Router already reserved 443, new port doesn't "allow" video pass?

Hello there ;-),

I’m installing jitsi on a local server (Ubuntu 20.04), using the provided packages (lets-encrypt has worked, too).
Unfortunately, our router (a FritzBox) has reserved 443 for its own web-interface and assigned port 61056 when I wanted to forward 443 through the router.

Now I can access jitsi, but video connections don’t seem to work.

My local firewall has the same ports opened, as they are forwarded (?) via the router:

ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp (OpenSSH)           ALLOW IN    Anywhere                  
80/tcp                     ALLOW IN    Anywhere                  
443/tcp                    ALLOW IN    Anywhere                  
10000/udp                  ALLOW IN    Anywhere                  
3478/udp                   ALLOW IN    Anywhere                  
5349/udp                   ALLOW IN    Anywhere                  
9090/tcp                   ALLOW IN    Anywhere                  
9100/tcp                   ALLOW IN    Anywhere                  
4443/tcp                   ALLOW IN    Anywhere                  
61056/tcp                  ALLOW IN    Anywhere                  
22/tcp (OpenSSH (v6))      ALLOW IN    Anywhere (v6)             
80/tcp (v6)                ALLOW IN    Anywhere (v6)             
443/tcp (v6)               ALLOW IN    Anywhere (v6)             
10000/udp (v6)             ALLOW IN    Anywhere (v6)             
3478/udp (v6)              ALLOW IN    Anywhere (v6)             
5349/udp (v6)              ALLOW IN    Anywhere (v6)             
9090/tcp (v6)              ALLOW IN    Anywhere (v6)             
9100/tcp (v6)              ALLOW IN    Anywhere (v6)             
4443/tcp (v6)              ALLOW IN    Anywhere (v6)             
61056/tcp (v6)             ALLOW IN    Anywhere (v6) 

I also tried editing and adding to /etc/jitsi/videobridge/sip-communicator.properties:

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:61056
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.***
org.jitsi.videobridge.xmpp.user.shard.USERNAME=***
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=***
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.***
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=d39bfe93-ec61-4f62-***

TCP_HARVESTER_PORT=61056
TCP_HARVESTER_MAPPED_PORT=61056

Is there any other place where I would have to dig? What did I get wrong?

Thanks a lot in advance,
Guntram

For the custom port, you also need to change config.js value for bosh connection.
You should be seeing the errors in the js console in the browser.

Thanks for the fast reply,

I edited:
bosh: '//meet.*.de:61056/http-bind',
in
/usr/share/jitsi-meet-web-config/config.js,

but it seems, I have to find one more place to go - the browser console gives:

https://meet.***.de/http-bind?room=fancydecadesmatterquietly
|scheme|https|
| --- | --- |
|host|meet.***.de|
|filename|/http-bind|
||
|room|fancydecadesmatterquietly|
||
|Adresse|*.*.*.*:443|

Status
400
Bad Request
VersionHTTP/1.1
Übertragen109 B (0 B Größe)

The * are just for “privacy”.
So there is the right IP-adress, but he still insists on port 443, somehow…

Any other place I should be looking?

Nope, I cannot think of anything else at the moment … this needs debugging …

Ok.
Would there be a possibility to reinstall jitsi with the special port as a parameter or some other way to make it known to the installer? Would the installer be capable of taking care of the special port?

Thanks again,
Guntram

Nope, there is no such config.

Are you sure you have edit the config and it is not some cash?
You can open yourdeployme.com/config.js to check it or in the js console where you see the error just type config and you will see what is loaded.

This is strange. As you suggested, the config.js isn’t updated :face_with_raised_eyebrow:

I cleared the cache, I reloaded with another browser - still no sign of the changed entry!
Seems to be some kind of server cache?

To reload jitsi I did:
/etc/init.d/jicofo restart && /etc/init.d/jitsi-videobridge2 restart && /etc/init.d/prosody restart

I even rebooted the server itself. Checked the config via ssh - still edited, loaded it via web-browser: no edit visible!
What the hell is going on here? :hot_face:

To be clear: the file I edited on the server is
/usr/share/jitsi-meet-web-config/config.js
This is the right location - isn’t it? I couldn’t find another config.js on my server…

Nope, the config.js is in /etc/jitsi/meet/…

Ah! That’s it! I didn’t find it, because it was named my.domain-config.js
Thanks a lot!

Now I seem to have a connection :-)! Local Video is now working (I can at least see my own camera “input”) - but still no video is being transported via the server (I only see the fellow jitster without any image or sound).

Any idea, where this is “misconfigured”?

Network problem, most probably port 10000 udp is not forwarded to the bridge.

Okay. I did a quick googling, but didn’t find anything (I understood well enough :wink: ).

Could you do me a favour and have another look at my opening post? It seems, that the changes in
/etc/jitsi/videobridge/sip-communicator.properties
aren’t even necessary?

I just commented the last two lines and the connection itself worked as well as with them (or as bad, if you will :smiley: )…

Any way to “open a port 10.000 connection” between two machines to see, whether information is flowing or not?

Thanks again,
Guntram

nevermind - figured out, that I didn’t have to make those changes. Reverted /etc/jitsi/videobridge/sip-communicator.properties to its original state and I have a connection :slight_smile: !

This is very wrong and will have the effect of no video

yes…I really didn’t understand what I was doing…

System seems to be up and running great atm - thanks again and a lot, Damian!

I suppose, there is no way of “hiding” this extra port number from unexperienced users? We do use some proprietary subdomain config tool, which simply leads the subdomain (domain is not in our hands) to the IP of our local router via A and AAAA records…