Jitsi on port 443 behind corporate Firewall

Hi all,

im currently trying to configure jitsi with coturn to allow jitsi behind some corporate firewalls.
With coturn there is no video and audio in Jitsi and im getting the following errors:

From the turnserver:
closed (2nd stage), user <> realm <TURN_DOMAIN> origin <>, local, remote, reason: TLS/TCP socket buffer operation error (callback)

In jvb:
JVB 2022-01-31 13:10:44.339 WARNING: [111] [confId=c0d150158127a661 gid=39595 stats_id=Esta-zeU conf_name=test@conference.JITSI_DOMAIN ufrag=a6fep1fqo44ku2 epId=6972b0b2 local_ufrag=a6fep1fqo44ku2] ConnectivityCheckClient.startCheckForPair#374: Failed to send BINDING-REQUEST(0x1)[attrib.count=6 len=96 tranID=0x735542B07E0147A96FBE59DB] java.lang.IllegalArgumentException: No socket found for MY_PUBLIC_IP:10000/udp->

This are my configs
sip-communicator.properties (i removed some non important lines)


prosody (only the important virtual host with the configuration above)

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "PUBLIC_DOMAIN";

external_service_secret = "SECRET";
external_services = {
     { type = "stun", host = "TURN_DOMAIN", port = 443 },
     { type = "turn", host = "TURN_DOMAIN", port = 443, transport = "udp", secret = "SECRET", ttl = 86400, algorithm = "turn" },
     { type = "turns", host = "TURN_DOMAIN", port = 443, transport = "tcp", secret = "SECRET", ttl = 86400, algorithm = "turn" }

turncredentials_secret = "SECRET";
turncredentials_port = 443;
turncredentials_ttl = 86400;
turncredentials = {
     { type = "stun", host = "TURN_DOMAIN", port = 443 },
     { type = "turn", host = "TURN_DOMAIN", port = 443, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
     { type = "turns", host = "TURN_DOMAIN", port = 443, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }

cross_domain_bosh = false;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284

VirtualHost "JITSI_DOMAIN"
    -- enabled = false -- Remove this line to enable this host
    authentication = "anonymous"
    -- Properties below are modified by jitsi-meet-tokens package config
    -- and authentication above is switched to "token"
    -- Assign this host a certificate for TLS, otherwise it would use the one
    -- set in the global section (if any).
    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
    -- use the global one.
    ssl = {
        key = "/etc/prosody/certs/JITSI_DOMAIN.key";
        certificate = "/etc/prosody/certs/JITSI_DOMAIN.crt";
    av_moderation_component = "avmoderation.JITSI_DOMAIN"
    speakerstats_component = "speakerstats.JITSI_DOMAIN"
    conference_duration_component = "conferenceduration.JITSI_DOMAIN
    -- we need bosh
    modules_enabled = {
        "ping"; -- Enable mod_ping
	-- "turncredentials";
    c2s_require_encryption = false
    lobby_muc = "lobby.JITSI_DOMAIN"
    breakout_rooms_muc = "breakout.JITSI_DOMAIN"
    main_muc = "conference.JITSI_DOMAIN"
    -- muc_lobby_whitelist = { "recorder.JITSI_DOMAIN" } -- Here we can whitelist jibri to enter lobby enabled rooms


**nginx module**
stream {
    upstream web {
    upstream turn {
    # since 1.13.10
    map $ssl_preread_alpn_protocols $upstream {
        ~\bh2\b         web;
        ~\bhttp/1\.     web;
        default         turn;

    server {
        listen 443;
        listen [::]:443;

        # since 1.11.5
        ssl_preread on;
        proxy_pass $upstream;

        # Increase buffer to serve video
        proxy_buffer_size 10m;

If you need any other configurations just ask for them. 

Does anyone know where the problem is? I tried it for several days and it was not possible for me to find a solution.

Thank you in advance!

Hi Jonie,
I have the same issue.
Do you resolved your problem?
Thank you.

Have you opened a 10000 port in the firewall?

Hey Nasgul,

yeah i kinda resolved the problem. I switched to a setup with two dedicated ips. One for the turn server and the other one for Jitsi. With this setup it seems to work.

The port 10000 is closed for the users because they are behind a firewall where we cant open a port.
On the server the port 10000 is opened (it works without the turn server)

Thank you for your reply.
I can’t opened the port 10000 because it’s measure of security.
I install a turn server on other server. I can see the requests of my participants but i have always the problem with the participant behind the firewall Just with 80 and 443 ports opened.
In jvb log, i have an error of communication broken between the Server with port 10000 udp to participant ip address with udp too.
Do you have à specific configuration on jvb service please ? Because i don’t think so that my problem it’s turn.
Is it possible to sens me your configuration files anonimyzed ?
All functionnalities works fine on meet.jit.si.
Thank you


i used this script for the installation installers/jitsi-base at main · jitsi-contrib/installers · GitHub
After i did everything with this script it worked for me

Hi Jonie,
I tried with the shared link but it didn’t work for me.
I continue my research.
Thank you.

What is the issue while using the installer script?

I have the same problem that this Link.

Are you talking about this script? If so, what is the output when running this script?

The script is OK but it don’t solved my problem.