-
jonas’
so, completely unrelated to recent events, if I wanted to set up a reliable group video chat thing for friends&family, what would I do?
-
Daniel
The only non-skype thing I have experience with is jitsi meet
-
Daniel
Only ever used the hosted version though
-
jonas’
Daniel, what’s the experience?
-
jonas’
I expect the hosted one to get into certain difficulties soon
-
Seve
I'm using Nextcloud + Nextcloud Talk. The maximum people I tested it with was four.
-
jonas’
nextcloud I already have
-
Ge0rG
maybe I should re-evaluate setting up jitsi on my private prosody
-
Seve
Works super good on mobile (Android)
-
Ge0rG
can you use the jitsi meet app with a self-hosted instance yet?
-
Daniel
One time I couldn't get it to work but when we tried Skype afterwards it didn't really work either. (network issues on the other end I belive) but when it did work it was always ok
-
jonas’
hm, I can’t find any documentation on how to set it up so far
-
jonas’
seems like I should take notes
-
Seve
> nextcloud I already have Not good enough for you? You can send links and so, without an account.
-
jonas’
Seve, I’d prefer to go with XMPP before trying Nextcloud Talk
-
jonas’
though I *do* wonder how well such a videobridge/jitsi thing will work behind a NAT (on the server side.):/
-
jonas’
I do run out of IP addresses
-
jonas’
though I can probably argue for that being of shared value
-
Ge0rG
wasn't one of the STUN things silently using google servers?
-
Zash
jonas’: There's a docker thing for jitsi meet that's not too complicated to get running
-
Seve
I agree, but anyway you don't have integration with IM clients anyway... Quite annoying
-
jonas’
Zash, I don’t have docker on my servers
-
jonas’
Seve, I can live with it requiring some kind of special client fo rnw✎ -
jonas’
Seve, I can live with it requiring some kind of special client for now ✏
-
jonas’
okay, let’s use the "broadcast" address of the network. what could possibly go wrong
-
Ge0rG
jonas’: other boxes not finding the default gateway any more? ;)
-
jonas’
Ge0rG, they’re statically configured :>
-
Ge0rG
jonas’: static ARP?
-
jonas’
no
-
jonas’
just static routes
-
jonas’
I’m already using the "network address" on one of the boxes with no issues so far
-
Ge0rG
OTOH, there was a sysctl in linux a loooong time ago to ignore packets to your IP address sent to ethernet broadcast, because it uncloaked promiscous mode devices
-
jonas’
Ge0rG, the gateway has static routes for each of the "funny" /32 addresses as onlink routes on the interface. all boxes already have static routes to the /32 of the gateway, because it’s not even part of the /29 they’re in
-
jonas’
IPv4 is expensive
-
jonas’
and I’m not going to pay 1 EUR / month for an address I’m not going to use
-
Ge0rG
I'm still wondering how jitsi videobridge integrates with an existing prosody.
-
jonas’
I’m figuring that out right now
-
Ge0rG
jonas’: will you blog it? :D
-
jonas’
I may
-
Ge0rG
I'm interested in learning the steps needed to run my own videobridge on debian + proper prosody
-
jonas’
me too!
-
Ge0rG
jonas’: so write them down as you do, pretty-please :)
-
jonas’
will do
-
jonas’
ugh
-
jonas’
identities: category='component' type='conference' [en] 'JitsiVideobridge'
-
jonas’
so there’? that✎ -
jonas’
so there’s that ✏
-
jonas’
it is *very* opinionated about which (sub-)domain names you use :/
-
jonas’
Ge0rG, https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md
-
jonas’
this seems accurate AFAICT so far
-
jonas’
it also means I have to start over
-
jonas’
though that doesn’t use debian packages
-
jonas’
I love how they tell you to forward the port 4443, which isn’t even bound to by jvb
-
jonas’
I seem to have a working jitsi meet
-
jonas’
TIL: jitsi-meet will make a room non-anonymous when it joins
-
jonas’
so you’ll want a dedicated conference domain
-
jonas’
*sigh*
-
moparisthebest
I briefly looked at setting up jitsi-meet with existing prosody and quickly decided my own https://appr.tc/ instance would be easier, currently working on docker container that just spins it all up
-
jonas’
what’s that?
-
jonas’
the link you gave is incredibly non-descriptive ;)
-
moparisthebest
the main thing jitsi meet is missing is I can't just send people a link, it won't work in a mobile browser
-
vanitasvitae
don't they have a mobile app?
-
vanitasvitae
but yeah I get the point of "not just send a link" on mobile
-
moparisthebest
https://github.com/webrtc/apprtc / https://github.com/Piasy/WebRTC-Docker (this docker container isn't very suitable, runs 3 different http servers on different ports etc...)
-
moparisthebest
vanitasvitae, yep they do, so now I have to send a link, plus a link to my custom compiled jitsi meet app? meh
-
Zash
I thought the main thing Jitsi Meet was missing is that it doesn't make noise and show popups
-
emus
vanitasvitae: hitsi has, also on fdroid
-
vanitasvitae
I think you can set the instance
-
vanitasvitae
right?
-
moparisthebest
oh, possibly, still that's a pretty large hurdle compared to "click this link"
-
pep.
"moparisthebest> the main thing jitsi meet is missing is I can't just send people a link, it won't work in a mobile browser" Yes you can? I do that all the time
-
moparisthebest
I just tested it yesterday and it wouldn't work in a mobile browser, am I holding it wrong?
-
jonas’
waiting for DNS to propagate to be able to test >.>
-
pep.
If they use a browser then the instance might redirect them to downloading an app on mobile, but you can certainly remove that
-
Zash
"click this link" is apparently completely useless, gotta show a popup with "someone's calling, [answer]"
-
moparisthebest
I just tried on https://meet.jit.si/
-
pep.
moparisthebest, what device
-
pep.
On mobile it might annoy you indeed
-
pep.
I never have an issue on desktop
-
moparisthebest
firefox mobile on lineageos (android 9) on a samsung galaxy GS5
-
moparisthebest
oh yea, it works great on desktop
-
moparisthebest
at this second I'm after minimal setup that *just works* on all browsers including mobile
-
moparisthebest
appr.tc fits that bill, jitsi meet doesn't, I couldn't find anything else that might
-
pep.
Is that self-hosted?
-
moparisthebest
*that* instance is hosted by evil google, but it can be self hosted
-
vanitasvitae
just checked the jitsi app. Setting my own instance was super easy
-
vanitasvitae
it is so sad that I had far better video quality when switching from wifi to mobile 🙁
-
vanitasvitae
#developingInternetCountryThings
-
Guus
vanitasvitae same here
-
jonas’
someone mother’s wifi?
-
Guus
no. Fiber.
-
vanitasvitae
no, mine 🙁
-
jonas’
hm, so jitsi-meet
-
jonas’
I got it set up, but it’s rather different than what I expected
-
Guus
I wonder if it 'optimizes' the connection because of NAT and mulitple hops in my meshed wifi or something
-
jonas’
AFAICT, I now got an open relay for WebRTC traffic
-
jonas’
I expected it to be configurable in such a way that at least the host needs to authentiacte against my existing domain
-
Guus
jonas’ you can protect things with accounts etc - not sure how sturdy that is though.
-
moparisthebest
most of the time that's handled by secrets and hmac jonas’
-
Guus
but yeah, the default install allows anyone to use it.
-
jonas’
hm
-
moparisthebest
appr.tc / coturn supports it out of the box like https://github.com/Piasy/WebRTC-Docker/blob/master/apprtc-server/ice.js#L5 + https://github.com/Piasy/WebRTC-Docker/blob/master/apprtc-server/turnserver.conf#L7
-
pep.
jonas’, yeah I've done that in the past, you can use xmpp auth
-
jonas’
pep., interesting
-
jonas’
moparisthebest, what?
-
jonas’
moparisthebest, you seem to have missed the point
-
moparisthebest
it's still semi-open, just time limited, but you should be able to do something similar with xmpp
-
moparisthebest
jonas’, I'm saying you don't need coturn to do anything but authenticate an hmac, not contact your xmpp server/db, then it's just making the xmpp bit that hands out the secret do that
-
jonas’
moparisthebest, I’m not using coturn though
-
jonas’
I’ve got a jitsi-meet setup
-
moparisthebest
jitsi-meet doesn't use coturn?
-
jonas’
nope
-
moparisthebest
nevermind then, but surprising
-
jonas’
I was surprised, too
-
jonas’
but they only need 10000/udp and 443/tcp, and those are bound directly to the Java process
-
jonas’
ugh
-
jonas’
ok, so the jitsi-meet doesn’t work at all.
-
jonas’
I don’t even see it trying to send traffic to the bridge
-
jonas’
and p2p seems to fail too
-
jonas’
hm, no public support MUC either?
-
Zash
Oh is that why we get so many Jitsi Meet questions in the Prosody room?
-
Guus
probably.
-
jonas’
meh
-
Guus
They are very active on their discourse instance - but that seems to be having trouble today.
-
jonas’
also, discourse is unusable to me
-
jonas’
also, I got used to IM community support
-
Guus
fwiw: if you want to spin up basic functionality without jumping through any hoops: install Openfire plus its ofMeet plugin. It'll give you limited features, and is outdated by at least a year - but you can set it up in 2 minutes.
-
Guus
I showed that in last years' XSF summit.
-
jonas’
I specifically do not want that, I want it to integrate in my existing setup
-
Guus
totally understandable. Just wanting to give people some options that in these times are looking for a quick fix.
-
Guus
doing a separate install will give you better features, more performance, etc, etc.
-
jonas’
I also don’t get how this is supposed to even work without any traffic to the videobridge
-
jonas’
I’m wondering whether it gets confused about the A record for the domain not pointing to the videobridge
-
Guus
I didnt' read the backlog
-
jonas’
or about having both a private and a public IPv4
-
Guus
but basically, the web app will talk to the video bridge over UDP or TCP
-
jonas’
it doesn’t
-
jonas’
zero traffic to that IP
-
Guus
I think on port 10000 UDP with a fallback to 443 TCP with a fallback to 4443 TCP if 443 can't be bound to by the process.
-
Guus
well, for 1-on-1 conversations, the webapp defaults to peer-to-peer
-
jonas’
aha!
-
jonas’
that’s a bit of information which is interesting
-
Guus
add a third participant to force things over the videobridge
-
jonas’
and what if p2p fails for whatever reason?
-
Guus
unsure
-
jonas’
where do I get a third participant now
-
Guus
note thta I've been out of the loop for 12 months too.
-
Guus
new incognito tab.
-
jonas’
smart!
-
Guus
been there done that _a lot_ 😃
-
jonas’
oh, look at this traffic
-
Guus
ta-daaaah.
-
Guus
ok, off to prepare dinner.
-
Guus
poke me if you need more help
-
jonas’
lots of inbound traffic on the videobridge, but no outbound
-
jonas’
also, it doesn’t arrive there✎ -
Guus
nat weirdness?
-
jonas’
no, nevermind ✏
-
Guus
you can configure it to ... ok.
-
Guus
ICE negotiation can take some time
-
jonas’
my SSH session with tcpdump just died
-
jonas’
so I see lots of inbound traffic, but virtually no outbound traffic on the videobridge
-
Guus
tcpdump will be pretty verbose with webrtc data 😃
-
jonas’
approximately 1:10, maybe 1:20
-
Guus
maybe this:
-
Guus
you want to prevent the device of each end-user to have to process the raw data of all participants - which would not scale, and bring commercial laptops to their knees fast. the JVB will therefor accept all inbound data, process that, and push an optimized stream back out.
-
Guus
there's webrtc mumbojumbo for this that I fail to remember, but that's the gist of it.
-
Guus
iirc, you upload three video stream (thumbnail, medium and full resolution, somesuch), but participants are only interesting in one (depending on who's talking, etc)
-
Guus
so there's a lot of room for optimization there.
-
jonas’
Guus, right, however, the data currently transmitted from my device would barely suffice for audio
-
Guus
(take all of this with a grain of salt - I'm far from an expert and I've not engaged with the devs for months)
-
jonas’
most certainly not for three clients
-
Guus
did you mute video?
-
jonas’
I disabled video to make tcpdump less verbose
-
jonas’
yeah
-
Guus
maaaybe it's not actually sending data then?
-
jonas’
yes, but why ;)
-
Guus
because you muted it?
-
jonas’
but I didn’t mute audio
-
Guus
do you hear audio?
-
jonas’
no
-
jonas’
I don’t see any outbound traffic on my machine for the audio which is suggested should be going out by the VU-meter bars in my avatar thumbnail thing
-
Guus
then I don't know 🙂
-
Guus
as I said, got to prepare dinner
-
jonas’
also it show bitrate etc as N/A when I hover over my avatar
-
Guus
also: covid update from government in a couple of minutes
-
jonas’
yeah, good luck and have fun
-
Guus
tx
-
Guus
that n/a bitrate was always there - confused me a lot
-
jonas’
oh, maybe it uses (or tries to use) P2P for audio always?
-
Guus
but this is pretty much where my knowledge ends too
-
jonas’
it’s a *video*bridge after all
-
Guus
don't think so, but maybe.
-
Guus
ok, I'm out.
-
jonas’
bon appetite
-
Guus
Poke Dele when he's in here - he's familiar with Jitsi.
-
Guus
tx
-
jonas’
okay, it’s not a purely local issue -- using meet.jit.si gives me a nice audio feedback loop instantly :)
-
jonas’
okay, so apparently, jitsi-meet wants that it runs on the same hostname as it advertises
-
jonas’
this is stupid
-
Zash
Oh yeah, I remember it being very picky about names of the various parts.
-
jonas’
can’t do that on my infra without doing nasty things
-
jonas’
like having two network namespaces with the same hostname
-
jonas’
or installing third-party packages on the main box
-
moparisthebest
I appreciate the reassurance my "this looks too complicated" was correct :/
-
jonas’
it’s too undocumented mostly
-
jonas’
A/V is complex, all those simple WebRTC apps are a golang-esque simplification which don’t hold in edge cases (non-web, for example)
-
moparisthebest
here simplify is a good thing, I can send a link over xmpp or sms or anything, and anyone with a web browser can click it and have it work
-
moparisthebest
not "here's a link that will work in a desktop browser, but if you are on mobile, please find a way to install this jitsi meet app, and also go into settings and change the default hostname, and maybe then it might work"
-
moparisthebest
you realize that sounds insane right?
-
jonas’
moparisthebest, all depends on your usecase
-
jonas’
installing the app was trivial
-
jonas’
even for me on f-droid
-
jonas’
it takes a full URL nowadays, so no need to change the hostname
-
moparisthebest
how's the iOS app?
-
moparisthebest
now I also need to know what os my contact is currently on?
-
jonas’
I don’t care about iOS
-
moparisthebest
why doesn't it *just work* in a mobile browser too?
-
jonas’
on my phone it probably wouldn’t work, even if they tried, because it already OOMs when you open two or three normal broswer tabs at once.
-
jonas’
using a dedicated app without the javascript bloat is a much saner way
-
Zash
But does it ring?
-
moparisthebest
my phone is 6 years old and I can run hundreds of tabs in firefox mobile *and* this video/audio webrtc thing ¯\_(ツ)_/¯
-
jonas’
moparisthebest, good for you!