thank you for all the great discussions and patience in this community. I am completely new to the whole Jitsi area and I am configuring a setup quite simular to the one of localguru. My only difference or addition is a STUN/TURN-Server running on its own virtual machine and all my 3 servers are behind a NAT Router. I read a lot of stuff and most likely I just overlooked the information I am missing right now.
So I have 3 Servers, 1 is Jitsi-Meet with jicofo, prosidy and the web-frontend, 1 is “just” used as a videobridge and then the STUN/TURN-Server. Excuse me for potentially stupid questions:
I am interested in the network paths, that are taken, so that I understand, who is talking to whom in the basic scenarios:
an external device wants to start/join a conference on my jitsi system, so the device connects over 443 to my Jitsi-Meet-Server because there is the website hosted. But when it tries to join a conference, as far as I understand, the Jitsi-Meet-Server tells the device about the videobridge that is hosting the conference and the device starts its own connection (completely separated from the connection with the Jitsi-Meet-Server?) to the videobridge on UDP 10000. So far so right, I hope.
Now I come to my question/struggle: now when UDP 10000 is blocked on other networks but devices still want to participate on a conference, I wonder how the STUN/TURN-Server gets involved. I saw some config-files but at least on one point I quite insecure:
Does the STUN/TURN-Server behind my NAT Router need its own public IP Address? To be precise: who is connecting to the STUN/TURN-Server on what port?
How does this connection come up, after the device that is trying to connect to a conference signals that UDP 10000 is not possible for it?
I usually confuse people with my questions or scenarios, I hope you understand what I mean I try to understand how STUN/TURN gets involved, whether it would need a Public IP and which firewall setup is necessary for STUN/TURN. Internally all 3 Servers are placed in the same network with no firewall in between, so there won’t be any communication issues.
(Last but not least: Am I right, that on my Jitsi-Meet-Server I can also run a videobridge in addition the one videobridge on a separated server?)
Best regards and thank you again for all the help throughout all community forums and all the patience