Split jvb and sigalling on different servers

Test: signalling (prosody, jicofo) on heu20, videobridge on OVH, frees port 443, which allows users to connect their media streams even when behind restricted firewalls

config to change: /etc/jitsi/videobridge/config

Discussion see https://community.jitsi.org/t/jvb-how-to-listen-to-port-443/15017/6

Network description

Signalling on heu20
meet.fairchat.net
                   +                           +
                   |                           |
                   |                           |
                   v                           |
                  443                          |
               +-------+                       |
               |       |                       |
               | NginX |                       |
               |       |                       |
               +--+-+--+                       |
                  | |                          |
+------------+    | |    +--------------+      |
|            |    | |    |              |      |
| jitsi-meet +<---+ +--->+ prosody/xmpp |      |
|            |files 5280 |              |      |
+------------+           +--------------+      v
                     5222,5347^    ^5347      4443 and 443
                +--------+    |    |    +-------------+
                |        |    |    |    |             |
                | jicofo +----^    ^----+ videobridge |
                |        |              |     on OVH  |
                +--------+              +-------------+

changed the description

changed the description

Reactivated meet.fairchat.net and added bridge to /etc/jitsi/videobridge/config

But: Jicofo 2018-12-19 18:54:29.359 SEVERE: [37] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Can not invite participant -- no bridge available.

mentioned in issue #18 (closed)

Videobridge is connected via component, incoming port is 5347:

/etc/prosody/conf.avail/meet.fairchat.net.cfg.lua has defined

Component "jitsi-videobridge.meet.fairchat.net"
    component_secret = "wE....."

So the setting of the videobridge /etc/jitsi/videobridge/config has to be set in the videobridge (OVH server).

@rsc bitte für heu20 Port 5347 durchschleifen von externer IP 183.167.63.178.

changed the description

mentioned in issue #17 (closed)

mentioned in issue #7 (closed)

@rsc bitte für heu20 Port 5347 durchschleifen von externer IP 178.63.167.183

(IP war oben fälschlicherweise reverse looked up)

Done.

lG Ralf

Firewall on OVH

  allow from 178.63.167.183 port 5347 to 54.37.204.4 port 5347

extended to

  ufw allow 5347

not sure if there is any incoming traffic for the xmpp server at all

Tested

• on fairmeeting.net (OVH) server changed /etc/jitsi/jicofo/config to connect to meet.fairchat.net signalling
• shut down jvb on heu20

--> no connection to video bridge

How to set-up of two video bridges in parallel

server1, is running nginx, prosody and jvb1 and its address is ip.of.server.1. server2 is running only jvb and its address is ip.of.server.2

So I assume when you were installing you entered domain.of.server.1 as a service name. So prosody config should be:

VirtualHost "domain.of.server.1" authentication = "anonymous" ssl = { key = "/var/lib/prosody/domain.of.server.1.key"; certificate = "/var/lib/prosody/domain.of.server.1.crt"; }

modules_enabled = { "bosh"; "pubsub"; "s2s"; }

VirtualHost "auth.domain.of.server.1" authentication = "internal_plain" admins = { "focus at auth.domain.of.server.1"}

Component "conference.domain.of.server.1" "muc"

Component "jitsi-videobridge.domain.of.server.1" component_secret = "YOURSECRET1"

Component "focus.domain.of.server.1" component_secret = "YOURSECRET2"

admins = {"jitsi-videobridge.domain.of.server.1","jvb2.domain.of. server.1"}

allow_anonymous_s2s = true

component_ports = { 8888 }

component_interface = "ip.of.server.1"

Component "jvb2.domain.of.server.1" component_secret = "YOURSECRET3"

Jicofo on server1 sip-communicator.properties: org.jitsi.focus.pubsub.ADDRESS=domain.of.server.1 org.jitsi.jicofo.STATS_PUBSUB_NODE= sharedStatsNode

First jvb on server1 sip-communicator.properties: org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=internal.ip.of.server.1 (not 127.0.0.1) org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=ip.of.server.1 org.jitsi.videobridge.ENABLE_STATISTICS=true org.jitsi.videobridge.STATISTICS_TRANSPORT=pubsub org.jitsi.videobridge.PUBSUB_SERVICE=domain.of.server.1 org.jitsi.videobridge.PUBSUB_NODE=sharedStatsNode org.jitsi.jicofo.STATS_PUBSUB_NODE=sharedStatsNode

Second jvb on server2 sip-communicator.properties:

org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=internal.ip.of.server.2 (not 127.0.0.1) org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=ip.of.server.2 org.jitsi.videobridge.ENABLE_STATISTICS=true org.jitsi.videobridge.STATISTICS_TRANSPORT=pubsub org.jitsi.videobridge.PUBSUB_SERVICE=domain.of.server.1 org.jitsi.videobridge.PUBSUB_NODE=sharedStatsNode

To run jvb on server2 you need to run: ./jvb.sh --host=ip.of.server.1 --domain=domain.of.server.1 --subdomain=jvb2 --port=5347 --secret=YOURSECRET3 To run jvb on server1 you need to run: ./jvb.sh --host=ip.of.server.1 --domain=domain.of.server.1 --port=5347 --secret=YOURSECRET1

In der Firewall isses offen, aber dahinter läuft kein Service. Wenn der Port nicht offen wäre würde kein "connection refused" kommen:

: ralf@bee:381; telnet 178.63.167.183 5347 Trying 178.63.167.183... telnet: Unable to connect to remote host: Connection refused

mentioned in issue #31 (closed)

solved with #31 (closed) - separate IP address for media streams on OVH server

closed