Tip: websocket and the additional JVBs

When JMS (Jitsi Meet Server) and JVB (Jitsi Video Bridge) are on the same server, the default config works but when you have additional JVBs on different servers, some extra steps are needed to use websocket.

  • Do not confuse xmpp-websocket with colibri-websocket. These are two different things. Now we are talking about colibri-websocket.

  • JMS’s TCP/5222 must be accessable by additional JVBs

  • JVBs’ TCP/9090 must be accessable by JMS

  • UDP/10000 must be publicly accessable for each servers (JMS + JVBs)

  • The servers (JMS + JVBs) can access to UDP/4096 of all other servers if OCTO is needed

  • Add the following location block to Nginx site config on JMS. This block must be right after the default JVB1’s colibri location block.

    # colibri (JVB) websockets for additional JVBs
    location ~ ^/colibri-ws/([0-9.]*)/(.*) {
        proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        tcp_nodelay on;
    }
  • restart the Nginx service on JMS
systemctl restart nginx.service
  • Set JVBs’ own public IP as server-id for each additional JVBs. server-id must be in the websockets block of the /etc/jitsi/videobridge/jvb.conf file for each additional JVB (but not for the main JVB which is located on JMS)

/etc/jitsi/videobridge/jvb.conf
1.2.3.4 is the external IP of JVB in this example

videobridge {
  ...
  ...
  websockets {
    server-id = "1.2.3.4"
    ...
    ...
  }
}
  • restart the videobridge service on each JVB
systemctl restart jitsi-videobridge2.service
3 Likes

if all JVBs are behind NAT, how it works? in case where JMS and JVB share the same Public IP.
Thanks!

Assign different port numbers to each individual JVB e.g. 10000, 10001 e.t.c… and forward those ports to the private IP of the different JVBs

[Edited]

and for UDP port 10000, it’s also used by JVBs, so need to be different for each JVB?
Thanks for you quick answer.

My apologies (I’m half asleep)… it’s actually UDP 10000 that needs assigning - so UDP 10000, 10001 e.t.c…

Why do you want to put many JVBs behind the same public IP/interface? Since the main limiting factor is the network capacity for JVB, your bottleneck will be your public interface capacity, not the number of JVBs…

yes, you are right, but the what is the maximum capacity for in signal JVB in terms of participants and simultaneous meetings? my planning to have 4-5 meeting at the same times and each meeting can have 100 participants as the maximum(most of time is less), only audio will be used and one sharing screen.
is the internet connection DL: 200Mbps/ UP:100Mbps can response to this requirement?

Thank you guys @emrah and @Freddie for your help your are search engine of this forum :slight_smile: (Jitsi Google)

Well, let’s do the math. We’ll just focus on the upload (because that’s usually the first limiter):

Each audio send = 40kbps (it’s actually ~ 35kbps, but let’s take an upper limit)
Each screenshare = 2.5Mbps (simulcast disabled, for the highest quality screenshare)

Audio upload of 500 participants = 500 x 40 = 20,000kbps = 20Mbps
5 screenshare instances (one per meeting) = 2.5 x 5 = 12.25Mbps

So total upload (all things being equal) will be about 32.25Mbps (let’s round it up to 35Mbps).

As you can see, this (in theory) shouldn’t be a problem with 100Mbps upload available. Note that the default setting for screenshare actually uses just about 500kbps, which is one-fifth of what I’ve used in the calculations.

3 Likes

Do you know any method to retrieve this information (mapping of the jvb server-id → ip) with focus jicofo instead of a static mapping ?
It’s quite complicated to keep a miningful unique id for each jvb (especially when the number of jvb can fluctuate scale-in scale-out) and we prefer not using the ip or ip:port for server-id to mitigate the risk of using the nginx proxy (or any other proxy/loadbalancer) as a gateway to our private network (especially other server such as other organizations’ dedicated jvb).

Dear Freddie,
Thank you for a concrete calculation sample. In my case, a room with 30 participants, all turning on their camera, no desktop sharing. I already try to estimate the bandwidth of the associated JVB in vain.
For the JVB, I think the download will be the first limiter. It provides 30x29 streams in total. In the config.js I enabled the multicast wiht the minimum bandwidth of 200k. In theory, in such situation, the JVB must have a bandwidth of 30x29x200k = 174M. But from the Zabbix monitoring system, I can see the consumed bandwidth is just about 40-50Mbps. And the conference went quite well. Where do I make a mistake in calculation please ?
Many thanks

Hi @emrah,

I have followed this step to enable WebSocket in my self-hosting jitsi meet server.

This is my nginx config on JMS:

# colibri (JVB) websockets for jvb1
    location ~ ^/colibri-ws/default-id/(.*) {
        proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        tcp_nodelay on;
    }

    # colibri (JVB) websockets for additional JVBs
    location ~ ^/colibri-ws/([0-9.]*)/(.*) {
        proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        tcp_nodelay on;

And jvb.conf at JMS:

videobridge {
    http-servers {
        public {
            port = 9090
        }
    }
    websockets {
        enabled = true
        domain = "mydomain.com:443"
        tls = true
    }
}

And the following are the contents of jvb.conf at external JVB:

videobridge {
    http-servers {
        public {
            port = 9090
        }
    }
    websockets {
        server-id = "external-jvb_ip"
        enabled = true
        domain = "mydomain.com:443"
        tls = true
    }
}

And restart services at JMS and JVB, but when I start a conference and check the javascript console logs, I have found the following error logs:

WebSocket connection to 'wss://mydomain.com/colibri-ws/external-jvb_ip/24128a14330acc71/810470a9?pwd=74s2dho69r5caqrq1ei5m4v0oe' failed:

and the following errors also appear:

[modules/RTC/BridgeChannel.js] <p._send>:  Bridge Channel send: no opened channel.

I don’t know if this is related or not, but I’ve found that this issue has caused the screen sharing resolution for some participants to be blurred.
Is there any suggestion to solve these issues?

Thanks

Is TCP/9090 accessible through the public IP on the additional JVBs?

How to check if TCP/9090 is accessible? Please inform

From JMS

curl http://jvb-ip:9090/

I’ve got this result:

curl: (7) Failed to connect to jvb-ip port 9090: Connection timed out

Please inform how to make TCP/9090 accessible?

Did you use the real IP instead of jvb-ip ?

Search Linux networking and your hosting provider docs for this

Yes, I use the real ip instead of jvb-ip.

Does it enough if I use this command:

sudo ufw allow 9090/tcp

?

Hi @emrah

Just confirm this one work for me.

sudo ufw allow 9090/tcp

Thanks

1 Like

Thanks for your howto, i have a question the “server-id” section must contain the public ip of the videobridge right? so ,for example, if my jvb-2 has 213.209.XXX.YYY as public ip and 10.0.0.5 as private IP i must indicate the 213.209.XXX.YYY as server-id right? Thanks and sorry for the probably noob question

Both are possible.

Nginx redirects the websocket traffic using this IP. No problem if nginx can access TCP/9090 using choosen IP