Only one user at time (NAT + Reverse Proxy)

Hi,
With COVID confinement (in France), I try to install Jitsio in my enterprise.

But, only one user can access to meetings, when a second arrive, the first one is disconnected

Jitsi is installed through package on Ubuntu 18.04.
Server is an LXD container, so Jitsi is behind NAT and Reverse Proxy.

I’ve followed, the debamax.comblog post for reverse proxy configuration but with NGINX instead Apache.

Here is my configuration :
server {
listen 443;
server_name visio.my-domain.fr;
ssl_certificate /etc/ssl/certs/my-domain.fr.bundle.crt; # wildcard cert
ssl_certificate_key /etc/ssl/private/my-domain.fr.key;
access_log off;
large_client_header_buffers 4 16k;
proxy_ssl_verify off;
location / {
proxy_pass https://10.1.2.122;
proxy_cache off;
}
}

Reverse proxy is also a LXD container, wich receive all 80/443 traffic and redirect it on other LXD containers depending the domain.

4443 and 10000 port are NATed (throught pfSense)

I changed /etc/jitsi/videobridge/sip-communicator.properties with:

  • NAT_HARVESTER_LOCAL_ADDRESS: IP of my Jitsi LXD container, ie 10.1.2.122
  • NAT_HARVESTER_PUBLIC_ADDRESS: my public IP

Thanks for your help
Yoann

Hi Johan,

It seems that you have D-NATed the TCP port 10000 but no the UDP port 10000.

Bye,
Thierry

Hi,
Sorry for the delay, even with UDP forwarding still not work :confused:

Yoann

Hi Yoann,

I have a similar setup (lxc 18.04, without wildcad cert) running with the versions
apt install jitsi-meet=1.0.4101-1 jicofo=1.0-508-1 jitsi-meet-web=1.0.3729-1 jitsi-meet-web-config=1.0.3729-1 jitsi-meet-prosody=1.0.3729-1 jitsi-videobridge=1126-1

Any version greater jitsi-meet=1.0.4101-1 breaks my setup for unknown reasons and results in the same error.

In my case the wildcard cert is employed at a reverse proxy (synology) so that the container uses a self-signed cert.

Maybe a downgrade will resolve your issue, too?

Kind Regards
Dorian

Silly question, but are you NATting 4443 to 443 via pfsense? In the first line of the image you have pasted, it looks like you are not change 4443 to 443, but keeping it as 4443?

1 Like

I managed a clean-install with a new container and apache. So maybe these issues were not related…

perhaps this will help

also keep in mind that with pfsense (haproxy), you can’t proxy udp. I don’t know what synology uses for reverse proxy, so you’ll need to check to see if it can proxy udp or not.

You Fix it ? I have the same issue with the same scenario, behind a pfSense too

Unfortunately no and I give up :frowning:
My coworkers start using Zoom and now it’s to late habits are taken :cry:

Yes Im close to give up too.

The painful thing is that it is a nice product, it hurts that the project owners do not even provide payment support.