No audio/video for clients inside corporate network

pierre-64 · April 16, 2021, 2:21pm

Hello,

Need some help to configure properly our own self-hosting JITSI instance.

Everything is working fine for all clients exept for those who are in a corporate network behing a web proxy : they can connect to the webconf but no audio/video.

The official meet.jit.si webconfs are working perfectly with thoose restricted clients.

Therefore, we tried to install our own Coturn server with no chance.

Could anyone give us the path to follow in order to enable restricted clients behind web proxy to properly work ?

Thanks in advance for your help

damencho · April 16, 2021, 2:25pm

What is your deployment? Is it jitsi-meet on single machine?
By default jitsi-meet installs and runs a coturnserver on default turn ports, you just need a second DNS and make it work on port 443.

pierre-64 · April 19, 2021, 10:38am

Hello,

Thanks a lot for this quick answer.
I’ve tried but still no video.

I don’t know if this can help but i noticed on the web console of the web browser that is inside the corporate network the following errors :

“websocket connection to wss://meet.mondomaine.com/colibri-ws/default-id/…” failed.
and “Channel closed : 1006”

Thank you for your help.

Pierre.

damencho · April 19, 2021, 3:19pm

Do you have this in your nginx config?

github.com

jitsi/jitsi-meet/blob/9d0c6e37412e89ba61d4282e1b30fdbbf46e4918/doc/debian/jitsi-meet/jitsi-meet.example#L95


location = /xmpp-websocket {
    proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    tcp_nodelay on;
}


# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
    proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    tcp_nodelay on;
}


# load test minimal client, uncomment when used
#location ~ ^/_load-test/([^/?&:'"]+)$ {
#    rewrite ^/_load-test/(.*)$ /load-test/index.html break;

pierre-64 · April 19, 2021, 4:19pm

Yes this is in my Nginx.

# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
    proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    tcp_nodelay on;
}

… and it is responding :

telnet localhost 9090
Trying ::1...
Connected to localhost.
Escape character is '^]'.

damencho · April 19, 2021, 4:44pm

Is it possible that you have some reverse proxy in front of nginx? Not sure what will be closing the connection then …

pierre-64 · April 20, 2021, 9:48am

Hello,

Nothing is in front of nginx from server side.
From the browser i go throught a proxy that i don’t know the details.

Thank you so much for your help.

emrah · April 20, 2021, 12:54pm

Is there an HTTP proxy on the client side?

pierre-64 · April 20, 2021, 1:00pm

yes

emrah · April 20, 2021, 1:03pm

They should allow the direct access (not through the proxy) for this domain.

pierre-64 · April 20, 2021, 1:10pm

What i find weerd is that it works with the official meet.jit.si instance

pierre-64 · April 20, 2021, 1:35pm

It could be interesting for us to know the architecture (JVB, prosody, STUN, COTURN, etc.) of the official Jitsi instance (that worked perfectly).
Does anyone know it ?

emrah · April 20, 2021, 1:36pm

If Nginx redirects the TURN traffic using the public IP and if the server cannot access the TURN server using its own public address, this will cause a problem too

pierre-64 · May 10, 2021, 7:34am

find a solution by hosting the coturn on a different server. Thank you all.

rn1984 · March 8, 2022, 1:09am

Hi Pierre,
Were having the exact same issue. I saw your solution and installed a coTURN on a didfernet stand-alone server ourselves.

Can you share your coTURN configuration? Are the JVBs connecting to it via 443 or 5349?

Any help will be greatly appreciated.

Thank you!