JITSI MEET BEHIND NAT AND PROXY

Here we are not going to dedicate an IP for the Jitsi service. We are going to use the host reverse-proxy and do DNAT for 10000/udp.

on the host as root

rm -rf /data/www/jitsi-meet/
mkdir -p /data/www/jitsi-meet/

mkdir -p /data/www/jitsi-ssl/
cp -pi /etc/dehydrated/certs/nethence_com/fullchain.pem /data/www/jitsi-ssl/meet.nethence.com.crt
cp -pi /etc/dehydrated/certs/nethence_com/privkey.pem /data/www/jitsi-ssl/meet.nethence.com.key
chmod 400 /data/www/jitsi-ssl/*.crt
chmod 400 /data/www/jitsi-ssl/*.key
ls -alF /data/www/jitsi-ssl/

on the host as user

    docker pull pbraun9/devuan
docker rm -f meet
docker run -d --name meet --hostname meet --workdir /root \
    -v /data/www/jitsi-meet:/usr/share/jitsi-meet \
    -v /data/www/jitsi-ssl:/etc/ssl/meet \
    pbraun9/devuan
docker logs meet
docker exec -ti meet /bin/bash

onto the container

ls -alF /etc/ssl/meet/

    apt update
    apt dist-upgrade -y
    apt autoremove --purge
    apt install wget gnupg1 htop lsb-release -y

    wget -q -O - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
    echo deb https://download.jitsi.org stable/ >> /etc/apt/sources.list
    apt update
    apt install jitsi-meet -y

    PROVIDE FQDN meet.nethence.com

OWN CERTIFICATE

jitsi-meet-web-config
/etc/ssl/meet/meet.nethence.com.key
/etc/ssl/meet/meet.nethence.com.crt

assuming jitsi-meet handy scripts are deployed

./STATUS
./START
netstat -lntup

no need for nginx here

service nginx stop
vi START

#service nginx start

^D

on the host

cd /etc/nginx/conf.d/
vi meet.conf # copy/paste in there
sed -ir 's/127\.0\.0\.1/172.17.0.2/g' meet.conf
sed -ir 's@/usr/share/jitsi-meet@/data/www/jitsi-meet@g' meet.conf
nginx -t
nginx -s reload

nmap -sU -p 10000 172.17.0.2
vi /etc/nftables.conf

SNAT is already being taken care of by the Docker built-in rules.

table inet filter {
    ...
            # jitsi meet
            iif $nic udp dport 10000 accept
    ...
}

table ip nat {
    chain prerouting {
        type nat hook prerouting priority -100;
        iif $nic udp dport 10000 dnat 172.17.0.2;
    }

    #chain postrouting {
    #   type nat hook postrouting priority 100;
    #   ip saddr 172.18.0.0/16 oif eth0 snat 62.210.110.7;
    #}
}

nft -f /etc/nftables.conf

HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun