Jitsi Private LAN only?

oneill · April 13, 2021, 7:57pm

If I disable all external services, what would I need to go fiddling with to stop Jitsi from breaking?

Say as far as Jitsi is aware, every single client connecting to it is on the same subnet.

So I’m going to disable all external stun/turn services. Even DNS is on a private LAN with CA signed certs.

If there is documentation of this somewhere please point me in that direction. I’ve been messing with it for the better part of a day, and everything seems to keep breaking because I keep hitting places where Jitsi is expecting a WAN accessible architecture.

Disabling prosody config stun services has stopped the endless room reboot cycle loop, even though the connection does keep dropping on a steady intermittent every minute or so, it at least appears to be staying in the room somewhat… still something is very off. Multiple browsers on the same machine can’t join the same Jitsi room. It’s like every browser instance is a new unlinked session.

I’m still tweaking settings and going through the role, but I’m going off the base defaults setup in systemli’s ansible jitsi role for configuration reference.

damencho · April 13, 2021, 8:26pm

Maybe upload js console logs with a particular problem. Guessing like that is hard.
Jvb announces its private and public address to all clients and if clients have direct access to the internal IP address and port 10000 for udp, everything should work. You can disable jvb from announcing its public address by commenting this line from its config: org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443

oneill · April 19, 2021, 4:00pm

Thanks for the suggestion, it helped in tracking this down.

Error with Permissions-Policy header: Parse of permission policy failed because of errors reported by strctured header parser.

github.com

w3c/webappsec-permissions-policy/blob/main/permissions-policy-explainer.md#appendix-big-changes-since-this-was-called-feature-policy

# Permissions Policy Explainer

Permissions Policy is a web platform API which gives a website the ability to
allow or block the use of browser features in its own frame or in iframes that
it embeds. It operates on the principle that top-level documents should
generally have access to the web's powerful features (often at the discretion of
the user, who needs to grant permission), but that embedded content should not
have such access automatically. A document which embeds another document should
be able to declare which features it trusts that embedded content to use.

Examples of features that can be controlled by Permissions Policy include:
* Battery status
* Client Hints
* Encrypted-media decoding
* Fullscreen
* Geolocation
* Picture-in-picture
* Sensors: Accelerometer, Ambient Light Sensor, Gyroscope, Magnetometer
* User media: Camera, Microphone
* Video Autoplay

This file has been truncated. show original

This appears to be a w3c update… even correcting the syntax to the w3c recommendation still fails policy headers, so I’ve commented them out for now.

The next error that appears:

Logger.js:154 2021-04-19T15:37:22.310Z [JitsiMeetJS.js] <Object.getGlobalOnErrorHandler>: UnhandledError: Focus error, retry after 1000 Script: null Line: null Column: null StackTrace: Error: Focus error, retry after 1000

So it looks like I’m suffering from

Except it never works. I assume this is something in my deployment, since I’m just wiping and re-standing up.

I can probably dig into this a little more, anything in particular I should be looking for?
the error seems pretty vague.

edit: Also, checking docs I only see a DNS need for meet.mydomain.com, do I need to add entries for all of the subdomains jitsi needs? It looks like there’s a few more.