Installing Jitsi Meet Behind Firewall with SSL Termination

All the installation guides I can find involves installing Jitsi Meet with Let’s Encrypt or with self-signed certificate on the Jitsi server itself.

But in my case, the Jitsi server is NAT’ed behind a Web Application Firewall (WAF) and the WAF is doing SSL Termination - the SSL certificates are installed on the WAF. So the connection between the client browser and the WAF is SSL encrypted, but the WAF will forward to the NAT’ed Jitsi Server unencrypted through port 80.

Is this type of architecture support for Jitsi Meet? Can I install Jitsi Meet without needing to setup any SSL certificates at all since the WAF is taking care of that?


You can do this with reverse proxy. You have to map port 4444 of the jitsi server and PORT FORWARD UDP 10000 as well

it should work, yes. You will have to rip out ssl configuration from default nginx server since by default port 80 redirects to 443. If you ‘application firewall’ does not support ALPN, you will not have any possibility to allow ‘clients behind corporate firewall’, that is, clients with port UDP/10000 blocked.

Do I still need to keep the /etc/nginx/modules-enabled/60-jitsi-meet.conf? Or do I delete it and configure /etc/nginx/sites-available/jitsi-mysite.conf to listen on port 80 only instead of 443 or 4444?

by default the Jitsi nginx listens to 80 and 4444 in the mysite.conf, while redirecting 80 to 443. The 60-jitsi-meet.conf is the one ‘listening’ on port 443. Your firewall is doing this job and what you want is to make it to connect to jitsi-meet.
My solution for now is to make the connection to port 80 and so remove the redirection from 80 to 443. There is no need to touch the 60-jitsi-meet.conf file. If you want ALPN you will have to duplicate this trick at the firewall level if possible at all.