Configuring Jitsi over 443 to comply with corporate security policies
-
We've had several instances now where clients (usually from government or large financial firms) are unable to use our cloudron Jitsi instance. They can connect but muted and no video.
We did an experiment today and found that the embedded Matrix instance of jitsi DOES work ok. So it's definitely not a browser issue on their side.
Rather, I suspect it is this specific configuration issue https://stackoverflow.com/questions/65916064/jitsi-for-corporate-usage
Could we request for the default jitsi to be set up to keep all traffic over 443? This should result in a far more reliable system for business web conferencing.
More info:
- https://jitsi.github.io/handbook/docs/devops-guide/turn/#use-turn-server-on-port-443
- https://github.com/jitsi/jitsi-meet/issues/6807
- https://github.com/jitsi/jitsi-meet/issues/929
EDIT - I see now this is an open issue, slated for a future release: https://git.cloudron.io/cloudron/box/-/issues/764
-
Currently nginx has to run on port 443 for serving up the apps. There are some options to possibly also put the TURN server on this, but so far we never managed to get this working properly. The other alternative then is to run a specific TURN server which does not use 443 for anything else, but that requires Cloudron to be able to recognize an external TURN server and configure Jitsi accordingly. This is on our list for the next release only though.
I do wonder how matrix does the calls though, as the app itself does not contain jitsi nor a TURN server, so possibly they just integrated some external service at the moment?
-
This is most likely because of the TURN server ports.
5349 (TCP and UDP) TURN server
50000 - 51000 (UDP) TURN server communication portsAre you sure you are using Matrix + Jitsi or are we talking about the new labs feature (Matrix video rooms) that does not involve Jitsi at all. If it is Jitsi, are you sure you use Cloudrons TURN or maybe turn.matrix.org?
@nebulon said in Configuring Jitsi over 443 to comply with corporate security policies:
so possibly they just integrated some external service at the moment?
They use WebRTC for 1:1 rooms and Jitsi for everything else. However, they now switch to Element Call using "Full mesh group calls powered by Matrix, implementing MatrixRTC".
-
This is most likely because of the TURN server ports.
5349 (TCP and UDP) TURN server
50000 - 51000 (UDP) TURN server communication portsAre you sure you are using Matrix + Jitsi or are we talking about the new labs feature (Matrix video rooms) that does not involve Jitsi at all. If it is Jitsi, are you sure you use Cloudrons TURN or maybe turn.matrix.org?
@nebulon said in Configuring Jitsi over 443 to comply with corporate security policies:
so possibly they just integrated some external service at the moment?
They use WebRTC for 1:1 rooms and Jitsi for everything else. However, they now switch to Element Call using "Full mesh group calls powered by Matrix, implementing MatrixRTC".
Edit: it's definitely jitsi in Matrix, this is what we were presented with for our 3 way (successful) video call, with screen sharing:
Was just stock cloudron matrix, using the stock cloudron element web client on the customer side of the call.
We could not do a successful 3-way video call with this same customer, on the same browser, using the stock standalone cloudron jitsi instance.
We're on cloudron 7.2.5
