Port 4443 is not reachable from outside.

[tio-trom]

Describe the bug

I just installed Jitsi with the latest changes you made. The install went through but I see this error "Port 4443 is not reachable from outside."

Context

• Hardware: VPS bought online
• YunoHost version: 4.3.6.2 (stable).
• I have access to my server: Through SSH | through the webadmin | direct access via keyboard / screen | ...
• Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: no

I am sent to this https://yunohost.org/en/isp_box_config?q=%2Fisp_box_config but I do not self host. So what would be the solution?

I opened the port via the firewall and rebooted the server but still no luck. The Jitsi itself works, even connecting to a meeting I have created. I do not see the video from the other person but the rest works.

I know you guys did a lot of changes recently and maybe this is why, but I am willing to test if that helps.

Cheers!

[yalh76]

If you are behind a router or a firewall you also need to redirect external port 4443 to you server, as you made for port http 80 and port https 443

[AkselRocks]

Same issue here.

As I do not self-hosting at home/behind a home router, I do not see the need/possibility to change firewall settings.

The only difference I see to the other ports open on the yunohost server is, that UPnP is not enabled for port 4443 and 10000. Is this a hint?

[AkselRocks]

And @yalh76 thank you for the huge work you did with jitsi_ynh! <3 👍

[yalh76]

Same issue here.

As I do not self-hosting at home/behind a home router, I do not see the need/possibility to change firewall settings.

The only difference I see to the other ports open on the yunohost server is, that UPnP is not enabled for port 4443 and 10000. Is this a hint?

Maybe ports TCP/4443 and UDP/10000 need to be open at provider level (for example, if you host your server in an OVH vps, you need to allow those ports in the OVH interface)

[AkselRocks]

@yalh76 I searched at my provider for the option to change the open ports, but can not find any. And I do not remember ever seen this option.

Plus I have another VPS at the same provider and there I can open ports via ufw and I do not have to change anything at provider level.

My provider is netcup. What is your provider @tio-trom ? Is it maybe a provider issue?

[AkselRocks]

I have a "origin" jitsi installation running on another server and there are 2 more ports (3478 and 5349) open. I did a standard installation with no custom config, I think.

Plus the jitsi meet handbook also says to open 2 more ports -> https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart

Does this help?

[yalh76]

the two ports are needed if coturn is enabled, that's not the case actually

[tio-trom]

So I can't simply open the ports via YNH admin? I use a Contabo VPS.

[AkselRocks]

The ports are open in yunohost firewall, but yunohost diagnose reports 2 problems, that port 4443 and 10000 is not reachable from outside (plus: metronome not working)

7: 
        details: 
          - Exposing this port is needed for [?] features (service jitsi-videobridge)
          - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config
        status: ERROR
        summary: Port 4443 is not reachable from outside.
      8: 
        details: Exposing this port is needed for xmpp features (service metronome)
        status: SUCCESS
        summary: Port 5222 is reachable from outside.
      9: 
        details: Exposing this port is needed for xmpp features (service metronome)
        status: SUCCESS
        summary: Port 5269 is reachable from outside.
      10: 
        details: 
          - Exposing this port is needed for [?] features (service jitsi-videobridge)
          - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config
        status: ERROR
        summary: Port 10000 is not reachable from outside.

      5: 
        details: You can try to restart the service, and if it doesn't work, have a look at the service logs in the webadmin (from the command line, you can do this with 'yunohost service restart metronome' and 'yunohost service log metronome').
        status: ERROR
        summary: Service metronome is dead :(

[AkselRocks]

Just saw this: Ports 5222 and 5369 are reachable from outside and are needed from metronome, but metronome is disabled?!
This sounds unlogic.

[yalh76]

Just saw this: Ports 5222 and 5369 are reachable from outside and are needed from metronome, but metronome is disabled?!

This sounds unlogic.

Métronome is disable during jitsi installation because of prosody not compatible with metronome

[AkselRocks]

I do not know what I can do more to support jitsi_ynh working for me.

If somebody know how to support/provide more information, tell me.

[yalh76]

The ports are open in yunohost firewall, but yunohost diagnose reports 2 problems, that port 4443 and 10000 is not reachable from outside (plus: metronome not working)

I have to check that, both ports should be reachable from internet.

[yalh76]

I do not know what I can do more to support jitsi_ynh working for me.

If somebody know how to support/provide more information, tell me.

Maybe, we should let other people install jitsi, to see if it's a packaging issue or specific to your server...

[tio-trom]

I can confirm the port 4443 is open in the yunohost firewall config. And yet I get a diagnosis error saying it is not. How can we check if it truly is open?

[tio-trom]

As an update perhaps because of this port issue the video/audio do not go through:

Port 4443 is not reachable from outside.

    Exposing this port is needed for [?] features (service jitsi-videobridge)

So you can't see or hear anyone. The port is open from ynh firewall and yet the above error is shown in the diagnosis.

[AlexioTROM]

From my tests there are the 4443 and 10000 ports that do not work on multiple YunoHost instances hosted on different Contabo servers from various regions (Europe, US, Singapore): https://call.alexio.ynh.fr , https://call.us.alexio.tf , https://call.sg.alexio.tf .

[yalh76]

From my tests there are the 4443 and 10000 ports that do not work on multiple YunoHost instances hosted on different Contabo servers from various regions (Europe, US, Singapore): https://call.alexio.ynh.fr , https://call.us.alexio.tf , https://call.sg.alexio.tf .

OK, but did jitsi meet works for 2 or more participants ?

[AlexioTROM]

Yes, I was able to connect to https://call.alexio.ynh.fr/SundayTest with 4 devices using different identities. You can visit the link to see how it works :)

[yalh76]

Yes, I was able to connect to https://call.alexio.ynh.fr/SundayTest with 4 devices using different identities. You can visit the link to see how it works :)

Just joined from two differents computers from the same place. Video and audio are working... Audio is very bad.

[yalh76]

Test from my own jitsi instance, audio and video are working well.

It seems that the hardware from the user side is quite important to have a good quality

[tio-trom]

So this has nothing to do with the ports then? I wonder why doesn't work for me to connect with others. The hardware works perfectly fine on all machines I tested. Maybe it has to do with something else?

[tio-trom]

Ok so it works with a Chrome browser but not Firefox....interesting. We can then ignore this and focus on the ports issue.

EDIT: It seems to be a Firefox bug https://bugzilla.mozilla.org/show_bug.cgi?id=1754027 + jitsi/jitsi-meet#10826

[yalh76]

After some tests, jitsi-videobridge starts to listen on port 4443 and 10000 only after a first meeting with two participants is launched

[yalh76]

@tio-trom is your jitsi_ynh working ?

[tio-trom]

It seems to be working with chromium-based browsers, tho I have not checked it with many devices. I will tonight and let you know.

[tio-trom]

I need to test it more and better...I could not make it work with 2 phones + my laptop, all using Chromium-based browsers. Only made it work on my computer with the Jitsi Meet app + the Ungoogled Chromium browser...

I do not know if this is a Jitsi Meet issue or not. I will have to try with their official install.

[tio-trom]

Ok so https://meet.jit.si works perfectly fine with any browser it seems. This must be a YNH packaging issue.

[yalh76]

Do you tryed to upgrade to 1.0.4466~ynh2 ?

[tio-trom]

Yes I've done that already

[tio-trom]

After the latest update 1.0.5913~ynh1 the port 4443 is open after you start jitsi for the first time. And that seems to fix all issues. We need to test more but so far seems to work so I'll close this issue.

[rosbeef]

i'm in 1.0.5913~ynh1 the port 4443 is open after someone join the call

My server is in a DMZ
I tried with FF and Chromium

nmap -p U:4443,10000,T:4443,10000 XXXXXXXXXXXXX.tld
Starting Nmap 7.80 ( https://nmap.org ) at 2022-04-04 17:21 -04
Nmap scan report for XXXXXXXXXXXXX (XXXXXXXXXXXXX)
Host is up (0.31s latency).
Other addresses for conf.3cmr.fr (not scanned): XXXXXXXXXXXXX
rDNS record for XXXXXXXXXXXXXX

PORT      STATE    SERVICE
4443/tcp  open     pharos

PORT      STATE         SERVICE
10000/udp open|filtered ndmp

We are 2 in the room, each one with own video and audio working, but no one see and ear the other.

[rosbeef]

I saw un description that jitsi disable metronome but i saw that metronome is enabled un younohost services panel.
Should it be a problem?

[yalh76]

I saw un description that jitsi disable metronome but i saw that metronome is enabled un younohost services panel. Should it be a problem?

Metronome service should be stopped and disabled, Prosody should be enabled and started

[tio-trom]

After the latest ynh jitsi update my Metronome service is running. And jitsi works great. So idk...

[rosbeef]

Seems that propsody Start first a take the ports as metronome start but can not open ports:
https://paste.yunohost.org/cepazurepe

But propsody seems to have a problem with certificates
https://paste.yunohost.org/iyaluguhah

[rosbeef]

i did a jitsi fresh install :
I don't know if its related, i have synapse/matrix installed and working.

jitsi videobridge :
https://paste.yunohost.org/igujuloxoz

jitsi jicofo :
Jicofo 2022-04-06 21:58:42.681 SEVERE: [185] [room=3cmr@conference.conf.3cmr.fr meeting_id=20a28a74-0b21-4c47-864f-c9aec580d2e1] ColibriV1SessionManager.allocateChannels#222: Bridge[jid=jvbbrewery@internal.auth.conf.3cmr.fr/bb655f0b-5e62-4780-accb-ef985b231c29, relayId=null, region=null, stress=0.02] - **failed to allocate channels, will consider the bridge faulty: Creator thread has failed to allocate channels: Timed out waiting for a response for DBFBY-412**
https://paste.yunohost.org/filucudibu

metronome stopped :
stopped
https://paste.yunohost.org/atuxicijak

propsody :
Apr 06 21:30:37 prosody[17555]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281 Apr 06 21:30:37 prosody[17555]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
https://paste.yunohost.org/ifuxeyuvap

[rosbeef]

Ok dont know why 4443 is reachable but not 10000
Problem to see video and sound from peer connected user

[tio-trom]

@rosbeef have you tried restarting your server? Also add 3 peers and test. For me adding 2-3 users it makes the port 4443 open...

[rosbeef]

:/ i'm away from the server now, in 2 month I will do that. ;)

But I found that to analyse. It seems to be the same problems,https://community.jitsi.org/t/error-on-prosody-without-any-reasons-no-key-present-in-ssl-tls-configuration-for-https-port-5281/17124/24?page=2

[rosbeef]

4443 is now reachable from ouside
10000 not
this case should be closed i will open other.