Jitsi Meet behind HAProxy

michaelschefczyk

Dear All,

My aim is to run a current jitsi meet server on Debian 12 behind HAProxy with SSL offloading on pfsense CE 2.8.0.

Jitsi versions are: dpkg -l | grep jitsi
ii jitsi-meet 2.0.10314-1 all WebRTC JavaScript video conferences
ii jitsi-meet-prosody 1.0.8648-1 all Prosody configuration for Jitsi Meet
ii jitsi-meet-turnserver 1.0.8648-1 all Configures coturn to be used with Jitsi Meet
ii jitsi-meet-web 1.0.8648-1 all WebRTC JavaScript video conferences
ii jitsi-meet-web-config 1.0.8648-1 all Configuration for web serving of Jitsi Meet
ii jitsi-videobridge2 2.3-236-g95ef6210-1 all WebRTC compatible Selective Forwarding Unit (SFU)
ii lua-basexx 0.4.1-jitsi1 all baseXX encoding/decoding library for Lua
ii lua-cjson:amd64 2.1.0.10-jitsi1 amd64 JSON parser/encoder for Lua

I did successfully run older versions (no websocket) for a long time. I did read this:
https://www.claudiokuenzler.com/blog/1405/how-to-run-jitsi-video-conference-server-behind-nat-reverse-proxy

However, in my setup, participates can chat, but no video and audio is connected.

My try to get websocket is to put the following in the HAProxy backend:

backend meet_ipvANY
mode http
id 101
log global
# use mailers
# level emerg
email-alert mailers globalmailers
email-alert level emerg
email-alert from no-reply@...
email-alert to ...
email-alert myhostname ...
http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)$" "\1; secure" if { ssl_fc }
errorfile 503 /var/etc/haproxy/errorfile_meet_ipvANY_503_ExampleErrorfile
balance roundrobin
timeout connect 86400000
timeout server 30000
retries 3
load-server-state-from-file global
acl hdr_connection_upgrade hdr(Connection) -i upgrade
acl hdr_upgrade_websocket hdr(Upgrade) -i websocket
acl hdr_websocket_key hdr_cnt(Sec-WebSocket-Key) eq 1
acl hdr_websocket_version hdr_cnt(Sec-WebSocket-Version) eq 1
server meet 192.168.1.49:443 id 112 ssl check inter 1000 weight 1 verify none

This does end up without video and audio.

Does someone know how to set this right?

Thanks & regards,

Michael