Open ports NAT

#1

Good day

What ports need to open on the router NAT?
Port 443 is busy on NAT. How to change port 443 to 4444 for jitsi?
Jitsi is used for video calls in Rocket Chat.

Sorry for my еnglish.

0 Likes

#2

This should be changed in the web configuration. Not sure what does Rocket Caht uses, but for jetty it is “org.jitsi.videobridge.rest.jetty.port=443” in /etc/jitsi/videobridge/sip-communicator.properties and for nginx: https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet/jitsi-meet.example#L9 and for apache: https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet/jitsi-meet.example-apache#L10

0 Likes

#3

Changed settings
jisti.dome.com:4444 works, video does not work

sip-communicator.properties
org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP=focus@auth.domen.com/.*
org.jitsi.videobridge.rest.jetty.port = 443

nginx
server_names_hash_bucket_size 64;

    server {
        listen 80;
        server_name jitsi.domen.com;
        return 301 https://$host$request_uri;
    }
    server {
        listen 4444 ssl;
        server_name jitsi.domen.com;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";

        add_header Strict-Transport-Security "max-age=31536000";

        ssl_certificate /etc/letsencrypt/live/jitsi.domen.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domen.com/privkey.pem;

        root /usr/share/jitsi-meet;
        index index.html index.htm;
        error_page 404 /static/404.html;

        location /config.js {
            alias /etc/jitsi/meet/jitsi.domen.com-config.js;
        }

        location ~ ^/([a-zA-Z0-9=\?]+)$ {
            rewrite ^/(.*)$ / break;
        }

        location / {
            ssi on;
        }

        # Backward compatibility
        location ~ /external_api.* {
            root /usr/share/jitsi-meet/libs;
        }

        # BOSH
        location /http-bind {
            proxy_pass      http://localhost:5280/http-bind;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $http_host;
        }
    }

LOG

Blockquote
JVB 2019-04-11 15:00:30.671 FINE: [121] org.jitsi.videobridge.xmpp.ComponentImpl.processIQ() (serving component ‘JitsiVideobridge’) Processing IQ (packetId Z2EDv-83):
JVB 2019-04-11 15:00:30.672 FINE: [121] org.jitsi.videobridge.xmpp.ComponentImpl.processIQRequest() (serving component ‘JitsiVideobridge’) Processing IQ request (packetId Z2EDv-83).
JVB 2019-04-11 15:00:30.673 FINE: [121] org.jitsi.videobridge.xmpp.ComponentImpl.processIQ() (serving component ‘JitsiVideobridge’) Responding to IQ (packetId Z2EDv-83) with:
JVB 2019-04-11 15:00:33.057 FINE: [123] org.jitsi.videobridge.xmpp.ComponentImpl.processIQ() (serving component ‘JitsiVideobridge’) Processing IQ (packetId nCAOz-26):
JVB 2019-04-11 15:00:33.269 SEVERE: [30] org.jitsi.videobridge.health.Health.log() Health check failed in 0ms:
java.lang.Exception: Failed to bind single-port
at org.jitsi.videobridge.health.Health.doCheck(Health.java:222)
at org.jitsi.videobridge.health.Health.doRun(Health.java:495)
at org.jitsi.util.concurrent.PeriodicRunnableWithObject.run(PeriodicRunnableWithObject.java:87)
at org.jitsi.util.concurrent.RecurringRunnableExecutor.run(RecurringRunnableExecutor.java:216)
at org.jitsi.util.concurrent.RecurringRunnableExecutor.runInThread(RecurringRunnableExecutor.java:292)
at org.jitsi.util.concurrent.RecurringRunnableExecutor.access$000(RecurringRunnableExecutor.java:36)
at org.jitsi.util.concurrent.RecurringRunnableExecutor$1.run(RecurringRunnableExecutor.java:328)

0 Likes

#4

You have something running on port 10000. Change your jvb port from 10000, and don’t forget to forward it.

0 Likes

#5
0 Likes

#6

Changed the ports
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=12345
org.jitsi.videobridge.rest.jetty.port=4444

no errors, the video does not work
Log
JVB 2019-04-11 16:04:12.289 INFO: [12] org.jitsi.rest.AbstractJettyBundleActivator.start().572 Not starting the Jetty service for org.jitsi.videobridge.rest.PublicClearPortRedirectBundleActivator(port=8080)
JVB 2019-04-11 16:04:12.768 INFO: [12] org.jitsi.videobridge.util.UlimitCheck.log() Running with open files limit 65000 (hard 65000), thread limit 65000 (hard 65000).
JVB 2019-04-11 16:04:12.773 INFO: [12] org.jitsi.videobridge.VideobridgeExpireThread.log() Starting with 60 second interval.
JVB 2019-04-11 16:04:12.783 INFO: [12] org.jitsi.videobridge.Videobridge.log() Authorized source regexp: focus@auth.jitsi.domen.com/.*
JVB 2019-04-11 16:04:12.853 INFO: [27] org.jitsi.videobridge.Videobridge.log() CAT=stat create_conf,conf_id=d87ff07d8a6ab5ac conf_name=null,logging=false,conf_count=1,ch_count=0,v_streams=0
JVB 2019-04-11 16:04:14.807 INFO: [27] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize() Initialized mapping harvesters (delay=564ms). stunDiscoveryFailed=false
JVB 2019-04-11 16:04:15.887 INFO: [12] org.jitsi.impl.neomedia.MediaServiceImpl.log() Warming up SecureRandom…
JVB 2019-04-11 16:04:15.888 INFO: [12] org.jitsi.impl.neomedia.MediaServiceImpl.log() Warming up SecureRandom finished.
JVB 2019-04-11 16:04:15.929 INFO: [1] org.jitsi.impl.configuration.ConfigurationServiceImpl.log() org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=12345
JVB 2019-04-11 16:04:15.930 INFO: [12] org.jitsi.videobridge.octo.OctoRelay.start().114 Octo relay not configured.
JVB 2019-04-11 16:04:15.931 INFO: [1] org.jitsi.impl.configuration.ConfigurationServiceImpl.log() org.jitsi.videobridge.rest.jetty.port=4445
JVB 2019-04-11 16:04:15.932 INFO: [1] org.jitsi.impl.configuration.ConfigurationServiceImpl.log() org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP=focus@auth.jitsi.domen.com/.*
JVB 2019-04-11 16:04:16.141 INFO: [27] org.jitsi.videobridge.IceUdpTransportManager.log() Using component socket: true
JVB 2019-04-11 16:04:16.148 INFO: [27] org.ice4j.ice.harvest.AbstractUdpListener.() Initialized AbstractUdpListener with address 172.17.0.65:12345/udp. Receive buffer size 10485760 (asked for 10485760)
JVB 2019-04-11 16:04:16.151 INFO: [27] org.ice4j.ice.harvest.SinglePortUdpHarvester.() Initialized SinglePortUdpHarvester with address 172.17.0.65:12345/udp
JVB 2019-04-11 16:04:16.170 INFO: [27] org.ice4j.ice.harvest.AbstractTcpListener.addLocalAddresses() Not using link-local address /fe80:0:0:0:215:5dff:fef4:ff19%eth0 for TCP candidates.
JVB 2019-04-11 16:04:16.189 INFO: [27] org.jitsi.videobridge.IceUdpTransportManager.log() Initialized TCP harvester on port 443, using SSLTCP:true
JVB 2019-04-11 16:04:16.296 INFO: [39] org.jitsi.xmpp.component.ComponentBase.loadConfig().202 Component org.jitsi.videobridge. config:
JVB 2019-04-11 16:04:16.296 INFO: [39] org.jitsi.xmpp.component.ComponentBase.loadConfig().203 ping interval: 10000 ms
JVB 2019-04-11 16:04:16.297 INFO: [39] org.jitsi.xmpp.component.ComponentBase.loadConfig().204 ping timeout: 5000 ms
JVB 2019-04-11 16:04:16.297 INFO: [39] org.jitsi.xmpp.component.ComponentBase.loadConfig().205 ping threshold: 3
JVB 2019-04-11 16:04:16.363 INFO: [27] org.jitsi.videobridge.health.Health.log() Performed a successful health check in 3578ms. Sticky failure: false

0 Likes

#7

Did you do the port forwarding from public address and port 12345 to the internal one?

0 Likes

#8

Without NAT I check.
Two local networks 172.17.0.0, 192.168.1.0. all ports between networks are open.

0 Likes

#9

So your jvb is in one of the networks and the clients are in the other? Then is there a special routing that tell clients where to route packets for the other network?

0 Likes

#10

Routing works.
Port 443 is working, changing the port to 4444 is not working.

sip-communicator.properties
org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP=focus@auth.domen.com/.*
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT = 12345
org.jitsi.videobridge.rest.jetty.port = 4444

nginx
server {
listen 4444 ssl;
server_name jitsi.domen.com;

0 Likes

#11

Are you using jetty or nginx?

Have you configured public and private address in the bridge config, as noted here: https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md#advanced-configuration?

0 Likes

#12

web server nginx
OS Ubuntu 18.04 LTS

org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP=focus@auth.jitsi.domen.com/.*
org.jitsi.videobridge.rest.jetty.port = 4444
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=12345
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=172.17.0.65
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=83.69.0.123

Ports listening:
systemd-r 943 systemd-resolve 13u IPv4 27071 0t0 TCP 127.0.0.53:53 (LISTEN)
java 1046 jvb 152u IPv6 33580 0t0 TCP 172.17.0.65:443 (LISTEN)
java 1317 jicofo 108u IPv6 27501 0t0 TCP *:8888 (LISTEN)
sshd 1394 root 3u IPv4 33392 0t0 TCP *:22 (LISTEN)
sshd 1394 root 4u IPv6 33394 0t0 TCP *:22 (LISTEN)
nginx 1435 root 6u IPv4 36090 0t0 TCP *:80 (LISTEN)
nginx 1435 root 7u IPv6 36091 0t0 TCP *:80 (LISTEN)
nginx 1435 root 8u IPv4 36092 0t0 TCP *:4444 (LISTEN)
nginx 1438 www-data 6u IPv4 36090 0t0 TCP *:80 (LISTEN)
nginx 1438 www-data 7u IPv6 36091 0t0 TCP *:80 (LISTEN)
nginx 1438 www-data 8u IPv4 36092 0t0 TCP *:4444 (LISTEN)
nginx 1440 www-data 6u IPv4 36090 0t0 TCP *:80 (LISTEN)
nginx 1440 www-data 7u IPv6 36091 0t0 TCP *:80 (LISTEN)
nginx 1440 www-data 8u IPv4 36092 0t0 TCP *:4444 (LISTEN)
nginx 1442 www-data 6u IPv4 36090 0t0 TCP *:80 (LISTEN)
nginx 1442 www-data 7u IPv6 36091 0t0 TCP *:80 (LISTEN)
nginx 1442 www-data 8u IPv4 36092 0t0 TCP *:4444 (LISTEN)
nginx 1443 www-data 6u IPv4 36090 0t0 TCP *:80 (LISTEN)
nginx 1443 www-data 7u IPv6 36091 0t0 TCP *:80 (LISTEN)
nginx 1443 www-data 8u IPv4 36092 0t0 TCP *:4444 (LISTEN)
nginx 1444 www-data 6u IPv4 36090 0t0 TCP *:80 (LISTEN)
nginx 1444 www-data 7u IPv6 36091 0t0 TCP *:80 (LISTEN)
nginx 1444 www-data 8u IPv4 36092 0t0 TCP *:4444 (LISTEN)
nginx 1445 www-data 6u IPv4 36090 0t0 TCP *:80 (LISTEN)
nginx 1445 www-data 7u IPv6 36091 0t0 TCP *:80 (LISTEN)
nginx 1445 www-data 8u IPv4 36092 0t0 TCP *:4444 (LISTEN)
nginx 1446 www-data 6u IPv4 36090 0t0 TCP *:80 (LISTEN)
nginx 1446 www-data 7u IPv6 36091 0t0 TCP *:80 (LISTEN)
nginx 1446 www-data 8u IPv4 36092 0t0 TCP *:4444 (LISTEN)
nginx 1447 www-data 6u IPv4 36090 0t0 TCP *:80 (LISTEN)
nginx 1447 www-data 7u IPv6 36091 0t0 TCP *:80 (LISTEN)
nginx 1447 www-data 8u IPv4 36092 0t0 TCP *:4444 (LISTEN)
lua5.1 1456 prosody 3u IPv4 36109 0t0 TCP 127.0.0.1:5347 (LISTEN)
lua5.1 1456 prosody 6u IPv6 36923 0t0 TCP *:5269 (LISTEN)
lua5.1 1456 prosody 7u IPv4 36924 0t0 TCP *:5269 (LISTEN)
lua5.1 1456 prosody 8u IPv6 36930 0t0 TCP *:5222 (LISTEN)
lua5.1 1456 prosody 9u IPv4 36931 0t0 TCP *:5222 (LISTEN)
lua5.1 1456 prosody 13u IPv6 36112 0t0 TCP *:5280 (LISTEN)
lua5.1 1456 prosody 14u IPv4 36113 0t0 TCP *:5280 (LISTEN)
miniserv. 1609 root 5u IPv4 36323 0t0 TCP *:11000 (LISTEN)

0 Likes

#13

And you have forwarded udp 12345 from 83.69.0.123 to 172.17.0.65?

0 Likes

#14

Yes.
Does not work inside the local network, there is no NAT.

0 Likes

#15

So when using it from the internet it works?

Can the clients which are in 192.168.1.0 network, can they ping 172.17.0.65?

0 Likes

#16

Video does not work

Yes

0 Likes

#17

So if it doesn’t work from outside and from lan, what comes to my mind is firewall on the machine?

You can check chrome://webrtc-internals(open it before openeing 3 tabs in chrome) look for setRemoteDescription and there you can see what are the ports and addresses announced by jicofo to clients, these are what client use to connect to the bridge. If you see correct values and that doesn’t work, this is firewall or port forwarding issue.

0 Likes

#18

Shows only GetUserMedia Requests

0 Likes

#19

Log
B 2019-04-12 13:31:37.216 INFO: [28] org.ice4j.ice.harvest.HostCandidateHarvester.createDatagramSocket() Retrying a bind because of a failure to bind to address /172.17.0.65 and port 12346 (Address already in use (Bind failed))
JVB 2019-04-12 13:31:37.217 INFO: [28] org.ice4j.ice.harvest.HostCandidateHarvester.createDatagramSocket() Retrying a bind because of a failure to bind to address /172.17.0.65 and port 12347 (Address already in use (Bind failed))
JVB 2019-04-12 13:31:37.217 INFO: [28] org.ice4j.ice.harvest.HostCandidateHarvester.createDatagramSocket() Retrying a bind because of a failure to bind to address /172.17.0.65 and port 12348 (Address already in use (Bind failed))
JVB 2019-04-12 13:31:37.218 INFO: [28] org.ice4j.ice.harvest.HostCandidateHarvester.createDatagramSocket() Retrying a bind because of a failure to bind to address /172.17.0.65 and port 12349 (Address already in use (Bind failed))
JVB 2019-04-12 13:31:37.238 INFO: [28] org.ice4j.ice.harvest.HostCandidateHarvester.createDatagramSocket() Retrying a bind because of a failure to bind to address /172.17.0.65 and port 12347 (Address already in use (Bind failed))
JVB 2019-04-12 13:31:37.239 INFO: [28] org.ice4j.ice.harvest.HostCandidateHarvester.createDatagramSocket() Retrying a bind because of a failure to bind to address /172.17.0.65 and port 12348 (Address already in use (Bind failed))
JVB 2019-04-12 13:31:37.240 INFO: [28] org.ice4j.ice.harvest.HostCandidateHarvester.createDatagramSocket() Retrying a bind because of a failure to bind to address /172.17.0.65 and port 12349 (Address already in use (Bind failed))
JVB 2019-04-12 13:31:37.241 INFO: [28] org.ice4j.ice.harvest.HostCandidateHarvester.createDatagramSocket() Retrying a bind because of a failure to bind to address /172.17.0.65 and port 12350 (Address already in use (Bind failed))
JVB 2019-04-12 13:31:37.312 SEVERE: [264] org.ice4j.socket.MergingDatagramSocket.log() Cannot find socket to remove.
JVB 2019-04-12 13:31:37.328 INFO: [28] org.jitsi.videobridge.health.Health.log() Performed a successful health check in 166ms. Sticky failure: false
JVB 2019-04-12 13:31:40.445 INFO: [61] org.ice4j.ice.harvest.AbstractTcpListener.cleanup() Read timeout for socket: Socket[addr=/192.168.1.113,port=62680,localport=443] why is port 443 ?

0 Likes

#20

You should open it before opening the tabs for your meeting you will test with.


You see the 3 udp candidates ^, ip addresses and ports.

Port 443 is used for the TCP candidates, you should see that in the remote description. You can change it with this property: https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md#orgjitsivideobridgetcp_harvester_port

0 Likes