Jitsi behind existing nginx reverse proxy

hi,
i installed jitsi on a singel VM and it is working fine with the nginx on that server.
now i have another vm running an nginx for reverseproxying all my stuff which works great. i would like to see having jitsi enabled there as well, but i am failing.
i tried all the tipps from the internet i could find but were not successful.

local jitsi:
port 443 wll internally switch to 4444 or 4445 and connect to 5280.

first step is now to use my dedicated nginx on the same local subnet for serving 443.

  1. simply forwarding all the 443-traffic from central nginx to the jitsi-nginx:443 is not enough.
  2. forwarding 443-traffic from central nginx to jitsi-nginx:4444 is not working either.

what is the correct way?
i always get error 502 or 400 (when forwarding to port 4444).

kind regards,
andre

I’m stucking there too. I appreciate if someone could help.
This is my configuration on nginx reverse proxy

server {
listen 443 ssl;
server_name meeting.domainname;

ssl_certificate /home/neoadmin/meeting.crt;
ssl_certificate_key /home/neoadmin/meeting.key;

ssl_session_cache  builtin:1000  shared:SSL:10m;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

access_log    /var/log/nginx/jitsimeet.access.log;

client_max_body_size  50m;

location / {
#insufficient
#proxy_pass          https://10.250.1.11:4444;
#proxy_set_header X-Forwarded-For $remote_addr;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass https://10.250.1.11:4444/;
proxy_read_timeout 90;
    }

)

did you get any further? i am still stuck at this point.
regards,
andre

If you don’t care about coturn and ‘corporate firewalls’, disabling TLS on jitsi and forwarding from nginx (HTTPS) to jitsi (HTTP) is trivial.

i would go that way, because internally i don’t need tls here, and as long as ssl is available a tnginx-level it would be fine for me.
how would i connect jitsi-http to nginx? simply disable ssl on jitsi-docker?
will try that.

edit: just realized, that i don’t use jitsi-docker here at home. wanted to use the not containerized way to have easier handling of configuration.
if i connect to jitsi via its local nginx (ssl -> points to port 4444 on jitsi) everything works. if i connect directly to port 4444 on jitsi (which is on the same host as its local nginx) i get an immediately “connection lost” when connectin my webcam.

I don’t quite understand why this happens but my config - that I have already posted here - has disabled https on jitsi (removed the https config) and proxy nginx reverse proxy on 443 -> jitsi on port 80 (not redirecting to https obviously). Seems to work so far.