Jitsi Meet behind NAT without ports 80 and 443, in Docker

I want to use Jitsi Meet as a skype/discord alternative for video chats for the following reasons:

  • Privacy, security and end to end encryption
  • Video quality from meet.jit.si seems to be better than Discord on poor connections, which I experience
  • Supports video calls with up to 3 people, and screen sharing
  • Runs in Docker with fairly limited fiddling
  • Supports pre-shared user/password authentication
  • Video and screen sharing on windows clients, video on iOS and android clients
  • Very limited client-side config needed on windows
  • People from WAN and on LAN can connect to the same call

I know Jitsi Meet is meant to be for teleconferencing, but assuming it meets the above, I already have a docker setup on my server, so adding one more container should be low incremental effort. I have a fairly normal home network setup (i.e. NAT). Glancing at the docker page on github (https://github.com/jitsi/docker-jitsi-meet), here are some potential hurdles I would like confirmed:

  • Need Let’s Encrypt for mobile support, and thus need to set the HTTP and HTTPS ports to 80 and 443, respectively
    • Does this mean I need to forward ports 80 and 443 to my docker container? That could screw up normal web browsing for all my other devices, right?
    • Do I need to forward ports for self-signed Jitsi Meet?
  • Setting internal authentication and disabling guests lets me provide my friends a username and password, and prevents randos from joining my calls and making their own, right?
  • DOCKER_HOST_ADDRESS would be set to the address of the linux box that runs docker, i.e. if I ssh into 192.168.1.12 to install docker containers, I set DOCKER_HOST_ADDRESS=192.168.1.12?
  • PUBLIC_URL can be set to my NoIP domain name
  • LETSENCRYPT_DOMAIN can be set to my NoIP domain name
  • It is completely sensible and secure to configure Jitsi Meet in the way described above, and leave it running all the time

Forwarding ports 80 and 443 may not be feasible. What are possible workarounds for getting free HTTP certificates without those ports being forwarded? Additionally, are the other minor settings/assumptions above ok?

Thank you

Yes, in order to use Let’s Encrypt you need these ports.

Yes, you need as a minimum tcp 443 and udp 10000.

Yep.

Yes. Mind that the videobridge needs to know its public address and this is done on its start. So whenever your public address changes, you need to restart jvb container.

Yes.

Yes.

You can buy certificates.

Mind that hosting in Home sometimes is not ideal, as normally the internet provided to home users is asymmetric and upload is limited. For 3 participants you need at least stable 15 Mb upload, this is in case all of them are using simulcast enabled browser (chrome), if you replace one with Firefox you need 25Mb upload from your home connection.