Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Jitsi
  3. Configuring Jitsi over 443 to comply with corporate security policies

Configuring Jitsi over 443 to comply with corporate security policies

Scheduled Pinned Locked Moved Jitsi
4 Posts 3 Posters 1.3k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • allanboweA Offline
      allanboweA Offline
      allanbowe
      wrote on last edited by allanbowe
      #1

      We've had several instances now where clients (usually from government or large financial firms) are unable to use our cloudron Jitsi instance. They can connect but muted and no video.

      We did an experiment today and found that the embedded Matrix instance of jitsi DOES work ok. So it's definitely not a browser issue on their side.

      Rather, I suspect it is this specific configuration issue https://stackoverflow.com/questions/65916064/jitsi-for-corporate-usage

      Could we request for the default jitsi to be set up to keep all traffic over 443? This should result in a far more reliable system for business web conferencing.

      More info:

      • https://jitsi.github.io/handbook/docs/devops-guide/turn/#use-turn-server-on-port-443
      • https://github.com/jitsi/jitsi-meet/issues/6807
      • https://github.com/jitsi/jitsi-meet/issues/929

      EDIT - I see now this is an open issue, slated for a future release: https://git.cloudron.io/cloudron/box/-/issues/764

      1 Reply Last reply
      0
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        Currently nginx has to run on port 443 for serving up the apps. There are some options to possibly also put the TURN server on this, but so far we never managed to get this working properly. The other alternative then is to run a specific TURN server which does not use 443 for anything else, but that requires Cloudron to be able to recognize an external TURN server and configure Jitsi accordingly. This is on our list for the next release only though.

        I do wonder how matrix does the calls though, as the app itself does not contain jitsi nor a TURN server, so possibly they just integrated some external service at the moment?

        1 Reply Last reply
        1
        • subvenS Offline
          subvenS Offline
          subven
          wrote on last edited by subven
          #3

          This is most likely because of the TURN server ports.

          5349 (TCP and UDP) TURN server
          50000 - 51000 (UDP) TURN server communication ports

          Are you sure you are using Matrix + Jitsi or are we talking about the new labs feature (Matrix video rooms) that does not involve Jitsi at all. If it is Jitsi, are you sure you use Cloudrons TURN or maybe turn.matrix.org?

          @nebulon said in Configuring Jitsi over 443 to comply with corporate security policies:

          so possibly they just integrated some external service at the moment?

          They use WebRTC for 1:1 rooms and Jitsi for everything else. However, they now switch to Element Call using "Full mesh group calls powered by Matrix, implementing MatrixRTC".

          allanboweA 1 Reply Last reply
          1
          • subvenS subven

            This is most likely because of the TURN server ports.

            5349 (TCP and UDP) TURN server
            50000 - 51000 (UDP) TURN server communication ports

            Are you sure you are using Matrix + Jitsi or are we talking about the new labs feature (Matrix video rooms) that does not involve Jitsi at all. If it is Jitsi, are you sure you use Cloudrons TURN or maybe turn.matrix.org?

            @nebulon said in Configuring Jitsi over 443 to comply with corporate security policies:

            so possibly they just integrated some external service at the moment?

            They use WebRTC for 1:1 rooms and Jitsi for everything else. However, they now switch to Element Call using "Full mesh group calls powered by Matrix, implementing MatrixRTC".

            allanboweA Offline
            allanboweA Offline
            allanbowe
            wrote on last edited by allanbowe
            #4

            Edit: it's definitely jitsi in Matrix, this is what we were presented with for our 3 way (successful) video call, with screen sharing:

            8d4b28c5-9035-4be2-8b68-cec1de5558c7-image.png

            Was just stock cloudron matrix, using the stock cloudron element web client on the customer side of the call.

            95477f5b-1ba7-4641-9d9e-2b72cf274b59-image.png

            We could not do a successful 3-way video call with this same customer, on the same browser, using the stock standalone cloudron jitsi instance.

            We're on cloudron 7.2.5

            1 Reply Last reply
            1
            Reply
            • Reply as topic
            Log in to reply
            • Oldest to Newest
            • Newest to Oldest
            • Most Votes


              • Login

              • Don't have an account? Register

              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search