Beginner questions, connection issues, fallback not working

Hi,
I installed Jitsi two weeks ago on a fresh install of Ubuntu 16.04.6 LTS.
In order to make use of turnserver, before installing Jitsi, I had to install a newer version of nginx (1.17.10) than would come with 16.04 repos, because of turnserver’s dependencies. That nginx version did not come with the same folder structure, so I had to create sites-enabled and modules-enabled folders or else the jitsi installation would fail. Afterwards, I included the two folders in /etc/nginx/nginx.conf and jitsi-meet was working.

There are a few issues though:
#1 Fallback to Port 443 TCP is not working (important for users behind restrictive corporate firewalls)
#2 The machine resolves its own url to its local IP for some users, despite them being outside of the server’s network.

Regarding #1:
I noticed that with the latest versions, the nginx configures itself to serve the web content internally on port 4444, according to /etc/nginx/sites-enabled/fqdn.conf
In /etc/nginx/modules-enabled/60-jitsi-meet.conf, the listener for 443 is enabled and upstream web is defined as 4444, whereas upstream turn is 4445. This is all configured like this out of the box.

/etc/hostname gives me fqdn
/etc/hosts gives me 127.0.0.1 localhost fqdn

In /etc/jitsi/videobridge/sip-communicator.properties, I added the following lines:
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS= 172.27.XXX.XXX
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS= 82.XXX.XXX.XXX
org.jitsi.videobridge.TCP_HARVESTER_PORT=443
org.jitsi.videobridge.TCP_HARVESTER_SSLTCP=true

and commented out:
#org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay[.]jitsi[.]net:443

/etc/jitsi/meet/fqdn -config.js has
useStunTurn: true,
and
p2p {
enabled: false,
useStunTurn: true,
stunServers: [
{ urls: ‘stun: fqdn: 4446’ }]

The firewall on the machine is configured to deny all incoming traffic aside from
80/tcp
443/tcp
10000/udp
And the physical firewall does the same.

As soon as I block port 10000 udp on my client or its router that accesses the machine via the internet, no more video, screenshare, or audio goes through.
What do I need to do to make use of fallback to port 443/tcp for tunneling media traffic?

Regarding #2:
Let’s say I have a web application that has the jitsi-meeet iframe client integrated like this:
script type=‘text/javascript’ src=‘https:// fqdn /external_api.js’

and within the js code,
const domain = ‘fqdn’;
The web application is accessed through a branch office vpn tunnel, the server ‘fqdn’ is not part of the tunnel and shall be accessed through the Internet, my users tell me the server responds by its internal IP, which, since it’s not part of the bovpn, cannot be resolved.
Much like situation #1, the participants see each others status and names, etc. but no media like video, audio, screensharing is transmitted.
What do I need to do regarding name resolution so that the fqdn of the machine is always resolved like the client would? If someone is inside the network where the server is located, the local IP shall be used, external users including tunnel users shall use the public IP to resolve the name (a public dns record exists)?

Everytime I wrote fqdn, we’re talking about a url including a subdomain, like ‘abc.something.de’ and it’s the same everywhere.

Thank you in advance for any input.