Jitsi behind reverse proxy

I already opened those ports still it is unable to access camera and microphone
Please help me

Do this camera and microphone works on meet.jit.si?

Do you connect your server via the host address or the host IP?

Does haproxy send the requested host address to the backend (Nginx)?

Iam providing backends like below

backend be_jitsi
serverjitsi1 public_ip:4444 ssl verify none alpn h2,http/1.1
serverjitsi2 public_ip:4444 ssl verify none alpn h2,http/1.1

If I give 443 instead of 4444 showing error. I have checked in logs when using haproxy that request is going to nginx only after that it’s not forwarding requests to jicofo.
Please help me

where is your haproxy running?

this is one of my setups

jitsi - 172.14.1.10 ( this also has an elastic ip - fixed. this is important for DNS resolution and acme cert)
jibri - 172.14.1.11

Both are in the network group “jitsi-meet”

following are allowed ports from outside in
10000 - UDP
443
80

thats it. it works just fine

I have 3 ubuntu 18.04 instances two jitsi meet servers running in 2 instances and one instance for haproxy(version 2.0) is in-front of two jitsi meets.
I have configured lets encrypt certificates for all instances. You can browse my haproxy at https://lb.wysemeet.cf.

Below is my haproxy.cfg file
frontend haproxynode
bind *:80
bind *:443 ssl crt /etc/ssl/lb.wysemeet.cf/lb.wysemeet.cf.pem
http-request redirect scheme https unless { ssl_fc }
mode http
default_backend backendnodes

backend backendnodes
balance url_param room
option httpchk
hash-type consistent
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server node1 13.127.x.x:4444 check ssl verify none
server node2 15.206.x.x:4444 check ssl verify none

Everything working fine through jitsimeet mobile app,
Please please help me.

can you try this?

turn off 1 instance of jitsi. disable haproxy. now try to access the single jitsi directly.

if that works, turn off jitsi 1 & turn on jitsi 2 & test

if both work, then you have to work your haproxy. i’m not familiar with that

I have tested as like you said above, Individually jitsimeets are working fine. but when I use haproxy loadbalancer infront of jitsimeets irrespective of count whether there may be one or two jitsimeets it is not working.
Can you please share your haproxy configuration file.
Thank you.

i dont use haproxy & i dont know how to configure that

1 Like

i think the problem could be your http redirect directive. please check my earlier reply

After changing “cross_domain_bosh = false;” to “cross_domain_bosh = true;” in /etc/prosody/conf.d/mydomain.com.cfg.lua haproxy loadbalancer is working for my jitsimeets.

After months of battles, I finally succeeded!

Solution

  1. In the original docker compose file, disable the “Expose” section in the XMPP server and add:
    ports:
    - 5222:5222
    - 5347:5347
    - 5280:5280

  2. configure ports on the router
    Jitisi TCP 4443 to IP docker machine
    Jitsi UDP 10000 to IP docjer machine

  3. I have change the names of docker container
    docker-jitsi-meet_jicofo_1
    focus.meet.jitsi

docker-jitsi-meet_jvb_1
video.meet.jitsi

docker rename my_container my_new_container

docker-jitsi-meet_web_1
meet.jitsi

docker-jitsi-meet_prosody_1
xmpp.meet.jitsi

  1. NGINX Proxy reverse
    server {
    if ($host = meet.subdomain) {
    return 301 https://$host$request_uri;
    }

    listen 80;
    server_name meet.subdomain;
    return 301 https://$host$request_uri;
    }

server {
listen 443 ssl;
server_name meet.subdomain;
ssl_certificate /etc/letsencrypt/live/meet.subdomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/meet.subdomain/privkey.pem;

ssl on;
ssl_session_cache  builtin:1000  shared:SSL:10m;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_stapling on;
ssl_stapling_verify on;

access_log  /var/log/nginx/meet_access.log;
error_log   /var/log/nginx/meet_error.log;

location / {
    proxy_pass http://IP_docker_machine:8000;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $http_host;
}

}

  1. change env file

Public URL for the web service

PUBLIC_URL=https://meet.domain

Enable authentication

ENABLE_AUTH=1

Enable guest access

ENABLE_GUESTS=1

Select authentication type: internal, jwt or ldap

AUTH_TYPE=internal

docker-compose exec prosody prosodyctl --config /config/prosody.cfg.lua register NAME meet.jitsi PASSWORD

I hope it is useful to you, I have used the base configuration of github for docker.