Ports and firewall rules

JMS

The following ports should be accessible through the public IP address

  • TCP/80
    Required for Let’s Encrypt to create/update TLS certificates

  • TCP/443
    Required for clients to access to Nginx and coturn

  • UDP/10000
    Required for clients to send/receive the audio/video packets to JVB

  • TCP/5222
    This is only needed if you have an additional JVB or an additional Jibri on a seperate machine. If there is no additional JVB or Jibri, don’t allow it

  • TCP/5349
    Required for coturn if you set this port for “turns” on /etc/prosody/conf.d/YOUR-DOMAIN.cfg.lua. As an alternative you may use TCP/443 for “turns” if you configured correctly your Nginx service.

  • UDP/3478
    Required for coturn if you set this port for “turn” on /etc/prosody/conf.d/YOUR-DOMAIN.cfg.lua

  • TCP/8080
    Required if you need to access the Colibri REST API through the public IP. If you don’t know what colibri is then don’t allow it.

  • TCP/8888
    Required if you need to access the Jicofo REST API through the public IP. If you don’t know why you need this API then don’t allow it.

  • TCP/22
    This is not needed by Jitsi itself but most probably you need it to connect your server via SSH and to manage it

  • coturn should be able to access the local UDP/10000 (which is used by JVB) through the public IP address.

Additional JVB

  • UDP/10000
    Required for clients and coturn to send/receive the audio/video packets to JVB

  • TCP/9090
    Required for JMS to transport the websocket traffic to JVB

  • TCP/8080
    Required if you need to access the Colibri REST API through the public IP. If you don’t know what colibri is then don’t allow it.

  • TCP/22
    This is not needed by JVB itself but most probably you need it to connect your server via SSH and to manage it

Jibri

  • TCP/external-api-port
    Check external-api-port in your /etc/jitsi/jibri/jibri.conf file to learn the port number. No specific port, it depends on your choice. This port is required to access the Jibri HTTP API. If you don’t know why you need this API then don’t allow it.

  • TCP/22
    This is not needed by Jibri itself but most probably you need it to connect your server via SSH and to manage it

3 Likes

Very good informaxion emrah. Thanks for are share.

1 Like