Dear list, this problem kept me busy for quite a while. By reading the list, posting some messages, getting a lot of replies (many thanks for that) i put some configuration changes together and tested them. In short, this mail is a summary of all those messages on the list.
I had the problem, that my openmeetings clients lost the connection to my media server quite often, whenever I was working at my office in my company. Sitting at home I didn't have this problem. The IT-department didn't want to help with opening up some ports thus another solution had to be found. ------------------------------------------------ I really need to emphasize, that I can't say changing this option will do this or that, at least for the nonobvious options. Someone with a better understanding should have a look at all the changes i gathered from the list to make shure things are correct. Thus this is at your own risk, due to my limited knowledge. ------------------------------------------------ my setup: openmeetings server Ubuntu 17.04 LTS Virtual Machine hosted by a professional IT Company, publicy reachable Name Test,OpenMeetings Version 5.0.1-SNAPSHOT Revision 48b6d08 Build date 2020-09-09T16:34:33Z new builds are downloadable from https://ci-builds.apache.org/job/OpenMeetings <https://ci-builds.apache.org/job/OpenMeetings/job/openmeetings/> two clients at my companys workplace client 01: gentoo linux, chrome client 02 windows 7 (sorry for that), chrome ---------------------------------------------------------- CHANGES (note: you may have adopt the path) 1) /opt/open505/conf/server.xml From: <Connector port="5080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="5443" /> To: <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /> From: <Connector port="5443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> To: <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> 2) /etc/systemd/system/openmeetings.service REMARK: I do use the openmeetings.service script which is located in /opt/open505. Copy it over to /etc/systemd/system, make shure to modify the path variables, do a systemctl daemon-reload to make it available and you can start and stop your new systemd script with systemctl start/stop openmeetings From: [Service] Type=forking To: [Service] Type=forking AmbientCapabilities=CAP_NET_BIND_SERVICE From: Environment=CATALINA_PID=/var/run/openmeetings.pid To: Environment=CATALINA_PID=/var/run/openmeetings/openmeetings.pid Extra steps: mkdir /var/run/openmeetings/ chown nobody /var/run/openmeetings (nobody should be replaced by the process owner, if you follow the instructions from Alvaro it is nobody) since a *.service-file was changed issue sudo systemctl daemon-reload 3) create /opt/open505/bin/setenv.sh if it does not exist content of setenv.sh ......................... #!/bin/sh CATALINA_PID="/var/run/openmeetings/openmeetings.pid" ........................ (don't know about the #!/bin/sh line. I didn't need to make the *.sh file executable, thus i guess it is not necessary. the env-variable was set without it, strange.) TIP: tail -f /var/log/syslog to see if pid file is created after restart Maybe this step isn't not needed at all. Don't know. 4) /opt/open505/webapps/openmeetings/WEB-INF/classes/applicationContext.xml From: p:turnUrl="MYEXTERNALIP:3478" To: p:turnUrl="MYEXTERNALIP:3478?transport=tcp" This was important: Changing the ports from 5080 redirected to 5443 to 80 redirected to 443 wasn't enough. Coturn does not send any udp packages anymore. Just guessing here) BTW: Don't forget to make same changes in the CONFIGURATION options of the openmeetings web front end. I guess, there are quite a few entries with a :5443 port in the webaddresses. 5) changes to ufw firewall sudo ufw status gives .... Zu Aktion Von -- ------ --- 22/tcp ALLOW Anywhere 1895 ALLOW Anywhere 3478/udp ALLOW Anywhere 3478/tcp ALLOW Anywhere 8888/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 49152:65535/udp ALLOW Anywhere 49152:65535/tcp ALLOW Anywhere 5443 ALLOW Anywhere 5349 ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 1895 (v6) ALLOW Anywhere (v6) 3478/udp (v6) ALLOW Anywhere (v6) 3478/tcp (v6) ALLOW Anywhere (v6) 8888/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 49152:65535/udp (v6) ALLOW Anywhere (v6) 49152:65535/tcp (v6) ALLOW Anywhere (v6) 5443 (v6) ALLOW Anywhere (v6) 5349 (v6) ALLOW Anywhere (v6) 49152:65535/udp ALLOW OUT Anywhere 49152:65535/tcp ALLOW OUT Anywhere 49152:65535/udp (v6) ALLOW OUT Anywhere (v6) 49152:65535/tcp (v6) ALLOW OUT Anywhere (v6) I guess you can delete the rules with port 5443 now. Still needs to be done. 5) Restart everything: systemctl stop openmeetings systemctl stop kurento-media-server systemctl stop coturn systemctl stop mysql systemctl start mysql systemctl start coturn systemctl start kurento-media-server systemctl start openmeetings My two clients are connected to my openmeetings server for about an hour now, not a single connection loss..... Final remark and question: Since my openmeetings app is listing on a redirected (443) port 80 I guess I will have some problems with passing the letsencrypt renew automatism, am I right ? @dennis sorry for being so late with this summary, but finally it is there ... Many thanks to all of you, this software is awsome and your help is incredible .... Kaffeesurrogat
