Jitsi behind NO-IP

llama · May 31, 2021, 12:39am

Hi!

I’ve been running a Jitsi server and everything works fine when accessing it locally. The problem arises when I try to access from the internet.

I have a dynamic DNS account (NO-IP), e. g. , something.hopto.org

I was able to create the certificates using Let’s Encrypt. Actually, my ISP blocks ports 80 and 443 and I had to use certbot:

sudo certbot certonly – manual --preferred-challenges dns -d .

In order to work locally, I included a host override on my DNS Resolver (pfSense), pointing the hostname something.hopto.org to the jitsi server IP address. It works.

Now, to overcome the port 443 blocking from my ISP, I forwarded the port e.g 12345 and, internally I redirect to port 443. Ports 10000-20000; 5349; 3478 (STUN) are also “directly” forwarded.

I’m able to access the jitsi web interface and create a room, but there is no video nor audio. So, it seems to be jvb, but what am I getting wrong?

I checked:

/etc/jitsi/meet/…-config.js
/etc/jitsi/videobridge/sip-communicator.properties

and everything seems ok.

Freddie · May 31, 2021, 1:30am

The 10000-20000 is udp, right? Also, you need https; not sure if the forward to your example port (12345) covers that.

llama · May 31, 2021, 1:46am

Hi Freddie, thanks for the answer.

Yes, ports 10000-20000; 5349 and 3478 are udp; “12345” is tcp.

https://something.hopto.org:12345 is redirected to the jitsi server port 443.

damencho · May 31, 2021, 6:55pm

Every time your IP changes, you need to restart the jvb.

James451 · June 2, 2021, 11:39am

I had same reconnect-message in infinite loop. Using “stable-5076” did not help me. But when I change .env-file in one string it helped me. I uncomment PUBLIC_URL string and write PRIVATE IP of computer where is jitsi installed.

llama · June 15, 2021, 2:17am

Our friend Freddie is right. You can’t just redirect the port. Here’s what I’ve done in order to overcome the port 443 blocking from my ISP

Change to a port different from 443 (e.g. 4443):

cd /etc/nginx/sites-available
sudo vi <hostname>.conf

############################################################################
location / {
return 301 https://:4443$host/$request_uri;

…

server {
listen 4443 ssl;
listen [::]:4443 ssl;
############################################################################

cd /etc/jitsi/meet
sudo vi <hostname>-config.js

############################################################################
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: ‘//:4443/http-bind’,

…

// { urls: ‘stun::3478’ },
{ urls: ‘stun:meet-jit-si-turnrelay.jitsi.net:443’ } //keep it as 443; do not change it.
############################################################################

cd /etc/nginx/sites-enabled/
sudo vi <hostname>.conf

############################################################################
location / {
return 301 https://:4443$host/$request_uri;

…

server {
listen 4443 ssl;
listen [::]:4443 ssl;
############################################################################

cd /etc/nginx/modules-enabled/

search for port 443 in the conf files and change them (if found) to the new port

sudo su (if needed)
cd /etc/prosody/conf.avail	
sudo vi <domain.xxx>.cfg.lua

search for port 443 in the conf files and change them (if found) to the new port

Now it’s working.