How to configure the whole jitsi stack to use IPv4 only

Hello,

I installed my jitsi-meet server using the debian package. I tweak a few things and everything is running great.

Now I would like to configure the whole jitsi stack to use ipv4 only.

I find how to configure Prosody (https://prosody.im/doc/ports) but I cannot figure out how to configure the rest.

I would appreciate a few pointers to guide me through this.

Best regards,

Check your /etc/jitsi/meet/config.js file — my feeling is that IPv6 is disabled by default.

For nginx/apache2, change the listener in the sites-available config.

(Could you just disable IPv6 in your server’s network, so it’s not an option?)

Thank you for your help.

I have found these two lines :

// Enable IPv6 support.
// useIPv6: true,

Does this parameter affect the whole stack ?

Anyway, I think the default is true (netstat is reporting many ipv6/udp6 connections related to jitsi et al.).

Fair enough :slight_smile:
In which case, is disabling IPv6 on the server the easiest route? Or do you need it for other applications?

For now I would like to keep it.

Adding -Djava.net.preferIPv4Stack=true to JAVA_SYS_PROPS (/etc/jitsi/jicofo/config and /etc/jitsi/videobridge/config) seems to do the trick. I keep you in touch.

2 Likes

This parameter is likely deprecated and doesn’t affect anything. The default would be to support ipv6 if available.

I don’t think this is sufficient (I might be wrong). I suggest you add org.ice4j.ipv6.DISABLED=true to /etc/jitsi/videobridge/sip-communicator,properties.

Boris

1 Like

Thank you Boris.

It is still not sufficient. JVB is listening on [::]:5000 (udp6). Any idea ?

My system boots with ipv6.disable=1 on the kernel command line. I had to adapt the following things to make it work:

  • install nginx beforehand and remove the ipv6 listen directive
  • manually create /etc/nginx/sites-available and /etc/nginx/sites-enabled
  • only then install jitsi-meet
  • disable ipv6 for exim4 and clear the /var/log/exim4/paniclog

The only ipv6 related error I get is in /var/log/prosody/prosody.err:

portmanager error Failed to open server port 5347 on ::1, Address family not supported by protocol

but the system appears to run properly in spite of this error.

FYI: my system runs as unprivileged lxc3 container with debian stretch 9.12, the main host running below it is CentOS 7.7 amd64, kernel 3.10 .

Regards
Marcel

If possible, I would like to keep IPv6 at the system level.

Do you know what Jitsi’s service/task/whatever is related to port UDP 5000 ?

The only tcp6/upd6 reported by netstat is :
udp6 0 0 [::]:5000 [::]:* jvb 85598 6129/java

NB : I added org.ice4j.ipv6.DISABLED=true. Maybe should I report this as an issue ?

Any suggestion ?

Aha! This is not ice4j, it comes from the sctp stack. It is not used for anything, it’s just an artifact of the usrsctp implementation we use. There’s no property to disable it right now (contributions are welcome, see SctpManager in jitsi-videobridge), but you can safely filter it out in your firewall, it won’t affect anything.

Boris

2 Likes

Thanks Boris!

These changes did make difference but not to all services, following two services moved from tcp6 to tcp.

tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN