Anyone using Jitsi behind Nginx



  • @sadeghpm said in Anyone using Jitsi behind Nginx:

    @stacksofplates
    thanks guys.
    bind /etc/jitsi/videobridge/sip-communicator.properties with local file and container config file updated, but problem exists! very strange!

    Are you using their docker-compose file? They give you a .env with all of the environment variables you need to set.

    I hadn't looked at their repo. You should set all of those options as env vars not in the config itself.

    Once you have the env vars set up just run docker-compose up -d



  • Problem appears resolved.

    There were multiple things causing the problem.

    First, Jitsi needs a lot of behind the scenes interconnectivity to all of its pieces. When the Jitsi Meet system is on a public IP with nothing in front of it, these are all localhost calls so it all just works.

    But moving it behind NAT causes one issue, while moving it behind NginX on a separate server caused a second.

    First NAT. If you run Jitsi-Meet behind NAT, you need to update /etc/jitsi/videobridge/sip-communicator.properties with the following two lines.

    org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=>>YOUR.LAN.IP.ADDRESS<<
    org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=>>YOUR.PUBLIC.IP.ADDRESS<<
    

    For example, mine looks like this:

    org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=10.254.0.104
    org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=207.244.223.13
    

    Second is NginX. If you are running Jitsi-Meet behind an NginX Reverse Proxy that resides separate from Jitsi, then you need to first allow in TCP port 5280 to the Jitsi server's firewall.

    ufw allow in 5280/tcp
    

    Then you need to setup the following location blocks in your NginX config. Obviously changing the IP addresses to your internal IP.

        location / {
            ssi on;
            proxy_pass https://10.254.0.104/;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $http_host;
        }
        # BOSH
        location /http-bind {
            proxy_pass http://10.254.0.104:5280/http-bind;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $http_host;
        }
    
        # xmpp websockets
        location /xmpp-websocket {
            proxy_pass              http://10.254.0.104:5280/xmpp-websocket;
            proxy_http_version      1.1;
            proxy_set_header        Upgrade $http_upgrade;
            proxy_set_header        Connection "upgrade";
            proxy_set_header        Host $host;
            tcp_nodelay             on;
        }
    


  • @stacksofplates i use official docker-compose file and according to their documentation.



  • @JaredBusch Did you change the nginx conf on the jitsi server? I followed your instructions on "Install Jitsi-Meet on Debian 9 minimal" including the nginx conf, but i'm getting a err_too_many_redirects error.



  • @br0wnt0wn said in Anyone using Jitsi behind Nginx:

    @JaredBusch Did you change the nginx conf on the jitsi server? I followed your instructions on "Install Jitsi-Meet on Debian 9 minimal" including the nginx conf, but i'm getting a err_too_many_redirects error.

    That guide does not have Nginx on the Jitsi server.



  • @JaredBusch When i install jitsi-meet via sudo apt-get -y install jitsi-meet, it automatically installs and configures nginx



  • @br0wnt0wn said in Anyone using Jitsi behind Nginx:

    @JaredBusch When i install jitsi-meet via sudo apt-get -y install jitsi-meet, it automatically installs and configures nginx

    That quide is from almost 2 years ago. Maybe things have changed.



  • I'm tired of dealing with stupid for a bit. let me spin up a new instance and try it



  • Spinning up a new Debian 10 install to work from.
    90f4d07d-c6c5-4cdc-a323-c4707ff61dda-image.png



  • Awesome, thanks!



  • Ok i seem to have gotten it working. In the nginx config on the jitsi server, I commented everything from this line:

    location^~ /.well-known/acme-challenge/ {
    

    to this line:

    ssl_certificate_key /etc/jitsi/meet/sub.domain.com.key;
    

    which effectively removes the server block listening on port 4444, then moves all of the location blocks and config from the listen 4444 server block to the listen 80 server block.



  • @sadeghpm said in Anyone using Jitsi behind Nginx:

    @stacksofplates i use official docker-compose file and according to their documentation.

    Yeah you shouldn't need to modify the properties file then. Just use the env vars in your .env file.



  • @br0wnt0wn said in Anyone using Jitsi behind Nginx:

    Ok i seem to have gotten it working.

    Good, because I was pulled away.



  • @JaredBusch

    Thank you for sharing the configuration how you put the Nginx in front of Jitsi.
    I tried exactly the same way and for some reason it isn't working for me. The original post is a little old. Hence, let me ask you whether it still works for you. And let me know whether you added something in the configuration for a newer Jitsi version.

    Actually I have the same behavior like described on reddit (502 Bad Gateway) : https://www.reddit.com/r/selfhosted/comments/fve1ib/jitsi_with_nginx_proxy/
    The difference is I dont use docker but the normal installation on ubuntu (https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md).

    Regarding ports I did:
    myrouter (80, 443) -> VM1: nginx (with your config)
    myrouter (10000 udp) -> VM2: jitsi



  • @phqzgunsfjror said in Anyone using Jitsi behind Nginx:

    @JaredBusch

    Thank you for sharing the configuration how you put the Nginx in front of Jitsi.
    I tried exactly the same way and for some reason it isn't working for me. The original post is a little old. Hence, let me ask you whether it still works for you. And let me know whether you added something in the configuration for a newer Jitsi version.

    Actually I have the same behavior like described on reddit (502 Bad Gateway) : https://www.reddit.com/r/selfhosted/comments/fve1ib/jitsi_with_nginx_proxy/
    The difference is I dont use docker but the normal installation on ubuntu (https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md).

    Regarding ports I did:
    myrouter (80, 443) -> VM1: nginx (with your config)
    myrouter (10000 udp) -> VM2: jitsi

    It seems the jitsi team moved the documentation to somewhere else a couple of days ago ... including some more information about nginx reverse proxy.
    https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart

    If the installation is behind a proxying nginx server, remove /etc/nginx/modules-enabled/60-jitsi-meet.conf. Then go to /etc/nginx/site-available/your-conf and change it to listen on 443 instead of 4444 and restart nginx.

    I did that on my jitsi vm and now it works like a charm. The nginx reverse proxy config above is still enough for the current jitsi version.

    From my end there was nothing to do with the stuff about NAT (the restart of the jitsi vm was enough).

    I hope it helps someone else. The nginx reverse proxy gives me the opportunity using multiple applications behind ports 80/443 at home.


Log in to reply