[jitsi-dev] Running Jitsi behind nginx reverse proxy


#1

Hi All,

I was wondering if anyone could give me some pointers, I see at some
point you have removed nginx from the jitsi package and use a Java
package instead for the web server. Is this a permanent thing?

We rely on some features in nginx so I'd like to set up a reverse proxy.

If I point the public IP directly to the Jitsi server and connect from
an external address it works fine, however if I point to the reverse
proxy with just this config snippet (nginx config snippet below) it
doesn't work. It loads the web frontend fine, and I can enter a room
however it then has issues with httpbind. I see in the nginx logs on
the reverse proxy it is getting a 502. The console in the browser is
also telling me the same (502 on httpbind)

I can't find anything in /var/log/jitsi on the jitsi server that would
suggest why this is the case, can you help?

···

---
Nginx:

172.30.254.1 - - [02/Jan/2017:17:50:01 +0000] "POST
/http-bind?room=lovemedo HTTP/1.1" 502 5
"https://meet.sh.ibbchina.com/lovemedo" "Mozilla/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87
Safari/537.36"

---
Nginx Config:

server {

    listen 443;

{SNIP}

    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log /var/log/nginx/meet.xxx.log;
    error_log /var/log/nginx/meet.xxx.error.log;

    location / {
              client_max_body_size 0;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      fastcgi_buffers 16 16k;
      fastcgi_buffer_size 32k;
      proxy_buffers 16 16k;
      proxy_buffer_size 32k;

      proxy_pass https://172.30.254.212;
      proxy_read_timeout 90;

      proxy_redirect https://172.30.254.212 https://meet.sh.xxx.com;


#2

Also, going to the http-bind address manually
(https://meet.sh.xxx.com/http-bind) works as expected.

···

It works! Now point your BOSH client to this URL to connect to Prosody.

For more information see Prosody: Setting up BOSH.


#3

Hi Daniel,

I'm not sure what’s wrong with your configuration file, it looks good to me. But it’s worth mentioning that the jitsi-meet installation will properly configure nginx, if it’s found in the system.

I hope this helps.

Regards,
George

···

On Jan 2, 2017, at 11:52 AM, Daniel Case <danielcase10@gmail.com> wrote:

Hi All,

I was wondering if anyone could give me some pointers, I see at some
point you have removed nginx from the jitsi package and use a Java
package instead for the web server. Is this a permanent thing?

We rely on some features in nginx so I'd like to set up a reverse proxy.

If I point the public IP directly to the Jitsi server and connect from
an external address it works fine, however if I point to the reverse
proxy with just this config snippet (nginx config snippet below) it
doesn't work. It loads the web frontend fine, and I can enter a room
however it then has issues with httpbind. I see in the nginx logs on
the reverse proxy it is getting a 502. The console in the browser is
also telling me the same (502 on httpbind)

I can't find anything in /var/log/jitsi on the jitsi server that would
suggest why this is the case, can you help?

---
Nginx:

172.30.254.1 - - [02/Jan/2017:17:50:01 +0000] "POST
/http-bind?room=lovemedo HTTP/1.1" 502 5
"https://meet.sh.ibbchina.com/lovemedo" "Mozilla/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87
Safari/537.36"

---
Nginx Config:

server {

   listen 443;

{SNIP}

   ssl on;
   ssl_session_cache builtin:1000 shared:SSL:10m;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
   ssl_prefer_server_ciphers on;

   access_log /var/log/nginx/meet.xxx.log;
   error_log /var/log/nginx/meet.xxx.error.log;

   location / {
             client_max_body_size 0;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     fastcgi_buffers 16 16k;
     fastcgi_buffer_size 32k;
     proxy_buffers 16 16k;
     proxy_buffer_size 32k;

     proxy_pass https://172.30.254.212;
     proxy_read_timeout 90;

     proxy_redirect https://172.30.254.212 https://meet.sh.xxx.com;

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#4

Hi,

Hi All,

I was wondering if anyone could give me some pointers, I see at some
point you have removed nginx from the jitsi package and use a Java
package instead for the web server. Is this a permanent thing?

Currently the package uses jvb's jetty, nginx and apache in this
order. If java8 is available jvb is configured to serve jitsi-meet
using its embedded jetty server. If you have nginx installed before
installing jitsi-meet it will configure it and use it, the same goes
for apache2.

We rely on some features in nginx so I'd like to set up a reverse proxy.

If I point the public IP directly to the Jitsi server and connect from
an external address it works fine, however if I point to the reverse
proxy with just this config snippet (nginx config snippet below) it
doesn't work. It loads the web frontend fine, and I can enter a room
however it then has issues with httpbind. I see in the nginx logs on
the reverse proxy it is getting a 502. The console in the browser is
also telling me the same (502 on httpbind)

I can't find anything in /var/log/jitsi on the jitsi server that would
suggest why this is the case, can you help?

You can check our nginx template that is used for configuring nginx:
https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet/jitsi-meet.example

Regards
damencho

···

On Mon, Jan 2, 2017 at 11:52 AM, Daniel Case <danielcase10@gmail.com> wrote:

---
Nginx:

172.30.254.1 - - [02/Jan/2017:17:50:01 +0000] "POST
/http-bind?room=lovemedo HTTP/1.1" 502 5
"https://meet.sh.ibbchina.com/lovemedo" "Mozilla/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87
Safari/537.36"

---
Nginx Config:

server {

    listen 443;

{SNIP}

    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log /var/log/nginx/meet.xxx.log;
    error_log /var/log/nginx/meet.xxx.error.log;

    location / {
              client_max_body_size 0;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      fastcgi_buffers 16 16k;
      fastcgi_buffer_size 32k;
      proxy_buffers 16 16k;
      proxy_buffer_size 32k;

      proxy_pass https://172.30.254.212;
      proxy_read_timeout 90;

      proxy_redirect https://172.30.254.212 https://meet.sh.xxx.com;

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev