You have 30 minutes to complete this form before the CAPTCHA will expire.

Security image * Required field
This is a reported post for a post in the topic <input class="cms_keep_ui_controlled" size="45" title="[post param=&quot;Jitsi and a turnserver&quot;]958[/post]" type="button" value="post Comcode tag (dbl-click to edit/delete)" />, by jacobgkau<br /><br /><comcode-quote param="2">I don&#039;t know what Google AI Studio or any other AI chatbot would say about the situation. My experience with state-of-the-art AI chatbots so far has been that they often make things up, especially for technical topics (even when repeatedly told they got something wrong and specifically instructed not to make guesses).<br />Why do you think your setup is &quot;more secure?&quot;<br />You are correct that a domain name is required for a Let&#039;s Encrypt TLS certificate to be issued. I&#039;m not saying the TURN server shouldn&#039;t have a domain name. I&#039;m saying its domain name should point to its IP address.<br />Based on only the information you&#039;ve provided (you didn&#039;t include your `upstream turn_backend` block or of course the rest of your setup), I understand your theory and agree that traffic to turn-jitsi-meet.example.com on port 443 directed at the machine you have that config on should be redirected to wherever you&#039;ve specified that backend to be. If you&#039;d like to troubleshoot whether that&#039;s happening, then I guess I&#039;d suggest setting up packet captures on both servers using tcpdump to see exactly what traffic&#039;s coming in, out, and on which ports when you attempt to use Jitsi. But I would highly recommend starting by simply following the documentation and pointing the TURN domain to the TURN IP address.<br />You don&#039;t want the video traffic to have to bounce from the end user&#039;s machine to your videobridge to the TURN server to the other user if it&#039;s not necessary. The entire point of this setup is to have the traffic go from the end user to the TURN server and then to the other user. If nothing else, fewer hops will mean lower latency.<br />And to that end, as long as you have port 443 set up on your TURN server (as the docs show how to do), the end user will have no problem sending traffic directly to the TURN server on port 443, because it&#039;s port 443.<br />Reading the documentation page again, it does appear to be talking about running the TURN server software on the same server as Jitsi (what you&#039;re calling the &quot;videobridge server&quot;). That is why it says the TURN domain points to &quot;the same machine&quot;&ndash; because it assumes the TURN server <i>is</i> the same machine. If your TURN server is separate, then point the TURN domain to the TURN IP address.<br />Separately from the TURN server questions, did you try simply disabling peer-to-peer mode in Jitsi altogether? That would send all traffic through the Jitsi server (JTB/video bridge), rather than attempting to go directly from one peer to the other (or through a TURN server). There&#039;s info about that here: <a class="user_link" href="https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration/#p2p" rel="nofollow noopener external" target="_blank" title="https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration/#p2p (this link will open in a new window)">https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration/#p2p</a> That&#039;s one of the same config blocks referenced on the TURN server doc page. For getting TURN working, I&#039;d also consider ensuring you&#039;ve specified :443 at the end of your stunServers URL (as shown in the P2P config doc section, but not on the TURN doc page), and I&#039;d also consider changing the iceTransportPolicy from &quot;all&quot; to &quot;relay&quot; to see if that helps.<br /></comcode-quote><br />//// PUT YOUR REPORT BELOW \\\\<br /><br /> Add: Add: Font Size Color [Font] Arial Courier Georgia Impact Times Trebuchet Verdana Tahoma Geneva Helvetica [Size] 0.8 1 1.5 2 2.5 3 4 [Color] Black Blue Gray Green Orange Purple Red White Yellow This is a reported post for a post in the topic [post param="Jitsi and a turnserver"]958[/post], by jacobgkau [quote="2"] I don't know what Google AI Studio or any other AI chatbot would say about the situation. My experience with state-of-the-art AI chatbots so far has been that they often make things up, especially for technical topics (even when repeatedly told they got something wrong and specifically instructed not to make guesses). Why do you think your setup is "more secure?" You are correct that a domain name is required for a Let's Encrypt TLS certificate to be issued. I'm not saying the TURN server shouldn't have a domain name. I'm saying its domain name should point to its IP address. Based on only the information you've provided (you didn't include your `upstream turn_backend` block or of course the rest of your setup), I understand your theory and agree that traffic to turn-jitsi-meet.example.com on port 443 directed at the machine you have that config on should be redirected to wherever you've specified that backend to be. If you'd like to troubleshoot whether that's happening, then I guess I'd suggest setting up packet captures on both servers using tcpdump to see exactly what traffic's coming in, out, and on which ports when you attempt to use Jitsi. But I would highly recommend starting by simply following the documentation and pointing the TURN domain to the TURN IP address. You don't want the video traffic to have to bounce from the end user's machine to your videobridge to the TURN server to the other user if it's not necessary. The entire point of this setup is to have the traffic go from the end user to the TURN server and then to the other user. If nothing else, fewer hops will mean lower latency. And to that end, as long as you have port 443 set up on your TURN server (as the docs show how to do), the end user will have no problem sending traffic directly to the TURN server on port 443, because it's port 443. Reading the documentation page again, it does appear to be talking about running the TURN server software on the same server as Jitsi (what you're calling the "videobridge server"). That is why it says the TURN domain points to "the same machine"-- because it assumes the TURN server [i]is[/i] the same machine. If your TURN server is separate, then point the TURN domain to the TURN IP address. Separately from the TURN server questions, did you try simply disabling peer-to-peer mode in Jitsi altogether? That would send all traffic through the Jitsi server (JTB/video bridge), rather than attempting to go directly from one peer to the other (or through a TURN server). There's info about that here: [url="https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration/#p2p"]https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration/#p2p[/url] That's one of the same config blocks referenced on the TURN server doc page. For getting TURN working, I'd also consider ensuring you've specified :443 at the end of your stunServers URL (as shown in the P2P config doc section, but not on the TURN doc page), and I'd also consider changing the iceTransportPolicy from "all" to "relay" to see if that helps. [/quote] //// PUT YOUR REPORT BELOW \\\\ View all Use of this website implies that you agree to the website rules and privacy policy.