Trying to get dockerised Jitsi working from LAN and internet


I have the latest stable version of the Jitsi docker setup and installed on a DMZ. I’d like people from the internet and from the internal network to be able to use Jitsi simultaneously.

If I have DOCKER_HOST_ADDRESS set to the public IP of the Jitsi instance (x.x.145.35) than it works for people on the internet, but not for people on the LAN.

If I have the DOCKER_HOST_ADDRESS set to the private DMZ IP of the Jitsi instance ( than it works for people on the LAN, but not for people on the internet.

In either instance, the people it doesn’t work for can connect the the web server and enter a room but they can’t see or hear the others (and vice versa).

We are using split horizon DNS so on the internet resolves to x.y.145.35 and from the LAN it resolves to

Is there a way to configure Jitsi to resolve this? Or do I need to reconfigure the firewall to make x.y.145.35 and all the Jitsi ports available from the LAN (ie. hairpin NAT)?

Thanks for any suggestions.

I am not a network expert, but for a quick fix, why not let all users (both internal and external) access the jitsi server from “outside”. You have to disable your internal dns resolving, so that your internal users will be resolved to the external address? Or do your internal users have no internet access at all?


That’s what I’m trying today, but it requires a slightly tricky firewall configuration to make it work (ie. hairpin nat) and was hoping that I could configure Jitsi in a way to avoid that.

We updated our firewall config to support hairpin NAT and that solved the problem. Would be nice if there was a way to configure Jitsi to talk to LAN clients using the LAN IP and internet clients using the public IP … but if anyone else is trying to do this you can fix it with your firewall.

Ugh, I was hoping to have to avoid hacky hairpin NAT just to get this working. But thanks for confirming the solution is what I expected it would be!