Two Jitsi Shards with HAProxy

Hello everyone, hope you are doing great

I’ve deployed two Jitsi Meet shards on ubuntu servers with same domain name, configuration and same ssl certificate.
each one has internal IP address as follows:
Shard1 : 192.168.2.201
Shard2 : 192.168.2.202

and installed HAProxy with two network cards as follows
eth0: public IP x.x.x.x
eth1: 192.168.2.200

with the following conf

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend Jitsi_In
bind x.x.x.x:80
bind x.x.x.x:443 ssl crt /etc/ssl/full.pem
mode http
option httpclose
option forwardfor
reqadd x-forwarded-proto:\ https
default_backend Jitsi_SRVs

backend Jitsi_SRVs
mode http
balance source
stick-table type string len 256 size 200k expire 120m
stick on url_param(room)
server Jitsi01 192.168.2.201:443 check ssl verify none
server Jitsi02 192.168.2.202:443 check ssl verify none

listen stats
bind x.x.x.x:8080
stats uri /
stats realm Haproxy \ statistics

I’ve added the following to the sip-communicator.properties on both shards

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER =true
#org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS =true
org.jitsi.videobridge.STATISTICS_TRANSPORT =muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME =localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN =auth.meet2.expertapps.com.sa
org.jitsi.videobridge.xmpp.user.shard.USERNAME =jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD =lLeLlbl7
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS =JvbBrewery@internal.auth.meet2.expertapps.com.sa
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME =ffc088c9-b89d-4fed-9e15-f3071b95279a
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS =local address
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS =public address

everything work fine internally (internal network) but when I join the conference from outside no video/audio but right room/conference

Any suggestions?

Thank you

Is this the same for both jvbs? So you have everything behind one public address? And you have two bridges that are installed on the same server as the rest of the stuff?

Yes

If you are using the same public address for both, how did you setup the 10000 udp port forwarding?

You need to make jvb1 use let’s say port 10001 and jvb2 to use port 10002 and make the appropriate port forwarding for their internal addresses.
Like … org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=10001.

I need more clarification regarding the appropriate port forwarding to internal addresses please. Specially when dealing with haproxy

Thank you so much for helping.

Jicofo assigns each conference participant to a specific bridge. So you don’t use haproxy for load balancing the media traffic (to the JVBs). Only for balancing between shards. Each JVB needs its own external ip/port combination. So either separate IPs, all on port 10000, or one IP, and different ports for each JVB.

1 Like

As I understand, correct me if I’m wrong, the HAProxy is the one who deliver the response to the client so it receive the request and forward it to one of shards then the shard’s jcofo will handle the media traffic against the JVB of this shard, and then it will back the response to HAProxy to deliver it to the end user.

is the response UDP ? or included in the original https request? and if it’s udp, is there is any further config related to the forwarding rules?
Or the media server JVB will communicate to the end user directly?
As my issue is everything working fine internally (in the internal network 192.168.2.0) but no video/audio when outside.

Yep, that’s it, the clients send media directly to jvb and receive it from it directly and that is udp only.

What goes through haproxy is signaling and is TCP only, bosh or WebSockets.

1 Like