Enable Videobridge for TCP

This section provides steps to configure TCP for media streams on the HCL Sametime Meeting Server on TCP port 4443.

Before you begin

The following external port must be opened on a firewall. Check with any network command. For example- netstat #4443/tcp is used for RTP media over TCP.

About this task

Instructions for Docker

Use these settings to allow both UDP and TCP.

The client will try UDP first and if it fails, TCP will be used.

  1. Open the .env file, look for “JVB_TCP_HARVESTER_DISABLED” configuration and change the value to false.
    JVB_TCP_HARVESTER_DISABLED=false
  2. In the .env file, locate the entry for JVB_TCP_PORT field. If the value has a # in front, remove the comment # to enable the setting.
    JVB_TCP_PORT=4443
    Note: #JVB_TCP_PORT is TCP port for media used by Jitsi Videobridge when the TCP Harvester is enabled.
  3. Open the docker-compose.yaml. Add JVB_TCP_PORT section for the JVB component:
    # Video bridge
    jvb:
    ports:
    - '${JVB_PORT}:${JVB_PORT}/udp'
    - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'

With above configuration, A/V media successfully flows through 4443 media-port and media-port state changes from Listening to Established

tcp6 0 475 a82b7a871950:4443 192.168.75.1:49295 ESTABLISHED

Use these settings to force TCP only.

If there is need to completely switch to the TCP protocol and remove support for UDP, then complete the settings above, remove JVB_PORT in docker-compose.yaml file and remove the entry from .env file.
# Video bridge
jvb:
ports:
#- '${JVB_PORT}:${JVB_PORT}/udp'
- '${JVB_TCP_PORT}:${JVB_TCP_PORT}'

To enforce the changes made, follow the steps in Enabling Meeting Configuration Changes.

Instructions For Kubernetes:

Use these settings to allow both UDP and TCP.

UDP will be attempted first and if it fails, then TCP will be used. If you need to disable UDP entirely, UDP will need to be blocked at the network.

  1. Open the helm/charts/video/templates/deployment.yaml, add the following as environment variables. Search for JVB_PORT to see where to insert them:
    - name: JVB_TCP_PORT
    value: "4443"
    - name: JVB_TCP_HARVESTER_DISABLED
    value: "false"
    
These steps are required for AWS EKS only. In helm/charts/video/templates/deployment.yaml, find the lifecycle section. Below it you will see a preStop: section. Insert the following as a sibling section to preStop:
postStart:
exec:
command: ["/bin/sh", "-c", "echo 'org.ice4j.ice.harvest.ALLOWED_INTERFACES=eth0' >> /defaults/sip-communicator.properties"]

Save the settings and redeploy using the steps in Enabling Meeting Configuration Changes.

To update a live deployment, use the following command:
kubectl set env deploy/video -e JVB_TCP_PORT=4443 -e JVB_TCP_HARVESTER_DISABLED=false
Use these commands to update a live deployment if you are deployed on AWS:
kubectl patch deploy/video -p '{"spec":{"template":{"spec":{"containers":[{"name":"jvb","lifecycle":{"postStart":{"exec":{"command":["/bin/sh", "-c", "echo \"org.ice4j.ice.harvest.ALLOWED_INTERFACES=eth0\" >> /defaults/sip-communicator.properties"]}}}}]}}}}'

Use these steps to remove UDP port 30000 from AWS:

  1. Open the AWS Console and navigate to your EC2 Dashboard.
  2. Click Security Groups.
  3. Find the Security Group named eksctl-<your cluster name>-nodegroup-video/SG.
  4. Locate port 30000 / UDP from the list and click the remove icon.
  5. Click Save.