Tip: websocket and the additional JVBs

Thanks for the great info @emrah

Following your advice: using private ip as the server-id, I’m still seeing the same error as the guys here.

[modules/RTC/BridgeChannel.js] <WebSocket.e.onclose>:  Channel closed: 1006

[modules/connectivity/IceFailedHandling.js] <s._conference.jvbJingleSession.terminate.reason>:  session-terminate for ice restart - error: undefined

WebSocket connection to 'wss://domain.com/colibri-ws/10.xx.x.xxx/db7c4ff3463d6741/c4124c73?pwd=198f9n6a13ba859p13ojs61egq' failed

[modules/RTC/BridgeChannel.js] <Kr._send>:  Bridge Channel send: no opened channel.

Any pointers to where should I look?

What is the output for the following command on JMS?

curl http://jvb-local-ip:9090/
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 404 Not Found</title>
</head>
<body><h2>HTTP ERROR 404 Not Found</h2>
<table>
<tr><th>URI:</th><td>/</td></tr>
<tr><th>STATUS:</th><td>404</td></tr>
<tr><th>MESSAGE:</th><td>Not Found</td></tr>
<tr><th>SERVLET:</th><td>org.eclipse.jetty.servlet.ServletHandler$Default404Servlet-4628b1d3</td></tr>
</table>
<hr/><a href="https://eclipse.org/jetty">Powered by Jetty:// 9.4.44.v20210927</a><hr/>

</body>
</html>

Curl from JMS to JVB1: port is open, I can see a 404 page not found. The same page I would see if I curl localhost 9090 on JMS.

Can you create a meeting with 3 participants when you stop all JVBs except JVB1?

Yes, already stopped JVB at JMS, running only JVB1. Meeting works fine for 2, when there’s 3 pax can see the guys but no audio / video.

No, @emrah meant to stop all remote JVBs (i.e. the JVBs on separate servers), leave the local JVB (i.e. the one on the JMS server) running and then try hosting a meeting with 3 participants.

@Freddie thanks for clarifying. No issue if local JVB thou.

Is port 10000/UDP open and accessible on the remote JVBs? If behind a NAT, is the port properly forwarded?

1 Like

This means that JVB1 is not configured correctly.

1 Like

And if you use Apache you can do.

jvb.conf jvb1
websockets {
server-id = “jvb1”
enabled = true
domain = “jvs.example.com:443
tls = true

jvb.conf jvb2
websockets {
server-id = “jvb2”
enabled = true
domain = “jvs.example.com:443
tls = true

Apache2
ProxyPass /colibri-ws/jvb1 ws://IP:9090/colibri-ws/jvb1
ProxyPassReverse /colibri-ws/jvb1 ws://IP:9090/colibri-ws/jvb1
ProxyPass /colibri-ws/jvb2 ws://IP:9090/colibri-ws/jvb2
ProxyPassReverse /colibri-ws/jvb2 ws://IP:9090/colibri-ws/jvb2

Yes port is opened, and tested.

On remote JVB:
nc -lu 10000

On client:
nc -u x.x.x.x 10000
messages goes here

No issues, all messages received.

Any pointers, where should I look? I’ve been looking everywhere but can’t seem to find anything.

Using Nginx and the configurations stated in this thread.

# colibri (JVB) websockets for jvb1
    location ~ ^/colibri-ws/default-id/(.*) {
        proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        tcp_nodelay on;
    }

    # colibri (JVB) websockets for additional JVBs
    location ~ ^/colibri-ws/([0-9.]*)/(.*) {
        proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        tcp_nodelay on;
    }
  • Are JMS and JVB1 on the same network?

  • Can JVB1 access to JMS’s TCP/5222?

It seems that you have more than one issue. The websocket issue is not the main issue. First you need to create a meeting with 3 participants

I know, just pointed out that if you running Apache instead of nginx you can do that configuration for websocket to work. No intent to hijack the thread and I know allot of people have this issue when running Apache to. So if someone google they can find this to, hope that’s ok :cold_face:

Regarding your issues how is your firewall configured? Do you NAT port 10000/UDP to your JVB? or do you have dedicated public IP´s for them?
I can clarify how I set up this in my lab at least.
One public IP → HAproxy for all 443 traffic to my meet.example.com (jvs), NAT forward to JVB1 10000/UDP and 10001/UDP for JVB2.
I still use sip-communicator.properties to configure most of my jvb´s I know you can do most in jvb.conf but I find it easier in sip.

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet.xxxx.xxx:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=pubsub,colibri,muc
org.jitsi.videobridge.PUBSUB_NODE=sharedStatsNode
org.jitsi.videobridge.PUBSUB_SERVICE=meet.xxx.xxxx ← jvs
org.jitsi.videobridge.STATISTICS_INTERVAL=2000
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME= ← jvs
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.xxx.xxx ← jvs
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=xxxxxxxxxx
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.xxx.xxxx<- jvs
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=JVB1
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=10000
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false
org.jitsi.videobridge.TCP_HARVESTER_PORT=443
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=local ip
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=public ip

And for jvb.conf

videobridge {
http-servers {
public {
port = 9090
}
}
websockets {
server-id = “jvb1”
enabled = true
domain = “meet.xxxx.xxxx:443” <-jvs
tls = true
}
}

and just change server-id = “jvb1” to “jvb2” and so forth depending on how many jvb´s you want the same in sip for nickname.

And to sum up the only traffic from clients to hit the jvb directly is video over 10000/udp and all XMPP, colibri is proxy via your web-server (nginx or apache)
And don’t forget to add or uncomment in meet.example.com-config.js

// Websocket URL
websocket: ‘wss://meet.example.com/xmpp-websocket’,
websocketKeepAliveUrl: ‘xx://meet.example.com/_unlock’,

And also in meet.example.com.cfg.lua
cross_domain_websocket = true;
consider_websocket_secure = true;
and
modules_enabled = {
“websocket”;
“smacks”;

I also needed to add mod_websocket.lua to my /usr/share/jitsi-meet/prosody-plugins/ after upgrading prosody to latest version 0.11.12

Side note if you need the fallback port of 443 for video this setup needs a TURN server but for testing this works fine
Sorry if my English is a bit off its a second language for me and if my post looks funny its because i can only post two links as new member so be creative or ask and I can enplane what to fill all the xxx with

1 Like

Thank you guys for your help @emrah, @Htillberg, @Freddie and the rest who contributed to this thread. I managed to figure it out. Basically it has nothing to do with network configurations, the endpoints and ports required can be reached by needed components. I got the hint from @Freddie it must be something along the lines of JVB port 10000 and found the following lines in my JVB1’s jvb.log.

ConnectivityCheckClient$PaceMaker.run#936: Pair failed: 10.x.x.x:10000/udp/host -> 192.168.1.232:55778/udp/host (stream-4e69aead.RTP)

The private IP 192.168.1.232 here doesn’t makes much sense (correct me if I’m wrong), from what I understand it should be a UDP connection from JVB1 to one of the clients connected, and it cannot be a private IP. So it should be something wrong with Nat Harvester. So I added the following to sip-communicator.properties and it worked.

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=local ip
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=public ip

It wasn’t set because on official Jitsi Scalable setup docs it was stated that:

With the latest stable (April 2020) videobridge, it is no longer necessary to set public and private IP addresses in the sip-communicator.properties as the bridge will figure out the correct configuration by itself.

Looks like those 2 lines are still very much required. :sweat_smile: Would be great if anyone knows under what conditions it is not required can further comment.

if your JVB is firewalled out of the internet, the harvester can’t do its thing.

Hi @gpatel-fr can you be more specific, which ports to open for JVB for harvester to work?

Currently on JVB1 all traffic allowed outbound, anywhere.
Inbound 10000 opened to public, and 9090 opened to JMS.

JVB just needs these (except the OCTO case).

HARVESTER sets the accessible IPs, not related in ports.