Jitsi-Meet and HAProxy - can't use port 443 as backend


first of all thank you for this great tool.
I have a problem getting it to run with HAProxy (integrated in OPNsense). If I configure my jitsi server on TCP/443 as real server, HAProxy cannot connect to the backend and always shows it as down.
If I use TCP/4444, it works (but if I understand it correctly, it won’t route requests to TURN automatically, which is the point of TCP/443).

This probably is a HAProxy problem (it works in a local browser with TCP/443), but maybe somebody here has already run into that problem.
I would like to keep using HAProxy because it does all my LetsEncrypt stuff for other services (web, zulip etc.)

In that case you’d need to disable the TURN multiplexing. Or coonfigure HAProxy ddo do it, since it’s the entity which will receive the incoming connections.

in haproxy, you’ll need to switch from http mode, to tcp mode if you can. If you want to retain http mode on 443, you’ll need to make a few changes and add another frontend/backend to handle the media streaming. I ran into this issue, and documented my steps here ( i used 4443, because my firewall and proxy was already set to us that since it was the fallback tcp in the previous version).

Okay, thank you.
So I just publish TURN on another port (maybe TCP/4445 because that’s what it has on nginx) with HAProxy?
Where do I tell jitsi about that? Do I just add the URL to stunServers: [] in config.js (which is commented out right now anyway, so it looks like it already used only Google’s STUN servers), or do I have to do anything else?

I can’t change to TCP mode, because I have a bunch of other HTTP stuff on the same HAProxy frontend on TCP/443. If I have to setup a separate IP for that I can just run jitsi without HAProxy and NAT altogether. But that’s something I wanted to avoid, if possible.

its in the prosody config.