Due to firewall limitations we need to be able to setup video calls on port 443.
We’ve extensively googled the documentation aswell as this forum but nothing seems to work, so here we are.
Here is the config.
turnserver.conf
jitsi-meet coturn config. Do not modify this line
use-auth-secret
keep-address-family
static-auth-secret=oursecret
realm=OURDOMAIN
cert=/etc/ssl/OURDOMAIN.crt
pkey=/etc/ssl/OURDOMAIN.key
no-multicast-peers
no-cli
no-loopback-peers
no-tcp-relay
no-tcp
listening-port=3478
tls-listening-port=5349
no-tlsv1
no-tlsv1_1
cat /nginx/modules-available/60-mod-stream-jitsi.conf
stream {
map $ssl_preread_server_name $name {
Y.OURDOMAIN web_backend;
turntest.OURDOMAIN turn_backend;
}
upstream web_backend {
server 127.0.0.1:4444;
}
upstream turn_backend {
server <ourpublicIP>:5349;
}
server {
listen 443;
listen [::]:443;
# since 1.11.5
ssl_preread on;
proxy_pass $name;
# Increase buffer to serve video
proxy_buffer_size 10m;
}
}
prosody/conf.avail/Y.OURDOMAIN.cfg.lua
plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }
– domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = “Y.OURDOMAIN”;
external_service_secret = “oursecret”;
external_services = {
{ type = “stun”, host = “<;y>.OURDOMAIN;”, port = 3478 },
{ type = “turn”, host = “Y.OURDOMAIN”, port = 3478, transport = “udp”, secret = true, ttl = 86400, algorithm = “turn” },
{ type = “turns”, host = “turntest.OURDOMAIN”, port = “443”, secret = true, transport = “tcp”, ttl = 86400, algorithm = “turn”}
};
cross_domain_bosh = false;
consider_bosh_secure = true;
– https_ports = { }; – Remove this line to prevent listening on port 5284
– Mozilla SSL Configuration Generator
ssl = {
protocol = “tlsv1_2+”;
ciphers = “ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384”
}
unlimited_jids = {
“focus@auth.Y.OURDOMAIN”,
“jvb@auth.Y.OURDOMAIN”
}
VirtualHost “Y.OURDOMAIN”
– enabled = false – Remove this line to enable this host
authentication = “anonymous”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/Y.OURDOMAIN.key”;
certificate = “/etc/prosody/certs/Y.OURDOMAIN.crt”;
}
av_moderation_component = “avmoderation.Y.OURDOMAIN”
speakerstats_component = “speakerstats.Y.OURDOMAIN”
conference_duration_component = “conferenceduration.Y.OURDOMAIN”
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
“speakerstats”;
“external_services”;
“conference_duration”;
“muc_lobby_rooms”;
“muc_breakout_rooms”;
“turncredentials”;
“av_moderation”;
}
c2s_require_encryption = false
lobby_muc = “lobby.Y.OURDOMAIN”
breakout_rooms_muc = “breakout.Y.OURDOMAIN”
main_muc = “conference.Y.OURDOMAIN”
– muc_lobby_whitelist = { “recorder.Y.OURDOMAIN” } – Here we can whitelist jibri to enter lobby enabled rooms
Component “conference.Y.OURDOMAIN” “muc”
restrict_room_creation = true
storage = “memory”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
“polls”;
–“token_verification”;
“muc_rate_limit”;
}
admins = { “focus@auth.Y.OURDOMAIN” }
muc_room_locking = false
muc_room_default_public_jids = true
Component “breakout.Y.OURDOMAIN” “muc”
restrict_room_creation = true
storage = “memory”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
–“token_verification”;
“muc_rate_limit”;
}
admins = { “focus@auth.Y.OURDOMAIN” }
muc_room_locking = false
muc_room_default_public_jids = true
– internal muc component
Component “internal.auth.Y.OURDOMAIN” “muc”
storage = “memory”
modules_enabled = {
“ping”;
}
admins = { “focus@auth.Y.OURDOMAIN”, “jvb@auth.Y.OURDOMAIN” }
muc_room_locking = false
muc_room_default_public_jids = true
VirtualHost “auth.Y.OURDOMAIN”
ssl = {
key = “/etc/prosody/certs/auth.Y.OURDOMAIN.key”;
certificate = “/etc/prosody/certs/auth.Y.OURDOMAIN.crt”;
}
modules_enabled = {
“limits_exception”;
}
authentication = “internal_hashed”
– Proxy to jicofo’s user JID, so that it doesn’t have to register as a component.
Component “focus.Y.OURDOMAIN” “client_proxy”
target_address = “focus@auth.Y.OURDOMAIN”
Component “speakerstats.Y.OURDOMAIN” “speakerstats_component”
muc_component = “conference.Y.OURDOMAIN”
Component “conferenceduration.Y.OURDOMAIN” “conference_duration_component”
muc_component = “conference.Y.OURDOMAIN”
Component “avmoderation.Y.OURDOMAIN” “av_moderation_component”
muc_component = “conference.Y.OURDOMAIN”
Component “lobby.Y.OURDOMAIN” “muc”
storage = “memory”
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true
modules_enabled = {
“muc_rate_limit”;
“polls”;
}
sip-communicator.properties
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
#org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.Y.OURDOMAIN
org.jitsi.videobridge.xmpp.user.shard.USERNAME=
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=<user@…>
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=dff1c7a7-2fa3-49ec-bbba-9948ecd66cad
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=OUR PUBLIC IP
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=Y.OURDOMAIN:5349
There seems to be no error or any kind of anomlay logs for turnserver, prosody or nginx. When jitsi runs in p2p everything is fine, as soon as third person joins, the video drops.
I would be super grateful for any kind of input as to where to look next 