Jitsi is running without transmitting audio/video

Hi! I just installed Jitsi on my Server but I got a weird Problem:

If I try to make a videocall there is no audio or video transmitted. All Devices show only their own Video Feed no Feed of others.

Jitis is placed behind a nginx reverse Proxy with the config Jitsi created. Only thing I changed in the nginx server conf was SSL Key Files. I created those with certbot (Lets Encrypt) and I get a SSL-Labs score of A+ for the jitsi domain, so no problem there.
Jitsi config is default too.

Also jicofo, jitsi-videobridge2 and prosody are running fine:

root@xxxx:/etc/nginx/sites-available# service jicofo status
● jicofo.service - LSB: Jitsi conference Focus
   Loaded: loaded (/etc/init.d/jicofo; generated)
   Active: active (running) since Fri 2020-11-20 23:20:59 CET; 1h 4min ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 279 (limit: 4915)
   CGroup: /system.slice/jicofo.service
           └─20770 java -Xmx3072m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -Djdk.tls.ephemeralDHKeySize=2048 -Dconfig.file=/etc/jitsi/jicofo/jicofo.conf -Dnet.java.sip.communicator.SC_H
Nov 20 23:20:59 xxxx.contaboserver.net systemd[1]: Starting LSB: Jitsi conference Focus...
Nov 20 23:20:59 xxxx.contaboserver.net jicofo[20747]: Starting jicofo: jicofo started.
Nov 20 23:20:59 xxxx.contaboserver.net systemd[1]: Started LSB: Jitsi conference Focus.

root@xxxx:/etc/nginx/sites-available# service jitsi-videobridge2 status
● jitsi-videobridge2.service - Jitsi Videobridge
   Loaded: loaded (/lib/systemd/system/jitsi-videobridge2.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-11-20 23:20:51 CET; 1h 5min ago
 Main PID: 20088 (java)
    Tasks: 48 (limit: 65000)
   CGroup: /system.slice/jitsi-videobridge2.service
           └─20088 java -Xmx3072m -XX:+UseConcMarkSweepGC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -Djdk.tls.ephemeralDHKeySize=2048 -Dconfig.file=/etc/jitsi/videobridge/jvb.conf -Dnet.
Nov 20 23:20:51 xxxx.contaboserver.net systemd[1]: Starting Jitsi Videobridge...
Nov 20 23:20:51 xxxx.contaboserver.net systemd[1]: Started Jitsi Videobridge.

root@xxxx:/etc/nginx/sites-available# service prosody status
● prosody.service - LSB: Prosody XMPP Server
   Loaded: loaded (/etc/init.d/prosody; generated)
   Active: active (running) since Fri 2020-11-20 23:21:05 CET; 1h 5min ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/prosody.service
           └─22558 lua5.1 /usr/bin/prosody

Nov 20 23:21:05 xxxx.contaboserver.net systemd[1]: Starting LSB: Prosody XMPP Server...
Nov 20 23:21:05 xxxx.contaboserver.net prosody[22528]:  * Starting Prosody XMPP Server prosody
Nov 20 23:21:05 xxxx.contaboserver.net prosody[22528]:    ...done.
Nov 20 23:21:05 xxxx.contaboserver.net systemd[1]: Started LSB: Prosody XMPP Server.
Nov 20 23:21:05 xxxx.contaboserver.net prosody[22558]: portmanager: Failed to open server port 5347 on ::1, Cannot assign requested address
Nov 20 23:21:05 xxxx.contaboserver.net prosody[22558]: portmanager: Error binding encrypted port for https: No key present in SSL/TLS configuration for https port 5281
Nov 20 23:21:05 xxxx.contaboserver.net prosody[22558]: portmanager: Error binding encrypted port for https: No key present in SSL/TLS configuration for https port 5281

Tbh I dont really know how to debug here, as I dont see anything out of the common.

PS: Just Checked Port 10000 UDP connectivity - worked all fine - Message was transmitted.

Thx!

Nico

You need to do the Advanced configuration section of the Quick Install Guide.

well, what you are trying to do is not so obvious as TLS is supposed to remove any possibility of MITM (aka proxy) so to make this to work you would have to play with advanced nginx options (SSL preread)
I have seen already many posts about this setup on this forum and I don’t remember having seen an example of a working one, so it’s not quite so easy.
A simpler option is to remove all https from jitsi and do the TLS termination on the proxy. I’m doing that but with haproxy. Good luck with nginx.

It is running on a Server, not on my PC, but I tryed it:

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=my-public-ip
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=my-public-ip

Using the public IP for both, as the reverse Proxy is on the same IP as Jitsi and is only used to guide the other subdomains. Does not work unfortunatly

As The Proxy and the Jitsi Meet Server are running on the same IP it should work. It is the Nginx that comes with jitsi too so, just extended for some Server configs for the oter services running on other subdomains.

And I still get a A+ on SSL Labs

?? can’t understand anything at your setup then, as in this case there is no proxying of Jitsi.

The Setup is still called reverse Proxy, as nginx takes all Data Transfer from Port 80 and 443 and transmits it accordingly to the (Sub)Domain Names to the right Ports.

Setup is as follows:

  • Nginx, Jitsi, Service1 and Service2 are located on Server X with IP 100.100.100.100
  • Nginx takes all Trafic on Port 80 and 443
  • Nginx reads the Domain Name - If Domain-name is meet.mydomain.com it routes the Traffic to Jitsi (it uses the default Jitisi Nginx config)
  • If Domain name is service1.mydomain.com it routes traffic to Port 2080, it Domain is service2.mydomain.com it routes the Trafic to Port 3080 and so on

so what you are calling ‘reverse proxy’ is really the default jitsi configuration, that is, the clients are accessing

  • prosody (proxying of port 5280 with http-bind or xmpp-websockets)
  • jvb (proxying of port 9090 with colibri-ws)
    then ?
    if yes, it’s just standard jitsi.
    what you should check
  • your nginx access logs to see if this proxying is actually working
  • your prosody logs to see if jicofo and jvb are logging correctly to prosody

On this last point, I’m fond of installing the telnet interface to prosody (“admin_telnet”; in the enabled modules) so it’s possible to check directly if jicofo and jvb are logged in to prosody with
telnet localhost 5582
and then
c2s:show() -> should show you focus (jicofo) and jvb