I had quite a journey getting Jitsi to run in a LXD-container on Ubuntu 18.04 and nginx doing the proxying and ssl-encryption. In hindsight these things are kind of obvious, but I had trouble finding the causes of my problems. So here they are for future LXD users. May it help:
- the nginx proxy has to do ssl-reencryption since jitsi will only serve https. But if you configure re-encryption too early, the proxy will only send https requests and the letsencrypt certification process will fail. You need to install certifiactes for jitsi before you turn on ssl re-encryption in nginx.
- if you use nginx as reverse proxy and let nginx do the ssl encryption, you may be used to setting the CAA for your DNS. If you don’t use your own certificates, but rather just let letsencrypt do the job, having set a CAA record to something else than letsencrypt will fail the certificate generation
- You will need port-forwarding from host to LXD-container for port tcp 4443 and udp 10000. Ubuntu 18.04 comes with LXD v3.0.3. You will need to update LXD to v3.2 or later (e.g. run “snap install lxd” and “lxd.migrate”) for it to support UDP port forwarding.
- if you are used to using the container DNS names rather than the ip addresses, this won’t work when setting the ICE harvester values in the sip-communicator.properties. You actually need to use the ip address.
Or am I mistaken for these points?