Unstable connections after some minutes

[rafaelarcanjo]

Hello Jitsi Community,

it’s my first message. I install an Jitsi-Meet to an Debian with Docker. The installation was fine and the web interface is also functional. It’s possible to meet with other participants in the session, but the connection will be closed after 5-30 minutes. In the jvb.log is something like: "[101] org.ice4j.stack.Connector.run: Connector died".

Log JVB:

vb_1      | JVB 2022-02-04 18:33:55.437 WARNING: [48] [confId=ca204e259aaf0e3f epId=d870d9de gid=130129 stats_id=Jamaal-XxH conf_name=teste@muc.meet.jitsi] AbstractEndpointMessageTransport.onMessage#67: Invalid message received (Parameter specified as non-null is null: method org.jitsi.videobridge.message.EndpointStats.put, parameter value (through reference chain: org.jitsi.videobridge.message.EndpointStats["connectionQuality"]): {"colibriClass":"EndpointStats","bitrate":{"upload":989,"download":1112,"audio":{"upload":0,"download":32},"video":{"upload":139,"download":1080}},"packetLoss":{"total":0,"download":0,"upload":0},"connectionQuality":null,"jvbRTT":245,"maxEnabledResolution":360}
jvb_1      | JVB 2022-02-04 18:33:55.850 WARNING: [48] [confId=ca204e259aaf0e3f epId=747f4da9 gid=130129 stats_id=Naomie-ROq conf_name=teste@muc.meet.jitsi] AbstractEndpointMessageTransport.onMessage#67: Invalid message received (Parameter specified as non-null is null: method org.jitsi.videobridge.message.EndpointStats.put, parameter value (through reference chain: org.jitsi.videobridge.message.EndpointStats["connectionQuality"]): {"colibriClass":"EndpointStats","bitrate":{"upload":1015,"download":1097,"audio":{"upload":32,"download":0},"video":{"upload":138,"download":1097}},"packetLoss":{"total":0,"download":0,"upload":0},"connectionQuality":null,"maxEnabledResolution":2160}
jvb_1      | JVB 2022-02-04 18:34:04.445 INFO: [34] HealthChecker.run#171: Performed a successful health check in PT0.000048S. Sticky failure: false
jvb_1      | JVB 2022-02-04 18:34:08.722 INFO: [89] [confId=ca204e259aaf0e3f epId=46254752 gid=130129 stats_id=Hal-pJx conf_name=teste@muc.meet.jitsi] TlsServerImpl.notifyAlertReceived#240: close_notify received, connection closing
jvb_1      | JVB 2022-02-04 18:34:12.398 WARNING: [101] org.ice4j.stack.Connector.run: Connector died: 172.22.0.5:4443/tcp -> 172.93.178.20:38288/tcp
jvb_1      | java.net.SocketException: Failed to receive data from socket.
jvb_1      |    at org.ice4j.socket.DelegatingSocket.receiveFromChannel(DelegatingSocket.java:686)
jvb_1      |    at org.ice4j.socket.DelegatingSocket.receive(DelegatingSocket.java:648)
jvb_1      |    at org.ice4j.socket.MultiplexingSocket.multiplexingXXXSocketSupportDoReceive(MultiplexingSocket.java:339)
jvb_1      |    at org.ice4j.socket.MultiplexingSocket.access$000(MultiplexingSocket.java:34)
jvb_1      |    at org.ice4j.socket.MultiplexingSocket$1.doReceive(MultiplexingSocket.java:77)
jvb_1      |    at org.ice4j.socket.MultiplexingXXXSocketSupport.receive(MultiplexingXXXSocketSupport.java:649)
jvb_1      |    at org.ice4j.socket.MultiplexingSocket.receive(MultiplexingSocket.java:419)
jvb_1      |    at org.ice4j.socket.MultiplexedSocket.receive(MultiplexedSocket.java:161)
jvb_1      |    at org.ice4j.socket.IceTcpSocketWrapper.receive(IceTcpSocketWrapper.java:146)
jvb_1      |    at org.ice4j.ice.harvest.AbstractTcpListener$PushBackIceSocketWrapper.receive(AbstractTcpListener.java:671)
jvb_1      |    at org.ice4j.stack.Connector.run(Connector.java:207)
jvb_1      |    at java.base/java.lang.Thread.run(Thread.java:829)
jvb_1      | JVB 2022-02-04 18:34:12.400 INFO: [80] [confId=ca204e259aaf0e3f epId=d870d9de gid=130129 stats_id=Jamaal-XxH conf_name=teste@muc.meet.jitsi] TlsServerImpl.notifyAlertReceived#240: close_notify received, connection closing
jvb_1      | JVB 2022-02-04 18:34:12.400 WARNING: [101] org.ice4j.stack.NetAccessManager.handleFatalError: Removing connector:ice4j.Connector@172.22.0.5:4443/tcp status:  running
jvb_1      | java.net.SocketException: Failed to receive data from socket.
jvb_1      |    at org.ice4j.socket.DelegatingSocket.receiveFromChannel(DelegatingSocket.java:686)
jvb_1      |    at org.ice4j.socket.DelegatingSocket.receive(DelegatingSocket.java:648)
jvb_1      |    at org.ice4j.socket.MultiplexingSocket.multiplexingXXXSocketSupportDoReceive(MultiplexingSocket.java:339)
jvb_1      |    at org.ice4j.socket.MultiplexingSocket.access$000(MultiplexingSocket.java:34)
jvb_1      |    at org.ice4j.socket.MultiplexingSocket$1.doReceive(MultiplexingSocket.java:77)
jvb_1      |    at org.ice4j.socket.MultiplexingXXXSocketSupport.receive(MultiplexingXXXSocketSupport.java:649)
jvb_1      |    at org.ice4j.socket.MultiplexingSocket.receive(MultiplexingSocket.java:419)
jvb_1      |    at org.ice4j.socket.MultiplexedSocket.receive(MultiplexedSocket.java:161)
jvb_1      |    at org.ice4j.socket.IceTcpSocketWrapper.receive(IceTcpSocketWrapper.java:146)
jvb_1      |    at org.ice4j.ice.harvest.AbstractTcpListener$PushBackIceSocketWrapper.receive(AbstractTcpListener.java:671)
jvb_1      |    at org.ice4j.stack.Connector.run(Connector.java:207)
jvb_1      |    at java.base/java.lang.Thread.run(Thread.java:829)
jvb_1      | JVB 2022-02-04 18:34:12.425 INFO: [102] [confId=ca204e259aaf0e3f gid=130129 stats_id=Jamaal-XxH componentId=1 conf_name=teste@muc.meet.jitsi ufrag=bfmv11fr2u6j6c name=stream-d870d9de epId=d870d9de local_ufrag=bfmv11fr2u6j6c] MergingDatagramSocket$SocketContainer.runInReaderThread#770: Failed to receive: java.net.SocketException: Failed to receive data from socket.
jvb_1      | JVB 2022-02-04 18:34:12.717 WARNING: [77] [confId=ca204e259aaf0e3f gid=130129 stats_id=Jamaal-XxH conf_name=teste@muc.meet.jitsi ufrag=bfmv11fr2u6j6c epId=d870d9de local_ufrag=bfmv11fr2u6j6c] ConnectivityCheckClient.startCheckForPair#374: Failed to send BINDING-REQUEST(0x1)[attrib.count=6 len=92 tranID=0x6CEB03C67E0168AB38476DD9]
jvb_1      | java.lang.IllegalArgumentException: No socket found for 172.22.0.5:4443/tcp->172.93.178.20:38288/tcp
jvb_1      |    at org.ice4j.stack.NetAccessManager.sendMessage(NetAccessManager.java:631)
jvb_1      |    at org.ice4j.stack.NetAccessManager.sendMessage(NetAccessManager.java:581)
jvb_1      |    at org.ice4j.stack.StunClientTransaction.sendRequest0(StunClientTransaction.java:267)
jvb_1      |    at org.ice4j.stack.StunClientTransaction.sendRequest(StunClientTransaction.java:245)
jvb_1      |    at org.ice4j.stack.StunStack.sendRequest(StunStack.java:680)
jvb_1      |    at org.ice4j.ice.ConnectivityCheckClient.startCheckForPair(ConnectivityCheckClient.java:335)
jvb_1      |    at org.ice4j.ice.Agent$StunKeepAliveRunner.sendKeepAlive(Agent.java:2693)
jvb_1      |    at org.ice4j.ice.Agent$StunKeepAliveRunner.run(Agent.java:2671)
jvb_1      |    at org.ice4j.util.PeriodicRunnable.executeRun(PeriodicRunnable.java:206)
jvb_1      |    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
jvb_1      |    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
jvb_1      |    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
jvb_1      |    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
jvb_1      |    at java.base/java.lang.Thread.run(Thread.java:829)
jvb_1      | JVB 2022-02-04 18:34:13.061 INFO: [110] [confId=ca204e259aaf0e3f gid=130129 stats_id=Hal-pJx conf_name=teste@muc.meet.jitsi ufrag=888h61fr2u6l9n epId=46254752 local_ufrag=888h61fr2u6l9n] ConnectivityCheckClient.processTimeout#880: timeout for pair: 78.159.112.135:10000/udp/srflx -> 177.190.177.149:44023/udp/prflx (stream-46254752.RTP), failing.
jvb_1      | JVB 2022-02-04 18:34:14.216 INFO: [83] [confId=ca204e259aaf0e3f epId=747f4da9 gid=130129 stats_id=Naomie-ROq conf_name=teste@muc.meet.jitsi] TlsServerImpl.notifyAlertReceived#240: close_notify received, connection closing

docker-compose.yaml:

version: '3.4'

services:

  # Frontend
  web:
    #image: jitsi/web:stable-6726-1
    image: jitsi/web:stable-6865
    restart: ${RESTART_POLICY}
    ports:
      - '${HTTP_PORT}:80'
      - '${HTTPS_PORT}:443'
    volumes:
      - ${CONFIG}/web:/config:Z
      - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
      - ${CONFIG}/web/body.html:/usr/share/jitsi-meet/body.html:Z
      - ${CONFIG}/web/config.js.default:/defaults/config.js:Z
    environment:
      - ENABLE_COLIBRI_WEBSOCKET
      - ENABLE_FLOC
      - ENABLE_LETSENCRYPT
      - ENABLE_HTTP_REDIRECT
      - ENABLE_HSTS
      - ENABLE_XMPP_WEBSOCKET
      - DISABLE_HTTPS
      - DISABLE_DEEP_LINKING
      - LETSENCRYPT_DOMAIN
      - LETSENCRYPT_EMAIL
      - LETSENCRYPT_USE_STAGING
      - PUBLIC_URL
      - TZ
      - AMPLITUDE_ID
      - ANALYTICS_SCRIPT_URLS
      - ANALYTICS_WHITELISTED_EVENTS
      - CALLSTATS_CUSTOM_SCRIPT_URL
      - CALLSTATS_ID
      - CALLSTATS_SECRET
      - CHROME_EXTENSION_BANNER_JSON
      - CONFCODE_URL
      - CONFIG_EXTERNAL_CONNECT
      - DEFAULT_LANGUAGE
      - DEPLOYMENTINFO_ENVIRONMENT
      - DEPLOYMENTINFO_ENVIRONMENT_TYPE
      - DEPLOYMENTINFO_REGION
      - DEPLOYMENTINFO_SHARD
      - DEPLOYMENTINFO_USERREGION
      - DIALIN_NUMBERS_URL
      - DIALOUT_AUTH_URL
      - DIALOUT_CODES_URL
      - DROPBOX_APPKEY
      - DROPBOX_REDIRECT_URI
      - DYNAMIC_BRANDING_URL
      - ENABLE_AUDIO_PROCESSING
      - ENABLE_AUTH
      - ENABLE_CALENDAR
      - ENABLE_FILE_RECORDING_SERVICE
      - ENABLE_FILE_RECORDING_SERVICE_SHARING
      - ENABLE_GUESTS
      - ENABLE_IPV6
      - ENABLE_LIPSYNC
      - ENABLE_NO_AUDIO_DETECTION
      - ENABLE_P2P
      - ENABLE_PREJOIN_PAGE
      - ENABLE_WELCOME_PAGE
      - ENABLE_CLOSE_PAGE
      - ENABLE_RECORDING
      - ENABLE_REMB
      - ENABLE_REQUIRE_DISPLAY_NAME
      - ENABLE_SIMULCAST
      - ENABLE_STATS_ID
      - ENABLE_STEREO
      - ENABLE_SUBDOMAINS
      - ENABLE_TALK_WHILE_MUTED
      - ENABLE_TCC
      - ENABLE_TRANSCRIPTIONS
      - ETHERPAD_PUBLIC_URL
      - ETHERPAD_URL_BASE
      - GOOGLE_ANALYTICS_ID
      - GOOGLE_API_APP_CLIENT_ID
      - INVITE_SERVICE_URL
      - JICOFO_AUTH_USER
      - MATOMO_ENDPOINT
      - MATOMO_SITE_ID
      - MICROSOFT_API_APP_CLIENT_ID
      - NGINX_RESOLVER
      - NGINX_WORKER_PROCESSES
      - NGINX_WORKER_CONNECTIONS
      - PEOPLE_SEARCH_URL
      - RESOLUTION
      - RESOLUTION_MIN
      - RESOLUTION_WIDTH
      - RESOLUTION_WIDTH_MIN
      - START_AUDIO_ONLY
      - START_AUDIO_MUTED
      - START_WITH_AUDIO_MUTED
      - START_SILENT
      - DISABLE_AUDIO_LEVELS
      - ENABLE_NOISY_MIC_DETECTION
      - START_BITRATE
      - DESKTOP_SHARING_FRAMERATE_MIN
      - DESKTOP_SHARING_FRAMERATE_MAX
      - START_VIDEO_MUTED
      - START_WITH_VIDEO_MUTED
      - TESTING_CAP_SCREENSHARE_BITRATE
      - TESTING_OCTO_PROBABILITY
      - XMPP_AUTH_DOMAIN
      - XMPP_BOSH_URL_BASE
      - XMPP_DOMAIN
      - XMPP_GUEST_DOMAIN
      - XMPP_MUC_DOMAIN
      - XMPP_RECORDER_DOMAIN
      - TOKEN_AUTH_URL
    networks:
      meet.jitsi:
        aliases:
          - ${XMPP_DOMAIN}

  # XMPP server
  prosody:
    #image: jitsi/prosody:stable-6173
    image: jitsi/prosody:stable-6865
    restart: ${RESTART_POLICY}
    expose:
      - '5222'
      - '5347'
      - '5280'
    volumes:
      - ${CONFIG}/prosody/config:/config:Z
      - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
      - ${CONFIG}/prosody/config/mod_muc_lobby_rooms.lua:/prosody-plugins/mod_muc_lobby_rooms.lua:Z
    environment:
      - AUTH_TYPE
      - ENABLE_AUTH
      - ENABLE_GUESTS
      - ENABLE_LOBBY
      - ENABLE_AV_MODERATION
      - ENABLE_XMPP_WEBSOCKET
      - GLOBAL_MODULES
      - GLOBAL_CONFIG
      - LDAP_URL
      - LDAP_BASE
      - LDAP_BINDDN
      - LDAP_BINDPW
      - LDAP_FILTER
      - LDAP_AUTH_METHOD
      - LDAP_VERSION
      - LDAP_USE_TLS
      - LDAP_TLS_CIPHERS
      - LDAP_TLS_CHECK_PEER
      - LDAP_TLS_CACERT_FILE
      - LDAP_TLS_CACERT_DIR
      - LDAP_START_TLS
      - XMPP_DOMAIN
      - XMPP_AUTH_DOMAIN
      - XMPP_GUEST_DOMAIN
      - XMPP_MUC_DOMAIN
      - XMPP_INTERNAL_MUC_DOMAIN
      - XMPP_MODULES
      - XMPP_MUC_MODULES
      - XMPP_INTERNAL_MUC_MODULES
      - XMPP_RECORDER_DOMAIN
      - XMPP_CROSS_DOMAIN
      - JICOFO_COMPONENT_SECRET
      - JICOFO_AUTH_USER
      - JICOFO_AUTH_PASSWORD
      - JVB_AUTH_USER
      - JVB_AUTH_PASSWORD
      - JIGASI_XMPP_USER
      - JIGASI_XMPP_PASSWORD
      - JIBRI_XMPP_USER
      - JIBRI_XMPP_PASSWORD
      - JIBRI_RECORDER_USER
      - JIBRI_RECORDER_PASSWORD
      - JWT_APP_ID
      - JWT_APP_SECRET
      - JWT_ACCEPTED_ISSUERS
      - JWT_ACCEPTED_AUDIENCES
      - JWT_ASAP_KEYSERVER
      - JWT_ALLOW_EMPTY
      - JWT_AUTH_TYPE
      - JWT_TOKEN_AUTH_MODULE
      - LOG_LEVEL
      - PUBLIC_URL
      - TZ
    networks:
      meet.jitsi:
        aliases:
          - ${XMPP_SERVER}

  # Focus component
  jicofo:
    #image: jitsi/jicofo:stable-6726-1
    image: jitsi/jicofo:stable-6865
    restart: ${RESTART_POLICY}
    ports:
      - "8888:8888"
    volumes:
      - ${CONFIG}/jicofo:/config:Z
    environment:
      - AUTH_TYPE
      - BRIDGE_AVG_PARTICIPANT_STRESS
      - BRIDGE_STRESS_THRESHOLD
      - ENABLE_AUTH
      - ENABLE_AUTO_OWNER
      - ENABLE_CODEC_VP8
      - ENABLE_CODEC_VP9
      - ENABLE_CODEC_H264
      - ENABLE_OCTO
      - ENABLE_RECORDING
      - ENABLE_SCTP
      - JICOFO_AUTH_USER
      - JICOFO_AUTH_PASSWORD
      - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
      - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
      - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
      - JICOFO_ENABLE_HEALTH_CHECKS
      - JICOFO_SHORT_ID
      - JICOFO_RESERVATION_ENABLED
      - JICOFO_RESERVATION_REST_BASE_URL
      - JIBRI_BREWERY_MUC
      - JIBRI_REQUEST_RETRIES
      - JIBRI_PENDING_TIMEOUT
      - JIGASI_BREWERY_MUC
      - JIGASI_SIP_URI
      - JVB_BREWERY_MUC
      - MAX_BRIDGE_PARTICIPANTS
      - OCTO_BRIDGE_SELECTION_STRATEGY
      - TZ
      - XMPP_DOMAIN
      - XMPP_AUTH_DOMAIN
      - XMPP_INTERNAL_MUC_DOMAIN
      - XMPP_MUC_DOMAIN
      - XMPP_SERVER
    depends_on:
      - prosody
    networks:
      meet.jitsi:

  # Video bridge
  jvb:
    #image: jitsi/jvb:stable-6726-1
    image: jitsi/jvb:stable-6865
    restart: ${RESTART_POLICY}
    ports:
      - '${JVB_PORT}:${JVB_PORT}/udp'
      - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
      - '9090:9090'
    volumes:
      - ${CONFIG}/jvb:/config:Z
      - ${CONFIG}/jvb/jvb.conf.default:/defaults/jvb.conf:Z
    environment:
      - ENABLE_COLIBRI_WEBSOCKET
      - ENABLE_OCTO
      - DOCKER_HOST_ADDRESS
      - XMPP_AUTH_DOMAIN
      - XMPP_INTERNAL_MUC_DOMAIN
      - XMPP_SERVER
      - JVB_AUTH_USER
      - JVB_AUTH_PASSWORD
      - JVB_BREWERY_MUC
      - JVB_PORT
      - JVB_TCP_HARVESTER_DISABLED
      - JVB_TCP_PORT
      - JVB_TCP_MAPPED_PORT
      - JVB_STUN_SERVERS
      - JVB_ENABLE_APIS
      - JVB_WS_DOMAIN
      - JVB_WS_SERVER_ID
      - PUBLIC_URL
      - JVB_OCTO_BIND_ADDRESS
      - JVB_OCTO_PUBLIC_ADDRESS
      - JVB_OCTO_BIND_PORT
      - JVB_OCTO_REGION
      - TZ
    depends_on:
      - prosody
    networks:
      meet.jitsi:
        aliases:
          - jvb.meet.jitsi

  # Jibri
  jibri:
    build:
      context: .
      args:
        BASE_IMAGE: jitsi/jibri
        BASE_TAG: stable-6173
    image: "jibri-pulseaudio:${IMAGE_TAG:-dev}"
    restart: ${RESTART_POLICY}
    cap_add:
      - SYS_ADMIN
      - NET_BIND_SERVICE
    volumes:
      - ${CONFIG}/jibri:/config:Z
      - /dev/shm:/dev/shm
    devices:
      - /dev/snd:/dev/snd
    environment:
      - DISPLAY=:0
      - JIBRI_ALL_MUTED_TIMEOUT
      - JIBRI_BREWERY_MUC
      - JIBRI_CALL_EMPTY_TIMEOUT
      - JIBRI_FFMPEG_RESOLUTION
      - JIBRI_FFMPEG_AUDIO_SOURCE
      - JIBRI_FFMPEG_AUDIO_DEVICE
      - JIBRI_FINALIZE_RECORDING_SCRIPT_PATH
      - JIBRI_LOGS_DIR
      - JIBRI_NO_MEDIA_TIMEOUT
      - JIBRI_RECORDER_PASSWORD
      - JIBRI_RECORDER_USER
      - JIBRI_RECORDING_DIR
      - JIBRI_STRIP_DOMAIN_JID
      - JIBRI_USAGE_TIMEOUT
      - JIBRI_XMPP_PASSWORD
      - JIBRI_XMPP_USER
      - TZ
      - XMPP_AUTH_DOMAIN
      - XMPP_DOMAIN
      - XMPP_INTERNAL_MUC_DOMAIN
      - XMPP_RECORDER_DOMAIN
      - XMPP_SERVER
    links:
      - web:meet.pt
    depends_on:
      - jicofo
    networks:
      meet.jitsi:
        aliases:
          - jibri.meet.jitsi

            #dockerize:
            #    image: jwilder/dockerize

# Custom network so all services can communicate using a FQDN
networks:
    meet.jitsi:

.env

##################$

# shellcheck disable=SC2034

# Security
#
# Set these to strong passwords to avoid intruders from impersonating a service account
# The service(s) won't start unless these are specified
# You may skip the Jigasi and Jibri passwords if you are not using those
# DO NOT reuse passwords

# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD=736fc9725cc5679e6ed40295be352f8b

# XMPP password for JVB client connections
JVB_AUTH_PASSWORD=a0a25bf16a451f33ef68b4709fae7449

# XMPP password for Jigasi MUC client connections
JIGASI_XMPP_PASSWORD=d82c9910a15d33dbb462cea3cab91b6e

# XMPP recorder password for Jibri client connections
JIBRI_RECORDER_PASSWORD=4d46757fe81c1333f14a0b7351817e0c

# XMPP password for Jibri client connections
JIBRI_XMPP_PASSWORD=48f4f632dffa93042d25a936be54887a

#
# Basic configuration options
#

# Directory where all configuration will be stored
CONFIG=./jitsi-meet-cfg

# Exposed HTTP port
HTTP_PORT=8000

# Exposed HTTPS port
HTTPS_PORT=443

# System time zone
TZ=UTC

# Public URL for the web service (required)
#PUBLIC_URL=https://meet.jitsi:443
PUBLIC_URL=https://meet.pt:443

# IP address of the Docker host
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
DOCKER_HOST_ADDRESS=MY_PUBLIC_IP
DOCKER_HOST_NAME=meet.pt

# Control whether the lobby feature should be enabled or not
ENABLE_LOBBY=1

# Control whether the A/V moderation should be enabled or not
ENABLE_AV_MODERATION=1

# Show a prejoin page before entering a conference
ENABLE_PREJOIN_PAGE=1

# Enable the welcome page
#ENABLE_WELCOME_PAGE=1

# Enable the close page
ENABLE_CLOSE_PAGE=1

# Disable measuring of audio levels
#DISABLE_AUDIO_LEVELS=0

# Enable noisy mic detection
#ENABLE_NOISY_MIC_DETECTION=1

#
# Let's Encrypt configuration
#

# Enable Let's Encrypt certificate generation
#ENABLE_LETSENCRYPT=1

# Domain for which to generate the certificate
#LETSENCRYPT_DOMAIN=meet.example.com

# E-Mail for receiving important account notifications (mandatory)
#LETSENCRYPT_EMAIL=alice@atlanta.net

# Use the staging server (for avoiding rate limits while testing)
#LETSENCRYPT_USE_STAGING=1

#
# Etherpad integration (for document sharing)
#

# Set etherpad-lite URL in docker local network (uncomment to enable)
#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001

# Set etherpad-lite public URL (uncomment to enable)
#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain

# Name your etherpad instance!
ETHERPAD_TITLE=Video Chat

# The default text of a pad
ETHERPAD_DEFAULT_PAD_TEXT=Welcome to Web Chat!\n\n

# Name of the skin for etherpad
ETHERPAD_SKIN_NAME=colibris

# Skin variants for etherpad
ETHERPAD_SKIN_VARIANTS=super-light-toolbar super-light-editor light-background full-width-editor

#
# Basic Jigasi configuration options (needed for SIP gateway support)
#

# SIP URI for incoming / outgoing calls
#JIGASI_SIP_URI=test@sip2sip.info

# Password for the specified SIP account as a clear text
#JIGASI_SIP_PASSWORD=passw0rd

# SIP server (use the SIP account domain if in doubt)
#JIGASI_SIP_SERVER=sip2sip.info

# SIP server port
#JIGASI_SIP_PORT=5060

# SIP server transport
#JIGASI_SIP_TRANSPORT=UDP

#
# Authentication configuration (see handbook for details)
#

# Enable authentication
ENABLE_AUTH=1

# Enable guest access
ENABLE_GUESTS=1

# Select authentication type: internal, jwt or ldap
AUTH_TYPE=internal

# JWT authentication
#

# Application identifier
#JWT_APP_ID=my_jitsi_app_id

# Application secret known only to your token
#JWT_APP_SECRET=my_jitsi_app_secret

# (Optional) Set asap_accepted_issuers as a comma separated list
#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client

# (Optional) Set asap_accepted_audiences as a comma separated list
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2

# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
#

# LDAP url for connection
#LDAP_URL=ldaps://ldap.domain.com/

# LDAP base DN. Can be empty
#LDAP_BASE=DC=example,DC=domain,DC=com

# LDAP user DN. Do not specify this parameter for the anonymous bind
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com

# LDAP user password. Do not specify this parameter for the anonymous bind
#LDAP_BINDPW=LdapUserPassw0rd

# LDAP filter. Tokens example:
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
# %s - %s is replaced by the complete service string
# %r - %r is replaced by the complete realm string
#LDAP_FILTER=(sAMAccountName=%u)

# LDAP authentication method
#LDAP_AUTH_METHOD=bind

# LDAP version
#LDAP_VERSION=3

# LDAP TLS using
#LDAP_USE_TLS=1

# List of SSL/TLS ciphers to allow
#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC

# Require and verify server certificate
#LDAP_TLS_CHECK_PEER=1

# Path to CA cert file. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt

# Path to CA certs directory. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_DIR=/etc/ssl/certs

# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
# LDAP_START_TLS=1

#
# Advanced configuration options (you generally don't need to change these)
#

# Internal XMPP domain
XMPP_DOMAIN=meet.jitsi

# Internal XMPP server
XMPP_SERVER=xmpp.meet.jitsi

# Internal XMPP server URL
XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280

# Internal XMPP domain for authenticated services
XMPP_AUTH_DOMAIN=auth.meet.jitsi

# XMPP domain for the MUC
XMPP_MUC_DOMAIN=muc.meet.jitsi

# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi

# XMPP domain for unauthenticated users
XMPP_GUEST_DOMAIN=guest.meet.jitsi

# Comma separated list of domains for cross domain policy or "true" to allow all
# The PUBLIC_URL is always allowed
XMPP_CROSS_DOMAIN=true

# Custom Prosody modules for XMPP_DOMAIN (comma separated)
XMPP_MODULES=

# Custom Prosody modules for MUC component (comma separated)
XMPP_MUC_MODULES=

# Custom Prosody modules for internal MUC component (comma separated)
XMPP_INTERNAL_MUC_MODULES=

# MUC for the JVB pool
JVB_BREWERY_MUC=jvbbrewery

# XMPP user for JVB client connections
JVB_AUTH_USER=jvb

# STUN servers used to discover the server's public IP
#JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443
JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302

# Media port for the Jitsi Videobridge
JVB_PORT=10000

# TCP Fallback for Jitsi Videobridge for when UDP isn't available
# AQUI JVB_TCP_HARVESTER_DISABLED=true
JVB_TCP_HARVESTER_DISABLED=false
JVB_TCP_PORT=4443
JVB_TCP_MAPPED_PORT=4443

# A comma separated list of APIs to enable when the JVB is started [default: none]
# See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information
JVB_ENABLE_APIS=rest,colibri

# XMPP user for Jicofo client connections.
# NOTE: this option doesn't currently work due to a bug
JICOFO_AUTH_USER=focus

# Base URL of Jicofo's reservation REST API
#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com

# Enable Jicofo's health check REST API (http://<jicofo_base_url>:8888/about/health)
JICOFO_ENABLE_HEALTH_CHECKS=false

# XMPP user for Jigasi MUC client connections
JIGASI_XMPP_USER=jigasi

# MUC name for the Jigasi pool
JIGASI_BREWERY_MUC=jigasibrewery

# Minimum port for media used by Jigasi
JIGASI_PORT_MIN=20000

# Maximum port for media used by Jigasi
JIGASI_PORT_MAX=20050

# Enable SDES srtp
#JIGASI_ENABLE_SDES_SRTP=1

# Keepalive method
#JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS

# Health-check extension
#JIGASI_HEALTH_CHECK_SIP_URI=keepalive

# Health-check interval
#JIGASI_HEALTH_CHECK_INTERVAL=300000
#
# Enable Jigasi transcription
#ENABLE_TRANSCRIPTIONS=1

# Jigasi will record audio when transcriber is on [default: false]
#JIGASI_TRANSCRIBER_RECORD_AUDIO=true

# Jigasi will send transcribed text to the chat when transcriber is on [default: false]
#JIGASI_TRANSCRIBER_SEND_TXT=true

# Jigasi will post an url to the chat with transcription file [default: false]
#JIGASI_TRANSCRIBER_ADVERTISE_URL=true

# Credentials for connect to Cloud Google API from Jigasi
# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol
# section "Before you begin" paragraph 1 to 5
# Copy the values from the json to the related env vars
#GC_PROJECT_ID=
#GC_PRIVATE_KEY_ID=
#GC_PRIVATE_KEY=
#GC_CLIENT_EMAIL=
#GC_CLIENT_ID=
#GC_CLIENT_CERT_URL=

# Enable recording
ENABLE_RECORDING=1

# XMPP domain for the jibri recorder
XMPP_RECORDER_DOMAIN=recorder.meet.jitsi

# XMPP recorder user for Jibri client connections
JIBRI_RECORDER_USER=recorder

# Directory for recordings inside Jibri container
JIBRI_RECORDING_DIR=/config/recordings

# The finalizing script. Will run after recording is complete
# By default, we call a program that does nothing.
JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/usr/bin/true

# Jibri recording resolution
JIBRI_FFMPEG_RESOLUTION=640x480

# ffmpeg audio configuration
JIBRI_FFMPEG_AUDIO_SOURCE=pulse
JIBRI_FFMPEG_AUDIO_DEVICE=default

# XMPP user for Jibri client connections
JIBRI_XMPP_USER=jibri

# MUC name for the Jibri pool
JIBRI_BREWERY_MUC=jibribrewery

# MUC connection timeout
JIBRI_PENDING_TIMEOUT=90

# If all clients have their audio and video muted and if Jibri does not
# detect any data stream (audio or video) comming in, it will stop
# recording after JIBRI_NO_MEDIA_TIMEOUT expires.
JIBRI_NO_MEDIA_TIMEOUT="30 seconds"

# If all clients have their audio and video muted, Jibri consideres this
# as an empty call and stops the recording after JIBRI_ALL_MUTED_TIMEOUT expires.
JIBRI_ALL_MUTED_TIMEOUT="10 minutes"

# When detecting if a call is empty, Jibri takes into consideration for how
# long the call has been empty already. If it has been empty for more than
# JIBRI_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
JIBRI_CALL_EMPTY_TIMEOUT="30 seconds"

# When jibri gets a request to start a service for a room, the room
# jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain
# We'll build the url for the call by transforming that into:
# https://xmpp_domain/subdomain/roomName
# So if there are any prefixes in the jid (like jitsi meet, which
# has its participants join a muc at conference.xmpp_domain) then
# list that prefix here so it can be stripped out to generate
# the call url correctly
JIBRI_STRIP_DOMAIN_JID=muc

# Directory for logs inside Jibri container
JIBRI_LOGS_DIR=/config/logs

# How long Jibri sessions will be allowed to last before
# they are stopped.  A value of 0 allows them to go on
# indefinitely
JIBRI_USAGE_TIMEOUT=0

# Disable HTTPS: handle TLS connections outside of this setup
#DISABLE_HTTPS=1

# Enable FLoC
# Opt-In to Federated Learning of Cohorts tracking
#ENABLE_FLOC=0

# Redirect HTTP traffic to HTTPS
# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
#ENABLE_HTTP_REDIRECT=1

# Send a `strict-transport-security` header to force browsers to use
# a secure and trusted connection. Recommended for production use.
# Defaults to 1 (send the header).
# ENABLE_HSTS=1

# Enable IPv6
# Provides means to disable IPv6 in environments that don't support it (get with the times, people!)
#ENABLE_IPV6=1

# Container restart policy
# Defaults to unless-stopped
RESTART_POLICY=always

# Authenticate using external service or just focus external auth window if there is one already.
# TOKEN_AUTH_URL=https://auth.meet.example.com/{room}
CHROMIUM_FLAGS="--use-fake-ui-for-media-stream,--start-maximized,--kiosk,--enabled,--disable-infobars,--autoplay-policy=no-user-gesture-required,--ignore-certificate-errors"

RESOLUTION=480
RESOLUTION_MIN=240
RESOLUTION_WIDTH=640
RESOLUTION_WIDTH_MIN=320

START_AUDIO_ONLY=false
START_AUDIO_MUTED=false
START_WITH_AUDIO_MUTED=false
START_VIDEO_MUTED=false
START_WITH_VIDEO_MUTED=false

NGINX config:

server {
    listen 80;
    server_name meet.pt;

    location /.well-known {
        allow all;
        default_type "text/plain";
        root /usr/share/nginx/html;
        break;
    }

    location / {
        return 301 https://meet.pt$request_uri;
    }
}

server {
    listen 443 ssl http2;
    server_name meet.pt;

    ssl_certificate /etc/letsencrypt/live/meet.pt/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/meet.pt/privkey.pem;

    set $upstream PRIVATE_IP;

    # colibri (JVB) websockets for jvb1
    location ~ ^/colibri-ws/jvb1/(.*) {
        proxy_pass http://$upstream:9090/colibri-ws/jvb1/$1$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        tcp_nodelay on;
    }

    location / {
        proxy_pass http://$upstream:8000;
        proxy_set_header Host $host;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

NAT for the ports 4443/tcp and 10000-20000/udp.

Any help would be appreciated!

Thanks

[mod242]

We have the exact same issues here with similar log-events, also on build 6865. Really can't comprehend what's going on

[mammo0]

Same here... Reverting back to stable-6826 helped to avoid the socket exceptions.

[somzoli]

Same here. After reverting back to 6826 seems to work

[bgrozev]

There are two different exceptions in this report. I don't know why the cause of the first one, but it's in ICE/TCP code. ICE/TCP has been deprecated in favor of TURN/TLS and isn't supposed to be enabled.

Edit: @saghul just disabled ICE/TCP in #1223

The second exception is harmless. A recent change in ice4j exposed it in the logs, but it has been thrown for a long time. It happens when ice4j tries to send a packet through the udp/10000 socket before it has received a packet from a client. As soon as it receives a packet from the client the socket is initialized and subsequent attempts are successful. We don't have an easy fix for now, so just ignore it.

JVB 2022-02-04 18:34:12.717 WARNING: [77] [confId=ca204e259aaf0e3f gid=130129 stats_id=Jamaal-XxH conf_name=teste@muc.meet.jitsi ufrag=bfmv11fr2u6j6c epId=d870d9de local_ufrag=bfmv11fr2u6j6c] ConnectivityCheckClient.startCheckForPair#374: Failed to send BINDING-REQUEST(0x1)[attrib.count=6 len=92 tranID=0x6CEB03C67E0168AB38476DD9] jvb_1 | java.lang.IllegalArgumentException: No socket found for 172.22.0.5:4443/tcp->172.93.178.20:38288/tcp jvb_1 | at org.ice4j.stack.NetAccessManager.sendMessage(NetAccessManager.java:631) jvb_1 | at org.ice4j.stack.NetAccessManager.sendMessage(NetAccessManager.java:581) jvb_1 | at org.ice4j.stack.StunClientTransaction.sendRequest0(StunClientTransaction.java:267) jvb_1 | at org.ice4j.stack.StunClientTransaction.sendRequest(StunClientTransaction.java:245) jvb_1 | at org.ice4j.stack.StunStack.sendRequest(StunStack.java:680) jvb_1 | at org.ice4j.ice.ConnectivityCheckClient.startCheckForPair(ConnectivityCheckClient.java:335) jvb_1 | at org.ice4j.ice.Agent$StunKeepAliveRunner.sendKeepAlive(Agent.java:2693) jvb_1 | at org.ice4j.ice.Agent$StunKeepAliveRunner.run(Agent.java:2671) jvb_1 | at org.ice4j.util.PeriodicRunnable.executeRun(PeriodicRunnable.java:206) jvb_1 | at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) jvb_1 | at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) jvb_1 | at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) jvb_1 | at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) jvb_1 | at java.base/java.lang.Thread.run(Thread.java:829)

[saghul]

Thanks Boris!

[mammo0]

Ok, thank you. Then I will wait until the new release.

[rafaelarcanjo]

Hi,

I applied the changes described there https://github.com/jitsi/docker-jitsi-meet/pull/1223 and downgrade to version stable-6826 but the problems continued :(

[mammo0]

@rafaelarcanjo You mean the unstable connection? I had this also some time ago. Couldn't find out what caused this issue. But I solved it by disabling P2P connections.

Simply add

ENABLE_P2P=false

to the .env file.

[rafaelarcanjo]

@mammo0 Thanks! We will test.

[rafaelarcanjo]

@mammo0 same problem :(

[mammo0]

OK, it was worth a try. But unfortunately I can't help you any further.

[IgorOhrimenko]

I have the same issue. It is the one wi-fi, and PC dropped connection, but mobile does not. Downgrade to 6826 does not solve the problem. jitsi run from docker-compose.yaml, 10000 expose without NAT.

[somzoli]

Hi,

In 7210 release also exist this problem. Anybody found a solution for this?

[xeruf]

Had the same issue, upgraded to 7287 and it seems fine so far

[xeruf]

nope...

[cagriertek1]

any solution for this?

[saghul]

Have you updated to the latest version?

[cagriertek1]

no, not yet. is latest versiyon fixes this issue? if fixes, i missed the point

[saghul]

We don't see this problem in our testing.

There are too many moving parts here, so generally, being on the latest stable is the best option.