How to test Jitsi-meet CoTurn implementation

I’m quite new with server configuration etc

Some participants had problems to join my Jitsi self hosted while others could.

I identified/supposed at least one was blocked because of it’s corporate network limitations (?).

I found out it was possible to go through those limitations by using a CoTurn server.

So I installed one on a second server and connected it to my Jitsi installation.

Now everything seems to work properly but I have no idea on:

How to know if the previously blocked Participants will be able to join the rooms now?

Merci pour votre aide !

You can block on jvb firewall port 10000 just for your public address and check whether others see you, this the quickest way

Merci, it seems a good solution but unfortunately I am really new to all those backend stuff.

Would this command achieve this?

  sudo ufw disallow from my.ip.add.ress to any port 10000

And after my test reopen with:

  sudo ufw allow from my.ip.add.ress to any port 10000

Thanks again!

Maybe, I’m also not sure about the syntax of ufw?
ufw deny from my.ip.add.ress to any port 10000
ufw delete from my.ip.add.ress to any port 10000

Thanks again for your help


I could reproduce the problem by blocking Ports in Windows 10 Firewall as explained here : How to Block or Allow TCP/IP Port in Windows Firewall | Action1

Now I can see that my Coturn server is not working but have no idea how I can manage to make it working.

The Errors in Google Chrome :

> 2021-02-09T09:57:39.397Z [modules/RTC/BridgeChannel.js] <WebSocket.e.onclose>:  Channel closed: 1006 
> Logger.js:154 2021-02-09T09:58:34.979Z [modules/connectivity/IceFailedHandling.js] <i._conference.jvbJingleSession.terminate.reason>:  session-terminate for ice restart - error: undefined
> BridgeChannel.js:86 WebSocket connection to 'wss://' failed: Error during WebSocket handshake: Unexpected response code: 403

And in Firefox:

Preformatted textWebRTC: ICE failed, add a STUN server and see about:webrtc for more details

2021-02-09T10:04:02.554Z [modules/RTC/BridgeChannel.js] <_handleChannel/e.onclose>: Channel closed: 1006

But I can’t figure out what I should look at now? Perhaps should I open a new thread?

Thank you for your help @damencho

What is your nginx config?

On my Jitsi server I guess, because I didn’t have to install Nginx on my coturn server. Did I miss something here?

  server_names_hash_bucket_size 64;

  server {
      listen 80;
      listen [::]:80;

      location ^~ /.well-known/acme-challenge/ {
          default_type "text/plain";
          root         /usr/share/jitsi-meet;
      location = /.well-known/acme-challenge/ {
          return 404;
      location / {
          return 301 https://$host$request_uri;
  server {
      listen 443 ssl;
      listen [::]:443 ssl;

      # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
      ssl_protocols TLSv1.2 TLSv1.3;
      ssl_ciphers NOT SURE I MAY SHARE THIS ;);
      ssl_prefer_server_ciphers off;

      ssl_session_timeout 1d;
      ssl_session_cache shared:SSL:10m;  # about 40000 sessions
      ssl_session_tickets off;

      add_header Strict-Transport-Security "max-age=63072000" always;

      ssl_certificate /etc/letsencrypt/live/;
      ssl_certificate_key /etc/letsencrypt/live/;

      root /usr/share/jitsi-meet;

      # ssi on with javascript for multidomain variables in config.js
      ssi on;
      ssi_types application/x-javascript application/javascript;

      index index.html index.htm;
      error_page 404 /static/404.html;

      gzip on;
      gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
      gzip_vary on;
      gzip_proxied no-cache no-store private expired auth;
      gzip_min_length 512;

      location = /config.js {
          alias /etc/jitsi/meet/;

      location = /external_api.js {
          alias /usr/share/jitsi-meet/libs/external_api.min.js;

      # ensure all static content can always be found first
      location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
          add_header 'Access-Control-Allow-Origin' '*';
          alias /usr/share/jitsi-meet/$1/$2;

          # cache all versioned files
          if ($arg_v) {
              expires 1y;

      # BOSH
      location = /http-bind {
          proxy_pass       http://localhost:5280/http-bind;
          proxy_set_header X-Forwarded-For $remote_addr;
          proxy_set_header Host $http_host;

      # xmpp websockets
      location = /xmpp-websocket {
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          proxy_set_header Host $http_host;
          tcp_nodelay on;

      # colibri (JVB) websockets for jvb1
      location ~ ^/colibri-ws/default-id/(.*) {
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          tcp_nodelay on;

      location ~ ^/([^/?&:'"]+)$ {
          try_files $uri @root_path;

      location @root_path {
          rewrite ^/(.*)$ / break;

      location ~ ^/([^/?&:'"]+)/config.js$
          set $subdomain "$1.";
          set $subdir "$1/";

          alias /etc/jitsi/meet/;

      # BOSH for subdomains
      location ~ ^/([^/?&:'"]+)/http-bind {
          set $subdomain "$1.";
          set $subdir "$1/";
          set $prefix "$1";

          rewrite ^/(.*)$ /http-bind;

      # websockets for subdomains
      location ~ ^/([^/?&:'"]+)/xmpp-websocket {
          set $subdomain "$1.";
          set $subdir "$1/";
          set $prefix "$1";

          rewrite ^/(.*)$ /xmpp-websocket;


Merci encore For your Help!

Looks good.

Now check whether jvb config is there as explained here: FAQ · Jitsi Meet Handbook and is it correct.

I’m checking Handbook but already a Question: Its not clear on chapter 2 when it’s asking to check for Prosody conf.

Is it on Turn Server? I didn’t have to install Prosody on this server. Did I miss anything?

I continue the Handbook and tests and come back here Soon :crossed_fingers:

Thanks again

oh well, maybe my old ramblings could help here, since for writing them I definitely did a test with a separate coturn server. FTR it was an Alpine container with the system coturn.