Jitsi behind a NAT with daily changing external IP

Hi @all, I am new to jitsi-meet but it is great.
My setup:
Jitsi-meet runs in a debian vm on server-grade hardware.

The server in question is located behind a router which has an ipv4 address, but the address gets renewed every night (sometimes it keeps the ip). I have forwarded the relevant ports to jitsi.

This is my sip-communicator.properties file:
rg.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false
#org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi.somedomain.eu
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=r5ZPv1v#
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.jitsi.somedomain.eu
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=5e9ded3c-3e60-4ab4-8b98-5b6ac62fc544
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=192.168.178.103
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=aaa.bbb.ccc.ddd

Jitsi runs well if I put the right external address into “PUBLIC_ADDRESS” but - can I automate that?
I have a dynamicdns link which i can resolve by:

root@jitsi:~# cat ipchanged
#!/bin/bash
externalip_new="$(dig +short somestrangeaddress.myfritz.net)"

if [ $externalip != $externalip_new ]
then
externalip=$externalip_new
fi
export $externalip

My question is, is this really necessary or is there some sort of automation, that I must only configure and “et voilà” the external ip address went magically into jitsi-meet.

this line should be uncommented

comment these lines.

Then make sure that your server can connect the STUN_MAPPING_HARVESTER_ADDRESSES address and that the videobridge is restarted when the IP address is changed (systemctl restart jitsi-videobridge2), either by having this run at a fixed hour in the night when you know that the adress has changed, or by a more elaborate script testing the external IP address on a regular basis and restarting the bridge when necessary.
Note that if you are using Turn, it’s more complicated (but maybe a home server don’t need this too much)

Ok, I will put my “ipchanged” skript in the cron.hourly and put an

service jitsi-videobridge restart

inside the if block and will see if it does, what I hope.
Sorry I am not good in linux shell scripting. And I have found out that the skript will not work the way I think. I must write the ip adress into a file and that should do the trick, right?

I can’t understand clearly what you intend to say. If I had the problem - well that’s not true, if I had a provider changing my IP address daily I’d change provider - but something like that could get you started:

file='myip.txt'
read line <$file

newip=$(curl ifconfig.me)
if [ $newip != $line ]; then
    systemctl restart jitsi-videobridge2
    echo $newip >myip.txt
fi

running something like that 2 or 3 times each night (with root access) in a systemd timer or in a cronjob if you like old stuff.

I give no warranty about the ifconfig.me service :slight_smile:. There are other services like that on the internet.

First things first: The solution works.

My restarting skript is this one:

#!/bin/bash
externalip_new="$(dig +short myfritzbox.myfritz.net)"
file="/tmp/externalip"
read externalip <$file
if [ “$externalip” != “$externalip_new” ]
then
externalip=$externalip_new
systemctl restart jitsi-videobridge2
echo $externalip_new >"/tmp/externalip"
fi

It is running every minute. because, yes you guess it, a restart of the router can happen and you get a new IP Adress. I would have prefered to have some kind of hook from the router when it gets a new IP, but… no avail. It can send a mail if the address changes.

Thank you all for the help!

I would do that, but - we have only ONE provider here that serves 50MBit up/10MBit down and it is not the german telecom
All other providers can deliver “up to 16MBit” - you will get a maximum of 1 or 2MBit.

stop doing that. It’s not correct to hammer a free service in such a manner. I think that sooner or later you will be banned.

You have understood, that it just asks every minute for the ip address, haven’t you?
Thats not hammering in my opinion.

I checked and their limit is 50000 queries/month, so with 43000 queries per month you will indeed not be ‘hammering’ them. They are free to update their policy at any time though.