Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

VIDEO GUIDE ** How to Setup Jitsi in Docker with a Reverse Proxy **

Featured Replies

2 hours ago, r8z0r1 said:

Hi I always follow your guides and usually all goes well, just can get this one to work. Various issues, however the main one to start is an ngix 502 bad gateway, I'm using duckdns with the url meetnantwich.duckdns.org. any help would be appreceated?

Please, don't just keep quoting people asking the same question. It's a saturday and might take some time to get an answer. Did you reboot your server? Can you post some logs from your jitsi containers to help narrow down what the issue could be? 

  • Replies 93
  • Views 62.2k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Ok guys.... i could not resist and did a fresh install using the latest jitsi and it worked for me. Follow my REINSTALL guide below its (99.9% Spaceinvaderone with my own words)   Needless t

  • I'm no pro, but here's how I'm doing updates. You will need docker-compose, so get it as is shown in the video or via nerd tools   1) Get and replace (appdata/jitsi/github/docker-jitsi-meet)

  • johnomaz
    johnomaz

    Does anyone have any steps for adding jitsi with Nginx Proxy Manager?     NEVERMIND, I figured it out.  I'll do my best to write it below for what I did.     I added two new CNAME

Posted Images

7 hours ago, r8z0r1 said:

Did you get this working, I am having similar issues with ngix bad gateway 502 when trying to use duckdns?

Not yet.

 

Wil try to describe what I have tried so far. I can ping my meet.subdomain.duckdns.org from my mobile or my lan. But when I look at my router NAT rules for letsencrypt, both for tcp port 80 and udp port 443, no traffic is coming in. Neither on NAT rule for Jitsi on port 10000.

My letsencrypt log is ok.

In portainer if I look at docker-jitsi-meet published ports, I can access Jitsi welcome page for starting a meeting in:  8443:443 and 8000:80. In :443 I need to type in my browser https://ip_unraidserver:8443. Then I can start a meeting (test10). But If I type in my mobile meet.subdomain.duckdns.org I cant reach that meeting. When I am in the created meeting(at home), I can obtain a link for this meeting to share it, but it is: ip_unraidserver:8443/test10

 

Edited by luca2

19 hours ago, adambeck7 said:

Please, don't just keep quoting people asking the same question. It's a saturday and might take some time to get an answer. Did you reboot your server? Can you post some logs from your jitsi containers to help narrow down what the issue could be? 

It's ok I dont want your help with that sort of attitude, pretty much what I thought this forum would be like.

On 5/9/2020 at 10:20 PM, luca2 said:

Not yet.

 

Wil try to describe what I have tried so far. I can ping my meet.subdomain.duckdns.org from my mobile or my lan. But when I look at my router NAT rules for letsencrypt, both for tcp port 80 and udp port 443, no traffic is coming in. Neither on NAT rule for Jitsi on port 10000.

My letsencrypt log is ok.

In portainer if I look at docker-jitsi-meet published ports, I can access Jitsi welcome page for starting a meeting in:  8443:443 and 8000:80. In :443 I need to type in my browser https://ip_unraidserver:8443. Then I can start a meeting (test10). But If I type in my mobile meet.subdomain.duckdns.org I cant reach that meeting. When I am in the created meeting(at home), I can obtain a link for this meeting to share it, but it is: ip_unraidserver:8443/test10

 

ok the issue I had was due to the video from Spaceinvader One and the associated text file renaming the docker containers in Portainer the wrong way around, it looks like meet.jitsi and xxmp.meet.jitsi are transversed, swap them around restart all 4 containers and then restart letsencrypt and about 2 mins later all started working.

19 hours ago, r8z0r1 said:

ok the issue I had was due to the video from Spaceinvader One and the associated text file renaming the docker containers in Portainer the wrong way around, it looks like meet.jitsi and xxmp.meet.jitsi are transversed, swap them around restart all 4 containers and then restart letsencrypt and about 2 mins later all started working.

Yep, I already discovered that, but it is still not working.

Just to confirm, how does Jitsi recognize that the original wan packet sent to 443 goes through letsencrypt´s docker to 1443 and then to 443 in jitsi docker? As seen below, I do not see a connection between port 1443 and the active ports portainer shows me for meet.jitsi  /  video.neet.jitsi:

 

         wan           letsencript          meet.jitsi                 /       video.neet.jitsi

----> tcp 443 ----->       1443   ------->   8443:443 8000:80 / 10000:10000 4443:4443

 

Shouldn´t I change here 443 with 1443:

    listen 443 ssl http2;
        listen [::]:443 ssl http2;

 

Edited by luca2
add last line

Does anyone have any steps for adding jitsi with Nginx Proxy Manager?  

 

NEVERMIND, I figured it out.  I'll do my best to write it below for what I did.  

 

I added two new CNAME records to my DNS entries on Godaddy, jitsi and xmpp.

 

In nginx proxy manager, I added two proxy hosts.  The first was for the URL I wanted to use to access the server.  The IP is the LAN address of your unRAID server.  Port 8000 because I wasn't using the default port from when we edited the .env file.

w76TVj8.png

 

The second proxy host was what I found my issue to be.  Below is the entry for the second host and then why I made it and had to change one line in a config file.

dO8krOD.png

 

It is forwarding port 5280 with the reverse prodxy to the other docker container xmpp.meet.jipsi.  In portainer, I looked at the log of the meet.jitsi container and it was telling me 

Quote

nginx: [emerg] host not found in upstream "xmpp.meet.jitsi" in /config/nginx/meet.conf:35

I found meet.conf and changed the entry on line 35 to

proxy_pass http://xmpp.MYDOMAINNAME.com:5280/http-bind;

I restared the jitsi containers and after that, everything worked as expected.  IF, and I stress IF, this isn't the right way to do it, please help me and anyone else out with the proper way, but so far, all is good.  Now to do more testing.

 

I however now have issues with video working so its not a fix.

Edited by johnomaz

HI, anyone using namecheap? I did buy a domain and would be great to check with someone the config of subdomains.

Hi again,

Have been really busy trying to setup Jitsi. I realised the first thing I had to do is learn about host, subdomain, A record, Ddns, Cname, ...

So finally I deleted everything and started from scratch. I also bought a domain and heve been setting it up. Now I can ping my unraid from the wan and I get the right IP. Also, Letsencryt is finally working again.

I managed to connect to my jitsi docker from a laptop in the wan by typing http://meet.mydomain.com.

But When I try https://meet.mydomain.com it is not working. I checked that I can connect to any https web with my browser. Also that my NAT rule is active for unraid_ip ports 443(wan)>1443(lan) . But if I use a web portal to check for open ports, I get "Port 443 is closed".

I looked at the logs and found in Portainer this:

2020/05/19 19:37:00 http error: Invalid JWT token (err=Invalid JWT token) (code=401)

Any idea what is causing this?

 

Hi again,
Have been really busy trying to setup Jitsi. I realised the first thing I had to do is learn about host, subdomain, A record, Ddns, Cname, ...
So finally I deleted everything and started from scratch. I also bought a domain and heve been setting it up. Now I can ping my unraid from the wan and I get the right IP. Also, Letsencryt is finally working again.
I managed to connect to my jitsi docker from a laptop in the wan by typing http://meet.mydomain.com.
But When I try https://meet.mydomain.com it is not working. I checked that I can connect to any https web with my browser. Also that my NAT rule is active for unraid_ip ports 443(wan)>1443(lan) . But if I use a web portal to check for open ports, I get "Port 443 is closed".
I looked at the logs and found in Portainer this:
2020/05/19 19:37:00 http error: Invalid JWT token (err=Invalid JWT token) (code=401)

Any idea what is causing this?
 

Solved: natted 443 was set to udp and not tcp.

Enviado desde mi HMA-L29 mediante Tapatalk

4 questions.

 

1. How do you remove a user

2. Is the previous post for updates the recommended method for updates (then re-setup authentication)?

3. Having problems when 3rd person joins we loose video to person who joined second.  I'm running on a G4900, is it a CPU limitation? (I have a i3-9100 on order). Seems to be a related issue but not sure how it relates to our install method: https://community.jitsi.org/t/not-working-for-more-than-2-people-in-the-room/18821/115

4. Is the below "limited" message correct/normal for Portainer?

 

Thanks

Screen Shot 2020-05-30 at 11.38.17 AM.png

Edited by Flyinace2000
Added #4 and a picture

9 hours ago, Flyinace2000 said:

4 questions.

 

1. How do you remove a user

2. Is the previous post for updates the recommended method for updates (then re-setup authentication)?

3. Having problems when 3rd person joins we loose video to person who joined second.  I'm running on a G4900, is it a CPU limitation? (I have a i3-9100 on order). Seems to be a related issue but not sure how it relates to our install method: https://community.jitsi.org/t/not-working-for-more-than-2-people-in-the-room/18821/115

4. Is the below "limited" message correct/normal for Portainer?

 

Thanks

Screen Shot 2020-05-30 at 11.38.17 AM.png

Did some digging

 

1. and 2 still would like input from the community.

#3 - My router UDP forward didn't save the first time.  Added that back in to forward 10000 to 10000 to my UnRaid server and I was able to get 4 clients into a meeting.  The little G4900 is feeling it though, CPU load doesn't drop below 50% will sit around 80 to 90 for stretches. 

#4 matches the video so the "Limited" is as expected

And I’m back to not being able to have meetings with greater than three participants outside my network.  If i join on my desktop and iPad (both on my network 10.0.1.0/24) I can have a third person join outside (from my iPhone on LTE).  But if i try to have a call with my dad (outside network), my iPad, and my iPhone (on LTE) we loose audio/video.  Same happens if my dad tries to join from his phone and desktop.  

 

Any ideas?  Should i pony up the $20 for SpaceInvaderOne direct support? 🙂

On 6/5/2020 at 3:51 PM, Flyinace2000 said:

And I’m back to not being able to have meetings with greater than three participants outside my network.  If i join on my desktop and iPad (both on my network 10.0.1.0/24) I can have a third person join outside (from my iPhone on LTE).  But if i try to have a call with my dad (outside network), my iPad, and my iPhone (on LTE) we loose audio/video.  Same happens if my dad tries to join from his phone and desktop.  

 

Any ideas?  Should i pony up the $20 for SpaceInvaderOne direct support? 🙂

 

I was having the same issue until I found a script here which I modified to work with SpaceInvader's tutorial and UnRaid. It required me to install bind and lmdb from the Nerd Tools plugin so that 'host' is installed. It sets and updates your public IP inside the sip-communicator.properties file. I have this as a user script running hourly. 

 

#!/bin/bash

#Domain that points to your public IP
DNSNAME="meet.changethistoyourdomain.com"

# get the actual IP from the Internet
IPint=$(host -tA $DNSNAME 8.8.8.8 | grep address | cut -d " " -f4 )

# get the configured IP of Jitsi
IPjitsi=$(grep 'NAT_HARVESTER_PUBLIC_ADDRESS' /mnt/user/appdata/jitsi/jitsi-meet-cfg/jvb/sip-communicator.properties |  grep -oE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+")

if [ "$IPjitsi" = "$IPint" ]
then
        echo "IP has not been changed!"
        exit 0
fi

#clear config
sed -i '/NAT_HARVESTER_PUBLIC_ADDRESS/d' /mnt/user/appdata/jitsi/jitsi-meet-cfg/jvb/sip-communicator.properties

#get IP and renew line
echo org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=$IPint >> /mnt/user/appdata/jitsi/jitsi-meet-cfg/jvb/sip-communicator.properties

#Restart jocofo
docker restart focus.meet.jitsi
#Restart video
docker restart video.meet.jitsi

 

two questions on this:

 

1) The setup guide includes the required terminal line to add a registered user. Can someone provide the necessary modification to remove a registered user?

 

2) I've seen several posts in other threads where people have lost the Published Ports configuration for jvb and web containers in Portainer (currently also experiencing this issue.) Can the steps be provided to add them back?

 

Many thanks

26 minutes ago, jem said:

Can someone provide the necessary modification to remove a registered user?

Try

prosodyctl deluser username

13 hours ago, jonathanm said:

Try

prosodyctl deluser username

root@5f8f2764cd31:/# prosodyctl deluser username


**************************
Prosody was unable to find the configuration file.
We looked for: /etc/prosody/prosody.cfg.lua
A sample config file is included in the Prosody download called prosody.cfg.lua.dist
Copy or rename it to prosody.cfg.lua and edit as necessary.
More help on configuring Prosody can be found at https://prosody.im/doc/configure
Good luck!
**************************

root@5f8f2764cd31:/# 

 

1 minute ago, Flyinace2000 said:

Prosody was unable to find the configuration file.

Right, you need to use the command the same way you do to register users, just substitute deluser instead of register

prosodyctl --config /config/prosody.cfg.lua deluser <fill in the user you want to delete here>

 

You can't just type prosodyctl deluser username

Right, sorry.  So I've tried that command and its asking for the JID?

 

root@5f8f2764cd31:/# prosodyctl --config /config/prosody.cfg.lua deluser username
Failed to understand JID, please supply the JID to the user account you want to delete
Usage: /usr/bin/prosodyctl deluser user@host
root@5f8f2764cd31:/# 

 

1 minute ago, Flyinace2000 said:

Right, sorry.  So I've tried that command and its asking for the JID?

 


root@5f8f2764cd31:/# prosodyctl --config /config/prosody.cfg.lua deluser username
Failed to understand JID, please supply the JID to the user account you want to delete
Usage: /usr/bin/prosodyctl deluser user@host
root@5f8f2764cd31:/# 

 

Unless you have a user called "username", you need to

3 minutes ago, jonathanm said:

<fill in the user you want to delete here>

 

1 minute ago, jonathanm said:

Unless you have a user called "username", you need to

 

 

Correct, I accidentally copied and pasted too quickly and created a user called "username" from the video commands.

Got it

need to use deluder <username>@meet.jitisi

prosodyctl --config /config/prosody.cfg.lua deluser [email protected]

 

2 hours ago, Flyinace2000 said:

Got it

need to use deluder <username>@meet.jitisi


prosodyctl --config /config/prosody.cfg.lua deluser [email protected]

 

this worked for me. I was able to blow away the user I didn't want.

 

I'm now having the "something went wrong" error that I've seen posted elsewhere. And i'm getting this even after wiping the entire configuration (uninstalling everything including Portainer and letsencrypt and starting over.) I can get to the subdomain on my server, create a meeting name, click connect, allow my camera and mic, then endless loops of "something went wrong" without being asked for credentials.

 

I am using DNS verification with a wildcard, but i still have the ports forwarded on my router for now: 80-to-180, 443-to-1443, 4443, and 10000 all pointing at my Unraid reserved LAN IP. My plan was to start closing them down and rely on DNS verification once I got everything working. Not there yet :)

 

I've subbed out actual IP addresses with logical names below. "myunrainlanip" and "mydesktopip" are what they sound like

 

The issue I had earlier where Portainer lost the ports magically went away after a reboot. They were always showing in the Docker containers, but they weren't showing in Portainer. Clicking on them now: "8000:80" under meet.jisti pulls up the meeting creation screen. Clicking "8443:443" yields a "400 Bad Request. The plain HTTP request was sent to the HTTPS port." Clicking either the "10000:10000" or "4443:4443" under the jvb ports yields "Unable to connect. Firefox can't esablish a conection to the server at myunraidlanip:4443"

 

In the logs:

letencrypt - is running with no errors

 

Portainer error: http error: Invalid JWT token (err=Invalid JWT token) (code=401)

 

focus.meet.jitsi error: Jicofo 2020-06-13 13:28:13.407 SEVERE: [368] org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() Failed to connect/login: SASLError using SCRAM-SHA-1: not-authorized

 

meet.jitsi log (e.g. not an error): mydesktoplanip - - [13/Jun/2020:13:23:27 -0400] "GET /images/watermark.png HTTP/1.1" 200 33340 "http://myunraidlanip:8000/css/all.css?v=4127" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0"

 

video.meet.jisti log (e.g. not an error): Jun 13, 2020 1:33:33 PM org.jitsi.utils.logging2.LoggerImpl log INFO: Performed a successful health check in PT0.003S. Sticky failure: false

 

xmpp.meet.jitsi error: focus.meet.jitsi:component [1minfo[0m Component authentication failed for focus.meet.jitsi
mod_component [1minfo[0m Disconnecting component, <stream:error> is: <stream:error><not-authorized xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>Given token does not match calculated token</text></stream:error>
jcp5614e797b580 [1minfo[0m component disconnected: focus.meet.jitsi (stream error)

 

This is all after a clean restart.

 

Any help is appreciated.

 

Edited by jem
rather than doubleposting...

  • 1 month later...

Update is available.  Ran through the steps listed previously. Worked well.  The Docker tab still shows that the update is pending.  did we ever find a work around for that?  If not is there a good way to compare version numbers?

  • 1 month later...

Is updating JITSI still possible the same way as suggested on page 1 of this thread? Thanks!

 

19 hours ago, xPliZit_xs said:

Is updating JITSI still possible the same way as suggested on page 1 of this thread? Thanks!

 

I did it a few weeks ago.  Worked then.  

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.