What Ports Need to be Opened for Jitsi/Jibri using Nginx?

As far as I can tell the port structure should look some like the following. Can anyone update this such that only the ports that absolutely that need to be opened are opened? I should note that Jibri is installed on a separate server. I would think the port structure needs to be the same on that server as this. Jitsi is on Ubuntu 20.04 Focal Fossa with Nginx 1.18.0. Jibri is on Ubuntu 18.04 Bionic Beaver.

OpenSSH                    ALLOW       IN/OUT
20/tcp/udp                 ALLOW       IN/OUT
21/tcp/udp                 ALLOW       IN/OUT
22/tcp 					   Allow       IN/OUT
53/tcp/udp                 ALLOW       IN/OUT
80/tcp                     ALLOW       IN/OUT
113/tcp/udp                ALLOW       OUT
443/tcp                    ALLOW       IN/OUT
4443/tcp                   ALLOW       IN/OUT
5222/udp                   ALLOW       OUT
5347/udp                   ALLOW       OUT
10000/udp                  ALLOW       IN/OUT
OpenSSH (ipv6)             ALLOW       IN/OUT (v6)
80/tcp (ipv6)              ALLOW       IN/OUT (v6)
443/tcp (ipv6)             ALLOW       IN/OUT (v6)
4443/tcp (ipv6)            ALLOW       IN/OUT (v6)
10000/udp (ipv6)           ALLOW       IN/OUT (v6)

                   +                           +
                   |                           |
                   |                           |
                   v                           |
                  443                          |
               +-------+                       |
               |       |                       |
               | Nginx |                       |
               |       |                       |
               +--+-+--+                       |
                  | |                          |
+------------+    | |    +--------------+      |
|            |    | |    |              |      |
| jitsi-meet +<---+ +--->+ prosody/xmpp |      |
|            |files 5280 |              |      |
+------------+           +--------------+      v
                     5222,5347^    ^5347   4443,10000
                +--------+    |    |    +-------------+
                |        |    |    |    |             |
                | jicofo +----^    ^----+ videobridge |
                |        |              |             |
                +--------+              +-------------+
TCP/80
TCP/443
TCP/5222
UDP/10000

Not needed by Jitsi but allow the SSH port too

TCP/22

That’s all

You don’t need 5222 publicly available.
You can restrict that to jibri only if needed …

Thanks will do. No 4443 open either? thought that needed to be opened because Nginx uses 443.

4443 was from the times tcp media was handled by the bridge, but this had been disabled for long time now.

The Internet is kind of timeless, things 5 years old appear current.

Actually that diagram is from a doc that has a warning that it is outdated … :slight_smile:

OK, speaking of dated info, I am using the following install guide: https://doganbros.com/index.php/jitsi/jitsi-installation-with-jwt-support-on-ubuntu-20-04-lts/. Is this current enough to work? There are a couple of entries here that need updating, but I think that this should basically work. Am I correct??

I will be installing Nginx and configuring it before starting the Lua/Jitsi Install process.

Or is this better, https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart , but how do I install Jitsi-Web-Tokens if I use this method as my guide?.

OK, everything went smoothly using https://doganbros.com/index.php/jitsi/jitsi-installation-with-jwt-support-on-ubuntu-20-04-lts/. Well pretty much exactly except where there is a new Prosody repo available. This is a different topic, so I will post it in another thread.