Jitsi behind NAT with OpenSuSE and Apache reverse-proxy. Error messages on developer console: no opened channel

Hi,

after some weeks of work I could manage to integrate jitsi-meet besides my existing server.
I’ve had some trouble to manage proxy with apache on OpenSuSE. But now it’s working. Maybe someone can use the configuration below.

The videoserver can be reached from the internet through fully qualified domain name video.MYSERVER.de.
It has a working certificate from letsencrypt. It is reached through a gateway with apache2 on openSuSE 15.2. This one forwards packets to port 443 via proxy to video.MYSERVER.de.
Other ports that jitsi needs are forwarded to jitsi-machine directly by the router connected to the internet.
My bandwidth is theoretically 100Mbit downstream and 40Mbit upstream.

There are about 25 pupils connected, only one camera is running. Everything is working just fine.
So, thank you very, very much for your efforts to offer jitsi to the community. Without this project there would be no lessons anymore, because the services government offers break down regularly.

But there is one small problem, that’s annoying and I want to solve.
There are many errors that Chromium sends on the console all the time:

Logger.js:154 2021-01-13T07:16:32.410Z [modules/RTC/BridgeChannel.js] <l._send>: Bridge Channel send: no opened channel.
Logger.js:154 2021-01-13T07:16:32.410Z [JitsiConference.js] <u.sendMessage>: Failed to send E2E ping request or response. undefined

There are many INFO-lines, no ERROR-lines, some WARNING-lines in jicofo.log. I don’t think, they’re relevant to the problem:
on 192.168.1.73

root@jitsi:/var/log/jitsi# cat jicofo.210107
Jicofo 2021-01-07 01:10:43.442 WARNING: [31] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Participant not found for [crux@conference.video.MYSERVER.de/b31c70a8](mailto:crux@conference.video.MYSERVER.de/b31c70a8) terminated already or neve\
r started ?
Jicofo 2021-01-07 07:07:33.903 WARNING: [31] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() No jingle session yet for [crux@conference.video.MYSERVER.de/0b052d61](mailto:crux@conference.video.MYSERVER.de/0b052d61)
Jicofo 2021-01-07 07:25:38.550 WARNING: [31] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() No sources or groups to be removed from: [crux@conference.video.MYSERVER.de/09a68eb7](mailto:crux@conference.video.MYSERVER.de/09a68eb7)
Jicofo 2021-01-07 07:33:25.227 WARNING: [31] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Remove source: no jingle session for [crux@conference.video.MYSERVER.de/7116f7ed](mailto:crux@conference.video.MYSERVER.de/7116f7ed)
Jicofo 2021-01-07 11:02:46.295 WARNING: [54] org.jitsi.xmpp.component.ComponentBase.log() PROCESSING TIME LIMIT EXCEEDED - it took 288ms to process: <iq type="set" id="bd4bf418-b109-4fa0-b4\
f1-b714550f1a91:sendIQ" to="focus.video.MYSERVER.de" from=["hqagwbzmepdrsx39@video.MYSERVER.de/enKmgpOM"](mailto:hqagwbzmepdrsx39@video.MYSERVER.de/enKmgpOM)><conference xmlns=["jitsi.org/protocol/focus"](jitsi.org/protocol/focus) room="hbausprobiertag@confere\
nce.video.MYSERVER.de" machine-uid="c6ce1f0e0cd798cc876b989a3b093961"><property value="-1" name="channelLastN"/><property value="false" name="disableRtx"/><property value="false" name="en\
ableLipSync"/><property value="false" name="openSctp"/></conference></iq>
Jicofo 2021-01-07 12:29:46.386 WARNING: [13] org.jitsi.jicofo.FocusManager.log() Jicofo ID is not set. Configure a valid value [1-65535] by setting org.jitsi.jicofo.SHORT_ID. Future version\
s will require this for Octo.
Jicofo 2021-01-07 12:29:46.503 WARNING: [13] org.jitsi.jicofo.FocusManager.log() No dedicated JVB MUC XMPP connection configured - falling back to the default XMPP connection
Jicofo 2021-01-07 12:29:51.836 WARNING: [19] org.jitsi.impl.protocol.xmpp.OpSetSimpleCapsImpl.log() Failed to discover features for speakerstats.video.MYSERVER.de: XMPP error reply receiv\
ed from speakerstats.video.MYSERVER.de: XMPPError: service-unavailable - cancel
Jicofo 2021-01-07 12:29:51.871 WARNING: [19] org.jitsi.impl.protocol.xmpp.OpSetSimpleCapsImpl.log() Failed to discover features for focus.video.MYSERVER.de: XMPP error reply received from\
focus.video.MYSERVER.de: XMPPError: service-unavailable - wait
Jicofo 2021-01-07 12:29:54.175 WARNING: [31] org.jitsi.config.log() Key 'jicofo.bridge.average-participant-packet-rate-pps' from source 'typesafe config' is deprecated: use jicofo.bridge.av\
erage-participant-stress
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.dom4j.io.SAXContentHandler (file:/usr/share/jicofo/lib/dom4j-1.6.1.jar) to method com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser$Loca\
torProxy.getEncoding()
WARNING: Please consider reporting this to the maintainers of org.dom4j.io.SAXContentHandler
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

There are many INFO-lines, no ERROR-lines, some WARNING-lines in jvb.log. I don’t think, they’re relevant to the problem:
on 192.168.1.73

root@jitsi:/var/log/jitsi# cat jvb.log
2021-01-07 18:59:11.739 WARNING: [44] XmppConnection.measureDelay#202: Took 108 ms to handle IQ: <iq to='[jvb@auth.video.MYSERVER.de/qRb72lAQ](mailto:jvb@auth.video.MYSERVER.de/qRb72lAQ)' from='[jvbbrewery@internal.auth.video.wikicard\](mailto:jvbbrewery@internal.auth.video.wikicard\)
ia.de/focus' id='anZ (...)
2021-01-07 18:59:11.768 WARNING: [54] [confId=c7c0bbcc4bf3de79 gid=144754 stats_id=Lillian-i04 componentId=1 [conf_name=jcobs@conference.video.MYSERVER.de](mailto:conf_name=jcobs@conference.video.MYSERVER.de) ufrag=6vt6m1erf016ad name=stream-\
9d6ce724 epId=9d6ce724 local_ufrag=6vt6m1erf016ad] MergingDatagramSocket.initializeActive#599: Active socket already initialized.
2021-01-07 19:16:59.775 WARNING: [65] [confId=c7c0bbcc4bf3de79 epId=d22b0c36 gid=144754 stats_id=Felipe-sVo [conf_name=jcobs@conference.video.MYSERVER.de](mailto:conf_name=jcobs@conference.video.MYSERVER.de)] EndpointConnectionStats.processRe\
portBlock#147: Suspiciously high rtt value: 7762.553077 ms, remote processing delay was PT5.908721923S (387234), srSentTime was 2021-01-07T18:16:46.102725Z, received time was 2021-01-07T18:\
16:59.774Z
2021-01-07 19:17:00.385 WARNING: [66] [confId=c7c0bbcc4bf3de79 epId=d22b0c36 gid=144754 stats_id=Felipe-sVo [conf_name=jcobs@conference.video.MYSERVER.de](mailto:conf_name=jcobs@conference.video.MYSERVER.de)] EndpointConnectionStats.processRe

This is the configuration:

on 192.168.1.73

root@jitsi:/etc/jitsi/videobridge#
cat sip-communicator.properties
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.video.MYSERVER.de
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=aZfDKV5h
[org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.video.MYSERVER.de](mailto:org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.video.MYSERVER.de)
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=1ff1c653-894b-41a1-b1e9-04419d712b1e
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=9998

on 192.168.1.73

root@jitsi:/etc/jitsi/videobridge# cat config
# Jitsi Videobridge settings

# sets the XMPP domain (default: none)
JVB_HOSTNAME=video.MYSERVER.de

# sets the hostname of the XMPP server (default: domain if set, localhost otherwise)
JVB_HOST=

# sets the port of the XMPP server (default: 5275)
JVB_PORT=5347

# sets the shared secret used to authenticate to the XMPP server
JVB_SECRET=abcdefgh

# extra options to pass to the JVB daemon
JVB_OPTS="--apis=,"

# adds java system props that are passed to jvb (default are for home and logging config file)
JAVA_SYS_PROPS="-Dconfig.file=/etc/jitsi/videobridge/jvb.conf -Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/jitsi/videobridge/logging.properties"

on 192.168.1.9

linux-164k:/etc/apache2/vhosts.d # cat ip-based_vhosts.conf
<VirtualHost *:80>
ServerName video.MYSERVER.de
ProxyPass "/" "http://192.168.1.73"
ProxyPassReverse "/" "http://192.168.1.73"
ProxyPass "/http-bind" "http://192.168.1.73/http-bind"
ProxyPassReverse "/http-bind" "http://192.168.1.73/http-bind"
</VirtualHost>

on 192.168.1.9

linux-164k:/etc/apache2/vhosts.d # cat default-vhost-ssl.conf
<VirtualHost *:443>
ServerName video.MYSERVER.de
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPass "/" "https://192.168.1.73/"
ProxyPassReverse "/" "https://192.168.1.73/"
SSLEngine on
CustomLog /var/log/apache2/ssl_request_log ssl_combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/video.MYSERVER.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/video.MYSERVER.de/privkey.pem
</VirtualHost>

Port-Forwarding on Router

Nr Name IP Protocol LAN-Port WAN-Port
( 1) linux-164k 192.168.1.9 TCP 80 80
( 2) linux-164k 192.168.1.9 TCP 22 22
( 3) linux-164k 192.168.1.9 TCP 20 20
( 4) linux-164k 192.168.1.9 TCP 21 21
( 5) linux-164k 192.168.1.9 TCP 2049 2049
( 6) linux-164k 192.168.1.9 TCP 443 443
( 7) jitsi 192.168.1.73 TCP 3478 3478
( 8) jitsi 192.168.1.73 TCP 5349 5349
( 9) jitsi 192.168.1.73 TCP 9998 9998
(10) jitsi 192.168.1.73 TCP 4443 4443

Packets to Port 443 that has to go to videoserver jitsi will be forwarded by apache2 on linux-164k - see default-vhost-ssl.conf.
Rules 1 to 6 are needed for all other services than jitsi-videoserver.
Rules 7 to 10 are directly forwarded to jitsi-videoserver.
Rule 9 is needed because of German Telekom reserves Port 10000 for themselves.