docker-setup with stable-7287 in AWS ECS & Loadbalancer not working for morethan 2 participants

[nikhilgoud]

I've configured the setup in AWS ECS following the steps mentioned here https://aws.amazon.com/blogs/opensource/getting-started-with-jitsi-an-open-source-web-conferencing-solution/

There are too many console errors and also errors related to colibri-ws websocket connection the setup is only working for 2 participants, I've modified the following env variables only PUBLIC_URL = 'added loadbalancer url' ENABLE_AUTH = 0 JIBRI_RECORDER_PASSWORD, JIBRI_XMPP_PASSWORDJICOFO_AUTH_PASSWORD, JIGASI_XMPP_PASSWORD, JVB_AUTH_PASSWORD = generate a random passwd and added to these

Please let me know if I'm missing any additional configurations

[saghul]

What images version are you using?

[nikhilgoud]

What images version are you using?

stable-7287: release

[saghul]

Please try the -2 release, I fixed a bug hat would have explained what you see.

[nikhilgoud]

Please try the -2 release, I fixed a bug hat would have explained what you see.

Thank you , Let me try and get back

[nikhilgoud]

Please try the -2 release, I fixed a bug hat would have explained what you see.

Still the same error @saghul

[saghul]

Are you sure you recreated the containers? I still see the IP missing in the URL.

[nikhilgoud]

Yes, used new setup Do I need to set any additional env variables?

[saghul]

No, that's automatically set in -2. I cannot reproduce your issue.

[nikhilgoud]

As my setup includes AWS ECS and also a loadbalancer url Am I missing anything like setting the DOCKER_HOST_ADDRESS

anyhow it is not mentioned in https://aws.amazon.com/blogs/opensource/getting-started-with-jitsi-an-open-source-web-conferencing-solution/

[saghul]

No it's not that. This is the commit which fixed it: https://github.com/jitsi/docker-jitsi-meet/commit/8d5a9cf1c925cfea3095ded391a3176a48478f4d

That's because I removed most of the config and made it default, but forgot to handle the case of XMPP_SERVER in the jvb container.

You can try inspecting a running container to check if that line is there.

Also please paste the generated jvb.conf please.

[nikhilgoud]

that line is there

please look at the generated jvb.conf in the docker container

videobridge {
    ice {
        udp {
            port = 10000
        }
    }
    apis {
        xmpp-client {
            configs {

                shard0 {
                    HOSTNAME = "xmpp.meet.jitsi"
                    PORT = "5222"
                    DOMAIN = "auth.meet.jitsi"
                    USERNAME = "jvb"
                    PASSWORD = "Q!A@z3w4"
                    MUC_JIDS = "jvbbrewery@internal-muc.meet.jitsi"
                    MUC_NICKNAME = "139b24c6aaa0"
                    DISABLE_CERTIFICATE_VERIFICATION = true
                }

            }
        }
        rest {
            enabled = false
        }
    }
    rest {
        shutdown {
            enabled = false
        }
    }
    stats {
        enabled = true
    }
    websockets {
        enabled = true
        domain = "#######.###" #public url is added here, I've masked it with #
        tls = true
        server-id = ""
    }
    http-servers {
        private {
          host = 0.0.0.0
        }
        public {
            host = 0.0.0.0
            port = 9090
        }
    }

    }

ice4j {
    harvest {
        mapping {
            stun {
addresses = [ "meet-jit-si-turnrelay.jitsi.net:443" ]
}
            static-mappings = [
]
        }
    }
}

[saghul]

The problem is server-id is the empty string. Can you try running the commands that script does by hand to see what doesn't return the expected result?

[nikhilgoud]

What value should server-id get mapped to?

Only this is there on running the script in an EC2 machine

ubuntu@ip:~$ sudo cat /etc/jitsi/videobridge/jvb.conf
videobridge {
    http-servers {
        public {
            port = 9090
        }
    }
    websockets {
        enabled = true
        domain = "#######.###" #public url is added here, I've masked it with #
        tls = true
    }
}

[saghul]

It should be mapped to the private IP of the container. The web container will forward data channels to that IP port 9090.

[nikhilgoud]

Is there any way to map that manually? I've tried setting the env variable XMPP_SERVER and deployed once again, still getting the same issue

Not sure of what am I missing here

[saghul]

Are you passing all variables that our compose file passes?

[nikhilgoud]

Not all the variables, I've copied the .env.example file and modied the below variables

PUBLIC_URL = 'added loadbalancer url' ENABLE_AUTH = 0 JIBRI_RECORDER_PASSWORD, JIBRI_XMPP_PASSWORDJICOFO_AUTH_PASSWORD, JIGASI_XMPP_PASSWORD, JVB_AUTH_PASSWORD XMPP_SERVER=xmpp.meet.jitsi

[saghul]

Can you try to get a shell and run this in the container:

XMPP_SERVER_IP=$(dig +short +search ${XMPP_SERVER})

echo $XMPP_SERVER_IP

ip route get ${XMPP_SERVER_IP} | grep -oP '(?<=src ).*' | awk '{ print $1 '}

[nikhilgoud]

not getting the IP

root@ddc57961cba1:/# dig $XMPP_SERVER

; <<>> DiG 9.16.27-Debian <<>> xmpp.meet.jitsi
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52627
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xmpp.meet.jitsi.               IN      A

;; Query time: 0 msec
;; SERVER: 172.16.0.2#53(172.16.0.2)
;; WHEN: Fri Jun 24 10:53:23 UTC 2022
;; MSG SIZE  rcvd: 44

[saghul]

Interesting. That FQDN doesn't need to be real but it needs to be resolved to the IP address of the Prosody container.

What does the AWS guide you set that to?

[ShreyasBhaktharam]

Hi. I'm also facing the same issue after following the steps mentioned in this guide: https://aws.amazon.com/blogs/opensource/getting-started-with-jitsi-an-open-source-web-conferencing-solution/

The version I'm using is stable-7287-2

I've followed all the steps listed in the issue and I'm stuck at the same step. The AWS guide does not tell us to resolve the IP address of the prosody container. How can we do that manually?

[BMA-Ronan]

Hi,

I'm working on this too. So when you use the following task in AWS guide :
Scroll down to the Network Settings and in the box called Links enter prosody:xmpp.meet.jitsi.
Select the Prosody container, and scroll down to the Network settings, and this time enter xmpp.meet.jitsi in the Hostname and then click on Update.
That's create host config in /etc/hosts, but can't be resolve by tools like dig / nslookup .. My solution, create cloudmap namespace meet.jitsi, add service xmpp and Service instance to the IP of EC2, but this manual task like container definitions update is not the best way for IaC deployment (docker compose with ecs handle cloudmap but doesn't support ECS with EC2 deploment, only FARGATE) ..

Also I ran into a WS url problem, my websocket config is good now :
websockets { enabled = true domain = "%PUBLIC_IP%:443" tls = true server-id = "%PRIVATE_IP%" }. But when I try to create and join room the websocker url isn't good :
Firefox can’t establish a connection to the server at wss://localhost:8443/xmpp-websocket?room=test.

edit 1:
I fixed my WS url problem. I use IP instead of Domain Name.

Sorry for my bad english,

Ronan

[BMA-Ronan]

Now everything work fine. I have exported my task definition to docker-compose file, and links are configured directly, no more manual task to do except CloudMap config :

version: "3"
services:
  jicofo:
    environment:
      AWS_CONTAINER_CREDENTIALS_RELATIVE_URI: /creds
      ECS_CONTAINER_METADATA_URI: http://169.254.170.2/v3
      JICOFO_AUTH_PASSWORD: XXXXX
      SENTRY_DSN: '"0"'
      TZ: UTC
    image: jitsi/jicofo:stable-7439-2
    labels:
      ecs-local.task-definition-input.type: remote
      ecs-local.task-definition-input.value: docker-compose
    links:
    - prosody:xmpp.meet.jitsi
    networks:
      ecs-local-network: null
  jvb:
    environment:
      AWS_CONTAINER_CREDENTIALS_RELATIVE_URI: /creds
      ECS_CONTAINER_METADATA_URI: http://169.254.170.2/v3
      JVB_AUTH_PASSWORD: XXXXXX
      PUBLIC_URL: meet.domain.name.com
      SENTRY_DSN: '"0"'
      TZ: UTC
    image: jitsi/jvb:stable-7439-2
    labels:
      ecs-local.task-definition-input.type: remote
      ecs-local.task-definition-input.value: docker-compose
    links:
    - prosody:xmpp.meet.jitsi
    networks:
      ecs-local-network: null
    ports:
    - 10000:10000/udp
    - 8080:8080
  prosody:
    environment:
      AUTH_TYPE: ""
      AWS_CONTAINER_CREDENTIALS_RELATIVE_URI: /creds
      ECS_CONTAINER_METADATA_URI: http://169.254.170.2/v3
      JIBRI_RECORDER_PASSWORD: XXXXX
      JIBRI_XMPP_PASSWORD: XXXXX
      JICOFO_AUTH_PASSWORD: XXXXX
      JIGASI_XMPP_PASSWORD: XXXXX
      JVB_AUTH_PASSWORD: XXXXX
      PUBLIC_URL: meet.domain.name.com
      TZ: UTC
    hostname: xmpp.meet.jitsi
    image: jitsi/prosody:stable-7439-2
    labels:
      ecs-local.task-definition-input.type: remote
      ecs-local.task-definition-input.value: docker-compose
    networks:
      ecs-local-network: null
  web:
    environment:
      AWS_CONTAINER_CREDENTIALS_RELATIVE_URI: /creds
      ECS_CONTAINER_METADATA_URI: http://169.254.170.2/v3
      ENABLE_LETSENCRYPT: "1"
      LETSENCRYPT_DOMAIN: meet.domain.name.com
      LETSENCRYPT_EMAIL: username@mail.com
      PUBLIC_URL: meet.domain.name.com
      TZ: UTC
    image: jitsi/web:stable-7439-2
    labels:
      ecs-local.task-definition-input.type: remote
      ecs-local.task-definition-input.value: docker-compose
    links:
    - prosody:xmpp.meet.jitsi
    networks:
      ecs-local-network: null
    ports:
    - 80:80
    - 443:443
networks:
  ecs-local-network:
    external: true

Now I will push that as service, and work to have more JVB task in second service.

Hope this help some one.

edit 1 : rework compose file (ports) for version 3 compatibility with ecs-cli

Ronan

[gitbhavesh07]

@BMA-Ronan , Will you be able to share the latest task definition file to host the jitsi in ECS