Proper configuration for Jitsi in docker with SWAG NGINX

Fizzroy · May 1, 2023, 8:38am

Hey all,
I’m trying to find a proper way to set up my jitsi in docker with nginx. I’m having problems with proper nginx proxy-conf setup. My domain is accessible and I can start a meeting, but I’m getting:
“The bridge channel has been disconnected and thus video quality is limited to its lowest setting.”
When I attempt to connect two or more people to Jitsi meeting.

I’m using SWAG (SWAG setup - LinuxServer.io) and I didn’t have any problems with nginx up to this point.

I can see many errors in the console:
502 Bad Gateway wss://MYDOMAINNAME/colibri-ws//28a4c8b10869a86f/88484bb0?pwd=56qqaf2kjlf38kctgges9eqttk Unable to connect to: wss://MYDOMAINNAME/colibri-ws//28a4c8b10869a86f/88484bb0?pwd=56qqaf2kjlf38kctgges9eqttk. [modules/RTC/BridgeChannel.js] <5369/_handleChannel/e.onclose>: Channel closed: 1006

Also I’m getting:
2023/05/01 09:52:11 [error] 284#284: *365 28a4c8b10869a86f could not be resolved (3: Host not found), client: 172.23.0.7, server: _, request: “GET /colibri-ws//28a4c8b10869a86f/22004a3e?pwd=52jbbd622rf06cfh8it09vajnj HTTP/1.0”, host: “MYDOMAINNAME”
in jitsi/web container

My proxy-conf is as follows:

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name jitsi.*;
        include /config/nginx/ssl.conf;
        client_max_body_size 0;

        location / {
        # enable the next two lines for http auth
        # auth_basic "Ask for password from your organisation";
        # auth_basic_user_file /config/nginx/.htpasswd;


        ssi on;
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app meet.jitsi;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;

        }
        # BOSH
        location /http-bind {
                proxy_pass http://xmpp.meet.jitsi:5280/http-bind;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $http_host;
        }

        # xmpp websockets
        location /xmpp-websocket {
                proxy_pass              http://xmpp.meet.jitsi:5280/xmpp-websocket;
                proxy_http_version      1.1;
                proxy_set_header        Upgrade $http_upgrade;
                proxy_set_header        Connection "upgrade";
                proxy_set_header        Host $host;
                tcp_nodelay             on;
        }
        # Colibri
        location /colibri-ws {
                proxy_pass https://localhost:8443;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }

}

I can see that the issue may be connected to colibri-ws. But as of now I’m pretty much out of ideas.

emrah · May 1, 2023, 9:10am

It looks like SWAG cannot handle websockets

Fizzroy · May 1, 2023, 9:17am

Jellyfin uses websockets and it works fine. In its proxy-conf I can see:

 location ~ (/jellyfin)?/socket {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app jellyfin;
        set $upstream_port 8096;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

So there is some sort of websocket handling.

emrah · May 1, 2023, 10:08am

If the upstream is the default Jitsi’s Nginx, TCP/80 is not the correct the port

Fizzroy · May 1, 2023, 10:24am

This is the port config for all of the containers.
8001, 8433 result in a Bad gateway error.

saghul · May 2, 2023, 8:11pm

If you are going to put a reverse proxy in front, you can proxy to port 80, no need for HTTPS twice.