Getting video chat to work takes quite some time after you've previously gone to great lengths to disable access to recording devices in your OS and all web browsers (including switching off WebRTC and associated functions)...

Follow

Took about half an hour to spin up a Jitsi instance from scratch (they've made it very easy) - but I've now been fighting my own paranoia settings on various devices for an hour or two...

Hrm. Apparently the nginx reverse proxy configuration created by the quickinstall automation is incomplete and doesn't support TCP streaming...

If you drop nginx, video streams work even for a client that sits behind a http proxy and has no other direct outside connectivity.

Show thread

@galaxis
we use matrix/riot for base communication and briar as emergency backup. no need to open masses of ports and risk security. writing+voice + 1:1 video must be enough. :-)

@galaxis Link to what you used? Have that on my to-do list for this afternoon.

@drwho I spun up an Ubuntu LTS VM and just used the official quickinstall docs at github.com/jitsi/jitsi-meet/bl

When you have an apache or nginx preinstalled, the Jitsi package will create a reverse proxy configuration for them, but WebRTC traffic will use UDP.

If you don't, the generated configuration will bind the servlet engine directly to port 443, and WebRTC TCP streaming works out of the box.

There's probably not much missing from the reverse proxy config, but I wasn't motivated to find out.

@galaxis @drwho good to know.

Out of interest, how much ram, cpu, etc. Does it need?

@M0YNG @galaxis I've got it running on 2 CPUs, 4GB RAM. It's not really processor intensive.

@drwho @galaxis thanks for the info. I'm going to try it on a low power vps and wonder how tight I can squeeze that ram requirement...

@M0YNG @galaxis I was originally running Synapse on half that. I had to double it when I installed an integration manager on the same box. If you don't you should be good.

@galaxis Good to know. I'll do some poking around and see what I can figure out.

@galaxis Uh? If you mean clients who can't contact TCP port 4443 or UDP port 10000, you just have to install the videobridge on a separate machine where it will use port 443. This is covered in the #Jitsi manual, IIRC.

@nemobis I was following the quickinstall docs, which presume you have everything on a single system. They don't mention that the reverse proxy configuration is incomplete - but if you have a dedicated system for Jitsi, just dropping the reverse proxy (by not having nginx or apache installed when adding the jisti deb Package) is the most simple solution.

@galaxis I still don't understand what you mean by "incomplete", or what are the exact restrictions on your clients. The packages worked fine for me.

@nemobis I haven't had the time to understand which Jitsi components interact in which way.

I simply observed that when using the default quickinstall setup with a reverse proxy, restricted clients (outbound https only) can't transmit video, but when you use the same quickinstall without reverse proxy, they can.

Sign in to participate in the conversation
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!