Jitsi behind Nginx reverse proxy and NAT. Help!

Install & Config
1

Hi all! I’m trying to set up a jitsi vm behind NAT and an additional nginx.

I’ve tried many different options, but none of them work. I can create a room, connect 3 users, but I can’t see an image or hear sound. Firewall set to 443 → RP Nginx, 10000UDP → jitsi VM.

Nginx reverse proxy:

server_names_hash_bucket_size 64;

types {
        application/wasm     wasm;
}

server {
        listen  80;
        server_name meet.my.domain;
        return 301 https://meet.domain.tld$request_uri;
}

server {
        server_name meet.my.domain;
        listen 443 ssl http2;

        ssl_certificate /etc/letsencrypt/live/meet.my.domain/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/meet.my.domain/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        add_header Strict-Transport-Security "max-age=63072000" always;

        access_log /var/log/nginx/meet.access.log;
        error_log /var/log/nginx/meet.error.log;

        location / {
                proxy_pass http://192.168.190.13;

                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;

                # WebSocket support
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
}

}

Nginx on VM Jitsi:

server {
    listen 80;
#    listen [::]:443 ssl;
     server_name meet.my.domain;

     set_real_ip_from 192.168.190.2 (internal address my RP nginx);
     real_ip_header X-Real-IP;
     set $prefix "";
     root /usr/share/jitsi-meet;
     ssi on;
     ssi_types application/x-javascript application/javascript;

     index index.html index.htm;
     error_page 404 /static/404.html;

AND DEFAULT CONFIG....
2

You may put a module config into /etc/nginx/modules-enabled similar to this one on the reverse proxy.

3

Am I understanding the setting correctly? Need to open additional ports?

# this is jitsi-meet nginx module configuration customized by jitsi installer.
# this forwards all turn traffic to the coturn port
# and the rest to the nginx virtualhost port.
# you need a second FQDN for the turn server.

stream {
    upstream web {
        server 127.0.0.1:4444;
    }
    upstream turn {
        server ___LOCAL_IP___:5349; --> ip my internal lan nginx reverse proxy address
    }

    map $ssl_preread_server_name $upstream {
        ___TURN_HOST___         turn; --> ip my vm with jitsi
        default                 web;
    }

    server {
        listen 443;
        listen [::]:443;

        ssl_preread on;
        proxy_pass $upstream;

        # Increase buffer to serve video
        proxy_buffer_size 10m;
    }
}
4

I added the configuration, but nothing has changed (

5

The current form doesn’t suit your use-case. You should update it according to your use-case.

6

Do I need to specify only IP addresses or something else? Can you explain in more detail?

7

stream layer allows to redirect requests to an upstream without terminating SSL.

Catch jitsi related requests by checking their address and redirects them to Jitsi’s TCP/443 if matched.

For other domains, the upstream should be the reverse proxy itself to not break the old domains.