Upgrading to jitsi-videobridge2_2.2-9 breaks OCTO contig
holzi1005 opened this issue · 2 comments
Description:
I tried to update the videobridge to jitsi-videobridge2_2.2-9-g8cded16e-1_all.deb.
The normal conference works, but with octo enabled and the testing strategy SplitBridgeSelectionStrategy, the participants cannot see the videos or hear audio. They only see that they are in the same conference.
When downgrading to jitsi-videobridge2_2.1-681-g3544ed05-1_all.deb octo works as before and all participants distributed over all bridges.
Steps to reproduce:
apt install jitsi-videobrige2
apt upgrade
Expected behavior:
After updating, the octo should still work as before.
Server information:
Operating System: Debian 11
Jitsi Server
jitsi-meet-web 1.0.6239-1
prosody 0.11.9-2+deb11u2
jicofo 1.0-899-1
coturn 4.5.2-3
nginx 1.18.0-6.1
Videobridge
First 2.1-681 after update 2.2-9
The logs from all servers do not provide any helpful information.
ONLY: netstat -ntplu | grep 4096 shows that there is no octo activ.
Additional information:
jicofo config:
# selection-strategy = IntraRegionBridgeSelectionStrategy
selection-strategy = SplitBridgeSelectionStrategy
}
octo {
enabled = true
id = 42
}
nginx config:
# colibri (JVB) websockets for jitsi-videobridge2
location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
resolver 127.0.0.53:53;
proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on;
}
location ~ ^/colibri-relay-ws/([a-zA-Z0-9-\.]+)/(.*) {
resolver 127.0.0.53:53;
proxy_pass http://$1:9090/colibri-relay-ws/$1/$2$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on;
}
videobridge config:
octo {
enabled = true
bind-address = "10.xx.xx.xx"
bind-port = "4096"
region = "europe"
}
With secure-octo (octo v2), octo traffic is no longer on port 4096, but rather goes over a normal DTLS/SRTP connection between port 10000 on one bridge and a transient port on the other. If you're not allowing outgoing UDP traffic on transient ports from the bridge, this will fail.
If this is working properly, at the time the Octo connection is established, you should see log messages like
JVB 2022-07-12 18:10:45.234 INFO: [67146] [confId=e7ecaa559c5b0fb5 conf_name=xxxxx@conference.meet.jit.si relayId=meet-jit-si-eu-frankfurt-1-remote-3108-jvb-40-85-41] Relay$setupIceTransport$2.connected#298: ICE connected
I.e. with "relayId" specified in the JitsiLogFormatter context, and the message coming from Relay$setupIceTransport$2.connected.
Hi @JonathanLennox,
thank you for the explanation.
After opening the Firewall for external communication, the Secure Octo works great.