6mu4g1nkmmr
    {"colibriClass":"ReceiverVideoConstraint","maxFrameHeight":2160} SENT
    {"colibriClass":"PinnedEndpointChangedEvent","pinnedEndpoint":null} SENT
    {"colibriClass":"SelectedEndpointsChangedEvent","selectedEndpoints":["3d772bf6"]} SENT
    {"colibriClass":"ReceiverVideoConstraint","maxFrameHeight":2160} SENT
    {"colibriClass":"ServerHello"} RECEIVED
    {"colibriClass":"DominantSpeakerEndpointChangeEvent","dominantSpeakerEndpoint":"3d772bf6"} RECEIVED
    {"colibriClass":"EndpointMessage","msgPayload":{"type":"e2e-ping-request","id":3},"to":"3d772bf6"} SENT
    {"colibriClass":"ReceiverVideoConstraint","maxFrameHeight":2160} SENT
    {"colibriClass":"SenderVideoConstraints", "videoConstraints":{"idealHeight":1080,"preferredFps":30.0,"preferredHeight":360}} RECEIVED
    {"colibriClass":"EndpointMessage","from":"3d772bf6","to":"edb742ac","msgPayload":{"type":"e2e-ping-response","id":3}} RECEIVED
    {"colibriClass":"EndpointMessage","msgPayload":{"type":"e2e-ping-request","id":4},"to":"3d772bf6"} SENT
    {"colibriClass":"EndpointMessage","from":"3d772bf6","to":"edb742ac","msgPayload":{"type":"e2e-ping-request","id":4}} RECEIVED
    {"colibriClass":"EndpointMessage","msgPayload":{"type":"e2e-ping-response","id":4},"to":"3d772bf6"} SENT
    {"colibriClass":"EndpointMessage","from":"3d772bf6","to":"edb742ac","msgPayload":{"type":"e2e-ping-response","id":4}} RECEIVED
    {"colibriClass":"EndpointMessage","msgPayload":{"type":"e2e-ping-request","id":5},"to":"3d772bf6"} SENT
    {"colibriClass":"EndpointMessage","from":"3d772bf6","to":"edb742ac","msgPayload":{"type":"e2e-ping-request","id":5}} RECEIVED
    {"colibriClass":"EndpointMessage","msgPayload":{"type":"e2e-ping-response","id":5},"to":"3d772bf6"} SENT
    {"colibriClass":"EndpointMessage","from":"3d772bf6","to":"edb742ac","msgPayload":{"type":"e2e-ping-response","id":5}} RECEIVED
    {"colibriClass":"EndpointConnectivityStatusChangeEvent","endpoint":"3d772bf6","active":"false"} RECEIVED
    {"colibriClass":"EndpointConnectivityStatusChangeEvent","endpoint":"edb742ac","active":"false"} RECEIVED

The last two messages are then repeated a A LOT of times.
Then there are also other two similar calls (with different password) then colibri-ws calls are rejected with error code 403.

It seems that the websocket server works, but that the bridge is closed very soon.
Do I need to configure my server in a different way?

I followed installation guidelines

Server has the following ports/protocol opened (incoming/outgoing):

  • 80/tcp
  • 443/tcp
  • 10000/udp

Here my .env file

JICOFO_COMPONENT_SECRET=<generated pwd>
JICOFO_AUTH_PASSWORD=<generated pwd>
JVB_AUTH_PASSWORD=<generated pwd>
JIGASI_XMPP_PASSWORD=<generated pwd>
JIBRI_RECORDER_PASSWORD=<generated pwd>
JIBRI_XMPP_PASSWORD=<generated pwd>

CONFIG=~/.jitsi-meet-cfg  
HTTP_PORT=80
HTTPS_PORT=443
TZ=Europe/Paris
PUBLIC_URL=https://videochat.mydomain.eu
DOCKER_HOST_ADDRESS=<public ip of my docker host>   #host is not NATTED

ENABLE_P2P=0

ENABLE_LETSENCRYPT=1
LETSENCRYPT_DOMAIN=videochat.mydomain.eu
LETSENCRYPT_EMAIL=<myemail@mydomain.eu>

ETHERPAD_TITLE="Video Chat"
ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
ETHERPAD_SKIN_NAME="colibris"
ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"

XMPP_DOMAIN=meet.jitsi
XMPP_SERVER=xmpp.meet.jitsi
XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
XMPP_AUTH_DOMAIN=auth.meet.jitsi
XMPP_MUC_DOMAIN=muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
XMPP_GUEST_DOMAIN=guest.meet.jitsi
XMPP_MODULES=
XMPP_MUC_MODULES=
XMPP_INTERNAL_MUC_MODULES=

JVB_BREWERY_MUC=jvbbrewery
JVB_AUTH_USER=jvb
JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443
JVB_PORT=10000
JVB_TCP_HARVESTER_DISABLED=true
JVB_TCP_PORT=4443
JVB_TCP_MAPPED_PORT=4443

JICOFO_AUTH_USER=focus

JIGASI_XMPP_USER=jigasi
JIGASI_BREWERY_MUC=jigasibrewery
JIGASI_PORT_MIN=20000
JIGASI_PORT_MAX=20050

XMPP_RECORDER_DOMAIN=recorder.meet.jitsi

JIBRI_RECORDER_USER=recorder
JIBRI_RECORDING_DIR=/config/recordings
JIBRI_XMPP_USER=jibri
JIBRI_BREWERY_MUC=jibribrewery
JIBRI_PENDING_TIMEOUT=90
JIBRI_STRIP_DOMAIN_JID=muc
JIBRI_LOGS_DIR=/config/logs

ENABLE_HTTP_REDIRECT=1
RESTART_POLICY=unless-stopped

Thank you for your support.

Luke

Did you enable JVB’s ICE-TCP support? It’s disabled by default (because generally it’s a better idea to use a TURN server for this role)

It looks like your colibri websocket (which is completely orthogonal to ICE and RTP) is working fine, but ICE fails and the JVB terminates the participant after a while so stops accepting the websocket messages.

Thank you very much @jbg for your quick answer.

Yes, setting parameter JVB_TCP_HARVESTER_DISABLED to “FALSE” does the JOB!
Doing so audio/video work!

JVB binds ICE-TCP server to port 4443 so clients needs to open outgoing 4443/tcp to reach the server. But if clients cannot use 4443 but only 443/tcp or 80/tcp are there any solutions?

Thanks

Luke

You can either host JVB and nginx on separate servers (or separate IPs on the same server) on port 443 or multiplex JVB through nginx. If going the separate IPs/servers route then a TURN server on tcp/443 is a more reliable solution overall.

Ok, I’ve got it!
I’ll try multiplexing

Thank you again

Luke