Jitsi Access through Proxy Server

Here’s our deployment.

  • We’ve jitsi running in AWS.

https://meet.jit.atheerair.com

  • Everything works fine for us in our network.

  • One of our customer has proxy server to access all internet in their infrastructure.

  • In such set-up https://meet.jit.si works perfectly fine. No issues.

But Our jitsi set-up, which is . https://meet.jit.atheerair.com doesn’t work. It doesn’t show Video at all. This set-up was done using Quick install instruction of Jitsi.

Is there any special configuration we need to allow access of jitsi through proxy server?

Do we need to use TURN Server? I see that in the in https://meet.jit.si/config.js, there’s reference to turn server at the end.

Best,
Sanjay

You need to configure turn server.


Thanks, Damian. We will try this out.

Best,
Sanjay

Hi @damencho

In this scenario, what if we disable the p2p mode and force the calls to flow through the video bridge. Is jitsi using Turn for multi party conferencing as well ?

Yes, those turn servers are used for the tcp connections when using meet.jit.si’s jvbs not only for p2p connections.

Hi @damencho,

Again, thanks for the pointers. We made changes to environment and seems like we’re making progress.

Here’s our latest Jitsi set-up.

  • AWS
  • Jitsi Meet / Jicofo and Prosody on one server.
  • Turn Server on separate machine - 443 port
  • JVB on separate machine - 443 port

Test Result - 1-1 Call - meet.jit.si and meet.jit.atheerair.com

  • 2 Clients behind proxy server and firewall - Call works fine.

  • 1 client behind proxy server / firewall and another client on home network - Call works fine. We see that clients pointing to turn server (p2p)(turn).

  • We monitored network traffic on the proxy server - and we see that proxy server sending data to turn server as well as the video bridge.

  • We see same results with https://meet.jit.si.

Test Result - Group Call - meet.jit.si

  • 1 client behind proxy server / firewall and 2 clients on home network - Call works fine.

  • Client behind proxy server sees remote address of videbridge and shows (turn) in brackets.

  • 2 clients on home network sees remote address of videbridge - It doesn’t show (turn) in remote address.

  • We monitored network traffic on the proxy server - and we see that proxy server sending data to turn server as well as the video bridge.

Test Result - Group Call - meet.jit.atheerair.com

  • 1 client behind proxy server / firewall and 2 clients on home network - Call works fine.

  • Client behind proxy server sees remote address of videbridge - It doesn’t show (turn) in remote address.

  • 2 clients on home network sees remote address of videbridge - It doesn’t show (turn) in remote address.

  • We monitored network traffic on the proxy server - and we see that proxy server sending data to video bridge only.

Any idea why we’re seeing different behavior for group with our set-up of Jitsi? Are we missing any specific configuration?

Best,
Sanjay

@sparmar-atheer I took a quick look and I don’t see anything suspicious.

Have you tried disabling TCP on the bridge?
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true

Thanks, @damencho. Will give this a try.

Best,
Sanjay

@damencho We tried disabling TCP on bridge and after that we couldn’t see traffic going to Videobridge over TCP from Proxy server.

Is TCP disabled (on Videobridge) on meet.jit.si set-up as well?

Best,
Sanjay

Yes it is.

Thanks a lot, @damencho. One last question.

When we put the Jitsi Meet app on mobile (Android) behind proxy server, Andoid app can’t connect to the video call.

Is there a special set-up needed? Looks like it’s trying to connect to Videobridge over TCP instead of turn server.

Does this with the mobile app work with meet.jit.si?

This testing is against Jitsi Meet Android app, which points to meet.jit.si.

Then I would leave the answer to anyone from the mobile team :slight_smile: @saghul @Zoltan_Bettenbuk do you know anything on the subject?

I have never tested the app using a global proxy on Android, sorry.

Regarding the connection over TCP, the mobile app doesn’t use a separate config, so if TCP is disabled on the bridge and this no TCP candidates are offered, it should not try to connect using TCP.

Thanks, @saghul. Here’s update on additional testing we did.

  • IOS Jitsi Meet App - Workes perfectly fine after we configure HTTP proxy at the OS/Network level.

  • Android Jitsi Meet App - Doesn’t work after configuring HTTP proxy at the OS/Network level. Looks like Android apps don’t recognize HTTP proxy setting. Only Chrome recognizes it. To get around this issue, need to install Drony App from Google play store, which forces all HTTP traffic from all apps to proxy server.

  • After initiating the call - it will just say “Fellow Jitster is having connectivity issues”.

  • After this set-up, we captured the log from Drony App (see attached image).

  • You will see that app is trying to connect to JVB over TCP. In the log I did see that it was making connection on allturnreplay.jitsi server.

Any idea why Android app is making an attempt to connect to JVB over TCP?

I have no idea, sorry :frowning:

Thanks @saghul. Any pointers on how do we go about troubleshooting this?

Hi @saghul,

Looks like this is the main issue.

https://bugs.chromium.org/p/webrtc/issues/detail?id=5826&q=proxy&colspec=ID%20Pri%20Stars%20M%20Component%20Status%20Owner%20Summary%20Modified

Best,
Sanjay