Jitsi?


Recommended Posts

@enigma27

I followed all the steps, I think to a T... and in setting up the networks I used SpaceInvader's letsencrypt video. Created the "proxynet" etc... When it came to adding the Jitsi stack, I followed along and configured all 4 instances to use the proxynet, and removed the self-created networks. So here is a question:

Do i need to configure the proxynet in my local network to ensure that I can allow this network access to the outside? I run an enterprise FortiGate firewall at home, so nothing is permitted unless I tell it to. However, I got the impression from the videos that the proxynet is an internal virtual network created within unRaid which it will use to handle proxied traffic. Therefor I am to believe that I need nothing for this on my actual LAN to configure, nor any policies to allow it. My real unRaid server IP has access as it needs. 

Link to comment
2 minutes ago, NLDer said:

@enigma27

I followed all the steps, I think to a T... and in setting up the networks I used SpaceInvader's letsencrypt video. Created the "proxynet" etc... When it came to adding the Jitsi stack, I followed along and configured all 4 instances to use the proxynet, and removed the self-created networks. So here is a question:

Do i need to configure the proxynet in my local network to ensure that I can allow this network access to the outside? I run an enterprise FortiGate firewall at home, so nothing is permitted unless I tell it to. However, I got the impression from the videos that the proxynet is an internal virtual network created within unRaid which it will use to handle proxied traffic. Therefor I am to believe that I need nothing for this on my actual LAN to configure, nor any policies to allow it. My real unRaid server IP has access as it needs. 

I believe that is the case yes. it separates them from other containers and directs the traffic via lets encrypt.

 

For me I have my own domain so mine goes

 

Domain CNAME for jitsi (Points to) --> single duckdns domain (Maintains my public ip) --> Firewall has dynamic DNS setup for duck DNS (updates my public IP to duck DNS) --> ports forwarded in my firewall as per Lents encrypt video (443 to 1443 & 80 to 180) --> lets encrypt container includes my jitsi domain & letsencrypt config (proxy conf) setup with my domain rather than the default.

 

nothing else changed. if any of that makes any sense as i am far from an expert on any of this.

Link to comment
49 minutes ago, enigma27 said:

I believe that is the case yes. it separates them from other containers and directs the traffic via lets encrypt.

 

For me I have my own domain so mine goes

 

Domain CNAME for jitsi (Points to) --> single duckdns domain (Maintains my public ip) --> Firewall has dynamic DNS setup for duck DNS (updates my public IP to duck DNS) --> ports forwarded in my firewall as per Lents encrypt video (443 to 1443 & 80 to 180) --> lets encrypt container includes my jitsi domain & letsencrypt config (proxy conf) setup with my domain rather than the default.

 

nothing else changed. if any of that makes any sense as i am far from an expert on any of this.

I have my own domain - which I point to my public IP since it never changes (Hasn't in three years). I used the DNS validation for Let's Encrypt, also allowing me to do a wildcard cert. CNAME is "meet" that points to the root domain "mydomain.ca". So, in theory I should be bale to get to "meet.mydomain.ca". 

 

When I check online for open ports using my public IP both 80 and 443 are unreachable. Using the meet.mydomain.ca 443 and 80 are open. I'm starting to think that my ISP blocks 80 and 443 inbound, and therefore does not reach my server. meet.mydomain.ca is open because of the CLoudFlare handling of the proxy, but from CloudFlare to my server, nothing works. I have run packet captures on my firewall and see nothing hitting my interface on 80 or 443 to give me any indication that it is reaching me. SO now I am left with trying to figure out how to get CoudFlare to use a different port to proxy the connectoin, while maintaining the use of letsencrypt certificate. 

 

let's encrypt includes my jitsy domain as the default "meet.*;" (or something to that effect) since I am using a wildcard that should cover any subdomain I point back to my server. The container includes mydomain.ca 
 

I think I am officially starting to tunnel vision on the problem. I'm starting to lean to the ISP blocking this traffic being the root cause, though am still checking all my configs regardless. I wish there was a way to get to it locally, to see if I can even get it to work on my LAN network - I just don't know how to do this. In portainer I can see the port allocations, but clicking on them - as SpaceInvader already mentioned int he video - does not result in anything. 

Wondering if anyone else is running in to this problem - it started with CloudFlare's 522 Connectoin Timeout Error when attempting to connect to the meet.mydomain.ca URL which of course is not "mydomain" (used to illustrate the method) 

 

 

Link to comment

Hmmm.... well, I wonder and wonder... 

 

I've tried Chrome and FIreFox (IE not supported) 
I've changed the default permissions in FF to allow camera and mic, still nothing.... 

 

This... is frustrating. 

Back to the port 8000 ... is this something that needs to be forwarded also on the FIrewall? 

Link to comment

Turns out my ISP is not the problem: 

Hello Andrew, 

 

We are sorry for the trouble caused.

 

We confirm that no ports are being blocked from VMedia's end as we do not have access as such. May we kindly request you to connect hardwired to the modem and check if the issue still persists? 

If the issue still persists, kindly reset the modem and check again on a hardwired connection.

... 

 

So I also found out that I renamed some containers incorrectly. Went back to the video and made the changes. I will go through the video again to validate all the settings including those for Letsencrypt - although DNS validation is working. What I can do now is get to the local ip on port 8000 and this time I get the login prompt when creating a meeting. 

Still no video or audio... browser is blocking it, and can't change it for some stupid reason. 

 

 

Link to comment

I had the same problem. I changed the Port from 8000 to 8830 and that was the Trick.

 

I have a other Problem, i can't activate/configurate that the record Option and the calender Option work. I hope anybody can explain how it work.

Edited by xruchai
Link to comment

Was checking to see if anyone could provide any insight for me.  I have followed SpaceInvaders One's newest video setup (I previously used his for letsencrypt and such so that part was done already).  Once I load the jitsi .conf file into the letsencrypt proxy-conf folder and restart the letsencrypt docker, it start throwing errors, yet letsencrypt still works for other applications. The errors state:

 

nginx: [warn] could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_size

 

Any thoughts on how to adjust the .conf file in order to remove this warning?

 

Also noticed that I can hit jitsi from my internal network, but when trying to hit it through the reverse proxy I get the "Welcome to our Server: The website is currently being setup under this address."

 

Thanks in advance.  

Edited by Iceman1199
Link to comment

Hey, So I have followed Spaceinvaders video to the T.   But am seeming to have problems when I hit the setting up of the Letsencrypt reverse proxy. (which I have running for a bunch of other things. thanks to Spaceinvader).  

 

I am using __abc_.duckdns.org  subdomain that I have also added to the letsencrypt  docker edit page.    Have ensured change in the downloadable config file.  but in Letsencrypt log get the following error.. any ideas  Have renamed all the dockers in Portainer.  Which then shows up on the docker tab of unraid..  But on that page I am getting under version "unable to tell"  and the network didn't change to represent the change in portainer... 

 

"nginx: [emerg] host not found in upstream "xmpp.meet.jitsi" in /config/nginx/proxy-confs/jitsimeet.subdomain.conf:23
nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size"

Link to comment

@tknx

 

I also use Nginx Proxy Manager.  After I had implemented everything like in the video it just didn't work out...

To make it work for me I made the following changes:

1. port changed from 8000 to 8830

2. the containers are not renamed

3. the default network created by the stack is not changed.

4. entered in Nginx Proxy Manager to the internal IP of the Unraid Server with port 8830. 

 

After that everything worked.

Important:

In my case the changes were not applied after a recreate.  First I had to delete and recreate all containers, volumes, folders and everything else that was created during the Video From Space.  Afterwards it worked without problems.

Edited by xruchai
  • Like 1
  • Thanks 1
Link to comment
12 hours ago, Iceman1199 said:

Was checking to see if anyone could provide any insight for me.  I have followed SpaceInvaders One's newest video setup (I previously used his for letsencrypt and such so that part was done already).  Once I load the jitsi .conf file into the letsencrypt proxy-conf folder and restart the letsencrypt docker, it start throwing errors, yet letsencrypt still works for other applications. The errors state:

 

nginx: [warn] could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_size

 

Any thoughts on how to adjust the .conf file in order to remove this warning?

 

Also noticed that I can hit jitsi from my internal network, but when trying to hit it through the reverse proxy I get the "Welcome to our Server: The website is currently being setup under this address."

 

Thanks in advance.  

Are you stopping the docker before moving the file in? It can't be running while you do that 

Link to comment

Okay I got everything working, I'm behind a pfsense, while testing this I can get audio and video, but only while on the same network. (ie if I don't connect my phone to wifi I can connect with jitsi but I get no audio or video).  Has anyone else with a similar setup found a fix to this issue?

Link to comment
11 hours ago, xruchai said:

@tknx

 

I also use Nginx Proxy Manager.  After I had implemented everything like in the video it just didn't work out...

To make it work for me I made the following changes:

1. port changed from 8000 to 8830

2. the containers are not renamed

3. the default network created by the stack is not changed.

4. entered in Nginx Proxy Manager to the internal IP of the Unraid Server with port 8830. 

 

After that everything worked.

Important:

In my case the changes were not applied after a recreate.  First I had to delete and recreate all containers, volumes, folders and everything else that was created during the Video From Space.  Afterwards it worked without problems.

Would you mind putting up screenshots of your NPM config? Did you map custom locations?

Link to comment
1 hour ago, Rooie said:

Okay I got everything working, I'm behind a pfsense, while testing this I can get audio and video, but only while on the same network. (ie if I don't connect my phone to wifi I can connect with jitsi but I get no audio or video).  Has anyone else with a similar setup found a fix to this issue?

I'm running into the same issues. I try to connect with my phone via cellular, and it just spins. Then if I connect thru a client on my network, an error pops up on the phone that says it's trying to reconnect.

Link to comment
51 minutes ago, dallus said:

I'm running into the same issues. I try to connect with my phone via cellular, and it just spins. Then if I connect thru a client on my network, an error pops up on the phone that says it's trying to reconnect.

so I am able to connect.  There just isn't any sound or video.  I had the reconnect error last night and I fixed it by adjusting my port forwarding.

 

Link to comment
10 minutes ago, Rooie said:

so I am able to connect.  There just isn't any sound or video.  I had the reconnect error last night and I fixed it by adjusting my port forwarding.

 

I think I just fixed it. Mine was something with the cloudflare wildcard cert setup I did yesterday. Now I reverted back to google nameservers and I'll use letsencrypt to manage my certs and add subdomains if I add them. I couldn't even connect to my domain outside of the network so that's what led me down the DNS rabbit hole....

 

Now that you mention it, I was having that issue when I tested this morning. My wife's on her work laptop thru a VPN and it wouldn't show video. So she turned off the VPN and reconnected to the meeting and the video was there. I know that's of little to no help to you, but that's what I did to "fix" it. I'll try to replicate the issue and report back if I have any success.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.