Traefik and docker install

JIBRI CONFIG

version: '3.7'

services:
  jibri:
    image: jitsi/jibri
    volumes:
      - jibri-config:/config
      - /dev/shm:/dev/shm
    cap_add:
      - SYS_ADMIN
      - NET_BIND_SERVICE
    devices:
      - /dev/snd:/dev/snd
    environment:
      XMPP_SERVER: xmpp.meet.your.fqdn.com
      XMPP_DOMAIN: your.fqdn.com
      XMPP_AUTH_DOMAIN: auth.meet.your.fqdn.com
      XMPP_BOSH_URL_BASE: http://xmpp.meet.your.fqdn.com:5280
      XMPP_GUEST_DOMAIN: guest.meet.your.fqdn.com
      XMPP_MUC_DOMAIN: muc.meet.your.fqdn.com
      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.your.fqdn.com
      XMPP_RECORDER_DOMAIN: recorder.meet.your.fqdn.com
      TZ: America/Chicago
      JIBRI_BREWERY_MUC: jibribrewery
      JIBRI_PENDING_TIMEOUT: 90
      JIBRI_XMPP_USER: jibri
      JIBRI_XMPP_PASSWORD: passw0rd
      JIBRI_RECORDER_USER: recorder
      JIBRI_RECORDER_PASSWORD: passw0rd
      DISPLAY: :0
      TZ: America/Chicago
      JIBRI_RECORDING_DIR: /config/recordings
      JIBRI_FINALIZE_RECORDING_SCRIPT_PATH: /config/finalize.sh
      JIBRI_STRIP_DOMAIN_JID: muc.meet
      JIBRI_LOGS_DIR: /config/logs
    networks:
      jitsi_jitsi:

volumes:
  jibri-config:
    driver: local
    driver_opts:
      type: nfs
      o: nfsvers=4,addr=10.0.1.3,rw
      device: ":/mnt/nfsdata/jibri"
networks:
  jitsi_jitsi:
    external: true

URL TO RECORD JITSI
https://your.fqdn.com/room-name-goes-here#config.iAmRecorder=true&config.externalConnectUrl=null&config.startWithAudioMuted=true&config.startWithVideoMuted=true&interfaceConfig.APP_NAME=“Jibri”&config.analytics.disabled=true&config.p2p.enabled=false

You cannot use Traefik to proxy the 10000/udp and 4443/ports. I tried it. It doesn’t work. You must use host networking for those ports.

I used @jogi config and picked the traffic labels and host network config for the jvb bridge from @mattvoss . I’t works in chrome based browsers. I’m not quite happy with it because it bypasses traeffic… Traeffic v2.2 supports udp traffic. I guess there is a way to configure it right but I don’t know how.

version: '3.7'

services:
    # Frontend
    web:
        image: jitsi/web
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.jitsi.entrypoints=http"
            - "traefik.http.routers.jitsi.rule=Host(`meet.domain.tld`)"
            - "traefik.http.middlewares.jitsi-https-redirect.redirectscheme.scheme=https"
            - "traefik.http.routers.jitsi.middlewares=jitsi-https-redirect"
            - "traefik.http.routers.jitsi-secure.entrypoints=https"
            - "traefik.http.routers.jitsi-secure.rule=Host(`meet.domain.tld`)"
            - "traefik.http.routers.jitsi-secure.tls=true"
            - "traefik.http.routers.jitsi-secure.tls.certresolver=http"
            - "traefik.http.routers.jitsi-secure.service=jitsi"
            - "traefik.http.services.jitsi.loadbalancer.server.port=80"
            - "traefik.docker.network=proxy"        
        expose:
            - 80
            # - '${HTTPS_PORT}:443'
        volumes:
            - ${CONFIG}/web:/config
            # - ${CONFIG}/web/letsencrypt:/etc/letsencrypt
            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
        environment:
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - ENABLE_LETSENCRYPT
            - ENABLE_HTTP_REDIRECT
            - ENABLE_TRANSCRIPTIONS
            - DISABLE_HTTPS
            - JICOFO_AUTH_USER
            - LETSENCRYPT_DOMAIN
            - LETSENCRYPT_EMAIL
            - PUBLIC_URL
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_BOSH_URL_BASE
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_RECORDER_DOMAIN
            - ETHERPAD_URL_BASE
            - TZ
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - ENABLE_RECORDING
        networks:
            proxy:
            meet.jitsi:
                aliases:
                    - ${XMPP_DOMAIN}

    # XMPP server
    prosody:
        image: jitsi/prosody
        expose:
            - '5222'
            - '5347'
            - '5280'
        volumes:
            - ${CONFIG}/prosody:/config
        environment:
            - AUTH_TYPE
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - GLOBAL_MODULES
            - GLOBAL_CONFIG
            - LDAP_URL
            - LDAP_BASE
            - LDAP_BINDDN
            - LDAP_BINDPW
            - LDAP_FILTER
            - LDAP_AUTH_METHOD
            - LDAP_VERSION
            - LDAP_USE_TLS
            - LDAP_TLS_CIPHERS
            - LDAP_TLS_CHECK_PEER
            - LDAP_TLS_CACERT_FILE
            - LDAP_TLS_CACERT_DIR
            - LDAP_START_TLS
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MODULES
            - XMPP_MUC_MODULES
            - XMPP_INTERNAL_MUC_MODULES
            - XMPP_RECORDER_DOMAIN
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JIGASI_XMPP_USER
            - JIGASI_XMPP_PASSWORD
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - JWT_APP_ID
            - JWT_APP_SECRET
            - JWT_ACCEPTED_ISSUERS
            - JWT_ACCEPTED_AUDIENCES
            - JWT_ASAP_KEYSERVER
            - JWT_ALLOW_EMPTY
            - JWT_AUTH_TYPE
            - JWT_TOKEN_AUTH_MODULE
            - LOG_LEVEL
            - TZ
        networks:
            meet.jitsi:
                aliases:
                    - ${XMPP_SERVER}

    # Focus component
    jicofo:
        image: jitsi/jicofo
        volumes:
            - ${CONFIG}/jicofo:/config
        environment:
            - ENABLE_AUTH
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JICOFO_RESERVATION_REST_BASE_URL
            - JVB_BREWERY_MUC
            - JIGASI_BREWERY_MUC
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - TZ
        depends_on:
            - prosody
        networks:
            meet.jitsi:

    # Video bridge
    jvb:
        image: jitsi/jvb
        ports:
            - target: 10000
              published: 10000
              protocol: udp
            - target: 4443
              published: 4443
              protocol: tcp
        volumes:
            - ${CONFIG}/jvb:/config
        environment:
            - DOCKER_HOST_ADDRESS
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JVB_BREWERY_MUC
            - JVB_PORT
            - JVB_TCP_HARVESTER_DISABLED
            - JVB_TCP_PORT
            - JVB_STUN_SERVERS
            - JVB_ENABLE_APIS
            - TZ
        depends_on:
            - prosody
        networks:
            meet.jitsi:

# Custom network so all services can communicate using a FQDN
networks:
    proxy:
        external: true
    meet.jitsi:

Trust me I tried to proxy udp with Traefik 2.2 and it doesn’t work. I beat my head against the wall for a week before I realized that.

1 Like

I beg to differ :smile:. After some thinking and tinkering and your comment on using a different image source I have a working config now. Still not entirely bug free but the path seems to be correct. The issue now is that connections break after 3 minutes. I’ll make a new post for this. Check out my configs that I will post at the end of this Thread.

Cheers,
j.

This is how I got jitsi working behind a traefik router. I left tcp fallback for jvb disabled for now. As mentioned above a connection works for about three (3) minutes, then it breaks. See here for the bug/error report.

traefik docker-compose.yml

version: "3"

services:

  traefik:
    image: traefik:v2.2
    hostname: "traefik"
    container_name: "traefik"
    command:
      - --api=true
      - --api.dashboard=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --log.level=INFO
      - --accesslog=false
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443
      - --entryPoints.adminer.address=:8080
      - --certificatesresolvers.letsencrypt.acme.httpchallenge=true
      - --certificatesresolvers.letsencrypt.acme.email=you@example.com
      - --certificatesResolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
      - --certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=web
      - --entryPoints.rtmp.address=:1935
      - --entryPoints.jvb_tcp.address=:4443
      - --entryPoints.jvb_udp.address=:10000/udp
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`docker.example.com`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.usersfile=/basicauth/usersfile"

      # add hsts headers
      - "traefik.frontend.headers.STSSeconds=31536000"
      - "traefik.frontend.headers.STSIncludeSubdomains=true"
      - "traefik.frontend.headers.STSPreload=true"

      # global redirect http to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=httpsalways"

      # middleware redirect http to https
      - "traefik.http.middlewares.httpsalways.redirectscheme.scheme=https"

      # enable https for api/dashboard
      - "traefik.http.routers.api.tls.certresolver=letsencrypt"
      - "traefik.http.routers.api.entrypoints=websecure"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
      - "1935:1935"
      - "4443:4443"
      - "10000:10000/udp"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./letsencrypt:/letsencrypt"
      - "./basicauth:/basicauth:ro"
    networks:
      - ipv6ula
      - jitsi
    restart: unless-stopped

  whoami:
    image: "containous/whoami"
    container_name: "whoami"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
      - "traefik.http.routers.whoami.entrypoints=websecure"
    networks:
      - ipv6ula
    restart: unless-stopped

  ipv6nat:
    image: "robbertkl/ipv6nat"
    container_name: "ipv6nat"
    hostname: "ipv6nat"
    entrypoint: "/docker-ipv6nat"
    command: "-cleanup -debug"
    network_mode: host
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /lib/modules:/lib/modules:ro
    restart: unless-stopped

networks:
  ipv6ula:
    external: true
  jitsi:
    external: true

jitsi docker-compose.yml

version: '3'


services:
    # Frontend
    web:
        image: quadeare/jitsi-web
        labels:
          - "traefik.enable=true"
          - "traefik.docker.network=jitsi"
          - "traefik.http.routers.jitsi.rule=Host(`host.examle.com`)"
          - "traefik.http.routers.jitsi.tls.certresolver=letsencrypt"
          - "traefik.http.routers.jitsi.entrypoints=websecure"
        expose:
            - "80"
        volumes:
            - ${CONFIG}/web:/config
            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
        environment:
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - ENABLE_LETSENCRYPT
            - ENABLE_HTTP_REDIRECT
            - ENABLE_TRANSCRIPTIONS
            - DISABLE_HTTPS
            - JICOFO_AUTH_USER
            - LETSENCRYPT_DOMAIN
            - LETSENCRYPT_EMAIL
            - PUBLIC_URL
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_BOSH_URL_BASE
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_RECORDER_DOMAIN
            - ETHERPAD_URL_BASE
            - TZ
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - ENABLE_RECORDING
        networks:
            jitsi:
                aliases:
                    - ${XMPP_DOMAIN}

    # XMPP server
    prosody:
        image: quadeare/jitsi-prosody
        expose:
            - '5222'
            - '5347'
            - '5280'
        volumes:
            - ${CONFIG}/prosody:/config
        environment:
            - AUTH_TYPE
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - GLOBAL_MODULES
            - GLOBAL_CONFIG
            - LDAP_URL
            - LDAP_BASE
            - LDAP_BINDDN
            - LDAP_BINDPW
            - LDAP_FILTER
            - LDAP_AUTH_METHOD
            - LDAP_VERSION
            - LDAP_USE_TLS
            - LDAP_TLS_CIPHERS
            - LDAP_TLS_CHECK_PEER
            - LDAP_TLS_CACERT_FILE
            - LDAP_TLS_CACERT_DIR
            - LDAP_START_TLS
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MODULES
            - XMPP_MUC_MODULES
            - XMPP_INTERNAL_MUC_MODULES
            - XMPP_RECORDER_DOMAIN
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JIGASI_XMPP_USER
            - JIGASI_XMPP_PASSWORD
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - JWT_APP_ID
            - JWT_APP_SECRET
            - JWT_ACCEPTED_ISSUERS
            - JWT_ACCEPTED_AUDIENCES
            - JWT_ASAP_KEYSERVER
            - JWT_ALLOW_EMPTY
            - JWT_AUTH_TYPE
            - JWT_TOKEN_AUTH_MODULE
            - LOG_LEVEL
            - TZ
        networks:
            jitsi:
                aliases:
                    - ${XMPP_SERVER}

    # Focus component
    jicofo:
        image: quadeare/jitsi-jicofo
        volumes:
            - ${CONFIG}/jicofo:/config
        environment:
            - ENABLE_AUTH
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JICOFO_RESERVATION_REST_BASE_URL
            - JVB_BREWERY_MUC
            - JIGASI_BREWERY_MUC
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - TZ
        depends_on:
            - prosody
        networks:
            jitsi:

    # Video bridge
    jvb:
        image: quadeare/jitsi-jvb
        labels:
          - "traefik.enable=true"
          - "traefik.docker.network=jitsi"
          - "traefik.udp.routers.jvb.entrypoints=jvb_udp"
          - "traefik.udp.routers.jvb.service=jvb"
          - "traefik.udp.services.jvb.loadbalancer.server.port=${JVB_PORT}"
        expose:
            - '${JVB_PORT}/udp'
            - '${JVB_TCP_PORT}'
        volumes:
            - ${CONFIG}/jvb:/config
        environment:
            - DOCKER_HOST_ADDRESS
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JVB_BREWERY_MUC
            - JVB_PORT
            - JVB_TCP_HARVESTER_DISABLED
            - JVB_TCP_PORT
            - JVB_STUN_SERVERS
            - JVB_ENABLE_APIS
            - TZ
        depends_on:
            - prosody
        networks:
            jitsi:

# Custom network so all services can communicate using a FQDN
networks:
    jitsi:
        external: true

remarks

You need to define both networks using docker in order to make this work and also have other services behind traefik. I fyou are not interested in ipv6 you can delete the ipv6nat part entirely.

update

There where two errors in the above docker-compose.yml for jitsi. Both `traefik.docker.network=" labels were wrong and are fixed now.

thx for investigating this further. I tried your config. It didn’t work for more than 2 participants. It might be that only the udp route and service is configured for port 10000. but not the backup port 4443/tcp. I tried to fix this by adding route and service for 4443 but was unsuccessful.

Maybe you copy/pasted the above configuration(s)? Did you notice the error I described in my update some minutes ago? I just had another test session involving three participants connected through two different networks and had a conversation going for seven minutes until this bug? hit again.

Hi all,

I revert my previously stated opinion and agree with @mattvoss that currently udp routing through traefik does not work for jitsi. However, it’s quite easy to get things going. All you have to do is make some minor changes to docker-compose.yml for traefik and jitsi and you have a running server. The downside is that you are limited to one jvb for the time being.

Complete docker-compose.yml for traefik:


services:

  traefik:
    image: traefik:v2.2
    hostname: "traefik"
    container_name: "traefik"
    command:
      - --api=true
      - --api.dashboard=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --log.level=INFO
      - --accesslog=false
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443
      - --certificatesresolvers.letsencrypt.acme.httpchallenge=true
      - --certificatesresolvers.letsencrypt.acme.email=you@example.com
      - --certificatesResolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
      - --certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=web
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`docker.example.com`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.usersfile=/basicauth/usersfile"

      # add hsts headers
      - "traefik.frontend.headers.STSSeconds=31536000"
      - "traefik.frontend.headers.STSIncludeSubdomains=true"
      - "traefik.frontend.headers.STSPreload=true"

      # global redirect http to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=httpsalways"

      # middleware redirect http to https
      - "traefik.http.middlewares.httpsalways.redirectscheme.scheme=https"

      # enable https for api/dashboard
      - "traefik.http.routers.api.tls.certresolver=letsencrypt"
      - "traefik.http.routers.api.entrypoints=websecure"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./letsencrypt:/letsencrypt"
      - "./basicauth:/basicauth:ro"
    networks:
      - jitsi
    restart: unless-stopped

networks:
  jitsi:
    external: true

I also removed all the (maybe confusing) ipv6nat stuff from this config.
This is the docker-compose.yml for jitsi we are currently using. Basically just remove the entire labels section for the jvb container and change the expose section to port, specifying the same port external and internal. Make sure port ${JVB_UDP_PORT} is not in use by traefik.

version: '3'


services:
    # Frontend
    web:
        image: quadeare/jitsi-web
        labels:
          - "traefik.enable=true"
          - "traefik.docker.network=jitsi"
          - "traefik.http.routers.jitsi.rule=Host(`host.examle.com`)"
          - "traefik.http.routers.jitsi.tls.certresolver=letsencrypt"
          - "traefik.http.routers.jitsi.entrypoints=websecure"
        expose:
            - "80"
        volumes:
            - ${CONFIG}/web:/config
            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
        environment:
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - ENABLE_LETSENCRYPT
            - ENABLE_HTTP_REDIRECT
            - ENABLE_TRANSCRIPTIONS
            - DISABLE_HTTPS
            - JICOFO_AUTH_USER
            - LETSENCRYPT_DOMAIN
            - LETSENCRYPT_EMAIL
            - PUBLIC_URL
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_BOSH_URL_BASE
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_RECORDER_DOMAIN
            - ETHERPAD_URL_BASE
            - TZ
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - ENABLE_RECORDING
        networks:
            jitsi:
                aliases:
                    - ${XMPP_DOMAIN}

    # XMPP server
    prosody:
        image: quadeare/jitsi-prosody
        expose:
            - '5222'
            - '5347'
            - '5280'
        volumes:
            - ${CONFIG}/prosody:/config
        environment:
            - AUTH_TYPE
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - GLOBAL_MODULES
            - GLOBAL_CONFIG
            - LDAP_URL
            - LDAP_BASE
            - LDAP_BINDDN
            - LDAP_BINDPW
            - LDAP_FILTER
            - LDAP_AUTH_METHOD
            - LDAP_VERSION
            - LDAP_USE_TLS
            - LDAP_TLS_CIPHERS
            - LDAP_TLS_CHECK_PEER
            - LDAP_TLS_CACERT_FILE
            - LDAP_TLS_CACERT_DIR
            - LDAP_START_TLS
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MODULES
            - XMPP_MUC_MODULES
            - XMPP_INTERNAL_MUC_MODULES
            - XMPP_RECORDER_DOMAIN
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JIGASI_XMPP_USER
            - JIGASI_XMPP_PASSWORD
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - JWT_APP_ID
            - JWT_APP_SECRET
            - JWT_ACCEPTED_ISSUERS
            - JWT_ACCEPTED_AUDIENCES
            - JWT_ASAP_KEYSERVER
            - JWT_ALLOW_EMPTY
            - JWT_AUTH_TYPE
            - JWT_TOKEN_AUTH_MODULE
            - LOG_LEVEL
            - TZ
        networks:
            jitsi:
                aliases:
                    - ${XMPP_SERVER}

    # Focus component
    jicofo:
        image: quadeare/jitsi-jicofo
        volumes:
            - ${CONFIG}/jicofo:/config
        environment:
            - ENABLE_AUTH
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JICOFO_RESERVATION_REST_BASE_URL
            - JVB_BREWERY_MUC
            - JIGASI_BREWERY_MUC
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - TZ
        depends_on:
            - prosody
        networks:
            jitsi:

    # Video bridge
    jvb:
        image: quadeare/jitsi-jvb
        ports:
            - '${JVB_PORT}:${JVB_PORT}/udp'
        volumes:
            - ${CONFIG}/jvb:/config
        environment:
            - DOCKER_HOST_ADDRESS
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JVB_BREWERY_MUC
            - JVB_PORT
            - JVB_TCP_HARVESTER_DISABLED
            - JVB_TCP_PORT
            - JVB_STUN_SERVERS
            - JVB_ENABLE_APIS
            - TZ
        depends_on:
            - prosody
        networks:
            jitsi:

# Custom network so all services can communicate using a FQDN
networks:
    jitsi:
        external: true

Cheers,
j.

@jogi I quickly tried your latest example.

I swapped out the example.docker.com for localhost and host.example.com for jitsi.docker.localhost. I also copied over the example .env file from here: https://github.com/jitsi/docker-jitsi-meet/blob/master/env.example

I then try docker-compose up on the Traefik server settings you provided and got:

ERROR: compose.cli.main.main: The Compose file './docker-compose.yml' is invalid because:
Unsupported config option for networks: 'jitsi'
Unsupported config option for services: 'traefik'

You need to add version: '3' at the top of your first paste in order to fix that error. I then removed most of the auth stuff.

I now just get:

404 page not found

on jitsi.docker.localhost

Are you able to get this example working on localhost?

traefik docker-compose.yml:

version: '3'


services:

  traefik:
    image: traefik:v2.2
    hostname: "traefik"
    container_name: "traefik"
    command:
      - --api=true
      - --api.dashboard=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --log.level=INFO
      - --accesslog=false
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443
      #- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
      #- --certificatesresolvers.letsencrypt.acme.email="blah@blah"
      #- --certificatesResolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
      #- --certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=web
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`localhost`)"
      - "traefik.http.routers.api.service=api@internal"
      # - "traefik.http.routers.api.middlewares=auth"
      # - "traefik.http.middlewares.auth.basicauth.usersfile=/basicauth/usersfile"

      # add hsts headers
      # - "traefik.frontend.headers.STSSeconds=31536000"
      # - "traefik.frontend.headers.STSIncludeSubdomains=true"
      # - "traefik.frontend.headers.STSPreload=true"

      # global redirect http to https
      # - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      # - "traefik.http.routers.http-catchall.entrypoints=web"
      # - "traefik.http.routers.http-catchall.middlewares=httpsalways"

      # middleware redirect http to https
      # - "traefik.http.middlewares.httpsalways.redirectscheme.scheme=https"

      # enable https for api/dashboard
      # - "traefik.http.routers.api.tls.certresolver=letsencrypt"
      # - "traefik.http.routers.api.entrypoints=websecure"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      # - "${CONFIG}/letsencrypt:/letsencrypt"
      # - "${CONFIG}/basicauth:/basicauth:ro"
    networks:
        jitsi:
    restart: unless-stopped

networks:
  jitsi:
    external: true

jitsi docker-compise.yml:

version: '3'


services:
    # Frontend
    web:
        image: quadeare/jitsi-web
        labels:
          - "traefik.enable=true"
          - "traefik.docker.network=jitsi"
          - "traefik.http.routers.jitsi.rule=Host(`jitsi.docker.localhost`)"
          - "traefik.http.routers.jitsi.tls.certresolver=letsencrypt"
          - "traefik.http.routers.jitsi.entrypoints=websecure"
        expose:
            - "80"
        volumes:
            - ./web:/config
            - ./transcripts:/usr/share/jitsi-meet/transcripts
        environment:
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - ENABLE_LETSENCRYPT
            - ENABLE_HTTP_REDIRECT
            - ENABLE_TRANSCRIPTIONS
            - DISABLE_HTTPS
            - JICOFO_AUTH_USER
            - LETSENCRYPT_DOMAIN
            - LETSENCRYPT_EMAIL
            - PUBLIC_URL
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_BOSH_URL_BASE
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_RECORDER_DOMAIN
            - ETHERPAD_URL_BASE
            - TZ
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - ENABLE_RECORDING
        networks:
            jitsi:
                aliases:
                    - ${XMPP_DOMAIN}

    # XMPP server
    prosody:
        image: quadeare/jitsi-prosody
        expose:
            - '5222'
            - '5347'
            - '5280'
        volumes:
            - ${CONFIG}/prosody:/config
        environment:
            - AUTH_TYPE
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - GLOBAL_MODULES
            - GLOBAL_CONFIG
            - LDAP_URL
            - LDAP_BASE
            - LDAP_BINDDN
            - LDAP_BINDPW
            - LDAP_FILTER
            - LDAP_AUTH_METHOD
            - LDAP_VERSION
            - LDAP_USE_TLS
            - LDAP_TLS_CIPHERS
            - LDAP_TLS_CHECK_PEER
            - LDAP_TLS_CACERT_FILE
            - LDAP_TLS_CACERT_DIR
            - LDAP_START_TLS
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MODULES
            - XMPP_MUC_MODULES
            - XMPP_INTERNAL_MUC_MODULES
            - XMPP_RECORDER_DOMAIN
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JIGASI_XMPP_USER
            - JIGASI_XMPP_PASSWORD
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - JWT_APP_ID
            - JWT_APP_SECRET
            - JWT_ACCEPTED_ISSUERS
            - JWT_ACCEPTED_AUDIENCES
            - JWT_ASAP_KEYSERVER
            - JWT_ALLOW_EMPTY
            - JWT_AUTH_TYPE
            - JWT_TOKEN_AUTH_MODULE
            - LOG_LEVEL
            - TZ
        networks:
            jitsi:
                aliases:
                    - ${XMPP_SERVER}

    # Focus component
    jicofo:
        image: quadeare/jitsi-jicofo
        volumes:
            - ${CONFIG}/jicofo:/config
        environment:
            - ENABLE_AUTH
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JICOFO_RESERVATION_REST_BASE_URL
            - JVB_BREWERY_MUC
            - JIGASI_BREWERY_MUC
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - TZ
        depends_on:
            - prosody
        networks:
            jitsi:

    # Video bridge
    jvb:
        image: quadeare/jitsi-jvb
        ports:
            - '${JVB_PORT}:${JVB_PORT}/udp'
        volumes:
            - ${CONFIG}/jvb:/config
        environment:
            - DOCKER_HOST_ADDRESS
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JVB_BREWERY_MUC
            - JVB_PORT
            - JVB_TCP_HARVESTER_DISABLED
            - JVB_TCP_PORT
            - JVB_STUN_SERVERS
            - JVB_ENABLE_APIS
            - TZ
        depends_on:
            - prosody
        networks:
            jitsi:

# Custom network so all services can communicate using a FQDN
networks:
    jitsi:
        external: true

Yes, I get this example working on localhost, with a slight modification. In your docker-compose.yml for traefik you disable letsencrypt but in your docker-compose.yml for jitsi you use it. Then traefik complains

traefik    | time="2020-04-05T09:30:03Z" level=error msg="the router jitsi@docker uses a non-existent resolver: letsencrypt"

and displays the 404 in your browser.
To get your setup working, remove the label referring to certresolver=letsencrypt and change the entrypoints=websecure to entrypoints=web. Volià, a running jitsi on localhost! At least the webpage worked, didn’t try using it :wink:.

Cheers,
j.

Attention

The docker-compose.yml above is missing the required version: '3' line at the beginning of the file! Thanks @finn for spotting that!

Thanks, that worked. I feel it should fail gracefully if such an error is encountered since it brings it into a non-working state. Interestingly, it won’t detect my microphone or webcam. At least now, I can try and roll this out to deployment after checking it works on localhost.

Has anyone got this working with load balancers? I tried plugging this into my current setup. I currently just get “Bad Gateway”. I can easily bring this up with TheLounge or Portainer but not Jitsi. I don’t see any obvious error messages in the logs:

Jitsi:

version: '3'


services:
    # Frontend
    web:
        image: quadeare/jitsi-web
        container_name: jitsi
        restart: unless-stopped
        security_opt: 
          - no-new-privileges:true
        networks:
          proxy:
              aliases:
                  - ${XMPP_DOMAIN}
        labels:
          - "traefik.enable=true"
          - "traefik.http.routers.jitsi.entrypoints=http"
          - "traefik.http.routers.jitsi.rule=Host(`jitsi.blah.com`)"
          - "traefik.http.middlewares.jitsi-https-redirect.redirectscheme.scheme=https"
          - "traefik.http.routers.jitsi.middlewares=jitsi-https-redirect"
          - "traefik.http.routers.jitsi-secure.entrypoints=https"
          - "traefik.http.routers.jitsi-secure.rule=Host(`jitsi.blah.com`)"
          - "traefik.http.routers.jitsi-secure.tls=true"
          - "traefik.http.routers.jitsi-secure.tls.certresolver=http"
          - "traefik.http.routers.jitsi-secure.service=jitsi"
          - "traefik.http.services.jitsi.loadbalancer.server.port=9000"
          - "traefik.docker.network=proxy"
        expose:
            - "80"
            - "443"
        volumes:
            - ./web:/config
            - ./transcripts:/usr/share/jitsi-meet/transcripts
        environment:
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - ENABLE_LETSENCRYPT
            - ENABLE_HTTP_REDIRECT
            - ENABLE_TRANSCRIPTIONS
            - DISABLE_HTTPS
            - JICOFO_AUTH_USER
            - LETSENCRYPT_DOMAIN
            - LETSENCRYPT_EMAIL
            - PUBLIC_URL
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_BOSH_URL_BASE
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_RECORDER_DOMAIN
            - ETHERPAD_URL_BASE
            - TZ
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - ENABLE_RECORDING

    # XMPP server
    prosody:
        image: quadeare/jitsi-prosody
        expose:
            - '5222'
            - '5347'
            - '5280'
        volumes:
            - ${CONFIG}/prosody:/config
        environment:
            - AUTH_TYPE
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - GLOBAL_MODULES
            - GLOBAL_CONFIG
            - LDAP_URL
            - LDAP_BASE
            - LDAP_BINDDN
            - LDAP_BINDPW
            - LDAP_FILTER
            - LDAP_AUTH_METHOD
            - LDAP_VERSION
            - LDAP_USE_TLS
            - LDAP_TLS_CIPHERS
            - LDAP_TLS_CHECK_PEER
            - LDAP_TLS_CACERT_FILE
            - LDAP_TLS_CACERT_DIR
            - LDAP_START_TLS
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MODULES
            - XMPP_MUC_MODULES
            - XMPP_INTERNAL_MUC_MODULES
            - XMPP_RECORDER_DOMAIN
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JIGASI_XMPP_USER
            - JIGASI_XMPP_PASSWORD
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - JWT_APP_ID
            - JWT_APP_SECRET
            - JWT_ACCEPTED_ISSUERS
            - JWT_ACCEPTED_AUDIENCES
            - JWT_ASAP_KEYSERVER
            - JWT_ALLOW_EMPTY
            - JWT_AUTH_TYPE
            - JWT_TOKEN_AUTH_MODULE
            - LOG_LEVEL
            - TZ
        networks:
            proxy:
                aliases:
                    - ${XMPP_SERVER}

    # Focus component
    jicofo:
        image: quadeare/jitsi-jicofo
        volumes:
            - ${CONFIG}/jicofo:/config
        environment:
            - ENABLE_AUTH
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JICOFO_RESERVATION_REST_BASE_URL
            - JVB_BREWERY_MUC
            - JIGASI_BREWERY_MUC
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - TZ
        depends_on:
            - prosody
        networks:
            proxy:

    # Video bridge
    jvb:
        image: quadeare/jitsi-jvb
        ports:
            - '${JVB_PORT}:${JVB_PORT}/udp'
        volumes:
            - ${CONFIG}/jvb:/config
        environment:
            - DOCKER_HOST_ADDRESS
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JVB_BREWERY_MUC
            - JVB_PORT
            - JVB_TCP_HARVESTER_DISABLED
            - JVB_TCP_PORT
            - JVB_STUN_SERVERS
            - JVB_ENABLE_APIS
            - TZ
        depends_on:
            - prosody
        networks:
            proxy:

# Custom network so all services can communicate using a FQDN
networks:
    proxy:
        external: true

Traefik:

version: '3'

services:
  traefik:
    env_file:
      - user.env
    image: traefik:v2.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`blah.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${USER}:${PASSWORD}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`blah.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

The line:
“traefik.http.services.jitsi.loadbalancer.server.port=9000”
should be:
“traefik.http.services.jitsi.loadbalancer.server.port=80”

You are telling Traefik which port from the container it should be connecting to. It appears you are doing SSL termination so you should be connecting to port 80 from the jitsi-web container as the nginx instance in that container is listening on port 80 for http requests.

Thanks, that worked and it’s now up and running.

There are several compose files posted here.
A bit confusing :wink:
Which one is a working version?
Is there a Github Repo with the working version?

I assume, this is not the latest working version here:

Thanks for all hints.

1 Like

Because of popular demand I post three files here:

instructions

  1. configure docker
    1. create the networks needed for traefik; here they are called meet.jitsi and ipv6nat. The latter only makes sense if you have ipv6 and want to use it. I run the meet.jitsi network without ipv6 support since I have to bypass traefik for the jvb udp port.
    2. disable docker’s userland proxy (ipv6nat needs that) by setting “userland-proxy”: false; in /etc/docker/daemon.json; restart docker after doing that
  2. create the directories for traefik
  3. create the directories for jitsi
  4. copy the attached files to the appropriate directories and rename them (strip the prefixes and the .txt suffixes I had to add to trick the upload filter) and rename env.txt to .env. Edit the files to suit your needs!
  5. cd to the directory where traefik’s docker-compose.yml lives and run docker-compose up -d
  6. cd to the directory where jitsi’s docker-compose.yml lives and run docker-compose up -d
    That should do it.

directory layout

After creating all directories you should have something like this:

traefik/
        basicauth/
        docker-compose.yml
        letsencrypt/
jitsi/
      config/
      docker-compose.yml
      .env

Hope that helps :smile:

4 Likes

Dear @jogi,
after the necessary adjustments I got the containers up but Jitsi is faulty. When I connect with chrome to my Jitsi URL the Jitsi session manager (selection of available sessions, creating new sessions) shows up.
When I connect to a meeting room then my webcam video stream comes up for a second followed ba an error window saying:
"Unfortunately, something went wrong. We’re trying to fix this. Reconnecting in …"

Is this related to the UDP connection passing by Jitsi?

Can you see anything from the docker config reported further below?

Thank you.

My adjustments, amendments and comments to your scripts:

I have not set any explicit JVB_UDP_PORT.

Creating missing config dirs:

mkdir -p ~/.jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb,jigasi,jibri}

I am not using ipv6 (at least I think I am not).
The file /etc/docker/daemon.json does not exist on my machine.

I renamed the network in the config files: ipv6uva -> stuff and created the networks:

docker network create meet.jitsi
docker network create stuff

My current docker setup

$ docker ps

CONTAINER ID        IMAGE                           COMMAND                  CREATED             STATUS                         PORTS                                      NAMES
689e03fe4410        quadeare/jitsi-jvb:stable       "/init"                  32 minutes ago      Restarting (1) 4 seconds ago                                              jitsi_jvb_1
5296783b0d41        quadeare/jitsi-jicofo:stable    "/init"                  32 minutes ago      Restarting (1) 4 seconds ago                                              jitsi_jicofo_1
fef3a27153c3        quadeare/jitsi-web:stable       "/init"                  32 minutes ago      Up 32 minutes                  80/tcp, 443/tcp                            jitsi_web_1
71a945c99958        quadeare/jitsi-prosody:stable   "/init"                  32 minutes ago      Up 32 minutes                  5222/tcp, 5269/tcp, 5280/tcp, 5347/tcp     jitsi_prosody_1
12e79e8eb21e        containous/whoami               "/whoami"                33 minutes ago      Up 33 minutes                  80/tcp                                     whoami
d54cb4fb29cf        traefik:v2.2                    "/entrypoint.sh --ap…"   33 minutes ago      Up 33 minutes                  0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   traefik

$ docker network ls

NETWORK ID          NAME                DRIVER              SCOPE
6d1645b0d990        bridge              bridge              local
447936f29d7f        host                host                local
2e26a44a5dbd        meet.jitsi          bridge              local
78c787af8782        none                null                local
5fc3419c1962        stuff               bridge              local

$ docker network inspect meet.jitsi

[
    {
        "Name": "meet.jitsi",
        "Id": "2e26a44a5dbd722d90d363ea36f4694d1b203743bb492ba57aa30ee4f596a324",
        "Created": "2020-04-19T11:19:03.206710461+02:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.23.0.0/16",
                    "Gateway": "172.23.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "71a945c99958779f76da863dda7726ffbf3c33128eb7a467a916b321a4938edf": {
                "Name": "jitsi_prosody_1",
                "EndpointID": "eb814493b1b80e76ced81f09498b1e323ed48280084b59e80f863ec36b4f5817",
                "MacAddress": "02:42:ac:17:00:04",
                "IPv4Address": "172.23.0.4/16",
                "IPv6Address": ""
            },
            "d54cb4fb29cf886acec167d0ff1187745d7f2033f1c74feabaf871ce6fcaf49d": {
                "Name": "traefik",
                "EndpointID": "3b57e2a471349315542a8f5a005ebec64f38d52a11b64fe9d11aa25632719fbc",
                "MacAddress": "02:42:ac:17:00:02",
                "IPv4Address": "172.23.0.2/16",
                "IPv6Address": ""
            },
            "fef3a27153c3c2e398ba1beca502f0ae0f019c9b3935c2e207a4e37f6f42e062": {
                "Name": "jitsi_web_1",
                "EndpointID": "bc3b309647aca2bc9134455e654cb51f28c09a85e5b77900c3d1cc845953ae3c",
                "MacAddress": "02:42:ac:17:00:03",
                "IPv4Address": "172.23.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

$ docker inspect jitsi_jvb_1

[
    {
        "Id": "689e03fe4410db82ef378c8a125275af439602bfee340895f18678066c135818",
        "Created": "2020-04-19T09:53:25.638986581Z",
        "Path": "/init",
        "Args": [],
        "State": {
            "Status": "restarting",
            "Running": true,
            "Paused": false,
            "Restarting": true,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 0,
            "ExitCode": 1,
            "Error": "",
            "StartedAt": "2020-04-19T10:32:31.910122856Z",
            "FinishedAt": "2020-04-19T10:32:35.55189294Z"
        },
        "Image": "sha256:5c983e7944e36135dc6f68fea1f632bd1abe0be431e2ac0ca47f5611c40c1a52",
        "ResolvConfPath": "/var/lib/docker/containers/689e03fe4410db82ef378c8a125275af439602bfee340895f18678066c135818/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/689e03fe4410db82ef378c8a125275af439602bfee340895f18678066c135818/hostname",
        "HostsPath": "/var/lib/docker/containers/689e03fe4410db82ef378c8a125275af439602bfee340895f18678066c135818/hosts",
        "LogPath": "/var/lib/docker/containers/689e03fe4410db82ef378c8a125275af439602bfee340895f18678066c135818/689e03fe4410db82ef378c8a125275af439602bfee340895f18678066c135818-json.log",
        "Name": "/jitsi_jvb_1",
        "RestartCount": 45,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "docker-default",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "/home/docker/.jitsi-meet-cfg/jvb:/config:rw"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "meet.jitsi",
            "PortBindings": {
                "10000/udp": [
                    {
                        "HostIp": "",
                        "HostPort": "10000"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "unless-stopped",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": [],
            "CapAdd": null,
            "CapDrop": null,
            "Capabilities": null,
            "Dns": null,
            "DnsOptions": null,
            "DnsSearch": null,
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "shareable",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": null,
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/11a58e0003256860076e22f56accd46a69f500be959b386074d973fe5781d531-init/diff:/var/lib/docker/overlay2/caa3cc6f932fc09a06aa00dc95368671989bf6df8d938cdf0b3679e9bed8104a/diff:/var/lib/docker/overlay2/ce749e1a2f9b20dfedd69143646d47dc480236192f5894ccd1d010a6b3b33f56/diff:/var/lib/docker/overlay2/919020ddb1b3255c85a99bbb0c8cec5b61a8bd672e074cca853154a039d439a9/diff:/var/lib/docker/overlay2/2783071874fa30e565543f179458eb701b240381a643c81d6ddd109f682818a2/diff:/var/lib/docker/overlay2/cef8305af061eb9a07aa3b00c78b6c41f1b25520010934a3ad535ea59df05aa8/diff:/var/lib/docker/overlay2/4f1b7ff2d236ca9041c38a7532dbc9cea8a8b5d055ed103401d4a329abfd8461/diff:/var/lib/docker/overlay2/7ab308b290979bcb225269f75623bc3ab7325b4dfe213783dcb6f1796b18e833/diff:/var/lib/docker/overlay2/1d68c3445a1e14bcb95011141796d9126b13c4e82537ea46f4e6c01ea5c4f605/diff:/var/lib/docker/overlay2/662a9101a71190a743998b25c1934c0794b92884ce4019247f3a3b41c48fa3e2/diff",
                "MergedDir": "/var/lib/docker/overlay2/11a58e0003256860076e22f56accd46a69f500be959b386074d973fe5781d531/merged",
                "UpperDir": "/var/lib/docker/overlay2/11a58e0003256860076e22f56accd46a69f500be959b386074d973fe5781d531/diff",
                "WorkDir": "/var/lib/docker/overlay2/11a58e0003256860076e22f56accd46a69f500be959b386074d973fe5781d531/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [
            {
                "Type": "bind",
                "Source": "/home/docker/.jitsi-meet-cfg/jvb",
                "Destination": "/config",
                "Mode": "rw",
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
        "Config": {
            "Hostname": "689e03fe4410",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "10000/udp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "DOCKER_HOST_ADDRESS=PUBLIC_IPV4_ADDRESS",
                "XMPP_AUTH_DOMAIN=auth.meet.jitsi",
                "XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi",
                "XMPP_SERVER=xmpp.meet.jitsi",
                "JVB_AUTH_USER=jvb",
                "JVB_AUTH_PASSWORD=",
                "JVB_BREWERY_MUC=jvbbrewery",
                "JVB_PORT=10000",
                "JVB_TCP_HARVESTER_DISABLED=true",
                "JVB_TCP_PORT=4443",
                "JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443",
                "JVB_ENABLE_APIS",
                "TZ=Europe/Vienna",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "S6_BEHAVIOUR_IF_STAGE2_FAILS=2"
            ],
            "Cmd": null,
            "Image": "quadeare/jitsi-jvb:stable",
            "Volumes": {
                "/config": {}
            },
            "WorkingDir": "",
            "Entrypoint": [
                "/init"
            ],
            "OnBuild": null,
            "Labels": {
                "com.docker.compose.config-hash": "4dc11070d8833db2585d9a63a86a64755a37eafa8ac3547ae0a2454c40ae12ab",
                "com.docker.compose.container-number": "1",
                "com.docker.compose.oneoff": "False",
                "com.docker.compose.project": "jitsi",
                "com.docker.compose.project.config_files": "docker-compose.yml",
                "com.docker.compose.project.working_dir": "/home/docker/Install/Jogi/jitsi",
                "com.docker.compose.service": "jvb",
                "com.docker.compose.version": "1.25.5"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "094dd20c4833335c183f53bcf4d0c8a2cc048dfc63690a11534bdef8f43853dc",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/094dd20c4833",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "meet.jitsi": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "689e03fe4410",
                        "jvb"
                    ],
                    "NetworkID": "2e26a44a5dbd722d90d363ea36f4694d1b203743bb492ba57aa30ee4f596a324",
                    "EndpointID": "",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "",
                    "DriverOpts": null
                }
            }
        }
    }
]

@Rolllo - I’m also facing this same problem with previously working deployments using the latest stable release.

It used to work with the exact deployment files I pasted earlier, except with the load balancer port fix which was suggested to me. I try copying these scripts over to a new deployment and the latest containers fail for me.

I checked the logs and I’m seeing a lot of these:

jicofo_1   | Jicofo 2020-04-19 16:38:14.472 SEVERE: [28] org.jitsi.jicofo.health.Health.log() No MUC service found on XMPP domain or Jicofo has not finished initial components discovery yet
jicofo_1   | Jicofo 2020-04-19 16:38:14.472 SEVERE: [28] org.jitsi.jicofo.health.Health.log() Health check failed in PT0.001S:
jvb_1      | SEVERE: org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
jvb_1      | org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
jvb_1      | 	at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:292)
jvb_1      | 	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1100)
jvb_1      | 	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
jvb_1      | 	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
jvb_1      | 	at java.lang.Thread.run(Thread.java:748)

Is this what you’re seeing too?