Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

PUBLIC_URL doesn't accept external port 443

See original GitHub issue

So it looks like colibri-ws can’t be reached when using an external nginx proxy.

[Error] WebSocket connection to 'wss://meet.blah.de/colibri-ws/172.28.0.4/5ee3129342726f27/76aae33e?pwd=4fasf5f7ksfas2dv4ksasfsf9' failed: Unexpected response code: 405

Given the issue #850 I updated my external nginx proxy with this setting:

location = /xmpp-websocket {
	proxy_pass http://0.0.0.0:38000/xmpp-websocket;
	proxy_http_version 1.1;
	proxy_set_header Connection "upgrade";
	proxy_set_header Upgrade $http_upgrade;
	tcp_nodelay on;
}

I tried to do something similar for colibri but it doesn’t seem to work:

location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
	proxy_pass http://0.0.0.0:38000/colibri-ws/$1/$2$is_args$args;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	tcp_nodelay on;
}

A thing I noticed is that I tried adding a port to the PUBLIC_URL as suggested in the new env file but adding the correct :443 port results in the xmpp-websocket failing in the web app.

Without a port in the PUBLIC_URL the xmpp-websocket works and the meetings work as well but I get constant errors like this as well as bad video quality.

Issue Analytics

State:
Created 3 years ago
Comments:13 (4 by maintainers)

Top GitHub Comments

2reactions

polyboscommented, May 5, 2021

hi i have same problem and would you share your nginx config?

I have similar setup - working fine for me (but just small load on jitsi until now):

my nginx reverse-proxy part for the complete jitsi service:

    location / {
      proxy_pass http://127.0.0.1:8000/;
      proxy_read_timeout 600s;
    }

    location /http-bind {
      proxy_pass http://127.0.0.1:8000/http-bind;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header Host $http_host;
    }

    location /xmpp-websocket {
      proxy_pass http://127.0.0.1:8000/xmpp-websocket;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $host;
      tcp_nodelay on;
    }
    
    location /colibri-ws/ {
      proxy_pass http://127.0.0.1:8000/colibri-ws/;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $host;
      tcp_nodelay on;
    }

But I needed some more changes to get the colibri WebSocket (triggered inside docker-compose via ENABLE_XMPP_WEBSOCKET ?) working:

inside the docker-compose.yml Adding - JICOFO_COMPONENT_SECRET inside the jicofo part
inside .env Adding JICOFO_COMPONENT_SECRET with a new generated secret key (e.g. openssl rand -hex 16 as it does gen-passwords.sh)

All my jitsi images inside the docker-compose pinned to stable-5765-1 (e.g. image: jitsi/web:stable-5765-1), running on debian-10 without “WebSocket connection to ‘wss:…’” errors.

0reactions

skoglercommented, May 18, 2021

@polybos Thanks a lot, your config works perfectly, I was stuck for way too long on this! Probably should be added to the documentation in the section “Running behind a reverse proxy”