after semi-hijacking another thread (sorry for that) I decided to create an own one, as I do not want to disturb the other topic. After going back and forth too often while troubleshooting I decided to start with a fresh server, mybe that brings me to the finish line
Whats the goal?
Running jitsi instance which itself sits behind a NAT. Connections should fall back to TCP 443 only, if the client sits behind a corporate firewall. If possible, everything running on a single server VM (only up to 20 participants at all)
With what did I start?
fresh server Ubuntu 20.04. in private network (192.168.x.x) behind firewall with NAT with the following ports forwarded to the VM:
TCP Ports 443, 80, 22, 5349
UDP Ports 10000, 3478
What did I do?
Followed the selfhosting guide
- apt install apt-transport-https
- apt install openjdk-8-jdk
- hostnamectl set-hostname meet.blahblah.com
- apt install jitsi-meet (after adding the repo)
- Added the following to /etc/jitsi/videobridge/sip-communicator.properties
- Added the following to /etc/systemd/system.conf
At this point jitsi is working fine, when there are no corporate firewalls involved, both 2 and more participants. I then followed the part “Use TURN SERVER on port 443” in the guide (https://jitsi.github.io/handbook/docs/devops-guide/turn). Afterwards, everything was still working as before.
What did I do different than the description in the guide?
- added local LAN address to hosts instead of public IP as the VM is behind a NAT
- added local LAN adress as turn_backend in the nginx module
- 2 or 3 way calls are still working after change turn port to 443
What does not work:
- Fallback to 443 still does not work.
- Turnserver is still bound to the meet.blahblah.com certificate. Should I edit the turnserver.conf accordingly? Is there anything else to do?
- Is 4443 needed or not? The selfhost guide says so and so
- Is certbot already configured to reissue the cert?
Help is highly appreciated, thanks so much in advance