RE: ejabberd - Robust, Scalable and Extensible Realtime Server using XMPP, MQTT and SIP

ejabberd would be freakin amazing!!

@opensourced nevermind, i figured it out!

@girish I moved the appsdata folder to another mounted drive -> after creating the symlink (as root) i didn't propperly set the permissions. I fixed it, so all good now. Thanks!

@potemkin_ai Well thats pretty frustrating... jitsi would be a key feature for my clients to decide for cloudron. Anyway, I guess i will invest another afternoon before i will drop my work on this front.

@nebulon If you are interested in debugging this issue, I would be happy to provide a vm with ssh access to get this issue solved. Where can i actually find the cloudron-jitsi repo? Didnt find it on your Github...

@potemkin_ai have you made progess so far?

I have been running into the similar (if not even the same) issue here. My VM is behind a firewall in a LAN. Ports are open and everything is ready to go, but sound and image doesn't work.

The interesting thing is, that running Jitsi on Yunohost, works like a charm. Compared to your situation with your other working instance of Jitsi, i would assume a configuration issue. I have started analyzing the config files, however not found a solution so far.

If i find a solution, i will post it here...

Cheers

In case of dns sinkholes, spamhaus even tells you date & time when the server tried to establish a tcp connection to the sinkholed domain (incl IP). Therefore i know that it is not the previous owner, but my cloudron instance, which apparently made that request.

SSH has never been accessible from wan (furthermore only ssh pub key authentication is set and root login is disabled.

So my question is: I know, that my running cloudron instance (or some app within) is the source of tcp connections targeting sinkhole domains. -> Do I have a possibility within cloudron (, docker or nginx generally) to filter (not block) traffic for certain IPs? I need to find the compromised container.

Traffic analysis on firewall level wont give me the container, therefore it is not really useful.

So I just ran a check on check.spamhaus.org and fount that one of my cloudron instances made a tcp connection to a suspicious ip address, that is part of a dns sinkhole. Therefore it got on a list of probably exploited machines. I checked logs on the server, mail logs, and so on, but could not trace down the application, from which the connection was made.

How can i get more insight in these kind of issues?

@nebulon the oposite is the case. for now i only allowed udp on port 10000.

@nebulon So i see there are several references to conference.jitsi.mydomain.com, should there be an DNS entry for that?

In the last line there might be something: No socket found for 172.18.19.68:10000/udp->10.1.23.114:47429/udp

Jun 29 15:16:07 Jicofo 2022-06-29 15:16:07.207 INFO: [18] [room=test@conference.jitsi.mydomain.com meeting_id=760ece5a-d598-44bd-8fbc-fa7a703cb364] ColibriV2SessionManager.updateParticipant#463: Updating Participant[test@conference.jitsi.mydomain.com/606b8125]@389775379 with transport=org.jitsi.xmpp.extensions.jingle.IceUdpTransportPacketExtension@7685622d, sources=null
Jun 29 15:16:07 172.18.0.1 - - [29/Jun/2022:15:16:07 +0000] "POST /http-bind?room=test HTTP/1.1" 200 346 "-" "okhttp/3.12.1"
Jun 29 15:16:07 JVB 2022-06-29 15:16:07.214 INFO: [58] [confId=ce7c241269d72044 conf_name=test@conference.jitsi.mydomain.com epId=606b8125 stats_id=Darlene-XN4 local_ufrag=7iv6f1g6o0h983 ufrag=7iv6f1g6o0h983 name=stream-606b8125 componentId=1] Component.addUpdateRemoteCandidates#345: Update remote candidate for stream-606b8125.RTP: 10.1.23.114:47429/udp
Jun 29 15:16:07 JVB 2022-06-29 15:16:07.216 INFO: [58] [confId=ce7c241269d72044 conf_name=test@conference.jitsi.mydomain.com epId=606b8125 stats_id=Darlene-XN4 local_ufrag=7iv6f1g6o0h983 ufrag=7iv6f1g6o0h983 name=stream-606b8125 componentId=1] Component.updateRemoteCandidates#482: new Pair added: 172.18.19.68:10000/udp/host -> 10.1.23.114:47429/udp/host (stream-606b8125.RTP).
Jun 29 15:16:07 JVB 2022-06-29 15:16:07.227 INFO: [61] [confId=ce7c241269d72044 conf_name=test@conference.jitsi.mydomain.com=606b8125 stats_id=Darlene-XN4 local_ufrag=7iv6f1g6o0h983 ufrag=7iv6f1g6o0h983] ConnectivityCheckClient.startCheckForPair#350: Could not start connectivity check: No socket found for 172.18.19.68:10000/udp->10.1.23.114:47429/udp

@nebulon I checked the logs but the turn service didn't log anything. I also tried to start the app in recovery mode, but the /var/log/ didnt have anything useful. Are there other ways to get more information out of it?

@nebulon I just tried both modes (i set them in the .json config file) with 3 participants. None was working.

I have been trying to use jitsi for several times now. Until now, I haven't managed to get video and sound to work.

My cloudron instance is running on a vm in a LAN, with a public IP assigned (NAT) which is assigned by a firewall. Ofc i opened the port 10000 (i even opened all ports when i tried to get it to working last time).

Am I the only one with that problem or is further configuration required? I guess its possible that jitsi thinks that the LAN IP is its pub IP, although its not & therefore runs into a problem.

With yunohost, it was very easy to install jitsi -> install & open ports -> done. So i checked some configs there and tried out some things but without success. Help is very much appreciated

If you need some logs (i didn't get useful output in the container logs), tell me which ones...

Thanks in advance

@girish Basically these are php files that make use of db variables and properties defined in the GUI. However, to make (in my opinion essential) customizations, I need to edit these templates. These changes however are mostly to optimize the user experience.

For me they dont need to be editable during runtime. If i could make the changes persist in recovery mode and the restart the app with the adapted files in readonly, that would be perfect.

Best