No TURN-Server in standard package installation?

I’ve installed Jitsi Meet (quick-install) via this command:
apt install --no-install-recommends jitsi-meet

It states:

If you are already running Nginx on port 443 on the same machine you better skip the turnserver configuration as it will conflict with your current port 443, […]

So, if I’m right there is no TURN-Server after installation.

I checked “/etc/jitsi/meet/-config.js”. It’s commented:
// useStunTurn: true,

So my installation is not using a TURN-Server.

Is a TURN-Server really necessary? Or is a STUN-Server sufficient?

That is not requirement, but helps in certain situation like corporate firewall with no udp.

Ok thank you @damencho.

I now installed coturn on a different machine for STUN and TURN. STUN- and TURN-Server is working.

This is what I changed within Jitsi Meet.
[1] nano /etc/prosody/conf.avail/www.mydomain.de.cfg.lua

turncredentials_secret = “mysecet”;

turncredentials = { 
   { type = "stun", host = "stun.mydomain.de", port = "443" }, 
   { type = "turn", host = "stun.mydomain.de", port = "443", transport = "udp" }, 
   { type = "turns", host = "stun.mydomain.de", port = "443", transport = "tcp" } 
}; 

Is this also necessary?

turncredentials_port = 443;
turncredentials_ttl = 86400;

[2] /etc/jitsi/meet/www.mydomain.de-config.js

useStunTurn: true,
p2p: {
       useStunTurn: true,

[3] /etc/jitsi/videobridge/sip-communicator.properties

org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true

Seems okay. Anything to add?

That is not needed if I correctly remember the source code of the module.
Everything seems fine, I think.

Thanks again @damencho

Last question.
I want to use my own STUN-server. But in “/etc/jitsi/videobridge/sip-communicator.properties” I found this:

org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443

Is this parameter used? When it’s used? Can I change the address to my own STUN-server?

Yes you can, that on jvb boot only when it is used.

Ok. But as far as I know this setting is only used (once during startup) by JVB - for machines behind NAT, with no public ip address.

Yes. But will not hurt those with no NAT.

Or you see problems with it grep -i harvest /var/log/jitsi/jvb.log do you see correct ip addresses to listen on port 10000?

With this grep there is no output.

But yes, I see the public IP address of the server:
udp6 0 0 IPv4:10000
udp6 0 0 IPv6::10000

We had a corporate client who was unable to join a meeting. This is on an AWS server.
/etc/jitsi/videobridge/sip-communicator.properties had the following.

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=false
#org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.v.vevomo.com
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=HVwiN361
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.v.vevomo.com
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=02b59d74-9882-4ef9-ae40-0d457b8e36ca

Should I uncomment
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
to ensure corporate clients can connect?

This is just a way for jvb to discover its private and public address, it substitutes DISABLE_AWS_HARVESTER when running in non AWS env.
What you need is to install and configure turn server. That is separate process, separate config and you need configs in prosody config and to enable it in config.js:


If you install latest stable jitsi-meet on clean VM you will get Nginx configured and coturn running and configured to be used.

1 Like