[jitsi-dev] Firewall traversal, Turnserver


#1

Hi everyone,

I installed Jitsi-meet on Debian Wheezy server. Everything works fine
locally. But it comes to clients that are connected behind restrictive
firewalls, the video/audio streaming doesn't work. The only ports we should
use for the company's firewalls are 443. So no 10000-20000 for udp packets
:frowning:

I used the quick install method and then I tried to install a turnserver (
https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
)
but it doesn't seem to work, nothing has changed..

Do you have any ideas about Firewalls traversal and media over https please
?

Thanks,

路路路

--
______________________________________________
Hamza Khait


#2

Hi,

what you should do, is having a second ip address on the machine and
configure with the help of authbind the jvb to listen to port 443 on
that address. This way jvb will send candidates with tcp port 443. If
second ip is not possible, you can try
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md#to-bind-on-port-4443-and-announce-port-443-set-the-following.

Regards
damencho

路路路

On Fri, Oct 23, 2015 at 4:58 AM, Hamza Khait <hamza.khait@gmail.com> wrote:

Hi everyone,

I installed Jitsi-meet on Debian Wheezy server. Everything works fine
locally. But it comes to clients that are connected behind restrictive
firewalls, the video/audio streaming doesn't work. The only ports we should
use for the company's firewalls are 443. So no 10000-20000 for udp packets
:frowning:

I used the quick install method and then I tried to install a turnserver (
https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
) but it doesn't seem to work, nothing has changed..

Do you have any ideas about Firewalls traversal and media over https please
?

Thanks,

--
______________________________________________
Hamza Khait

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#3

Hi,

Hi everyone,

I installed Jitsi-meet on Debian Wheezy server. Everything works fine
locally. But it comes to clients that are connected behind restrictive
firewalls, the video/audio streaming doesn't work. The only ports we
should use for the company's firewalls are 443. So no 10000-20000 for
udp packets :frowning:

I used the quick install method and then I tried to install a turnserver
(
https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server )
but it doesn't seem to work, nothing has changed..

Do you have any ideas about Firewalls traversal and media over https
please ?

You don't need a TURN server, as videobridge can use TCP/443 directly. See here for configuration:
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md

If you only have a single IP address, videobridge can also act as an HTTPS server and multiplex HTTPS and media over TCP/443. See here for (rough) instructions on how to set up:
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md

Regards,
Boris

路路路

On 23/10/15 04:58, Hamza Khait wrote:


#4

鈥婬i,

Thank you for your quick response.

If I understood your suggestions well, I won't have to use nginx if I have
one IP Address, nginx can be replaced with videobridge right ? Which
solution is the best ? Having one or two IP Addresses ?

Regards,

路路路

On 23 October 2015 at 16:45, Damian Minkov <damencho@jitsi.org> wrote:

Hi,

what you should do, is having a second ip address on the machine and
configure with the help of authbind the jvb to listen to port 443 on
that address. This way jvb will send candidates with tcp port 443. If
second ip is not possible, you can try

https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md#to-bind-on-port-4443-and-announce-port-443-set-the-following
.

Regards
damencho

On Fri, Oct 23, 2015 at 4:58 AM, Hamza Khait <hamza.khait@gmail.com> > wrote:
> Hi everyone,
>
> I installed Jitsi-meet on Debian Wheezy server. Everything works fine
> locally. But it comes to clients that are connected behind restrictive
> firewalls, the video/audio streaming doesn't work. The only ports we
should
> use for the company's firewalls are 443. So no 10000-20000 for udp
packets
> :frowning:
>
> I used the quick install method and then I tried to install a turnserver
(
>
https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
> ) but it doesn't seem to work, nothing has changed..
>
> Do you have any ideas about Firewalls traversal and media over https
please
> ?
>
> Thanks,
>
> --
> ______________________________________________
> Hamza Khait
>
> _______________________________________________
> dev mailing list
> dev@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait


#5

Hello guys,

I tried to use JVB as https server with one IP address (
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md) but it
doesn't work for me :frowning:

So now I'm trying to use the second method (
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md) with two
IP addresses. But I don't understand why we should use 2 IP Addresses ? I
can"t see anything about it in the doc. when I redirect 443 to 4443 I can't
reach Jitsi-meet anymore. Something is wrong...

There are three sip-communicator.properties files :
./root/.sip-communicator/sip-communicator.properties
./etc/jitsi/jicofo/sip-communicator.properties
./etc/jitsi/videobridge/sip-communicator.properties

Which one shoud I actually use ?

Regards,

Hamza

路路路

On 23 October 2015 at 16:45, Boris Grozev <boris@jitsi.org> wrote:

Hi,

On 23/10/15 04:58, Hamza Khait wrote:

Hi everyone,

I installed Jitsi-meet on Debian Wheezy server. Everything works fine
locally. But it comes to clients that are connected behind restrictive
firewalls, the video/audio streaming doesn't work. The only ports we
should use for the company's firewalls are 443. So no 10000-20000 for
udp packets :frowning:

I used the quick install method and then I tried to install a turnserver
(

https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
)
but it doesn't seem to work, nothing has changed..

Do you have any ideas about Firewalls traversal and media over https
please ?

You don't need a TURN server, as videobridge can use TCP/443 directly. See
here for configuration:
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md

If you only have a single IP address, videobridge can also act as an HTTPS
server and multiplex HTTPS and media over TCP/443. See here for (rough)
instructions on how to set up:
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md

Regards,
Boris

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait


#6

Hi,

Does anyone know how to configure authbind to allow jvb to use port 443
please ?
(https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md)

Regards,

路路路

On 23 October 2015 at 17:03, Hamza Khait <hamza.khait@gmail.com> wrote:

鈥婬i,

Thank you for your quick response.

If I understood your suggestions well, I won't have to use nginx if I have
one IP Address, nginx can be replaced with videobridge right ? Which
solution is the best ? Having one or two IP Addresses ?

Regards,

On 23 October 2015 at 16:45, Damian Minkov <damencho@jitsi.org> wrote:

Hi,

what you should do, is having a second ip address on the machine and
configure with the help of authbind the jvb to listen to port 443 on
that address. This way jvb will send candidates with tcp port 443. If
second ip is not possible, you can try

https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md#to-bind-on-port-4443-and-announce-port-443-set-the-following
.

Regards
damencho

On Fri, Oct 23, 2015 at 4:58 AM, Hamza Khait <hamza.khait@gmail.com> >> wrote:
> Hi everyone,
>
> I installed Jitsi-meet on Debian Wheezy server. Everything works fine
> locally. But it comes to clients that are connected behind restrictive
> firewalls, the video/audio streaming doesn't work. The only ports we
should
> use for the company's firewalls are 443. So no 10000-20000 for udp
packets
> :frowning:
>
> I used the quick install method and then I tried to install a
turnserver (
>
https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
> ) but it doesn't seem to work, nothing has changed..
>
> Do you have any ideas about Firewalls traversal and media over https
please
> ?
>
> Thanks,
>
> --
> ______________________________________________
> Hamza Khait
>
> _______________________________________________
> dev mailing list
> dev@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait

--
______________________________________________
Hamza Khait


#7

Hi,

Hello guys,

I tried to use JVB as https server with one IP address
(https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md) but it
doesn't work for me :frowning:

So now I'm trying to use the second method
(https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md) with two
IP addresses. But I don't understand why we should use 2 IP Addresses ? I
can"t see anything about it in the doc. when I redirect 443 to 4443 I can't
reach Jitsi-meet anymore. Something is wrong...

There are three sip-communicator.properties files :
./root/.sip-communicator/sip-communicator.properties
./etc/jitsi/jicofo/sip-communicator.properties
./etc/jitsi/videobridge/sip-communicator.properties

Which one shoud I actually use ?

The configs you need are all in /etc/jitsi. The thing with 443 and
4443 is that user jvb is not allowed by default to use ports below
1024. So you need two ip addresses, one to use for nginx port 443 -
serving the web and the second one you just configure whatever is
received on 443 to be forwarded to 4443 which is used by default by
jvb, and you configure those ip addresses in
/etc/jitsi/videobridge/sip-communicator.properties as described in the
doc.
Another option is just to configure authbind to allow videobridge user
to use ports below 1024 and instruct jvb to use it with prop:
org.jitsi.videobridge.TCP_HARVESTER_PORT=443

Regards
damencho

路路路

On Mon, Nov 16, 2015 at 5:25 AM, Hamza Khait <hamza.khait@gmail.com> wrote:

Regards,

Hamza

On 23 October 2015 at 16:45, Boris Grozev <boris@jitsi.org> wrote:

Hi,

On 23/10/15 04:58, Hamza Khait wrote:

Hi everyone,

I installed Jitsi-meet on Debian Wheezy server. Everything works fine
locally. But it comes to clients that are connected behind restrictive
firewalls, the video/audio streaming doesn't work. The only ports we
should use for the company's firewalls are 443. So no 10000-20000 for
udp packets :frowning:

I used the quick install method and then I tried to install a turnserver
(

https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
)
but it doesn't seem to work, nothing has changed..

Do you have any ideas about Firewalls traversal and media over https
please ?

You don't need a TURN server, as videobridge can use TCP/443 directly. See
here for configuration:
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md

If you only have a single IP address, videobridge can also act as an HTTPS
server and multiplex HTTPS and media over TCP/443. See here for (rough)
instructions on how to set up:
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md

Regards,
Boris

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#8

Could you please post your questions in one mail thread, please?
Posting several mails with the same content doesn't help at all!

路路路

On Mon, Nov 16, 2015 at 9:54 AM, Damian Minkov <damencho@jitsi.org> wrote:

Hi,

On Mon, Nov 16, 2015 at 5:25 AM, Hamza Khait <hamza.khait@gmail.com> wrote:

Hello guys,

I tried to use JVB as https server with one IP address
(https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md) but it
doesn't work for me :frowning:

So now I'm trying to use the second method
(https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md) with two
IP addresses. But I don't understand why we should use 2 IP Addresses ? I
can"t see anything about it in the doc. when I redirect 443 to 4443 I can't
reach Jitsi-meet anymore. Something is wrong...

There are three sip-communicator.properties files :
./root/.sip-communicator/sip-communicator.properties
./etc/jitsi/jicofo/sip-communicator.properties
./etc/jitsi/videobridge/sip-communicator.properties

Which one shoud I actually use ?

The configs you need are all in /etc/jitsi. The thing with 443 and
4443 is that user jvb is not allowed by default to use ports below
1024. So you need two ip addresses, one to use for nginx port 443 -
serving the web and the second one you just configure whatever is
received on 443 to be forwarded to 4443 which is used by default by
jvb, and you configure those ip addresses in
/etc/jitsi/videobridge/sip-communicator.properties as described in the
doc.
Another option is just to configure authbind to allow videobridge user
to use ports below 1024 and instruct jvb to use it with prop:
org.jitsi.videobridge.TCP_HARVESTER_PORT=443

Regards
damencho

Regards,

Hamza

On 23 October 2015 at 16:45, Boris Grozev <boris@jitsi.org> wrote:

Hi,

On 23/10/15 04:58, Hamza Khait wrote:

Hi everyone,

I installed Jitsi-meet on Debian Wheezy server. Everything works fine
locally. But it comes to clients that are connected behind restrictive
firewalls, the video/audio streaming doesn't work. The only ports we
should use for the company's firewalls are 443. So no 10000-20000 for
udp packets :frowning:

I used the quick install method and then I tried to install a turnserver
(

https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
)
but it doesn't seem to work, nothing has changed..

Do you have any ideas about Firewalls traversal and media over https
please ?

You don't need a TURN server, as videobridge can use TCP/443 directly. See
here for configuration:
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md

If you only have a single IP address, videobridge can also act as an HTTPS
server and multiplex HTTPS and media over TCP/443. See here for (rough)
instructions on how to set up:
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md

Regards,
Boris

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#9

Thank you for your response. Now I have jvb listening on port 4443

I have one more question about videobridge :
root@jitsi-server:/# netstat -utalpe | grep 4443
tcp6 0 0 jitsi-server.me:4443 [::]:* LISTEN
jvb 71587 4474/java

Why is it using tcp6 ? ipv6 is not configured at all on our servers.

Regards,
Hamza

路路路

On 16 November 2015 at 16:57, Damian Minkov <damencho@jitsi.org> wrote:

Could you please post your questions in one mail thread, please?
Posting several mails with the same content doesn't help at all!

On Mon, Nov 16, 2015 at 9:54 AM, Damian Minkov <damencho@jitsi.org> wrote:
> Hi,
>
> On Mon, Nov 16, 2015 at 5:25 AM, Hamza Khait <hamza.khait@gmail.com> > wrote:
>> Hello guys,
>>
>> I tried to use JVB as https server with one IP address
>> (https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md)
but it
>> doesn't work for me :frowning:
>>
>
>> So now I'm trying to use the second method
>> (https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md)
with two
>> IP addresses. But I don't understand why we should use 2 IP Addresses ?
I
>> can"t see anything about it in the doc. when I redirect 443 to 4443 I
can't
>> reach Jitsi-meet anymore. Something is wrong...
>>
>> There are three sip-communicator.properties files :
>> ./root/.sip-communicator/sip-communicator.properties
>> ./etc/jitsi/jicofo/sip-communicator.properties
>> ./etc/jitsi/videobridge/sip-communicator.properties
>>
>> Which one shoud I actually use ?
>
> The configs you need are all in /etc/jitsi. The thing with 443 and
> 4443 is that user jvb is not allowed by default to use ports below
> 1024. So you need two ip addresses, one to use for nginx port 443 -
> serving the web and the second one you just configure whatever is
> received on 443 to be forwarded to 4443 which is used by default by
> jvb, and you configure those ip addresses in
> /etc/jitsi/videobridge/sip-communicator.properties as described in the
> doc.
> Another option is just to configure authbind to allow videobridge user
> to use ports below 1024 and instruct jvb to use it with prop:
> org.jitsi.videobridge.TCP_HARVESTER_PORT=443
>
> Regards
> damencho
>
>
>
>>
>> Regards,
>>
>> Hamza
>>
>>
>>
>> On 23 October 2015 at 16:45, Boris Grozev <boris@jitsi.org> wrote:
>>>
>>> Hi,
>>>
>>> On 23/10/15 04:58, Hamza Khait wrote:
>>>>
>>>> Hi everyone,
>>>>
>>>> I installed Jitsi-meet on Debian Wheezy server. Everything works fine
>>>> locally. But it comes to clients that are connected behind restrictive
>>>> firewalls, the video/audio streaming doesn't work. The only ports we
>>>> should use for the company's firewalls are 443. So no 10000-20000 for
>>>> udp packets :frowning:
>>>>
>>>> I used the quick install method and then I tried to install a
turnserver
>>>> (
>>>>
>>>>
https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
>>>> )
>>>> but it doesn't seem to work, nothing has changed..
>>>>
>>>> Do you have any ideas about Firewalls traversal and media over https
>>>> please ?
>>>
>>>
>>> You don't need a TURN server, as videobridge can use TCP/443 directly.
See
>>> here for configuration:
>>> https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md
>>>
>>> If you only have a single IP address, videobridge can also act as an
HTTPS
>>> server and multiplex HTTPS and media over TCP/443. See here for (rough)
>>> instructions on how to set up:
>>> https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md
>>>
>>>
>>> Regards,
>>> Boris
>>>
>>>
>>> _______________________________________________
>>> dev mailing list
>>> dev@jitsi.org
>>> Unsubscribe instructions and other list options:
>>> http://lists.jitsi.org/mailman/listinfo/dev
>>
>>
>>
>>
>> --
>> ______________________________________________
>> Hamza Khait
>>
>> _______________________________________________
>> dev mailing list
>> dev@jitsi.org
>> Unsubscribe instructions and other list options:
>> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait


#10

I tried to fix the firewall traversal problem using this method
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md

At the end I stopped nginx and I restarted jvb
(/etc/init.d/jitsi-videobridge restart). I have no errors in jvb.log but
when I try to reach my jitsi server from a web browser I get "This webpage
is not available" with Error code: ERR_CONNECTION_REFUSED. I tried "lsof -i
:443" but jvb is not listening to 443 port apparently. Do you have any idea
about this problem please ?

Regards,

路路路

On 27 October 2015 at 11:38, Hamza Khait <hamza.khait@gmail.com> wrote:

Hi,

Does anyone know how to configure authbind to allow jvb to use port 443
please ?
(https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md)

Regards,

On 23 October 2015 at 17:03, Hamza Khait <hamza.khait@gmail.com> wrote:

鈥婬i,

Thank you for your quick response.

If I understood your suggestions well, I won't have to use nginx if I
have one IP Address, nginx can be replaced with videobridge right ? Which
solution is the best ? Having one or two IP Addresses ?

Regards,

On 23 October 2015 at 16:45, Damian Minkov <damencho@jitsi.org> wrote:

Hi,

what you should do, is having a second ip address on the machine and
configure with the help of authbind the jvb to listen to port 443 on
that address. This way jvb will send candidates with tcp port 443. If
second ip is not possible, you can try

https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md#to-bind-on-port-4443-and-announce-port-443-set-the-following
.

Regards
damencho

On Fri, Oct 23, 2015 at 4:58 AM, Hamza Khait <hamza.khait@gmail.com> >>> wrote:
> Hi everyone,
>
> I installed Jitsi-meet on Debian Wheezy server. Everything works fine
> locally. But it comes to clients that are connected behind restrictive
> firewalls, the video/audio streaming doesn't work. The only ports we
should
> use for the company's firewalls are 443. So no 10000-20000 for udp
packets
> :frowning:
>
> I used the quick install method and then I tried to install a
turnserver (
>
https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
> ) but it doesn't seem to work, nothing has changed..
>
> Do you have any ideas about Firewalls traversal and media over https
please
> ?
>
> Thanks,
>
> --
> ______________________________________________
> Hamza Khait
>
> _______________________________________________
> dev mailing list
> dev@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait

--
______________________________________________
Hamza Khait

--
______________________________________________
Hamza Khait


#11

This is the default behaviour in linux. This means you do not have
ipv6 configured, but you have it enabled, this shows that the process
is listening on both ipv4 and ipv6 addresses.

路路路

On Mon, Nov 16, 2015 at 10:07 AM, Hamza Khait <hamza.khait@gmail.com> wrote:

Thank you for your response. Now I have jvb listening on port 4443

I have one more question about videobridge :
root@jitsi-server:/# netstat -utalpe | grep 4443
tcp6 0 0 jitsi-server.me:4443 [::]:* LISTEN
jvb 71587 4474/java

Why is it using tcp6 ? ipv6 is not configured at all on our servers.

Regards,
Hamza

On 16 November 2015 at 16:57, Damian Minkov <damencho@jitsi.org> wrote:

Could you please post your questions in one mail thread, please?
Posting several mails with the same content doesn't help at all!

On Mon, Nov 16, 2015 at 9:54 AM, Damian Minkov <damencho@jitsi.org> wrote:
> Hi,
>
> On Mon, Nov 16, 2015 at 5:25 AM, Hamza Khait <hamza.khait@gmail.com> >> > wrote:
>> Hello guys,
>>
>> I tried to use JVB as https server with one IP address
>> (https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md)
>> but it
>> doesn't work for me :frowning:
>>
>
>> So now I'm trying to use the second method
>> (https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md)
>> with two
>> IP addresses. But I don't understand why we should use 2 IP Addresses ?
>> I
>> can"t see anything about it in the doc. when I redirect 443 to 4443 I
>> can't
>> reach Jitsi-meet anymore. Something is wrong...
>>
>> There are three sip-communicator.properties files :
>> ./root/.sip-communicator/sip-communicator.properties
>> ./etc/jitsi/jicofo/sip-communicator.properties
>> ./etc/jitsi/videobridge/sip-communicator.properties
>>
>> Which one shoud I actually use ?
>
> The configs you need are all in /etc/jitsi. The thing with 443 and
> 4443 is that user jvb is not allowed by default to use ports below
> 1024. So you need two ip addresses, one to use for nginx port 443 -
> serving the web and the second one you just configure whatever is
> received on 443 to be forwarded to 4443 which is used by default by
> jvb, and you configure those ip addresses in
> /etc/jitsi/videobridge/sip-communicator.properties as described in the
> doc.
> Another option is just to configure authbind to allow videobridge user
> to use ports below 1024 and instruct jvb to use it with prop:
> org.jitsi.videobridge.TCP_HARVESTER_PORT=443
>
> Regards
> damencho
>
>
>
>>
>> Regards,
>>
>> Hamza
>>
>>
>>
>> On 23 October 2015 at 16:45, Boris Grozev <boris@jitsi.org> wrote:
>>>
>>> Hi,
>>>
>>> On 23/10/15 04:58, Hamza Khait wrote:
>>>>
>>>> Hi everyone,
>>>>
>>>> I installed Jitsi-meet on Debian Wheezy server. Everything works fine
>>>> locally. But it comes to clients that are connected behind
>>>> restrictive
>>>> firewalls, the video/audio streaming doesn't work. The only ports we
>>>> should use for the company's firewalls are 443. So no 10000-20000 for
>>>> udp packets :frowning:
>>>>
>>>> I used the quick install method and then I tried to install a
>>>> turnserver
>>>> (
>>>>
>>>>
>>>> https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
>>>> )
>>>> but it doesn't seem to work, nothing has changed..
>>>>
>>>> Do you have any ideas about Firewalls traversal and media over https
>>>> please ?
>>>
>>>
>>> You don't need a TURN server, as videobridge can use TCP/443 directly.
>>> See
>>> here for configuration:
>>> https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md
>>>
>>> If you only have a single IP address, videobridge can also act as an
>>> HTTPS
>>> server and multiplex HTTPS and media over TCP/443. See here for
>>> (rough)
>>> instructions on how to set up:
>>> https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md
>>>
>>>
>>> Regards,
>>> Boris
>>>
>>>
>>> _______________________________________________
>>> dev mailing list
>>> dev@jitsi.org
>>> Unsubscribe instructions and other list options:
>>> http://lists.jitsi.org/mailman/listinfo/dev
>>
>>
>>
>>
>> --
>> ______________________________________________
>> Hamza Khait
>>
>> _______________________________________________
>> dev mailing list
>> dev@jitsi.org
>> Unsubscribe instructions and other list options:
>> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#12

IPv6 is supported and enabled in all current Linux kernels, and it's basically
a very bad idea to try to turn it off.

The above actually means that it's listening on both IPv4 and IPv6 (Linux is
dual-stack), so even if you don't have functional IPv6 routing to/from the
machine, it'll still do everything it's supposed to over IPv4.

Regards,

Antony.

路路路

On Monday 16 November 2015 at 17:07:09, Hamza Khait wrote:

I have one more question about videobridge :
root@jitsi-server:/# netstat -utalpe | grep 4443
tcp6 0 0 jitsi-server.me:4443 [::]:* LISTEN
jvb 71587 4474/java

Why is it using tcp6 ? ipv6 is not configured at all on our servers.

--
I love deadlines. I love the whooshing noise they make as they go by.

- Douglas Noel Adams
聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽Please reply to the list;
聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽please *don't* CC me.


#13

UPDATE
''''''''''''''''''''''''''''''''''''''''''''
I fixed the problem and now I can reach my jitsi server through my web
browser but I still have no video/audio streaming between participants :frowning:
... ports from 10000 to 20000 still used for communications between
participants and Jitsi server. The only port I want to use is 443... any
ideas ?

Regards

路路路

On 27 October 2015 at 14:42, Hamza Khait <hamza.khait@gmail.com> wrote:

I tried to fix the firewall traversal problem using this method
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md

At the end I stopped nginx and I restarted jvb
(/etc/init.d/jitsi-videobridge restart). I have no errors in jvb.log but
when I try to reach my jitsi server from a web browser I get "This webpage
is not available" with Error code: ERR_CONNECTION_REFUSED. I tried "lsof -i
:443" but jvb is not listening to 443 port apparently. Do you have any idea
about this problem please ?

Regards,

On 27 October 2015 at 11:38, Hamza Khait <hamza.khait@gmail.com> wrote:

Hi,

Does anyone know how to configure authbind to allow jvb to use port 443
please ?
(https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md)

Regards,

On 23 October 2015 at 17:03, Hamza Khait <hamza.khait@gmail.com> wrote:

鈥婬i,

Thank you for your quick response.

If I understood your suggestions well, I won't have to use nginx if I
have one IP Address, nginx can be replaced with videobridge right ? Which
solution is the best ? Having one or two IP Addresses ?

Regards,

On 23 October 2015 at 16:45, Damian Minkov <damencho@jitsi.org> wrote:

Hi,

what you should do, is having a second ip address on the machine and
configure with the help of authbind the jvb to listen to port 443 on
that address. This way jvb will send candidates with tcp port 443. If
second ip is not possible, you can try

https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md#to-bind-on-port-4443-and-announce-port-443-set-the-following
.

Regards
damencho

On Fri, Oct 23, 2015 at 4:58 AM, Hamza Khait <hamza.khait@gmail.com> >>>> wrote:
> Hi everyone,
>
> I installed Jitsi-meet on Debian Wheezy server. Everything works fine
> locally. But it comes to clients that are connected behind restrictive
> firewalls, the video/audio streaming doesn't work. The only ports we
should
> use for the company's firewalls are 443. So no 10000-20000 for udp
packets
> :frowning:
>
> I used the quick install method and then I tried to install a
turnserver (
>
https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
> ) but it doesn't seem to work, nothing has changed..
>
> Do you have any ideas about Firewalls traversal and media over https
please
> ?
>
> Thanks,
>
> --
> ______________________________________________
> Hamza Khait
>
> _______________________________________________
> dev mailing list
> dev@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait

--
______________________________________________
Hamza Khait

--
______________________________________________
Hamza Khait

--
______________________________________________
Hamza Khait


#14

Hum! okay thank you.

Now I fixed tcp6 problem. I have 2 clients behind two firewalls (Only port
443 is available), they are connected to Jitsi but audio/video streaming
still doesn't work. Jitsi-videobridge still uses UDP ports for those
clients Grrrrr!!!

I did the following steps :

- Redirection of 433 to 4443 with iptables (iptables -t nat -I PREROUTING
-p tcp --dport 443 -j REDIRECT --to-ports 4443)
- I stopped nginx
- I added the following instructions in
/etc/jitsi/videobridge/sip-communicator.properties so that jvb can serve
meet:
org.jitsi.videobridge.rest.jetty.host=192.168.251.48
org.jitsi.videobridge.rest.jetty.port=4443
org.jitsi.videobridge.rest.jetty.ProxyServlet.hostHeader=gipsy-ida01.ida.melanie2.i2
org.jitsi.videobridge.rest.jetty.ProxyServlet.pathSpec=/http-bind
org.jitsi.videobridge.rest.jetty.ProxyServlet.proxyTo=
http://gipsy-ida01.ida.melanie2.i2:5280/http-bind
org.jitsi.videobridge.rest.jetty.ResourceHandler.resourceBase=/usr/share/jitsi-meet
org.jitsi.videobridge.rest.jetty.ResourceHandler.alias./config.js=/etc/jitsi/meet/gipsy-ida01.ida.melanie2.i2-config.js
org.jitsi.videobridge.rest.jetty.RewriteHandler.regex=^/([a-zA-Z0-9]+)$
org.jitsi.videobridge.rest.jetty.RewriteHandler.replacement=/
org.jitsi.videobridge.rest.jetty.tls.port=4443
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=443
org.jitsi.videobridge.rest.jetty.sslContextFactory.keyStorePath=/etc/jitsi/videobridge/gipsy-ida01.ida.melanie2.i2.jks
org.jitsi.videobridge.rest.jetty.sslContextFactory.keyStorePassword=********
- I set webrtcIceUdpDisable: true in
./srv/gipsy-ida01.ida.melanie2.i2/config.js and
/etc/jitsi/meet/gipsy-ida01.ida.melanie2.i2-config.js
- I restarted jvb

Here's the full jvb.log with the two clients : https://goo.gl/iaDGgm

I don't know why it keeps using udp for clients behind firewalls. Do you
have any idea ?

Best regards,
Hamza

路路路

On 16 November 2015 at 17:17, Antony Stone < Antony.Stone@jitsi.open.source.it> wrote:

On Monday 16 November 2015 at 17:07:09, Hamza Khait wrote:

> I have one more question about videobridge :
> root@jitsi-server:/# netstat -utalpe | grep 4443
> tcp6 0 0 jitsi-server.me:4443 [::]:* LISTEN
> jvb 71587 4474/java
>
> Why is it using tcp6 ? ipv6 is not configured at all on our servers.

IPv6 is supported and enabled in all current Linux kernels, and it's
basically
a very bad idea to try to turn it off.

The above actually means that it's listening on both IPv4 and IPv6 (Linux
is
dual-stack), so even if you don't have functional IPv6 routing to/from the
machine, it'll still do everything it's supposed to over IPv4.

Regards,

Antony.

--
I love deadlines. I love the whooshing noise they make as they go by.

- Douglas Noel Adams
聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽Please reply to the
list;
聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽please *don't* CC
me.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait


#15

Is your Jitsi server behind a NAT? If so you need to set the following two properties in the sip-communicator.properties file.

org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=<jvb private ip>
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=<jvb public ip>

If that doesn鈥檛 fix it, open up 鈥渃hrome://webrtc-internals鈥 in your browser while you have a Jitsi-meet call going and look at the ice candidates in the setRemoteDescription event.

Devin

路路路

From: dev [mailto:dev-bounces@jitsi.org] On Behalf Of Hamza Khait
Sent: Tuesday, October 27, 2015 8:20 AM
To: Jitsi Developers; boris@jitsi.org; damencho@jitsi.org
Subject: Re: [jitsi-dev] Firewall traversal, Turnserver

UPDATE
''''''''''''''''''''''''''''''''''''''''''''
I fixed the problem and now I can reach my jitsi server through my web browser but I still have no video/audio streaming between participants :frowning: ... ports from 10000 to 20000 still used for communications between participants and Jitsi server. The only port I want to use is 443... any ideas ?

Regards

On 27 October 2015 at 14:42, Hamza Khait <hamza.khait@gmail.com<mailto:hamza.khait@gmail.com>> wrote:
I tried to fix the firewall traversal problem using this method https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md

At the end I stopped nginx and I restarted jvb (/etc/init.d/jitsi-videobridge restart). I have no errors in jvb.log but when I try to reach my jitsi server from a web browser I get "This webpage is not available" with Error code: ERR_CONNECTION_REFUSED. I tried "lsof -i :443" but jvb is not listening to 443 port apparently. Do you have any idea about this problem please ?

Regards,

On 27 October 2015 at 11:38, Hamza Khait <hamza.khait@gmail.com<mailto:hamza.khait@gmail.com>> wrote:
Hi,

Does anyone know how to configure authbind to allow jvb to use port 443 please ?
(https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md)

Regards,

On 23 October 2015 at 17:03, Hamza Khait <hamza.khait@gmail.com<mailto:hamza.khait@gmail.com>> wrote:
鈥婬i,

Thank you for your quick response.

If I understood your suggestions well, I won't have to use nginx if I have one IP Address, nginx can be replaced with videobridge right ? Which solution is the best ? Having one or two IP Addresses ?

Regards,

On 23 October 2015 at 16:45, Damian Minkov <damencho@jitsi.org<mailto:damencho@jitsi.org>> wrote:
Hi,

what you should do, is having a second ip address on the machine and
configure with the help of authbind the jvb to listen to port 443 on
that address. This way jvb will send candidates with tcp port 443. If
second ip is not possible, you can try
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md#to-bind-on-port-4443-and-announce-port-443-set-the-following.

Regards
damencho

On Fri, Oct 23, 2015 at 4:58 AM, Hamza Khait <hamza.khait@gmail.com<mailto:hamza.khait@gmail.com>> wrote:

Hi everyone,

I installed Jitsi-meet on Debian Wheezy server. Everything works fine
locally. But it comes to clients that are connected behind restrictive
firewalls, the video/audio streaming doesn't work. The only ports we should
use for the company's firewalls are 443. So no 10000-20000 for udp packets
:frowning:

I used the quick install method and then I tried to install a turnserver (
https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
) but it doesn't seem to work, nothing has changed..

Do you have any ideas about Firewalls traversal and media over https please
?

Thanks,

--
______________________________________________
Hamza Khait

_______________________________________________
dev mailing list
dev@jitsi.org<mailto:dev@jitsi.org>
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org<mailto:dev@jitsi.org>
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait

--
______________________________________________
Hamza Khait

--
______________________________________________
Hamza Khait

--
______________________________________________
Hamza Khait
This email message is for the sole use of the intended recipient(s) and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. Any unauthorized review, use, copying, disclosure or dissemination is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.


#16

Hum! okay thank you.

Now I fixed tcp6 problem. I have 2 clients behind two firewalls (Only
port 443 is available), they are connected to Jitsi but audio/video
streaming still doesn't work. Jitsi-videobridge still uses UDP ports for
those clients Grrrrr!!!

I did the following steps :

- Redirection of 433 to 4443 with iptables (iptables -t nat -I
PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 4443)
- I stopped nginx
- I added the following instructions in
/etc/jitsi/videobridge/sip-communicator.properties so that jvb can serve
meet:
org.jitsi.videobridge.rest.jetty.host=192.168.251.48
org.jitsi.videobridge.rest.jetty.port=4443
org.jitsi.videobridge.rest.jetty.ProxyServlet.hostHeader=gipsy-ida01.ida.melanie2.i2
org.jitsi.videobridge.rest.jetty.ProxyServlet.pathSpec=/http-bind
org.jitsi.videobridge.rest.jetty.ProxyServlet.proxyTo=http://gipsy-ida01.ida.melanie2.i2:5280/http-bind
org.jitsi.videobridge.rest.jetty.ResourceHandler.resourceBase=/usr/share/jitsi-meet
org.jitsi.videobridge.rest.jetty.ResourceHandler.alias./config.js=/etc/jitsi/meet/gipsy-ida01.ida.melanie2.i2-config.js
org.jitsi.videobridge.rest.jetty.RewriteHandler.regex=^/([a-zA-Z0-9]+)$
org.jitsi.videobridge.rest.jetty.RewriteHandler.replacement=/
org.jitsi.videobridge.rest.jetty.tls.port=4443
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=443
org.jitsi.videobridge.rest.jetty.sslContextFactory.keyStorePath=/etc/jitsi/videobridge/gipsy-ida01.ida.melanie2.i2.jks
org.jitsi.videobridge.rest.jetty.sslContextFactory.keyStorePassword=********
- I set webrtcIceUdpDisable: true in
./srv/gipsy-ida01.ida.melanie2.i2/config.js and
/etc/jitsi/meet/gipsy-ida01.ida.melanie2.i2-config.js
- I restarted jvb

聽聽Here's the full jvb.log with the two clients : https://goo.gl/iaDGgm

The bridge advertises 192.168.251.48. Can clients access it on this address? Perhaps it is behind behind a NAT, in which case you'd need to let the bridge know about its public address via these properties[0].

I don't know why it keeps using udp for clients behind firewalls. Do you
have any idea ?

Setting the option in config.js will cause clients to not use UDP candidates (which is enough to ensure that UDP isn't used). The bridge will still try to use it.

Regards,
Boris

[0] https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md#orgjitsivideobridgenat_harvester_local_address

路路路

On 17/11/15 04:29, Hamza Khait wrote:


#17

Something else: what browser are you using on the clients? Currently TCP doesn't work on firefox.

Regards,
Boris

路路路

On 17/11/15 04:29, Hamza Khait wrote:

Hum! okay thank you.

Now I fixed tcp6 problem. I have 2 clients behind two firewalls (Only
port 443 is available), they are connected to Jitsi but audio/video
streaming still doesn't work. Jitsi-videobridge still uses UDP ports for
those clients Grrrrr!!!


#18

No my Jitsi server is not behind a NAT.

I have two clients and a Jitsi server. The 1st client is in the same
network as the Jitsi server but the 2nd one is behind two firewalls, the
only available port is 443. when I check out chrome://webrtc-internals/ for
the 1st client I see lots of events and stats. However, I only get [1] on
the 2nd client. And by the way, when I "tcpdump" my Jitsi server from my
1st client I see that it's still connected to ports in 10000-20000..

[1]
Caller origin: https://gipsy-ida01.ida.melanie2.i2
Caller process id: 6812
*Audio Constraints*
optional: {googEchoCancellation:true, googAutoGainControl:true,
googNoiseSupression:true, googHighpassFilter:true,
googNoisesuppression2:true, googEchoCancellation2:true,
googAutoGainControl2:true}
*Video Constraints*
mandatory: {minWidth:640, maxWidth:640, minHeight:360, maxHeight:360},
optional: {googLeakyBucket:true}

Do I have to use this procedure
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md and this
one https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md ? Or
only the second one ? I'm a little bit lost..

regards

路路路

On 27 October 2015 at 19:57, Devin Wilson <devin.wilson@readytalk.com> wrote:

Is your Jitsi server behind a NAT? If so you need to set the following two
properties in the sip-communicator.properties file.

org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=<jvb private ip>

org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=<jvb public ip>

If that doesn鈥檛 fix it, open up 鈥渃hrome://webrtc-internals鈥 in your
browser while you have a Jitsi-meet call going and look at the ice
candidates in the setRemoteDescription event.

Devin

*From:* dev [mailto:dev-bounces@jitsi.org] *On Behalf Of *Hamza Khait
*Sent:* Tuesday, October 27, 2015 8:20 AM
*To:* Jitsi Developers; boris@jitsi.org; damencho@jitsi.org
*Subject:* Re: [jitsi-dev] Firewall traversal, Turnserver

UPDATE

''''''''''''''''''''''''''''''''''''''''''''

I fixed the problem and now I can reach my jitsi server through my web
browser but I still have no video/audio streaming between participants :frowning:
... ports from 10000 to 20000 still used for communications between
participants and Jitsi server. The only port I want to use is 443... any
ideas ?

Regards

On 27 October 2015 at 14:42, Hamza Khait <hamza.khait@gmail.com> wrote:

I tried to fix the firewall traversal problem using this method
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md

At the end I stopped nginx and I restarted jvb
(/etc/init.d/jitsi-videobridge restart). I have no errors in jvb.log but
when I try to reach my jitsi server from a web browser I get "This webpage
is not available" with Error code: ERR_CONNECTION_REFUSED. I tried "lsof -i
:443" but jvb is not listening to 443 port apparently. Do you have any idea
about this problem please ?

Regards,

On 27 October 2015 at 11:38, Hamza Khait <hamza.khait@gmail.com> wrote:

Hi,

Does anyone know how to configure authbind to allow jvb to use port 443
please ?

(https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md)

Regards,

On 23 October 2015 at 17:03, Hamza Khait <hamza.khait@gmail.com> wrote:

鈥婬i,

Thank you for your quick response.

If I understood your suggestions well, I won't have to use nginx if I have
one IP Address, nginx can be replaced with videobridge right ? Which
solution is the best ? Having one or two IP Addresses ?

Regards,

On 23 October 2015 at 16:45, Damian Minkov <damencho@jitsi.org> wrote:

Hi,

what you should do, is having a second ip address on the machine and
configure with the help of authbind the jvb to listen to port 443 on
that address. This way jvb will send candidates with tcp port 443. If
second ip is not possible, you can try

https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md#to-bind-on-port-4443-and-announce-port-443-set-the-following
.

Regards
damencho

On Fri, Oct 23, 2015 at 4:58 AM, Hamza Khait <hamza.khait@gmail.com> > wrote:
> Hi everyone,
>
> I installed Jitsi-meet on Debian Wheezy server. Everything works fine
> locally. But it comes to clients that are connected behind restrictive
> firewalls, the video/audio streaming doesn't work. The only ports we
should
> use for the company's firewalls are 443. So no 10000-20000 for udp
packets
> :frowning:
>
> I used the quick install method and then I tried to install a turnserver
(
>
https://github.com/mduggan/jitsi-meet/blob/master/INSTALL.md#install-turn-server
> ) but it doesn't seem to work, nothing has changed..
>
> Do you have any ideas about Firewalls traversal and media over https
please
> ?
>
> Thanks,
>
> --
> ______________________________________________
> Hamza Khait
>

> _______________________________________________
> dev mailing list
> dev@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--

______________________________________________

Hamza Khait

--

______________________________________________

Hamza Khait

--

______________________________________________

Hamza Khait

--

______________________________________________

Hamza Khait
This email message is for the sole use of the intended recipient(s) and
may contain information that is privileged, confidential, and exempt from
disclosure under applicable law. Any unauthorized review, use, copying,
disclosure or dissemination is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait


#19

Hi Boris,

What do you mean by " Can clients access it on this address " ? I can't
ping this address (Firewall restrictions) but I can access to port 443 via
telnet (telnet myJitsiServer 433)

My Jitsi Server is not behind NAT. however there's a firewall (Client1
(172.24.0.67) ==> Firewall (Only port 433 is open) ==> Jitsi Server (
192.168.251.48))

Regards,
Hamza

路路路

On 17 November 2015 at 18:31, Boris Grozev <boris@jitsi.org> wrote:

On 17/11/15 04:29, Hamza Khait wrote:

Hum! okay thank you.

Now I fixed tcp6 problem. I have 2 clients behind two firewalls (Only
port 443 is available), they are connected to Jitsi but audio/video
streaming still doesn't work. Jitsi-videobridge still uses UDP ports for
those clients Grrrrr!!!

I did the following steps :

- Redirection of 433 to 4443 with iptables (iptables -t nat -I
PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 4443)
- I stopped nginx
- I added the following instructions in
/etc/jitsi/videobridge/sip-communicator.properties so that jvb can serve
meet:
org.jitsi.videobridge.rest.jetty.host=192.168.251.48
org.jitsi.videobridge.rest.jetty.port=4443

org.jitsi.videobridge.rest.jetty.ProxyServlet.hostHeader=gipsy-ida01.ida.melanie2.i2
org.jitsi.videobridge.rest.jetty.ProxyServlet.pathSpec=/http-bind
org.jitsi.videobridge.rest.jetty.ProxyServlet.proxyTo=
http://gipsy-ida01.ida.melanie2.i2:5280/http-bind

org.jitsi.videobridge.rest.jetty.ResourceHandler.resourceBase=/usr/share/jitsi-meet

org.jitsi.videobridge.rest.jetty.ResourceHandler.alias./config.js=/etc/jitsi/meet/gipsy-ida01.ida.melanie2.i2-config.js
org.jitsi.videobridge.rest.jetty.RewriteHandler.regex=^/([a-zA-Z0-9]+)$
org.jitsi.videobridge.rest.jetty.RewriteHandler.replacement=/
org.jitsi.videobridge.rest.jetty.tls.port=4443
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=443

org.jitsi.videobridge.rest.jetty.sslContextFactory.keyStorePath=/etc/jitsi/videobridge/gipsy-ida01.ida.melanie2.i2.jks

org.jitsi.videobridge.rest.jetty.sslContextFactory.keyStorePassword=********
- I set webrtcIceUdpDisable: true in
./srv/gipsy-ida01.ida.melanie2.i2/config.js and
/etc/jitsi/meet/gipsy-ida01.ida.melanie2.i2-config.js
- I restarted jvb

聽聽Here's the full jvb.log with the two clients : https://goo.gl/iaDGgm

The bridge advertises 192.168.251.48. Can clients access it on this
address? Perhaps it is behind behind a NAT, in which case you'd need to let
the bridge know about its public address via these properties[0].

I don't know why it keeps using udp for clients behind firewalls. Do you
have any idea ?

Setting the option in config.js will cause clients to not use UDP
candidates (which is enough to ensure that UDP isn't used). The bridge will
still try to use it.

Regards,
Boris

[0]
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md#orgjitsivideobridgenat_harvester_local_address

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait


#20

I'm using Chrome version 46.0.2490.71 and Version and Chromium version
37.0.2062.120
I'll try to setup Jitsi-meet on another environment (with nat) to see the
difference.

Regards,
Hamza

路路路

On 18 November 2015 at 17:59, Boris Grozev <boris@jitsi.org> wrote:

On 17/11/15 04:29, Hamza Khait wrote:

Hum! okay thank you.

Now I fixed tcp6 problem. I have 2 clients behind two firewalls (Only
port 443 is available), they are connected to Jitsi but audio/video
streaming still doesn't work. Jitsi-videobridge still uses UDP ports for
those clients Grrrrr!!!

Something else: what browser are you using on the clients? Currently TCP
doesn't work on firefox.

Regards,
Boris

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
______________________________________________
Hamza Khait