Stun Turn 443

Hi,

I 'm a brand new user to Jitsi. (using it for a week now).
I built my server on a an Ubuntu 18.04 using the quick install guide.
I used the Jicofo guide to secure session creation (thanks Damencho)
I enabled Jibri for recording and stream.

Everything works like a charm but I have to host sessions with corporations that authorize only 80, 443 for outgoing streams.

As far as I understand it is possible to make jitsi-meet using full 443 using a turn/stun server.

And this is where I am lost. Till this morning I had no idea of what is a stun or turn server. Are both needed to have a full 443 solution?

If I understand well there is already a turn server on Jitsi-meet which is coturn.

Is there any guide somewhere to make a such setup as there was for jitsi, jicofo and jibri?

Many thanks by advance for your help.

Proc.

As far as I understand there is already a turn built in jitsi with the last quick install. right?

To enable it or to be sure it’s enabled I have to check that this parameter : UseStunTurn is set to true twice.

One for P2P and one for use turn as a global behaviour. right?

in my /etc/jitsi/meet/rooms.‘mysite’-config.js, I can see the setting set to true both, but without port 10000 accessible Audio and Video fails.

Thanks by advance for any help.

Sorry no guide, just a hint; take a look at /etc/nginx/modules-enabled/60-jitsi-meet.conf

Hi,
I usually use apache, but as far as I understood it’s easier to use nginx with jitsi-meets.

This is what I have in my jitsi-meet.conf :

stream {
    upstream web {
        server 127.0.0.1:4444;
    }
    upstream turn {
        server 127.0.0.1:4445;
    }
    # since 1.13.10
    map $ssl_preread_alpn_protocols $upstream {
        ~\bh2\b         web;
        ~\bhttp/1\.     web;
        default         turn;
    }

    server {
        listen 443;
        listen [::]:443;

        # since 1.11.5
        ssl_preread on;
        proxy_pass $upstream;

        # Increase buffer to serve video
        proxy_buffer_size 10m;
    }
}

Nothing related to my port 10000

And my javascript log give this :

2020-04-17T14:00:01.373Z [modules/RTC/BridgeChannel.js] <value>:  Bridge Channel send: no opened channel. Logger.js:154:22
    o Logger.js:154
    value BridgeChannel.js:395
    value BridgeChannel.js:189
    value RTC.js:908
    sendEndpointMessage JitsiConference.js:2454
    broadcastEndpointMessage JitsiConference.js:2464
    value ConnectionQuality.js:461
    value ConnectionQuality.js:532
    emit events.js:151
    _processAndEmitReport RTPStatsCollector.js:827
    processNewStatsReport RTPStatsCollector.js:1230
    statsIntervalId RTPStatsCollector.js:339

This is in my config.js file

    stunServers: [

        // { urls: 'stun:jitsi-meet.example.com:4446' },
        { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
    ],

And if your port UDP 10000 is not accessible it works ?

I have the same in my config, but regarding where it’s placed I think this is only for P2P.

My server is on public IP, no port restrictions.

You are right, it’s in the p2p section…

As I think to understand, it’s turnserver that is receiving data from port 4445 that is regenerating UDP port 10000 toward jvb (videobridge). Don’t expect a deep explanation from me, it’s mostly a guess since at the moment I have removed turn server because it’s so much easier without it.

@eos Mine is also on Pub IP, not behind a FW.

@gpatel-fr
I agree with you it’s easy when you don’t have to deal with corporation and restricted network.

Hi @processor, did you manage to get the turn server working?
I’m in the same situation where I need to help someone access Jitsi over TCP, but the default turn server doesn’t seem to work.

Hi shaun,

Unfortunately, I won’t be a great help in your case as it started to work by itself without any further action from but a complete reinstall.

That’s alright. Thanks for the reply though.

So if I understand correctly, all you had to do was follow the quick install guide exactly and it worked?
Did you possibly change any setting in config.js or sip-communication.properties or any of the prosody files?

No I followed the tutorials.
But I think there has been an update between my firsts test and my second install, so may be something had been corrected between.

Alright, perfect. Thank you so much for the advice @processor

sudo nano /etc/turnserver.conf

this should give you the turn credentials setup automatically on your system after installing jitsi