More than two users results in no video [AWS EC2]

jpkelly · April 18, 2020, 12:50am

I have a Jitsi-meet installation on an AWS EC2 instance and p2p video works but 3 users (videobridge) does not work. I see the users appear in the room but there is no video or audio.

It seems videobridge2 is running but possibly misconfigured.

I have tried the configuration steps found here but it does not help.

github.com

jitsi/jitsi-meet/blob/master/doc/quick-install.md#advanced-configuration

# Jitsi Meet quick install

This guide helps you  ___host your own Jitsi server___. If you want to have a video conference without setting up any infrastructure, use https://meet.jit.si instead.

This document describes the required steps for a quick Jitsi Meet installation on a Debian based GNU/Linux system. Debian 9 (Stretch) or later, and Ubuntu 18.04 (Bionic Beaver) or later are supported out-of-the-box.

On Ubuntu systems, Jitsi requires dependencies from Ubuntu's `universe` package repository.  To ensure this is enabled, run `apt-add-repository universe` at the command-line.

_Note_: Many of the installation steps require elevated privileges. If you are logged in using a regular user account, you may need to temporarily increase your permissions (for example, by using `sudo` for individual commands).

## Basic Jitsi Meet install

### Set up the Fully Qualified Domain Name (FQDN) (optional)

If the machine used to host the Jitsi Meet instance has a FQDN (for example `meet.example.org`) already set up in DNS, `/etc/hostname` must contain this FQDN; if this is not the case yet, [change the hostname](https://wiki.debian.org/HowTo/ChangeHostname).

Then add the same FQDN in the `/etc/hosts` file, associating it with the loopback address:

    127.0.0.1 localhost meet.example.org

This file has been truncated. show original

Here is the log when jitsi-videobridge2 is restarted:

gist.github.com

https://gist.github.com/jpkelly/2954eabb5c02681cfc062a2f7716f9a4

logsnippit1

2020-04-18 00:41:02.596 INFO: [1] NewConfig$1.invoke#88: Loaded NewConfig with origin: merge of system properties,system properties,reference.conf @ jar:file:/usr/share/jitsi-videobridge/jitsi-videobridge.jar!/reference.conf: 1,reference.conf @ jar:file:/usr/share/jitsi-videobridge/lib/jitsi-media-transform-1.0-151-gd47656a.jar!/reference.conf: 1
    2020-04-18 00:41:02.615 INFO: [1] LegacyConfigFileLoader$Companion.load#40: Attempting to load legacy config file at path /etc/jitsi, videobridge, sip-communicator.properties
    2020-04-18 00:41:02.620 INFO: [1] LegacyConfigFileLoader$Companion.load#40: Attempting to load legacy config file at path /etc/jitsi, videobridge, sip-communicator.properties
    2020-04-18 00:41:02.623 INFO: [1] JitsiConfig$Companion.reload#40: Reloading.
    2020-04-18 00:41:02.658 INFO: [1] NewConfig$1.invoke#88: Loaded NewConfig with origin: merge of system properties,system properties,reference.conf @ jar:file:/usr/share/jitsi-videobridge/jitsi-videobridge.jar!/reference.conf: 1,reference.conf @ jar:file:/usr/share/jitsi-videobridge/lib/jitsi-media-transform-1.0-151-gd47656a.jar!/reference.conf: 1
    2020-04-18 00:41:02.659 INFO: [1] LegacyConfigFileLoader$Companion.load#40: Attempting to load legacy config file at path /etc/jitsi, videobridge, sip-communicator.properties
    2020-04-18 00:41:02.661 INFO: [1] LegacyConfigFileLoader$Companion.load#40: Attempting to load legacy config file at path /etc/jitsi, videobridge, sip-communicator.properties
    2020-04-18 00:41:02.723 INFO: [11] ConfigurationActivator.start#45: Registered the LegacyConfigurationServiceShim in OSGi.
    2020-04-18 00:41:02.726 INFO: [11] AbstractVersionActivator.start#91: VersionService registered: JVB 2.1.186-g29a8b927
    2020-04-18 00:41:02.755 INFO: [11] AbstractJettyBundleActivator.start#613: Not starting the Jetty service for org.jitsi.videobridge.rest.RESTBundleActivator(port=8080)

This file has been truncated. show original

Here is the log when a user joins:

gist.github.com

https://gist.github.com/jpkelly/7ae07923f417f6526cbc810ca1a5b132

logsnippit2

2020-04-18 00:47:31.362 INFO: [63] Videobridge.createConference#320: create_conf, id=13c0c1ba8e941de0 gid=ffd665 logging=true
2020-04-18 00:47:31.365 INFO: [63] [confId=13c0c1ba8e941de0 epId=dec9f306 local_ufrag=fc6rc1e65c2eh4 gid=ffd665 conf_name=test ufrag=fc6rc1e65c2eh4] Agent.gatherCandidates#662: Gathering candidates for component stream-dec9f306.RTP.
2020-04-18 00:47:31.373 INFO: [31] [confId=13c0c1ba8e941de0 gid=ffd665 conf_name=test] Conference.dominantSpeakerChanged#446: ds_change ds_id=dec9f306
2020-04-18 00:47:31.376 INFO: [63] [confId=13c0c1ba8e941de0 epId=dec9f306 gid=ffd665 conf_name=test] Endpoint.lambda$setTransportInfo$8#1150: Ignoring empty DtlsFingerprint extension: <transport xmlns='urn:xmpp:jingle:transports:ice-udp:1'><fingerprint xmlns='urn:xmpp:jingle:apps:dtls:0' required='false'/></transport>
2020-04-18 00:47:31.377 INFO: [63] [confId=13c0c1ba8e941de0 epId=dec9f306 gid=ffd665 conf_name=test] Endpoint.describe#1333: Transport description:
 <transport xmlns='urn:xmpp:jingle:transports:ice-udp:1' pwd='4e96m4mhkc9ggq7u8cgj74j0ip' ufrag='fc6rc1e65c2eh4'><rtcp-mux/><fingerprint xmlns='urn:xmpp:jingle:apps:dtls:0' setup='actpass' hash='sha-256'>F1:A0:C6:CB:2C:72:91:F1:AE:64:69:49:FE:B9:6F:35:03:DA:AD:21:DB:09:A2:70:65:92:D7:27:23:61:1C:2A</fingerprint><candidate component='1' foundation='1' generation='0' id='20ea7ff7141bd9b90259c98da' network='0' priority='2130706431' protocol='udp' type='host' ip='172.31.5.112' port='10000'/></transport>
2020-04-18 00:47:31.420 INFO: [63] [confId=13c0c1ba8e941de0 epId=bfb45a4c local_ufrag=4pcm51e65c2eis gid=ffd665 conf_name=test ufrag=4pcm51e65c2eis] Agent.gatherCandidates#662: Gathering candidates for component stream-bfb45a4c.RTP.
2020-04-18 00:47:31.427 INFO: [63] [confId=13c0c1ba8e941de0 epId=bfb45a4c gid=ffd665 conf_name=test] Endpoint.lambda$setTransportInfo$8#1150: Ignoring empty DtlsFingerprint extension: <transport xmlns='urn:xmpp:jingle:transports:ice-udp:1'><fingerprint xmlns='urn:xmpp:jingle:apps:dtls:0' required='false'/></transport>
2020-04-18 00:47:31.430 INFO: [63] [confId=13c0c1ba8e941de0 epId=bfb45a4c gid=ffd665 conf_name=test] Endpoint.describe#1333: Transport description:
 <transport xmlns='urn:xmpp:jingle:transports:ice-udp:1' pwd='7asubi70mebjt18u8bh85gnuga' ufrag='4pcm51e65c2eis'><rtcp-mux/><fingerprint xmlns='urn:xmpp:jingle:apps:dtls:0' setup='actpass' hash='sha-256'>F1:A0:C6:CB:2C:72:91:F1:AE:64:69:49:FE:B9:6F:35:03:DA:AD:21:DB:09:A2:70:65:92:D7:27:23:61:1C:2A</fingerprint><candidate component='1' foundation='1' generation='0' id='76f5256a2ddfb110074b1d95' network='0' priority='2130706431' protocol='udp' type='host' ip='172.31.5.112' port='10000'/></transport>

This file has been truncated. show original

damencho · April 18, 2020, 2:58am

Make sure your jvb is using the correct public address (the public address of the machine)? grep -i harvest /var/log/jitsi/jvb.log These logs are printed once after restart.
Make sure that port udp 10000 is opened for incoming connections in your security group.
Make sure there is no firewall running.

jpkelly · April 18, 2020, 3:29am

It appears to be using the internal private address. How can I change it to use the public address?

damencho · April 18, 2020, 4:06am

Use:

NAT_HARVESTER_LOCAL_ADDRESS

and

NAT_HARVESTER_PUBLIC_ADDRESS

As described here:

github.com

jitsi/jitsi-meet/blob/master/doc/quick-install.md#advanced-configuration

# Jitsi Meet quick install

This guide helps you  ___host your own Jitsi server___. If you want to have a video conference without setting up any infrastructure, use https://meet.jit.si instead.

This document describes the required steps for a quick Jitsi Meet installation on a Debian based GNU/Linux system. Debian 9 (Stretch) or later, and Ubuntu 18.04 (Bionic Beaver) or later are supported out-of-the-box.

On Ubuntu systems, Jitsi requires dependencies from Ubuntu's `universe` package repository.  To ensure this is enabled, run `apt-add-repository universe` at the command-line.

_Note_: Many of the installation steps require elevated privileges. If you are logged in using a regular user account, you may need to temporarily increase your permissions (for example, by using `sudo` for individual commands).

## Basic Jitsi Meet install

### Set up the Fully Qualified Domain Name (FQDN) (optional)

If the machine used to host the Jitsi Meet instance has a FQDN (for example `meet.example.org`) already set up in DNS, `/etc/hostname` must contain this FQDN; if this is not the case yet, [change the hostname](https://wiki.debian.org/HowTo/ChangeHostname).

Then add the same FQDN in the `/etc/hosts` file, associating it with the loopback address:

    127.0.0.1 localhost meet.example.org

This file has been truncated. show original

jpkelly · April 18, 2020, 9:28am

I had already made those changes. But When I run grep -i harvest /var/log/jitsi/jvb.log I get the following. (the local/private IP appears)

    2020-04-18 01:09:16.460 INFO: [18] org.ice4j.ice.harvest.AbstractUdpListener.<init>: Initialized AbstractUdpListener with address 172.31.5.112:10000/udp. Receive buffer size 10485760 (asked for 10485760)
    2020-04-18 01:09:16.460 INFO: [18] org.ice4j.ice.harvest.SinglePortUdpHarvester.<init>: Initialized SinglePortUdpHarvester with address 172.31.5.112:10000/udp
    2020-04-18 01:09:46.192 INFO: [17] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Using org.ice4j.ice.harvest.MappingCandidateHarvester, face=null, mask=/18.144.162.197
    2020-04-18 01:09:46.195 INFO: [17] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Initialized mapping harvesters (delay=18ms).  stunDiscoveryFailed=false
    2020-04-18 01:09:56.522 INFO: [18] org.ice4j.ice.harvest.AbstractUdpListener.<init>: Initialized AbstractUdpListener with address 172.31.5.112:10000/udp. Receive buffer size 10485760 (asked for 10485760)
    2020-04-18 01:09:56.522 INFO: [18] org.ice4j.ice.harvest.SinglePortUdpHarvester.<init>: Initialized SinglePortUdpHarvester with address 172.31.5.112:10000/udp

Here is the contents of my /etc/jitsi/videobridge/sip-communicator.properties file.

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=192.168.123.456
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<my public IP address>
#org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.meet.vevomo.com
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=4eyVrhbu
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.meet.vevomo.com
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=a90b5948-fe9d-4819-a925-56afb56d60b1

If I uncomment org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
or set org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=false

I do see the public IP appear in the log but I still get no video via videobridge.

jpkelly · April 18, 2020, 10:48am

If I comment out org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
and org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443

It is detected that this is an AWS server and the public IP is detected. From the log:

gist.github.com

https://gist.github.com/jpkelly/6febbb29a3c7c081ed5c3d854e9e430d

logsnippit3

2020-04-18 10:38:14.758 INFO: [17] org.ice4j.ice.harvest.AwsCandidateHarvester.obtainEC2Addresses: Detected AWS local IP: 172.31.5.112:9/udp
2020-04-18 10:38:14.758 INFO: [17] org.ice4j.ice.harvest.AwsCandidateHarvester.obtainEC2Addresses: Detected AWS public IP: 1.2.3.4:9/udp
2020-04-18 10:38:14.758 INFO: [17] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Using org.ice4j.ice.harvest.AwsCandidateHarvester, face=/172.31.5.112, mask=/1.2.3.4
2020-04-18 10:38:14.758 INFO: [17] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Initialized mapping harvesters (delay=51ms).  stunDiscoveryFailed=false
2020-04-18 10:38:25.041 INFO: [18] org.ice4j.ice.harvest.AbstractUdpListener.<init>: Initialized AbstractUdpListener with address 172.31.5.112:10000/udp. Receive buffer size 10485760 (asked for 10485760)
2020-04-18 10:38:25.042 INFO: [18] org.ice4j.ice.harvest.SinglePortUdpHarvester.<init>: Initialized SinglePortUdpHarvester with address 172.31.5.112:10000/udp

Still I get no video via the videobridge.

boby21 · April 18, 2020, 3:07pm

yes I have the same problem too and in same aws server

jpkelly · April 18, 2020, 5:38pm

I have had issues before with AWS EC2 where the private IP was getting used by a Plesk rdnc extension for DNS propagation where it should have been the public IP.

I suspect there is some clue to resolving this in that the following lines from the jvb.log show that the private IP is getting used for initializing the AbstractUdpListener (despite the AWS harvester finding the public IP).

2020-04-18 10:38:25.041 INFO: [18] org.ice4j.ice.harvest.AbstractUdpListener.<init>: Initialized AbstractUdpListener with address 172.31.5.112:10000/udp. Receive buffer size 10485760 (asked for 10485760)
2020-04-18 10:38:25.042 INFO: [18] org.ice4j.ice.harvest.SinglePortUdpHarvester.<init>: Initialized SinglePortUdpHarvester with address 172.31.5.112:10000/udp

jpkelly · April 18, 2020, 5:52pm

@damencho any thoughts on this?

damencho · April 18, 2020, 6:26pm

Private is always used, the important is to have the public one also listed .

jpkelly · April 18, 2020, 8:01pm

Any thoughts to why the videobridge is not passing video? Or is this the problem? If I enable p2p I get video but if p2p is disabled or more than 2 users are in a room the video does not pass. This leads me to believe videobridge is not working. As can be seen in the log snippet below the AWS harvester is finding the public IP address. (1.2.3.4 substituted for public IP)

gist.github.com

https://gist.github.com/jpkelly/6febbb29a3c7c081ed5c3d854e9e430d

logsnippit3

2020-04-18 10:38:14.758 INFO: [17] org.ice4j.ice.harvest.AwsCandidateHarvester.obtainEC2Addresses: Detected AWS local IP: 172.31.5.112:9/udp
2020-04-18 10:38:14.758 INFO: [17] org.ice4j.ice.harvest.AwsCandidateHarvester.obtainEC2Addresses: Detected AWS public IP: 1.2.3.4:9/udp
2020-04-18 10:38:14.758 INFO: [17] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Using org.ice4j.ice.harvest.AwsCandidateHarvester, face=/172.31.5.112, mask=/1.2.3.4
2020-04-18 10:38:14.758 INFO: [17] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Initialized mapping harvesters (delay=51ms).  stunDiscoveryFailed=false
2020-04-18 10:38:25.041 INFO: [18] org.ice4j.ice.harvest.AbstractUdpListener.<init>: Initialized AbstractUdpListener with address 172.31.5.112:10000/udp. Receive buffer size 10485760 (asked for 10485760)
2020-04-18 10:38:25.042 INFO: [18] org.ice4j.ice.harvest.SinglePortUdpHarvester.<init>: Initialized SinglePortUdpHarvester with address 172.31.5.112:10000/udp

damencho · April 19, 2020, 1:32am

What does your security group looks like? In and out?

jpkelly · April 19, 2020, 1:55am

Thank you!
That was it, I thought I had a wide open security group but it was All traffic IN and All TCP out.
UDP was not open. All is working now!

boby21 · April 19, 2020, 3:03am

I have the same problem, but i already allow the udp 10000 in the inbound, am I doing anything wrong?

jpkelly · April 19, 2020, 4:02am

Allow All traffic on the outbound. See if that helps.

boby21 · April 19, 2020, 4:09am

already done that in http and https and I setup using ip for the hostname , is that affected?

jpkelly · April 19, 2020, 6:07am

You need to allow outbound UDP traffic.

boby21 · April 19, 2020, 6:16am

let me test this one! thank you!