Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Configuring Jitsi over 443 to comply with corporate security policies

    Jitsi
    3
    4
    70
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • allanbowe
      allanbowe last edited by allanbowe

      We've had several instances now where clients (usually from government or large financial firms) are unable to use our cloudron Jitsi instance. They can connect but muted and no video.

      We did an experiment today and found that the embedded Matrix instance of jitsi DOES work ok. So it's definitely not a browser issue on their side.

      Rather, I suspect it is this specific configuration issue https://stackoverflow.com/questions/65916064/jitsi-for-corporate-usage

      Could we request for the default jitsi to be set up to keep all traffic over 443? This should result in a far more reliable system for business web conferencing.

      More info:

      • https://jitsi.github.io/handbook/docs/devops-guide/turn/#use-turn-server-on-port-443
      • https://github.com/jitsi/jitsi-meet/issues/6807
      • https://github.com/jitsi/jitsi-meet/issues/929

      EDIT - I see now this is an open issue, slated for a future release: https://git.cloudron.io/cloudron/box/-/issues/764

      1 Reply Last reply Reply Quote 0
      • nebulon
        nebulon Staff last edited by

        Currently nginx has to run on port 443 for serving up the apps. There are some options to possibly also put the TURN server on this, but so far we never managed to get this working properly. The other alternative then is to run a specific TURN server which does not use 443 for anything else, but that requires Cloudron to be able to recognize an external TURN server and configure Jitsi accordingly. This is on our list for the next release only though.

        I do wonder how matrix does the calls though, as the app itself does not contain jitsi nor a TURN server, so possibly they just integrated some external service at the moment?

        1 Reply Last reply Reply Quote 1
        • subven
          subven last edited by subven

          This is most likely because of the TURN server ports.

          5349 (TCP and UDP) TURN server
          50000 - 51000 (UDP) TURN server communication ports

          Are you sure you are using Matrix + Jitsi or are we talking about the new labs feature (Matrix video rooms) that does not involve Jitsi at all. If it is Jitsi, are you sure you use Cloudrons TURN or maybe turn.matrix.org?

          @nebulon said in Configuring Jitsi over 443 to comply with corporate security policies:

          so possibly they just integrated some external service at the moment?

          They use WebRTC for 1:1 rooms and Jitsi for everything else. However, they now switch to Element Call using "Full mesh group calls powered by Matrix, implementing MatrixRTC".

          allanbowe 1 Reply Last reply Reply Quote 1
          • allanbowe
            allanbowe @subven last edited by allanbowe

            Edit: it's definitely jitsi in Matrix, this is what we were presented with for our 3 way (successful) video call, with screen sharing:

            8d4b28c5-9035-4be2-8b68-cec1de5558c7-image.png

            Was just stock cloudron matrix, using the stock cloudron element web client on the customer side of the call.

            95477f5b-1ba7-4641-9d9e-2b72cf274b59-image.png

            We could not do a successful 3-way video call with this same customer, on the same browser, using the stock standalone cloudron jitsi instance.

            We're on cloudron 7.2.5

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Powered by NodeBB