Random correct operation when there are more than two users

Hey evryone.
i have a problem with than 2 users: sometimes it’s working, and sometimes not.
i had installed jitsi-meet with the ubunu package with:
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
sudo sh -c “echo ‘deb https://download.jitsi.org stable/’ > /etc/apt/sources.list.d/jitsi-stable.list”
sudo apt update
sudo apt install jitsi-meet

i’m working on :

Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic

java -version return :
openjdk version “11.0.6” 2020-01-14
OpenJDK Runtime Environment (build 11.0.6+10-post-Ubuntu-1ubuntu118.04.1)
OpenJDK 64-Bit Server VM (build 11.0.6+10-post-Ubuntu-1ubuntu118.04.1, mixed mode, sharing)

the content of my /etc/hosts is:

127.0.0.1 localhost.mydomain.com       localhost
127.0.0.1 mydomain.com mother
11.222.333.444 mydomain.com mydomain.com
# The following lines are desirable for IPv6 capable hosts
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters

zimbra, nextcloud, jeedom, webmin, mysql-docker (for nextcloud and jeedom) are installed to.
webmin is listening on port 10359

ports 80, 443 (for nextcloud and jeedom), 10000, 5347, 4446, 65443 (for jitsi), 65081, 5281 are opened too

here is the content of my /etc/prosody/prosody.cfg.lua

-- Prosody Example Configuration File
--
-- Information on configuring Prosody can be found on our
-- website at https://prosody.im/doc/configure
--
-- Tip: You can check that the syntax of this file is correct
-- when you have finished by running this command:
--     prosodyctl check config
-- If there are any errors, it will let you know what and where
-- they are, otherwise it will keep quiet.
--
-- The only thing left to do is rename this file to remove the .dist ending, and fill in the
-- blanks. Good luck, and happy Jabbering!


---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts

-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see https://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { }

-- Enable use of libevent for better performance under high load
-- For more information see: https://prosody.im/doc/libevent
--use_libevent = true

-- Prosody will always look in its source directory for modules, but
-- this option allows you to specify additional locations where Prosody
-- will look for modules first. For community modules, see https://modules.prosody.im/
--plugin_paths = {}

-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
modules_enabled = {

	-- Generally required
		"roster"; -- Allow users to have a roster. Recommended ;)
		"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
		"tls"; -- Add support for secure TLS on c2s/s2s connections
		"dialback"; -- s2s dialback support
		"disco"; -- Service discovery

	-- Not essential, but recommended
		"carbons"; -- Keep multiple clients in sync
		"pep"; -- Enables users to publish their mood, activity, playing music and more
		"private"; -- Private XML storage (for room bookmarks, etc.)
		"blocklist"; -- Allow users to block communications with other users
		"vcard"; -- Allow users to set vCards

	-- Nice to have
		"version"; -- Replies to server version requests
		"uptime"; -- Report how long server has been running
		"time"; -- Let others know the time here on this server
		"ping"; -- Replies to XMPP pings with pongs
		"register"; -- Allow users to register on this server using a client and change passwords
		--"mam"; -- Store messages in an archive and allow users to access it

	-- Admin interfaces
		"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
		--"admin_telnet"; -- Opens telnet console interface on localhost port 5582

	-- HTTP modules
		--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
		--"websocket"; -- XMPP over WebSockets
		--"http_files"; -- Serve static files from a directory over HTTP

	-- Other specific functionality
		"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
		--"limits"; -- Enable bandwidth limiting for XMPP connections
		--"groups"; -- Shared roster support
		--"server_contact_info"; -- Publish contact information for this service
		--"announce"; -- Send announcement to all online users
		--"welcome"; -- Welcome users who register accounts
		--"watchregistrations"; -- Alert admins of registrations
		--"motd"; -- Send a message to users when they log in
		--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
		--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
}

-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
	-- "offline"; -- Store offline messages
	-- "c2s"; -- Handle client connections
	-- "s2s"; -- Handle server-to-server connections
}

-- Disable account creation by default, for security
-- For more information see https://prosody.im/doc/creating_accounts
allow_registration = false

-- Debian:
--   send the server to background.
--
daemonize = true;

-- Debian:
--   Please, don't change this option since /var/run/prosody/
--   is one of the few directories Prosody is allowed to write to
--
pidfile = "/var/run/prosody/prosody.pid";

-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.

c2s_require_encryption = true

-- Force servers to use encrypted connections? This option will
-- prevent servers from authenticating unless they are using encryption.
-- Note that this is different from authentication

s2s_require_encryption = true


-- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates.
-- NOTE: Your version of LuaSec must support certificate verification!
-- For more information see https://prosody.im/doc/s2s#security

s2s_secure_auth = false

-- Some servers have invalid or self-signed certificates. You can list
-- remote domains here that will not be required to authenticate using
-- certificates. They will be authenticated using DNS instead, even
-- when s2s_secure_auth is enabled.

--s2s_insecure_domains = { "insecure.example" }

-- Even if you leave s2s_secure_auth disabled, you can still require valid
-- certificates for some domains by specifying a list here.

--s2s_secure_domains = { "jabber.org" }

-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.
-- To allow Prosody to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed
-- for information about using the hashed backend.

authentication = "internal_hashed"

-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See https://prosody.im/doc/storage for more info.

--storage = "sql" -- Default is "internal" (Debian: "sql" requires one of the
-- lua-dbi-sqlite3, lua-dbi-mysql or lua-dbi-postgresql packages to work)

-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }


-- Archiving configuration
-- If mod_mam is enabled, Prosody will store a copy of every message. This
-- is used to synchronize conversations between multiple clients, even if
-- they are offline. This setting controls how long Prosody will keep
-- messages in the archive before removing them.

archive_expires_after = "1w" -- Remove archived messages after 1 week

-- You can also configure messages to be stored in-memory only. For more
-- archiving options, see https://prosody.im/doc/modules/mod_mam

-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
--
-- Debian:
--  Logs info and higher to /var/log
--  Logs errors to syslog also
log = {
	-- Log files (change 'info' to 'debug' for debug logs):
	info = "/var/log/prosody/prosody.log";
	error = "/var/log/prosody/prosody.err";
	-- Syslog:
	{ levels = { "error" }; to = "syslog";  };
}

-- Uncomment to enable statistics
-- For more info see https://prosody.im/doc/statistics
-- statistics = "internal"

-- Certificates
-- Every virtual host and component needs a certificate so that clients and
-- servers can securely verify its identity. Prosody will automatically load
-- certificates/keys from the directory specified here.
-- For more information, including how to use 'prosodyctl' to auto-import certificates
-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates

-- Location of directory to find certificates in (relative to main config file):
certificates = "certs"

----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.

--VirtualHost "example.com"
--	certificate = "/path/to/example.crt"

------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see https://prosody.im/doc/components

---Set up a MUC (multi-user chat) room server on conference.example.com:
--Component "conference.example.com" "muc"

---Set up an external component (default component port is 5347)
--
-- External components allow adding various services, such as gateways/
-- transports to other networks like ICQ, MSN and Yahoo. For more info
-- see: https://prosody.im/doc/components#adding_an_external_component
--
--Component "gateway.example.com"
--	component_secret = "password"

------ Additional config files ------
-- For organizational purposes you may prefer to add VirtualHost and
-- Component definitions in their own config files. This line includes
-- all config files in /etc/prosody/conf.d/

consider_bosh_secure = true
bosh_ports = {
                 {
                    port = 5280;
                    path = "http-bind";
                 },
                 {
                    port = 5281;
                    path = "http-bind";
                    ssl = {
    				certificate = "/etc/letsencrypt/live/mydomain.com/fullchain.pem";
    				key = "/etc/letsencrypt/live/mydomain/privkey.pem";
                          }
                 }
              }

    http_ports = { 5280 }
    http_interfaces = { "localhost" }
 
    https_ports = { 5281 }
    https_interfaces = { "localhost" }

    https_ssl = {
  	certificate = "/etc/letsencrypt/live/mydomain.com/fullchain.pem";
        key = "/etc/letsencrypt/live/mydomain.com/privkey.pem";
    }


Include "conf.d/*.cfg.lua"

here is my /etc/prosody/mydomain.com.cfg.lua

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "mydomain.com";

turncredentials_secret = "secret_cred";

turncredentials = {
  { type = "stun", host = "mydomain.com", port = "4446" },
  { type = "turn", host = "mydomain.com", port = "4446", transport = "udp" },
  { type = "turns", host = "mydomain.com", port = "443", transport = "tcp" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;

VirtualHost "mydomain.com"
        -- enabled = false -- Remove this line to enable this host
        authentication = "internal_plain"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        --app_id="example_app_id"
        --app_secret="example_app_secret"
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/mydomain.com.key";
                certificate = "/etc/prosody/certs/mydomain.com.crt";
        }
        speakerstats_component = "speakerstats.mydomain.com"
        conference_duration_component = "conferenceduration.mydomain.com"
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
            "speakerstats";
            "turncredentials";
            "conference_duration";
        }
        c2s_require_encryption = false

Component "conference.mydomain.com" "muc"
    storage = "none"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        -- "token_verification";
    }
    admins = { "focus@auth.mydomain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.mydomain.com" "muc"
    storage = "none"
    modules_enabled = {
      "ping";
    }
    admins = { "focus@auth.mydomain.com", "jvb@auth.mydomain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.mydomain.com"
    ssl = {
        key = "/etc/prosody/certs/auth.mydomain.com.key";
        certificate = "/etc/prosody/certs/auth.mydomain.com.crt";
    }
    authentication = "internal_plain"

Component "focus.mydomain.com"
    component_secret = "secret_comp"

Component "speakerstats.mydomain.com" "speakerstats_component"
    muc_component = "conference.mydomain.com"

Component "conferenceduration.mydomain.com" "conference_duration_component"
    muc_component = "conference.mydomain.com"

VirtualHost "guest.mydomain.com"
    authentication = "anonymous"
    c2s_require_encryption = false

this is my /etc/jitsi/jicofo/config

# Jitsi Conference Focus settings
# sets the host name of the XMPP server
JICOFO_HOST=localhost

# sets the XMPP domain (default: none)
JICOFO_HOSTNAME=mydomain.com

# sets the secret used to authenticate as an XMPP component
JICOFO_SECRET=secret_comp

# sets the port to use for the XMPP component connection
JICOFO_PORT=5347

# sets the XMPP domain name to use for XMPP user logins
JICOFO_AUTH_DOMAIN=auth.mydomain.com

# sets the username to use for XMPP user logins
JICOFO_AUTH_USER=focus

# sets the password to use for XMPP user logins
JICOFO_AUTH_PASSWORD=secret_auth
# extra options to pass to the jicofo daemon
JICOFO_OPTS=""

# adds java system props that are passed to jicofo (default are for home and logging config file)
JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/jitsi/jicofo/logging.properties"

this is my /etc/jitsi/jicofo/sip-communicator.properties

org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.mydomain.com
org.jitsi.jicofo.auth.URL=XMPP:mydomain.com

this is my /etc/jitsi/meet/mydomain.com-config.js

/* eslint-disable no-unused-vars, no-var */

var config = {
    // Connection
    //

    hosts: {
        // XMPP domain.
        domain: 'mydomain.com',

        // When using authentication, domain for guest users.
        anonymousdomain: 'guest.mydomain.com',

        // Domain for authenticated users. Defaults to <domain>.
        authdomain: 'mydomain.com',

        // Jirecon recording component domain.
        // jirecon: 'jirecon.mydomain.com',

        // Call control component (Jigasi).
        // call_control: 'callcontrol.mydomain.com',

        // Focus component domain. Defaults to focus.<domain>.
        // focus: 'focus.mydomain.com',

        // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
        muc: 'conference.mydomain.com'
    },

    // BOSH URL. FIXME: use XEP-0156 to discover it.
    bosh: '//mydomain.com:65443/http-bind',

    // Websocket URL
    // websocket: 'wss://mydomain.com/xmpp-websocket',

    // The name of client node advertised in XEP-0115 'c' stanza
    clientNode: 'http://jitsi.org/jitsimeet',

    // The real JID of focus participant - can be overridden here
    focusUserJid: 'focus@auth.mydomain.com',


    // Testing / experimental features.
    //

    testing: {
        // Enables experimental simulcast support on Firefox.
        enableFirefoxSimulcast: false,

        // P2P test mode disables automatic switching to P2P when there are 2
        // participants in the conference.
        p2pTestMode: false

        // Enables the test specific features consumed by jitsi-meet-torture
        // testMode: false

        // Disables the auto-play behavior of *all* newly created video element.
        // This is useful when the client runs on a host with limited resources.
        // noAutoPlayVideo: false
    },

    // Disables ICE/UDP by filtering out local and remote UDP candidates in
    // signalling.
    // webrtcIceUdpDisable: false,

    // Disables ICE/TCP by filtering out local and remote TCP candidates in
    // signalling.
    // webrtcIceTcpDisable: false,


    // Media
    //

    // Audio

    // Disable measuring of audio levels.
    // disableAudioLevels: false,
    // audioLevelsInterval: 200,

    // Enabling this will run the lib-jitsi-meet no audio detection module which
    // will notify the user if the current selected microphone has no audio
    // input and will suggest another valid device if one is present.
    enableNoAudioDetection: true,

    // Enabling this will run the lib-jitsi-meet noise detection module which will
    // notify the user if there is noise, other than voice, coming from the current
    // selected microphone. The purpose it to let the user know that the input could
    // be potentially unpleasant for other meeting participants.
    enableNoisyMicDetection: true,

    // Start the conference in audio only mode (no video is being received nor
    // sent).
    // startAudioOnly: false,

    // Every participant after the Nth will start audio muted.
    // startAudioMuted: 10,

    // Start calls with audio muted. Unlike the option above, this one is only
    // applied locally. FIXME: having these 2 options is confusing.
    // startWithAudioMuted: false,

    // Enabling it (with #params) will disable local audio output of remote
    // participants and to enable it back a reload is needed.
    // startSilent: false

    // Video

    // Sets the preferred resolution (height) for local video. Defaults to 720.
    resolution: 360,

    // w3c spec-compliant video constraints to use for video capture. Currently
    // used by browsers that return true from lib-jitsi-meet's
    // util#browser#usesNewGumFlow. The constraints are independent from
    // this config's resolution value. Defaults to requesting an ideal
    // resolution of 720p.
    constraints: {
         video: {
             height: {
                 ideal: 360,
                 max: 360,
                 min: 180
             }
         }
     },

    // Enable / disable simulcast support.
    // disableSimulcast: false,

    // Enable / disable layer suspension.  If enabled, endpoints whose HD
    // layers are not in use will be suspended (no longer sent) until they
    // are requested again.
    // enableLayerSuspension: false,

    // Every participant after the Nth will start video muted.
    // startVideoMuted: 10,

    // Start calls with video muted. Unlike the option above, this one is only
    // applied locally. FIXME: having these 2 options is confusing.
    // startWithVideoMuted: false,

    // If set to true, prefer to use the H.264 video codec (if supported).
    // Note that it's not recommended to do this because simulcast is not
    // supported when  using H.264. For 1-to-1 calls this setting is enabled by
    // default and can be toggled in the p2p section.
    // preferH264: true,

    // If set to true, disable H.264 video codec by stripping it out of the
    // SDP.
    // disableH264: false,

    // Desktop sharing

    // The ID of the jidesha extension for Chrome.
    desktopSharingChromeExtId: null,

    // Whether desktop sharing should be disabled on Chrome.
    // desktopSharingChromeDisabled: false,

    // The media sources to use when using screen sharing with the Chrome
    // extension.
    desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],

    // Required version of Chrome extension
    desktopSharingChromeMinExtVersion: '0.1',

    // Whether desktop sharing should be disabled on Firefox.
    // desktopSharingFirefoxDisabled: false,

    // Optional desktop sharing frame rate options. Default value: min:5, max:5.
    // desktopSharingFrameRate: {
    //     min: 5,
    //     max: 5
    // },

    // Try to start calls with screen-sharing instead of camera video.
    // startScreenSharing: false,

    // Recording

    // Whether to enable file recording or not.
    // fileRecordingsEnabled: false,
    // Enable the dropbox integration.
    // dropbox: {
    //     appKey: '<APP_KEY>' // Specify your app key here.
    //     // A URL to redirect the user to, after authenticating
    //     // by default uses:
    //     // 'https://mydomain.com/static/oauth.html'
    //     redirectURI:
    //          'https://mydomain.com/subfolder/static/oauth.html'
    // },
    // When integrations like dropbox are enabled only that will be shown,
    // by enabling fileRecordingsServiceEnabled, we show both the integrations
    // and the generic recording service (its configuration and storage type
    // depends on jibri configuration)
    // fileRecordingsServiceEnabled: false,
    // Whether to show the possibility to share file recording with other people
    // (e.g. meeting participants), based on the actual implementation
    // on the backend.
    // fileRecordingsServiceSharingEnabled: false,

    // Whether to enable live streaming or not.
    // liveStreamingEnabled: false,

    // Transcription (in interface_config,
    // subtitles and buttons can be configured)
    // transcribingEnabled: false,

    // Enables automatic turning on captions when recording is started
    // autoCaptionOnRecord: false,

    // Misc

    // Default value for the channel "last N" attribute. -1 for unlimited.
    channelLastN: -1,

    // Disables or enables RTX (RFC 4588) (defaults to false).
    // disableRtx: false,

    // Disables or enables TCC (the default is in Jicofo and set to true)
    // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
    // affects congestion control, it practically enables send-side bandwidth
    // estimations.
    // enableTcc: true,

    // Disables or enables REMB (the default is in Jicofo and set to false)
    // (draft-alvestrand-rmcat-remb-03). This setting affects congestion
    // control, it practically enables recv-side bandwidth estimations. When
    // both TCC and REMB are enabled, TCC takes precedence. When both are
    // disabled, then bandwidth estimations are disabled.
    // enableRemb: false,

    // Defines the minimum number of participants to start a call (the default
    // is set in Jicofo and set to 2).
    // minParticipants: 2,

    // Use XEP-0215 to fetch STUN and TURN servers.
    // useStunTurn: true,

    // Enable IPv6 support.
    // useIPv6: true,

    // Enables / disables a data communication channel with the Videobridge.
    // Values can be 'datachannel', 'websocket', true (treat it as
    // 'datachannel'), undefined (treat it as 'datachannel') and false (don't
    // open any channel).
    // openBridgeChannel: true,


    // UI
    //

    // Use display name as XMPP nickname.
    // useNicks: false,

    // Require users to always specify a display name.
    // requireDisplayName: true,
    requireDisplayName: true,

    // Whether to use a welcome page or not. In case it's false a random room
    // will be joined when no room is specified.
    enableWelcomePage: true,

    // Enabling the close page will ignore the welcome page redirection when
    // a call is hangup.
    // enableClosePage: false,

    // Disable hiding of remote thumbnails when in a 1-on-1 conference call.
    // disable1On1Mode: false,

    // Default language for the user interface.
    // defaultLanguage: 'en',

    // If true all users without a token will be considered guests and all users
    // with token will be considered non-guests. Only guests will be allowed to
    // edit their profile.
    enableUserRolesBasedOnToken: false,

    // Whether or not some features are checked based on token.
    // enableFeaturesBasedOnToken: false,

    // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
    // lockRoomGuestEnabled: false,

    // When enabled the password used for locking a room is restricted to up to the number of digits specified
    // roomPasswordNumberOfDigits: 10,
    // default: roomPasswordNumberOfDigits: false,

    // Message to show the users. Example: 'The service will be down for
    // maintenance at 01:00 AM GMT,
    // noticeMessage: '',

    // Enables calendar integration, depends on googleApiApplicationClientID
    // and microsoftApiApplicationClientID
    // enableCalendarIntegration: false,

    // Stats
    //

    // Whether to enable stats collection or not in the TraceablePeerConnection.
    // This can be useful for debugging purposes (post-processing/analysis of
    // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
    // estimation tests.
    // gatherStats: false,

    // The interval at which PeerConnection.getStats() is called. Defaults to 10000
    // pcStatsInterval: 10000,

    // To enable sending statistics to callstats.io you must provide the
    // Application ID and Secret.
    // callStatsID: '',
    // callStatsSecret: '',

    // enables sending participants display name to callstats
    // enableDisplayNameInStats: false,

    // enables sending participants email if available to callstats and other analytics
    // enableEmailInStats: false,

    // Privacy
    //

    // If third party requests are disabled, no other server will be contacted.
    // This means avatars will be locally generated and callstats integration
    // will not function.
    // disableThirdPartyRequests: false,


    // Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
    //

    p2p: {
        // Enables peer to peer mode. When enabled the system will try to
        // establish a direct connection when there are exactly 2 participants
        // in the room. If that succeeds the conference will stop sending data
        // through the JVB and use the peer to peer connection instead. When a
        // 3rd participant joins the conference will be moved back to the JVB
        // connection.
        enabled: true,

        // Use XEP-0215 to fetch STUN and TURN servers.
        // useStunTurn: true,

        // The STUN servers that will be used in the peer to peer connections
        stunServers: [

            // { urls: 'stun:mydomain.com:4446' },
            { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
        ],

        // Sets the ICE transport policy for the p2p connection. At the time
        // of this writing the list of possible values are 'all' and 'relay',
        // but that is subject to change in the future. The enum is defined in
        // the WebRTC standard:
        // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
        // If not set, the effective value is 'all'.
        // iceTransportPolicy: 'all',

        // If set to true, it will prefer to use H.264 for P2P calls (if H.264
        // is supported).
        preferH264: true

        // If set to true, disable H.264 video codec by stripping it out of the
        // SDP.
        // disableH264: false,

        // How long we're going to wait, before going back to P2P after the 3rd
        // participant has left the conference (to filter out page reload).
        // backToP2PDelay: 5
    },

    analytics: {
        // The Google Analytics Tracking ID:
        // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'

        // The Amplitude APP Key:
        // amplitudeAPPKey: '<APP_KEY>'

        // Array of script URLs to load as lib-jitsi-meet "analytics handlers".
        // scriptURLs: [
        //      "libs/analytics-ga.min.js", // google-analytics
        //      "https://example.com/my-custom-analytics.js"
        // ],
    },

    // Information about the jitsi-meet instance we are connecting to, including
    // the user region as seen by the server.
    deploymentInfo: {
        // shard: "shard1",
        // region: "europe",
        // userRegion: "asia"
    },

    // Decides whether the start/stop recording audio notifications should play on record.
    // disableRecordAudioNotification: false,

    // Information for the chrome extension banner
    // chromeExtensionBanner: {
    //     // The chrome extension to be installed address
    //     url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',

    //     // Extensions info which allows checking if they are installed or not
    //     chromeExtensionsInfo: [
    //         {
    //             id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
    //             path: 'jitsi-logo-48x48.png'
    //         }
    //     ]
    // },

    // Local Recording
    //

    // localRecording: {
    // Enables local recording.
    // Additionally, 'localrecording' (all lowercase) needs to be added to
    // TOOLBAR_BUTTONS in interface_config.js for the Local Recording
    // button to show up on the toolbar.
    //
    //     enabled: true,
    //

    // The recording format, can be one of 'ogg', 'flac' or 'wav'.
    //     format: 'flac'
    //

    // },

    // Options related to end-to-end (participant to participant) ping.
    // e2eping: {
    //   // The interval in milliseconds at which pings will be sent.
    //   // Defaults to 10000, set to <= 0 to disable.
    //   pingInterval: 10000,
    //
    //   // The interval in milliseconds at which analytics events
    //   // with the measured RTT will be sent. Defaults to 60000, set
    //   // to <= 0 to disable.
    //   analyticsInterval: 60000,
    //   },

    // If set, will attempt to use the provided video input device label when
    // triggering a screenshare, instead of proceeding through the normal flow
    // for obtaining a desktop stream.
    // NOTE: This option is experimental and is currently intended for internal
    // use only.
    // _desktopSharingSourceDevice: 'sample-id-or-label',

    // If true, any checks to handoff to another application will be prevented
    // and instead the app will continue to display in the current browser.
    // disableDeepLinking: false,

    // A property to disable the right click context menu for localVideo
    // the menu has option to flip the locally seen video for local presentations
    // disableLocalVideoFlip: false,

    // Deployment specific URLs.
    // deploymentUrls: {
    //    // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
    //    // user documentation.
    //    userDocumentationURL: 'https://docs.example.com/video-meetings.html',
    //    // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
    //    // to the specified URL for an app download page.
    //    downloadAppsUrl: 'https://docs.example.com/our-apps.html'
    // },

    // Options related to the remote participant menu.
    // remoteVideoMenu: {
    //     // If set to true the 'Kick out' button will be disabled.
    //     disableKick: true
    // },

    // If set to true all muting operations of remote participants will be disabled.
    // disableRemoteMute: true,

    // List of undocumented settings used in jitsi-meet
    /**
     _immediateReloadThreshold
     autoRecord
     autoRecordToken
     debug
     debugAudioLevels
     deploymentInfo
     dialInConfCodeUrl
     dialInNumbersUrl
     dialOutAuthUrl
     dialOutCodesUrl
     disableRemoteControl
     displayJids
     etherpad_base
     externalConnectUrl
     firefox_fake_device
     googleApiApplicationClientID
     iAmRecorder
     iAmSipGateway
     microsoftApiApplicationClientID
     peopleSearchQueryTypes
     peopleSearchUrl
     requireDisplayName
     tokenAuthUrl
     */

    // List of undocumented settings used in lib-jitsi-meet
    /**
     _peerConnStatusOutOfLastNTimeout
     _peerConnStatusRtcMuteTimeout
     abTesting
     avgRtpStatsN
     callStatsConfIDNamespace
     callStatsCustomScriptUrl
     desktopSharingSources
     disableAEC
     disableAGC
     disableAP
     disableHPF
     disableNS
     enableLipSync
     enableTalkWhileMuted
     forceJVB121Ratio
     hiddenDomain
     ignoreStartMuted
     nick
     startBitrate
     */


    // Allow all above example options to include a trailing comma and
    // prevent fear when commenting out the last value.
    makeJsonParserHappy: 'even if last key had a trailing comma'

    // no configuration value should follow this line.
};

/* eslint-enable no-unused-vars, no-var */

this is my /etc/jitsi/videobridge/config

# Jitsi Videobridge settings

# sets the XMPP domain (default: none)
JVB_HOSTNAME=mydomain.com

# sets the hostname of the XMPP server (default: domain if set, localhost otherwise)
JVB_HOST=127.0.0.1

# sets the port of the XMPP server (default: 5275)
JVB_PORT=5347

# sets the shared secret used to authenticate to the XMPP server
JVB_SECRET=secret_jvb

# extra options to pass to the JVB daemon
JVB_OPTS="--apis=,"
#JVB_OPTS="–-apis=rest,xmpp"

# adds java system props that are passed to jvb (default are for home and logging config file)
JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/jitsi/videobridge/logging.properties"

this is my /etc/jitsi/videobridge/sip-communicator.properties

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=127.0.0.1
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=mydomain.com
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.rest.jetty.port=65443
org.jitsi.videobridge.rest.jetty.tls.port=65443
org.jitsi.videobridge.TCP_HARVESTER_PORT=65443
org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=65443
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=65081
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.mydomain.com
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=jvb_passwd
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.mydomain.com
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=1ead82b1-bb8d-4ef0-b6a9-f5708a1d606e

and this is my /etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =nextcloud.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =zulib.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =zimbra.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =zimbra-admin.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =webmin.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =kodi.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =mydomain.com [OR]
RewriteCond %{SERVER_NAME} =onduleur.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =fbx.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =freebox.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ServerName zimbra-admin.mydomain.com
Redirect permanent / https://mydomain.com:7071/
</VirtualHost>
<VirtualHost *:80>
ServerName zimbra.mydomain.com
Redirect permanent / https://mydomain.com:8443/
</VirtualHost>
<VirtualHost *:80>
ServerName nextcloud.mydomain.com
Redirect permanent / https://mydomain.com/nextcloud
</VirtualHost>
<VirtualHost *:80>
ServerName jeedom.mydomain.com
Redirect permanent / https://mydomain.com/jeedom
</VirtualHost>
#<VirtualHost *:80>
#ServerName rdv.mydomain.com
#Redirect permanent / https://mydomain.com/
#</VirtualHost>
<VirtualHost *:80>
ServerName mumble.mydomain.com
Redirect permanent / https://mydomain.com/
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

#<VirtualHost *:80>
#    ServerName rdv.mydomain.com
#    Redirect permanent / https://rdv.mydomain.com/
#    RewriteEngine On
#    RewriteCond %{HTTPS} off
#    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#</VirtualHost>


<VirtualHost *:80>
    ServerName rdv.mydomain.com
    Redirect permanent / https://mydomain.com:65443/
#    RewriteEngine On
#    RewriteCond %{HTTPS} off
#    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

#<VirtualHost *:443>
#    ServerName rdv.mydomain.com
#    Redirect permanent / https://mydomain.com:65443/
#</VirtualHost>

<VirtualHost *:65443>

  ServerName mydomain.com

  SSLProtocol TLSv1 TLSv1.1 TLSv1.2
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
  SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED"
  SSLHonorCipherOrder on
  Header set Strict-Transport-Security "max-age=31536000"

  DocumentRoot "/usr/share/jitsi-meet"
  <Directory "/usr/share/jitsi-meet">
    Options Indexes MultiViews Includes FollowSymLinks
    AddOutputFilter Includes html
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>

  ErrorDocument 404 /static/404.html

  Alias "/config.js" "/etc/jitsi/meet/mydomain.com-config.js"
  <Location /config.js>
    Require all granted
  </Location>

  Alias "/external_api.js" "/usr/share/jitsi-meet/libs/external_api.min.js"
  <Location /external_api.js>
    Require all granted
  </Location>

  ProxyPreserveHost on
  ProxyPass /http-bind http://localhost:5280/http-bind/
  ProxyPassReverse /http-bind http://localhost:5280/http-bind/

  RewriteEngine on
  RewriteRule ^/([a-zA-Z0-9]+)$ /index.html
</VirtualHost>

i upload also my jicofo.log, my prosody.err and my jvb.log (where i separate successfull test and not working test).
i hope you’ll help me and so thanks for helping me.
sorry for my bad english

PS i can not upload file so i’ll try to put them on response after this

prosody.err

|Apr 13 12:57:33 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|---|---|---|
|    Apr 13 12:57:33 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 12:57:33 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 13:15:51 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 13:15:51 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 13:15:51 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 13:58:07 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 13:58:07 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 13:58:07 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 15:02:51 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 15:02:51 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 15:02:51 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 15:04:24 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 15:04:24 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 15:04:24 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 15:04:56 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 15:04:56 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 15:04:56 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 15:05:30 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 15:05:30 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 15:05:30 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 15:06:36 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 15:56:59 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 16:03:02 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 16:19:26 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 16:26:02 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 16:26:02 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 16:26:02 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 18:19:43 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 18:19:43 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 18:19:43 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 18:21:42 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 18:21:42 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 18:21:42 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 18:23:30 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 18:23:30 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 18:23:30 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 18:24:23 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 18:24:23 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 18:24:23 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 18:24:46 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 18:24:46 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 18:24:46 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 18:25:10 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 18:25:11 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 18:25:11 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 18:25:54 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 18:25:54 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 18:25:54 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 18:40:53 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 18:40:54 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 18:40:54 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|
|    Apr 13 19:20:29 portmanager|error|Failed to open server port 5347 on ::1, Cannot assign requested address|
|    Apr 13 19:20:29 certmanager|error|SSL/TLS: Failed to load '/etc/letsencrypt/live/mydomain.com/privkey.pem': Check that the permissions allow Prosody to read this file. (for https port 5281)|
|    Apr 13 19:20:29 portmanager|error|Error binding encrypted port for https: error loading private key (Permission denied)|

here you can find my jicofo.log :

https://textup.fr/428573BB

and here my jvb.log where i separate working test and not working ones :

https://textup.fr/428578h0

sorry it’s the only solution i find to put my logs… (too long)

PS: when we test on localnetwork (eg with or lan or wifi), it’s allways working regardless of the number

Please, someone help ? if you need others informations, dont hesitate…