I have a security requirement to dissociate the media server (Jitsi Meet) from its clients. The goal is for clients to never reach the hosted Jitsi Meet directly and vice-versa. I tried placing a proxy between the clients and the hosted Jitsi Meet server with nginx configurations. For the most part this works for TCP traffic, but UPD traffic goes directly to the Jitsi Meet server. I am thinking this happens as part of WebRTC negotiations and I don’t know if there is a way to get around it.
At first I thought TURN servers could help with this dissociation, but after further reading I believe TURN servers are only applicable for p2p connections, and I also think it would only help in one direction.
I would really appreciate any/all advice on this.