Jitsi behind NO-IP

Hi!

I’ve been running a Jitsi server and everything works fine when accessing it locally. The problem arises when I try to access from the internet.

I have a dynamic DNS account (NO-IP), e. g. , something.hopto.org

I was able to create the certificates using Let’s Encrypt. Actually, my ISP blocks ports 80 and 443 and I had to use certbot:

sudo certbot certonly – manual --preferred-challenges dns -d .

In order to work locally, I included a host override on my DNS Resolver (pfSense), pointing the hostname something.hopto.org to the jitsi server IP address. It works.

Now, to overcome the port 443 blocking from my ISP, I forwarded the port e.g 12345 and, internally I redirect to port 443. Ports 10000-20000; 5349; 3478 (STUN) are also “directly” forwarded.

I’m able to access the jitsi web interface and create a room, but there is no video nor audio. So, it seems to be jvb, but what am I getting wrong?

I checked:

  • /etc/jitsi/meet/…-config.js
  • /etc/jitsi/videobridge/sip-communicator.properties

and everything seems ok.

The 10000-20000 is udp, right? Also, you need https; not sure if the forward to your example port (12345) covers that.

Hi Freddie, thanks for the answer.

Yes, ports 10000-20000; 5349 and 3478 are udp; “12345” is tcp.

https://something.hopto.org:12345 is redirected to the jitsi server port 443.

Every time your IP changes, you need to restart the jvb.

I had same reconnect-message in infinite loop. Using “stable-5076” did not help me. But when I change .env-file in one string it helped me. I uncomment PUBLIC_URL string and write PRIVATE IP of computer where is jitsi installed.

Our friend Freddie is right. You can’t just redirect the port. Here’s what I’ve done in order to overcome the port 443 blocking from my ISP

Change to a port different from 443 (e.g. 4443):

cd /etc/nginx/sites-available
sudo vi <hostname>.conf

############################################################################
location / {
return 301 https://:4443$host/$request_uri;

server {
listen 4443 ssl;
listen [::]:4443 ssl;
############################################################################

cd /etc/jitsi/meet
sudo vi <hostname>-config.js

############################################################################
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: ‘//:4443/http-bind’,

// { urls: ‘stun::3478’ },
{ urls: ‘stun:meet-jit-si-turnrelay.jitsi.net:443’ } //keep it as 443; do not change it.
############################################################################

cd /etc/nginx/sites-enabled/
sudo vi <hostname>.conf

############################################################################
location / {
return 301 https://:4443$host/$request_uri;

server {
listen 4443 ssl;
listen [::]:4443 ssl;
############################################################################

cd /etc/nginx/modules-enabled/

search for port 443 in the conf files and change them (if found) to the new port

sudo su (if needed)
cd /etc/prosody/conf.avail	
sudo vi <domain.xxx>.cfg.lua

search for port 443 in the conf files and change them (if found) to the new port

Now it’s working.