Load balanced Jitsi with secure domain

Install & Config
#1

Hi!

We’re running two instances one is public and one as secure domain.

Yesterday we’ve tried to add two more video bridges to the public and two to the secure domain. For the public instance everything is working fine.

For the secure domain not: If the conference has started on the second/third videobridge the participants can not see and hear each other.

Here the videobridge/config:

# Jitsi Videobridge settings

# sets the XMPP domain (default: none)
JVB_HOSTNAME={{ jitsi_hostname }}

# sets the hostname of the XMPP server (default: domain if set, localhost otherwise)
JVB_HOST=

# sets the port of the XMPP server (default: 5275)
JVB_PORT=5347

# sets the shared secret used to authenticate to the XMPP server
JVB_SECRET={{ jvb_secret }}

# extra options to pass to the JVB daemon
JVB_OPTS="--apis=rest,"

And the sip-communicator.properties:

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=stun.xxxx.xx:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME={{ xmpp_host }}
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.{{ jitsi_hostname }}
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ jvb_secret }}
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.{{ jitsi_hostname }}
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ jvb_nickname }}
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true

How should the config look for a videobridge which belongs to a secure domain setup?

Do we need the following lines in the videobridge/config?

org.jitsi.jicofo.auth.URL=XMPP:{{ jitsi_hostname }}
org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.{{ jitsi_hostname }}

Thanks for helping!

#2

Have you forwarded the port 10000 udp from each of the public addresses that belong to that bridge to its internal address?

#3

@damencho No :thinking: I’ve just followed these guide here jitsi meet load balancing installation Ubuntu 18.04 with MUC and JID · jitsi/jitsi-meet Wiki · GitHub
Couldn’t find anything about port forwarding…

Our setup:

One VM running all Jitsi components (Nginx, Prosody, Jicofo, Videobridge, …). Only Coturn is running on a separate machine. This VM uses “internal_plain” as authentication method and has a public IPv4/IPv6 and a private IPv4 address. Standalone everything is working fine :heart:

Now we want to add two more VMs running only the Videobridge to handle more load. These VMs have only a private IPv4 address (but can connect to the outside world). Is this a potential problem?
Is there anything to take in account for a internal_plain setup with multiple bridges?

#4

Yeah we wanted to get rid of those wikis for some time … not sure what it says… but - check advanced section of https://jitsi.org/qi you need to port forward 10000 to the jvb.
So you need a public address for every jvb and do the same, or use the same public address and use different ports and forward those.

#5

In other words official documentation is the handbook :slight_smile: