Jitsi quick install and LXD in Ubuntu 18.04

IMO that’s not the case; people are having the disconnect message when they are trying to open a conference, that is, 2 connections (and more often it’s when there is 3 connections). Crashing by just entering a room is not so common.

absolutely not; are you trying to access Jitsi by having a X11 session in the container ? I use standard X11 sessions or a phone, my containers are on an internet server (outside my personal network)

to access peripherals such as webcam or microphone from a browser you must be in a secure session, that is, TLS. You should have a certificate, even if it’s a self signed certificate for an internal access.

@gpatel-fr>

absolutely not; are you trying to access Jitsi by having a X11 session in the container ? I use standard X11 sessions or a phone, my containers are on an internet server (outside my personal network)

no, I have one server where the jitsi lxd container is running
and 2 laptops.

from the host where the Jitsi lxd container runs I get this response
and from both laptops I get the same response.

on the host where the container runs I’ve used LXD proxy device to map the ports to the container for those laptops to use to get to the container.

to access peripherals such as webcam or microphone from a browser you must be in a secure session, that is, TLS. You should have a certificate, even if it’s a self signed certificate for an internal access.

I am using a self signed cert and HTTPS on both firefox and chromium and both do the same thing.

I have never used the proxy device, I don’t know if it can do UDP. I use iptables (through ufw) to forward port 10000/udp, on the host I use nginx that is proxying the port 443 to the port 80 of the container (I have zapped all the secure part of the nginx in the container to leave only straight http). If you are leaving the TLS configuration of the jitsi container and using the LXD proxy to connect 443 port on the host to 443 port in the container it should work also I guess.

Edit: I forgot to say that in my config the setup host -> container is the equivalent of natting and as such I have setup videobridge configuration.

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=...private address...
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=...public address...

With all this I’m not yet sure of when you get problems; is it with only one connection, or with 2 ?

Yes I’ve made that change also…

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=…private address…
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=…public address…

I’ve tried to follow a couple different “guides” including:

**

https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart

**

I didn’t ask but I assumed you are running un-privilged containers.

yes
as I am not yet sure at all of what you did exactly or even how it crashes, at this time it’s appropriate to post my usual connection test:

(server)
sudo systemctl stop jitsi-videobridge2
nc -l 10000 -u

(workstation)
echo "123" | nc -u (your public address) 10000

in your case server means Jitsi container, and public address would be the LAN ip address of the host with the Jitsi container, of course.

If previous test works, also please provide the prosody (/var/log/prosody), jicofo and videobridge logs (/var/log/jitsi)

by the way… here is just one Jitsi community thread with alot of people reporting exactly what I am seeing:

ok… in my container named “jitsi”:

# nc -l 10000 -u

in my LXD Host:

echo “123” | nc -u 10.107.254.195 10000

back in my container this appears:

# nc -l 10000 -u
123

actually what I was saying was:

is 10.107.254.195 your LXD bridge address or your host IP address on your LAN (you should do the test from one of your laptops too)

ok… in my container named “jitsi”:

# nc -l 10000 -u

in my LXD Host:

echo “123” | nc -u 10.107.254.195 10000

back in my container this appears:

# nc -l 10000 -u
123

NOTE: I am using the LXD Device Proxy to port forward UDP 10000 to container so I instead of using the LXD IP I use the Public IP of the Host/Server I still get:

$ echo “123” | nc -u 192.168.1.81 10000

back in my container this appears:

# nc -l 10000 -u
123

BTW… what were the two logs you wanted to see?

@gpatel-fr

Also, just fyi in an LXD host/server you can forward ports to any LXD container using the following:

$ lxc config device add cn_name myport443 proxy listen=tcp:0.0.0.0:443 connect=tcp:127.0.0.1:443

where:

cn_name = the target container name

myport443 is ONLY a label you can call this anything just so it reminds you which proxy device is doing what port

proxy listen=tcp:0.0.0.0:443 = on the Host/Server Listen for anything coming in on port 443

connect=tcp:127.0.0.1:443 = and connect that traffic on the Host/Server to port 443 inside “cn_name” container

NOTE: the above is fowarding TCP port 443. If you wanted to forward UDP Port 10000 it would be:

$ lxc config device add cn_name myport10000 proxy listen=udp:0.0.0.0:10000 connect=udp:127.0.0.1:10000

On the LXD Host/Server you can check what is being forwarded to you cn_name container by:

$ lxc config device show cn_name

which in my case displays:

myport80:
connect: tcp:127.0.0.1:80
listen: tcp:0.0.0.0:80
type: proxy
myport443:
connect: tcp:127.0.0.1:443
listen: tcp:0.0.0.0:443
type: proxy
myport4443:
connect: tcp:127.0.0.1:4443
listen: tcp:0.0.0.0:4443
type: proxy
myport10000:
connect: udp:127.0.0.1:10000
listen: udp:0.0.0.0:10000
type: proxy

/var/log/prosody/prosody.log
/var/log/jitsi/jicofo.log
/var/log/jitsi/jvb.log

and yes, I know about the LXD proxy, I just don’t want to use it.

It’s been a year now and we have not used jitsi (on our own server) ever since. My container has been deleted and I haven’t been using jitsi for the last months.

If I remember correctly, at some point we dealt with the same issue with d/c happening after a small amount of time.

It looks to me like you didn’t check this. Or did you?

thanks for the response but yes I have tried both 127.0.0.1 and the LXD Container’s own IP and get the same results.

Well, I got annoyed, took a 20.04 container that was on my workstation LXD setup, installed Jitsi with the quick install, picked self-signed certificate, after the install browsed to https://mycontainer; accepted the certificate, nothing more, nothing less; launched a conference, waited for one hour: no disconnect.

Okay… deleted old LXD container and created a new one.
Reinstalled Jitsi exactly as per:
Self-Hosting Guide - Debian/Ubuntu server

I put the logs on my Google Drive so here are the Links to each of them:

jvb.log

jicofo.log

prosody.log

@gpatel-fr
I didn’t ask if you were using SNAP LXD. I am.

What Web-Server do you use on your host? Can you post your proxy configuration?

@pelen

I’m installing jitsi in and LXD container using the default steps outlined in the
Self-Hosting Guide - Debian/Ubuntu server

So I assume its Nginx webserver.

When you ask for the “proxy” configuration… just to be clear is this a file or part of a file installed by
Jitsi? Or do you want to know what ports I am forwarding from the LXD container’s Host/Server to the LXD container?

@gpatel-fr

Still doing some google searches for LXD and Jitsi and found this thread that you were part of.

And from what you wrote on that thread your installing of Jitsi into LXD also required an Nginx
server running the the LXD’s Host/Server as well as in the LXD Jitsi container? So it looks like a bit more than what was documented in the Jitsi Self-Hosting Guide - Debian/Ubuntu server

I kept thinking that the vanilla guide wasn’t going to work w/out something like the Host running Nginx too and that pointing to the LXD Jitsi container.

gpatel-fr

Apr 4

I proxy from my main nginx install on the host (having a similar role to your haproxy) to the nginx installed in the LXD jitsi container; I have edited the container nginx conf file (created by jitsi upgrade) to drop the ssl so I have a classical setup, the main nginx on the host does the ssl stuff, it has exposed its 443 port to the internet (of course) and it proxies to the container on port 80 doing simple HTTP (the container port 80 is not exposed to the internet). The host port 10000 (and only this port) is NATted to the container port 10000.
By and large I have a similar setup to the one I had with jvb1, the port 443 is managing https jitsi through a reverse proxy, and the 10000 port is directly exposed. The only change is that the jitsi container is exposing a HTTP port managed by nginx instead of jetty. It’s probably not a high performance setup but my hardware is not so great so I can’t hope to manage dozens of clients anyway.

About coturn, it seems only necessary if you can’t expose port 10000 but it’s said to be less performant and it seems a royal pain to setup so I dropped it without mercy.

I am talking about the host. Depending on your network configuration and as far as I know, simple port forwarding will not suffice. You have to do reverse proxying in your web host on the host system.

Why do you want Jitsi to run in LXD?