Jitsi black screen on fresh install

[Matt-CyberGuy]

Hey all,

It's been awhile since I setup a new jitsi server, I've been successful in the past, but for some reason I'm just striking out. I've recently spun up a new droplet on digital ocean running Ubuntu 22.04 and no matter how vanilla and to the T I do the install, I can't get Jitsi clients to talk to each other.

I even pulled the config and files from our previous server, spun everything up identical (same droplet FW rules as well) to our working setup and got the same result... black screen. So this tells me it's gotta be an OS thing. I thought maybe sound aloop? Nope. Our older server is running Ubuntu 21.10. Is this a known issue?

I'm not even seeing standout errors in the logs that I've seen in the past when I was troubleshooting. What am I missing?

[saghul]

Are you using the docker setup?

[Matt-CyberGuy]

OK.. busy day w/ work.

Yup, followed the guide here as I've done before: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/

I originally pulled down the latest stable release, but eventually walked everything down to the same version our older server is running to see if it would fix the issue.

Also, I tested this morning before work started and randomly it worked. But I soon discovered it would only work while my phone and laptop were on the same network. As soon as I disconnected from WiFi, the audio/video would no longer route.

[Matt-CyberGuy]

After studying the packets and logs in my firewall, it looks like both my firewall and the firewall at my office are blocking UDP 10000, which would explain why endpoints within the same network can connect to one another.

Hmmmm... anyone have any links/guides to changing the ports used by jitsi to be a little more firewall friendly?

We definitely ran into this issue with our old server and clients not being able to see/hear us on calls.

[saghul]

Depending on how the firewall is blocking things your only recourse might be to use a TURN server over TCP which is not great.

Do you know if all UDP is blocked or just certain ranges?

[Matt-CyberGuy]

I could see in my firewall logs udp 10000 was being blocked. How would I configure for UDP 443?

Also why is TURN over tcp not great?

Get Outlook for iOShttps://aka.ms/o0ukef

---

From: Saúl Ibarra Corretgé @.> Sent: Tuesday, August 30, 2022 8:48:25 PM To: jitsi/docker-jitsi-meet @.> Cc: Matthew Kent @.>; Author @.> Subject: Re: [jitsi/docker-jitsi-meet] Jitsi black screen on fresh install (Issue #1388)

Depending on how the firewall is blocking things your only recourse might be to use a TURN server over TCP which is not great.

Do you know if all UDP is blocked or just certain ranges?

— Reply to this email directly, view it on GitHubhttps://github.com/jitsi/docker-jitsi-meet/issues/1388#issuecomment-1232531407, or unsubscribehttps://github.com/notifications/unsubscribe-auth/APTU67XAAD5X77SCHEE5D4TV3353TANCNFSM6AAAAAAQAGK6JA. You are receiving this because you authored the thread.Message ID: @.***>

[Matt-CyberGuy]

Found it, going to try now

[saghul]

In general, media over TCP gives worse results due to things like congestion control. The real-time nature of it makes it a better fit for UDP.

[Matt-CyberGuy]

Makes sense....

Well, changing to UDP 443 worked... until I took my bypass rules off my firewall. Then all AV stopped between endpoints. Is this just a new server on the internet issue? Any ideas?

[saghul]

Sounds like a firewall issue still.

[Matt-CyberGuy]

Ya, I'm going to stand up an external turn server now to see if I can get around it. I can obviously fix this issue locally, but in production I wouldn't have any control over other people's firewalls

[Matt-CyberGuy]

Huh! So this is bizarre,

While trying to get this system running w/ an external turn server, I enabled the proxy'ing on cloudflare for the domain thinking the media streams would be handled externally by the turn server. While testing I got streaming on all of my devices, except for my phone in it's browser.

Just to check and see how the turn server was handling things I checked logs and didn't see any traffic, so I decided to shut it down to see if was actually doing anything, and AMAZINGLY, the turn server isn't handling any of the streaming.

From all of my previous attempts and research Jitsi shouldn't be able to function behind cloudflare's proxying.

Also, anyone know any reason why my phone's browser can't stream when on cell signal, but the app can?

[Matt-CyberGuy]

Yes, followed the quick setup guide specifically.

Get Outlook for iOShttps://aka.ms/o0ukef

---

From: Saúl Ibarra Corretgé @.> Sent: Monday, August 29, 2022 11:46:24 PM To: jitsi/docker-jitsi-meet @.> Cc: Matthew Kent @.>; Author @.> Subject: Re: [jitsi/docker-jitsi-meet] Jitsi black screen on fresh install (Issue #1388)

Are you using the docker setup?

— Reply to this email directly, view it on GitHubhttps://github.com/jitsi/docker-jitsi-meet/issues/1388#issuecomment-1231429680, or unsubscribehttps://github.com/notifications/unsubscribe-auth/APTU67WHKJI45WWPRLH6OSTV3XJ7BANCNFSM6AAAAAAQAGK6JA. You are receiving this because you authored the thread.Message ID: @.***>

[saghul]

Do you still have issues?

[Matt-CyberGuy]

Yes and no. If I expose the ip for our jitsi server directly, I get the black screen. No one can hear one another unless they're on the same network. I think I later figured out it was due to IPS/IDS.

For some reason, running Jitsi behind cloudflare seems to fix the issue. However, mobile devices seem to require the jitsi app to function.

If I trace traffic on firewalls, I can easily see traffic still going to port 8080 of the actual server IP, so I have no idea why using cloudflare makes a difference.

But at the end of the day, it's working and I'm happy in general I'm able to put the server behind cloudflare's services.

[larafj]

I'm facing the same issue, but it must be due to my machine (QNAP nas) because I was able to successfully install jitsi on a VPS running Ubuntu without any issues. After checking the docker logs, I get this:

jitsi/web:stable

21 17:09:48 [error] 284#284: *9 open() "/config/config.js" failed (13: Permission denied), client: 192.168.1.22, server: _, request: "GET /favicon.ico HTTP/1.1", subrequest: "/config.js", host: "my.domain.com:8000", referrer: "http://my.domain.com:8000/"

2024/11/21 16:56:37 [error] 284#284: *2 open() "/config/interface_config.js" failed (13: Permission denied), client: 192.168.1.22, server: _, request: "GET / HTTP/2.0", subrequest: "/interface_config.js", host: "my.domain.com:8000"

jitsi/prosody:stable

Prosody was unable to find the configuration file.
We looked for: /etc/prosody//config/prosody.cfg.lua

jitsi/jvb:stable

JVB 2024-11-21 17:22:10.103 WARNING: [25] [hostname=xmpp.meet.jitsi id=shard0] MucClient.setPresenceExtensions#467: Cannot set presence extension: not connected.

JVB 2024-11-21 17:22:10.431 WARNING: [24] [hostname=xmpp.meet.jitsi id=shard0] MucClient.lambda$getConnectAndLoginCallable$9#640: Error connecting:

org.jivesoftware.smack.SmackException$EndpointConnectionException: The following addresses failed: 'RFC 6120 A/AAAA Endpoint + [xmpp.meet.jitsi:5222] (xmpp.meet.jitsi/172.29.4.2:5222)' failed because: java.net.ConnectException: Connection refused

    at org.jivesoftware.smack.SmackException$EndpointConnectionException.from(SmackException.java:334)

jitsi/jicofo:stable

Jicofo 2024-11-21 17:23:54.359 SEVERE: [18] [xmpp_connection=client] XmppProvider.doConnect#182: Failed to connect/login: The following addresses failed: 'RFC 6120 A/AAAA Endpoint + [xmpp.meet.jitsi:5222] (xmpp.meet.jitsi/172.29.4.2:5222)' failed because: java.net.ConnectException: Connection refused

org.jivesoftware.smack.SmackException$EndpointConnectionException: The following addresses failed: 'RFC 6120 A/AAAA Endpoint + [xmpp.meet.jitsi:5222] (xmpp.meet.jitsi/172.29.4.2:5222)' failed because: java.net.ConnectException: Connection refused

    at org.jivesoftware.smack.SmackException$EndpointConnectionException.from(SmackException.java:334)

If I check the source code of the black screen, it says: "JavaScript is disabled. For this site to work you have to enable JavaScript." But JS is not disabled on my web browser.

Any ideas? What could it be? Thanks!

[saghul]

Looks like the config volume has the wrong permissions.

[larafj]

Is that possible even if I copied the docker from the Ubuntu machine and then pasted it to the Qnap NAS? $ sudo tar -zvcf jitsi.tar.gz jitsi $ sudo tar --same-owner -xzf jitsi.tar.gz

[saghul]

Yes because the user IDs are likely different on both.

[larafj]

For a non-root user, they are different: uid=1000(usuario) gid=100(everyone) groups=0(administrators),100(everyone) uid=1000(usuario) gid=1000(usuario) groups=1000(usuario),27(sudo),998(docker)

But for a root user, they are very similiar if not identical: uid=0(admin) gid=0(administrators) groups=0(administrators),100(everyone) uid=0(root) gid=0(root) groups=0(root)

[larafj]

Well, it works if I use docker volumes instead of bind mounts. Not sure if this is inadvisable for any reason.

[saghul]

That should be fine!

[larafj]

Ok, thanks! It is working, although I get this warning, but as I said, it works.

WARN[0000] mount of typevolumeshould not definebindoption

[larafj]

I removed the "Z" flag from the volumes and no more warnings. It's working smoothly now.

[saghul]

Good to hear! TBH I don't remember what the Z flag does :-)

[larafj]

Apparently it only applies to bind mounts and it makes the content of the volume private. For Docker volumes, you must explicitly indicate whether you want to share them.