docker-jitsi-meet icon indicating copy to clipboard operation
docker-jitsi-meet copied to clipboard

Published 20 hours ago verified publisher icon jitsi

Jitsi in docker behind NAT and Apache2

Open radimkohout opened this issue 1 year ago • 11 comments

Hello, I have my server behind NAT. On ports 80 and 443 I have Apache web server with Let's encrypt wildcard certificates. I have port forwarded ports 80,443,10000,20000-20050. I would like to run the Jitsi Meet in Docker container on meet.example.com.

I am getting the following error: image (And I get 'You got disconnected error')

I have the following Apache configuration:

<VirtualHost *:80>
    ServerName meet.example.com
    Redirect permanent / https://meet.example.com/
</VirtualHost>

<VirtualHost *:443>
    ServerName meet.example.com

    # enable HTTP/2, if available
    Protocols h2 http/1.1

    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

    Header always set Strict-Transport-Security "max-age=63072000"
    <IfModule mod_proxy.c>
    <IfModule mod_proxy_wstunnel.c>
        ProxyTimeout 900
        <Location "/xmpp-websocket">
            ProxyPass "wss://localhost:7443/xmpp-websocket"
        </Location>
        <Location "/colibri-ws/">
            ProxyPass "wss://localhost:7443/colibri-ws/"
        </Location>
        <Location "/http-bind">
            ProxyPass "http://localhost:7080/http-bind"
        </Location>
    </IfModule>
</IfModule>
    ProxyPass "/" "http://localhost:7080/"
    ProxyPassReverse "/" "http://localhost:7080/"
    ProxyPass "/http-bind" "http://localhost:7080/http-bind/"
    ProxyPassReverse "/http-bind" "http://localhost:7080/http-bind"
    #RewriteEngine on
    #RewriteRule ^/([a-zA-Z0-9]+)$ /index.html
</VirtualHost>

# Mozilla Guideline v5.4, Apache 2.4.41, OpenSSL 1.1.1d, intermediate configuration, no OCSP
SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets   off

I have changed following in .env file:

# Exposed HTTP port
HTTP_PORT=7080

# Exposed HTTPS port
HTTPS_PORT=7443

# System time zone
TZ=UTC

# Public URL for the web service (required)
PUBLIC_URL=https://meet.example.com

I have also changed the port for jicofo to 8898, because 8888 is already occupied:

jicofo:
        image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-9457-2}
        restart: ${RESTART_POLICY:-unless-stopped}
        ports:
            - '127.0.0.1:${JICOFO_REST_PORT:-8898}:8898'
        volumes:
            - ${CONFIG}/jicofo:/config:Z

radimkohout avatar May 26 '24 13:05 radimkohout