TURN Server will not work - docker volume for config.js

[RedJohn14]

Hello,

I have configure TURN Server. But P2p calls not go through my TURN Server. I have a call with 2 participants but traffic goes over the JVB Bridge Port 10000. I would like to configure that all P2P calls go to my TURN Server no P2P!

My config.js is like this here:

     useStunTurn: true,
    // Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
    //

    p2p: {
        enabled: true,
        useStunTurn: true,
        stunServers: [

                { urls: 'stun:my.turn.com:443' },
        ]

In my docker-compose.yml I must configure a volume like this to set this settings persistent, because at every container reboot default config.js will overwrite my changes. There are no ENV settings for STUN and useStunTurn: true Volume for my jitsi web container - ${CONFIG}/web/default-config/config.js:/defaults/config.js:Z

I configure also the jitsi-meet.cfg.lua like this:

turncredentials_secret = "mysecret";
turncredentials = {
        { type = "stun", host = "my.turn.com:", port = "443" },
        { type = "turns", host = "my.turn.com:", port = "443", transport = "udp" },
        { type = "turns", host = "my.turn.com:", port = "443", transport = "tcp" }
}

Any ideas what my mistake is?

[rsoika]

I also wonder if there is a way to set the p2p: enabled flag for the jitsi web container per environment variable?

[sapkra]

@rsoika You can set ENABLE_P2P=false or ENABLE_P2P=0. The default value is true.

You can find all env vars over here: https://github.com/jitsi/docker-jitsi-meet/blob/master/web/rootfs/defaults/settings-config.js

[RedJohn14]

@rsoika You can set ENABLE_P2P=false or ENABLE_P2P=0. The default value is true.

You can find all env vars over here: https://github.com/jitsi/docker-jitsi-meet/blob/master/web/rootfs/defaults/settings-config.js

What is if i disable P2P? Will all calls with 2 persons go through my TURN Server? Of will they connect to JVB on 10000? Or make 2 persons always make P2P without TURN ?

[sapkra]

If P2P is disabled, all calls will go through the videobridge.

[RedJohn14]

If P2P is disabled, all calls will go through the videobridge.

Okay, and if I have TURN enabled also for JVB Video the Traffic should go throw TURN Server?

[saghul]

@RedJohn14 What are you trying to accomplish? We generally use TURN to increase the P2P success ratio. The videobridge does many things that are not necessary on a P2P call, so using a TURN server should pretty much guarantee the JVB won't be used in that scenario.

[RedJohn14]

@RedJohn14 What are you trying to accomplish? We generally use TURN to increase the P2P success ratio. The videobridge does many things that are not necessary on a P2P call, so using a TURN server should pretty much guarantee the JVB won't be used in that scenario.

I want to use TURN Server for all P2P calls. Maybe I can close Port 10000? Because my TURN Server is online on Port 443.

[saghul]

I want to use TURN Server for all P2P calls.

You may need to set the iceTransportPolicy setting in the p2p section to relay. Do you see connection attempts on your TURN server?

[RedJohn14]

I want to use TURN Server for all P2P calls.

You may need to set the iceTransportPolicy setting in the p2p section to relay. Do you see connection attempts on your TURN server?

Yes I see some connections on my TURN Sever and if I block Port 10000 on one client side, this client use my TURN Server without any problems. Maybe it is possible to send all clients to the TURN Server and disable or block Port 10000 on the Server. So I have a Jitsi Server which only need Port 443/UDP oder 443/TCP, this Jitsi Server will work in every network because Port 443 is only necessary.

[RedJohn14]

I want to use TURN Server for all P2P calls.

You may need to set the iceTransportPolicy setting in the p2p section to relay. Do you see connection attempts on your TURN server?

Yes I see some connections on my TURN Sever and if I block Port 10000 on one client side, this client use my TURN Server without any problems. Maybe it is possible to send all clients to the TURN Server and disable or block Port 10000 on the Server. So I have a Jitsi Server which only need Port 443/UDP oder 443/TCP, this Jitsi Server will work in every network because Port 443 is only necessary.

Is iceTransportPolicy .env variable or must I use the trick with mounted config.js from outside?

[saghul]

There is no env variable for that yet. You can edit the file directly on your CONFIG volume.

[RedJohn14]

There is no env variable for that yet. You can edit the file directly on your CONFIG volume.

Okay I will try it. But this will mean everything is send over my TURN Server right? P2P can be active?

[saghul]

That only affects TURN usage for P2P connections, JVB connections will go directly to the JVB still.

[RedJohn14]

That only affects TURN usage for P2P connections, JVB connections will go directly to the JVB still.

Okay let me composed.

iceTransportPolicy: all means System will try P2P Connection. If no P2P possible it will use TURN, right?

iceTransportPolicy: relay means system will direct use TURN right?

JVB still needs Port 10000 open right?

[saghul]

iceTransportPolicy: all means we'll try all ICE candidates when establishing the P2P call (note this option goes inside the p2p config block).

iceTransportPolicy: relay means only TURN servers will be used as ICE candidates for the P2P connection. I don't understand why you'd want this, unless you are in some hostile networking environment which requires it.

The JVB connection is a separate one. If there are 2 participants we'll try to establish the P2P connection and fall back to the JVB one if the former fails. When a 3rd participant joins all participants seamlessly move to the JVB connection. Thus you do need port 10000 open.

[RedJohn14]

iceTransportPolicy: all means we'll try all ICE candidates when establishing the P2P call (note this option goes inside the p2p config block).

iceTransportPolicy: relay means only TURN servers will be used as ICE candidates for the P2P connection. I don't understand why you'd want this, unless you are in some hostile networking environment which requires it.

The JVB connection is a separate one. If there are 2 participants we'll try to establish the P2P connection and fall back to the JVB one if the former fails. When a 3rd participant joins all participants seamlessly move to the JVB connection. Thus you do need port 10000 open.

Okay now I understand it, thank you for explanation. I will keep my configuration:

     useStunTurn: true,
    // Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
    //

    p2p: {
        enabled: true,
        useStunTurn: true,
        stunServers: [

                { urls: 'stun:my.turn.com:443' },
        ]

With this configuration 2 clients will try to get P2P, if P2P is not possible TURN Server will be used. With more than 2 clients port 10000 will be used, if a client can't reach 10000 TURN Server will be used.

Thanks!

[RedJohn14]

iceTransportPolicy: all means we'll try all ICE candidates when establishing the P2P call (note this option goes inside the p2p config block).

iceTransportPolicy: relay means only TURN servers will be used as ICE candidates for the P2P connection. I don't understand why you'd want this, unless you are in some hostile networking environment which requires it.

The JVB connection is a separate one. If there are 2 participants we'll try to establish the P2P connection and fall back to the JVB one if the former fails. When a 3rd participant joins all participants seamlessly move to the JVB connection. Thus you do need port 10000 open.

I have tested iceTransportPolicy: relay after restart all containers the Jitsi Webpage will only show a gray screen, the same with iceTransportPolicy: all. After I commented out the line back to original everything is working fine. My config looks like this:

....
     useStunTurn: true,
    // Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
    //

    p2p: {
        enabled: true,
        useStunTurn: true,
        stunServers: [

                { urls: 'stun:my.turn.com:443' },
        ]
        iceTransportPolicy: 'relay',
....

Any ideas why Jitsi only show some gray screen? All containers up and running.

[saghul]

You have a syntax error. A comma is missing after the closing ] in the stun servers list.