The jvb log indicates that the socket 10000 port cannot be connected

Install & Config
1

Hi everyone ~

Problem Description
Internet users use jitsi, and the jvb log shows that they cannot connect to the socket. Does the intranet UDP/10000 need to be mapped to the Internet? If so, what configuration needs to be modified. I can use the nginx stream module to forward the UPD/10000 port to the Internet

JVB Log

[confId=35bc46035fcd6991 conf_name=15@conference.jsitest.soft.cn meeting_id=d7d799d2 epId=6d1cb2de stats_id=Jay-zNT local_ufrag=711d1gso7rdi7 ufrag=711d1gso7rdi7] ConnectivityCheckClient.startCheckForPair#350: Could not start connectivity check: No socket found for 172.18.0.95:10000/udp->10.81.199.197:53988/udp

Nginx configuration

    location = /_api/room-info {
        #proxy_pass http://prosody/room-info?prefix=$prefix&$args;
        proxy_pass http://127.0.0.1:5280/room-info?prefix=$prefix&$args;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }
    # BOSH
    location = /http-bind {
        #proxy_pass http://$prosody_node/http-bind?prefix=$prefix&$args;
        proxy_pass http://127.0.0.1:5280/http-bind?prefix=$prefix&$args;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_set_header Connection "";
    }

    # xmpp websockets
    location = /xmpp-websocket {
        proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        tcp_nodelay on;
    }

    # colibri (JVB) websockets for jvb1
    location ~ ^/colibri-ws/default-id/(.*) {
        #proxy_pass http://jvb1/colibri-ws/default-id/$1$is_args$args;
        proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        tcp_nodelay on;
    }

Architecture Picture

jitsi架构
jitsi架构1246×900 102 KB

2

UDP/10000 has nothing to do with Nginx

3

@emrah After checking the forum posts, I found that the 10000 ports of the JVB host must be exposed to the Internet and can be directly connected by users. My current network structure is that Jitsi-meet is proxied by nginx on the Internet, but JVB 10000 is not proxied by nginx. Is there a problem?

4

The clients have to connect to JVB directly. There will be a problem if this port is proxied by nginx.

5

Hi ~ @saghul @Freddie @damencho

[confId=35bc46035fcd6991 conf_name=15@conference.jsitest.soft.cn meeting_id=d7d799d2 epId=6d1cb2de stats_id=Jay-zNT local_ufrag=711d1gso7rdi7 ufrag=711d1gso7rdi7] ConnectivityCheckClient.startCheckForPair#350: Could not start connectivity check: No socket found for 172.18.0.95:10000/udp->10.81.199.197:53988/udp

I want to change the IP address here to
for 163.227.95.120:10000/udp->10.81.199.197:53988/udp
163.227.95.120:10000 is set in which file

6

@emrah
JVB is in the internal network environment of the computer room, and the 10000/UDP port cannot be directly connected by the client. Is there any way to solve this problem. My method is to use nginx to proxy the 10000/UDP port of the JVB

7

In this case, you need coturn but the performance will not be better as direct connection. Why can’t you add a rule to forward UDP/10000 traffic?