How it works if jvb container is not able to export 4443/10000 port? related with harvest nat

Hi guys,

I’m deploying a k8s(docker based) jitsi environment, when configuring jvb, since I could not export 4443/10000 port of jvb outside, I used sip-communicator.properties to enable NAT like below:

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=10.244.1.33

org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=172.16.106.236

When I check through chrome://webrtc-internals/, I found the nat does not work as my design, it reads like:
a=candidate:2 1 udp 1694498815 18.219.108.225 10000 typ srflx raddr 10.244.1.33 rport 10000 generation 0

what’s more strange is that 18.219.108.225 appeared in all my docker based environment as the outside endpoint in request, and this ip should belongs to an aws machine.

So I want to make clear that:

  1. does 18.219.108.225 work as jvb outside point for all docker-based jvb service?
  2. how could I make my own NAT setting work?

Thanks!

I noticed that docker-compose is using the DOCKER_HOST_ADDRESS as NAT entrypoint, but I have to manually configure this value into my jvb container. How could I do this to simulate what docker-compose did on my own container?