[jitsi-dev] Running in Shadow IT


#1

Hi,

Does anyone have any experience in setting up a video conferencing setup
(XMPP server, JVB, Jicofo, Jitsi-Meet et al) using only very, very commonly
used ports (such as 80, 443)? The main purpose of this would be to be able
to setup a working environment in a very restricted network.

Regards,

  Guus


#2

Hi,

If you just do apt-get install jitsi-meet on debian/ubuntu with
default java8 (like latest debian and ubuntu 16.04 and up) this will
install jitsi-meet and configure jvb to serve jitsi-meet through its
internal jetty on port 443.
And if that machine has only port 443 visible to the world it will be
the only port used. The media will be transferred using tcp and port
443.
If udp over port 80 is possible then jvb can be configured to use that
one as a single port option.
Does this work for you?

Regards
damencho

···

On Mon, Aug 7, 2017 at 8:35 AM, Guus der Kinderen <guus.der.kinderen@gmail.com> wrote:

Hi,

Does anyone have any experience in setting up a video conferencing setup
(XMPP server, JVB, Jicofo, Jitsi-Meet et al) using only very, very commonly
used ports (such as 80, 443)? The main purpose of this would be to be able
to setup a working environment in a very restricted network.

Regards,

  Guus

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#3

Do you regard UDP ports in the 10,000 - 20,000 range as "very very commonly
used"?

If not, you might be able to get the calls set up, but you'll have a hard time
streaming the media.

Antony.

···

On Monday 07 August 2017 at 15:35:45, Guus der Kinderen wrote:

Hi,

Does anyone have any experience in setting up a video conferencing setup
(XMPP server, JVB, Jicofo, Jitsi-Meet et al) using only very, very commonly
used ports (such as 80, 443)? The main purpose of this would be to be able
to setup a working environment in a very restricted network.

--
In science, one tries to tell people
in such a way as to be understood by everyone
something that no-one ever knew before.

In poetry, it is the exact opposite.

- Paul Dirac

                                                   Please reply to the list;
                                                         please *don't* CC me.


#4

Absolutely, thanks! There's the added bit of having the XMPP stuff work,
but I'm pretty familiar with that myself :slight_smile:

···

On 7 August 2017 at 15:51, Damian Minkov <damencho@jitsi.org> wrote:

Hi,

If you just do apt-get install jitsi-meet on debian/ubuntu with
default java8 (like latest debian and ubuntu 16.04 and up) this will
install jitsi-meet and configure jvb to serve jitsi-meet through its
internal jetty on port 443.
And if that machine has only port 443 visible to the world it will be
the only port used. The media will be transferred using tcp and port
443.
If udp over port 80 is possible then jvb can be configured to use that
one as a single port option.
Does this work for you?

Regards
damencho

On Mon, Aug 7, 2017 at 8:35 AM, Guus der Kinderen > <guus.der.kinderen@gmail.com> wrote:
> Hi,
>
> Does anyone have any experience in setting up a video conferencing setup
> (XMPP server, JVB, Jicofo, Jitsi-Meet et al) using only very, very
commonly
> used ports (such as 80, 443)? The main purpose of this would be to be
able
> to setup a working environment in a very restricted network.
>
> Regards,
>
> Guus
>
> _______________________________________________
> dev mailing list
> dev@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#5

Hi,

If you just do apt-get install jitsi-meet on debian/ubuntu with
default java8 (like latest debian and ubuntu 16.04 and up) this will
install jitsi-meet and configure jvb to serve jitsi-meet through its
internal jetty on port 443.
And if that machine has only port 443 visible to the world it will be
the only port used. The media will be transferred using tcp and port
443.

Wow, neat - I didn't even know this was an option.

If udp over port 80 is possible then jvb can be configured to use that
one as a single port option.
Does this work for you?

Regards
damencho

Please disregard my previous ignorant answer saying that the media stream
would be hard :slight_smile:

Antony.

···

On Monday 07 August 2017 at 15:51:38, Damian Minkov wrote:

--
"How I managed so long without this book baffles the mind."

- Richard Stoakley, Group Program Manager, Microsoft Corporation,
   referring to "The Art of Project Management", O'Reilly press

                                                   Please reply to the list;
                                                         please *don't* CC me.


#6

> Hi,
>
> If you just do apt-get install jitsi-meet on debian/ubuntu with
> default java8 (like latest debian and ubuntu 16.04 and up) this will
> install jitsi-meet and configure jvb to serve jitsi-meet through its
> internal jetty on port 443.
> And if that machine has only port 443 visible to the world it will be
> the only port used. The media will be transferred using tcp and port
> 443.

Wow, neat - I didn't even know this was an option.

> If udp over port 80 is possible then jvb can be configured to use that
> one as a single port option.
> Does this work for you?
>
> Regards
> damencho

Please disregard my previous ignorant answer saying that the media stream
would be hard :slight_smile:

I assumed the same, which is why I asked in the first place.

···

On 7 August 2017 at 15:58, Antony Stone <Antony.Stone@jitsi.open.source.it> wrote:

On Monday 07 August 2017 at 15:51:38, Damian Minkov wrote:

Antony.

--
"How I managed so long without this book baffles the mind."

- Richard Stoakley, Group Program Manager, Microsoft Corporation,
   referring to "The Art of Project Management", O'Reilly press

                                                   Please reply to the
list;
                                                         please *don't* CC
me.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#7

Yep,

the tricky part is the jetty config for jvb and the fact that it needs
to use ports below 1024, so authbind is used to configure it for 443.

The code for those two configurations is here:
https://github.com/jitsi/jitsi-meet/blob/master/debian/jitsi-meet-web-config.postinst#L119

If you need to setup the single media udp port to 80, you will need to
add authbind config for it as we do for 443.
And then I think the property is:
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=80

Regards
damencho

···

On Mon, Aug 7, 2017 at 9:07 AM, Guus der Kinderen <guus.der.kinderen@gmail.com> wrote:

On 7 August 2017 at 15:58, Antony Stone <Antony.Stone@jitsi.open.source.it> > wrote:

On Monday 07 August 2017 at 15:51:38, Damian Minkov wrote:

> Hi,
>
> If you just do apt-get install jitsi-meet on debian/ubuntu with
> default java8 (like latest debian and ubuntu 16.04 and up) this will
> install jitsi-meet and configure jvb to serve jitsi-meet through its
> internal jetty on port 443.
> And if that machine has only port 443 visible to the world it will be
> the only port used. The media will be transferred using tcp and port
> 443.

Wow, neat - I didn't even know this was an option.

> If udp over port 80 is possible then jvb can be configured to use that
> one as a single port option.
> Does this work for you?
>
> Regards
> damencho

Please disregard my previous ignorant answer saying that the media stream
would be hard :slight_smile:

I assumed the same, which is why I asked in the first place.

Antony.

--
"How I managed so long without this book baffles the mind."

- Richard Stoakley, Group Program Manager, Microsoft Corporation,
   referring to "The Art of Project Management", O'Reilly press

                                                   Please reply to the
list;
                                                         please *don't* CC
me.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev