Jitsi Meet (Docker) behind an Nginx reverse proxy
Published on 2025-11-05
How to run Jitsi Meet (Docker) behind an Nginx Reverse Proxy
In the previous article we deployed a basic Jitsi Meet server using Docker.
This is a great way to quickly start video conferencing, but in production a Jitsi server often needs to run on the same host where other web applications are already running.
To keep everything peaceful, you should hide Jitsi behind an Nginx reverse proxy.
Nginx will take care of SSL, ports 80/443 and will proxy requests to the Jitsi containers running on internal ports.
Architecture
The target scheme looks like this:
- User →
https://meet.your-domain.com→ Nginx (port 443) - Nginx →
http://192.168.1.131:8400→ Jitsi Web Container (web interface and WebSocket) - User → (port 10000/UDP) → Jitsi JVB Container (video/audio stream)
Important: Nginx only proxies web traffic.
Media (video and audio over WebRTC) goes directly to the Jitsi Videobridge on port 10000/UDP.
Step 1. Configure Jitsi Meet (.env)
Before configuring the proxy you need to tell Jitsi that HTTPS and certificates are handled by an external Nginx.
Open .env and set:
DISABLE_HTTPS=1
HTTP_PORT=8400
HTTPS_PORT=8443
ENABLE_LETSENCRYPT=0
PUBLIC_URL=https://meet.your-domain.com/
Now restart Jitsi:
cd /path/to/docker-jitsi-meet
docker compose down
docker compose up -d
Check that the web container is listening on port 8400:
docker ps | grep web
Step 2. Configure Nginx Reverse Proxy
Create the configuration:
sudo nano /etc/nginx/sites-available/meet.your-domain.com.conf
Add:
upstream jitsi {
server 192.168.1.131:8400;
}
server {
listen 80;
server_name meet.your-domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name meet.your-domain.com;
ssl_certificate /etc/letsencrypt/live/meet.your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/meet.your-domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
client_max_body_size 0;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
location / {
proxy_pass http://jitsi;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_read_timeout 300s;
}
location /xmpp-websocket {
proxy_pass http://jitsi;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400s;
}
location ~ ^/colibri-ws/ {
proxy_pass http://jitsi;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400s;
}
location /http-bind {
proxy_pass http://jitsi;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 60s;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|woff2?|ttf|svg|eot)$ {
proxy_pass http://jitsi;
proxy_cache off;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
Enable the config:
sudo ln -s /etc/nginx/sites-available/meet.your-domain.com.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
Step 3. Firewall Configuration
Jitsi media traffic goes over UDP, so port 10000 must be accessible directly.
Port forwarding example
External: 10000/UDP → Internal: 192.168.1.131:10000/UDP
For UFW
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 10000/udp
sudo ufw reload
If this port is not open — participants will not be able to connect to video and audio.
Step 4. Check Authentication (if enabled)
If in .env you have:
ENABLE_AUTH=1
AUTH_TYPE=internal
Create users:
docker compose exec prosody prosodyctl register user1 meet.jitsi StrongPassword
Authentication will work without changes, since Nginx simply proxies the XMPP traffic.
Summary
Now your Jitsi Meet runs behind an Nginx reverse proxy:
- Jitsi (.env) knows HTTPS is disabled and listens on port
8400. - Nginx (.conf) serves
443, proxies/,/xmpp-websocket,/colibri-wsand/http-bind. - Firewall forwards
10000/UDPdirectly to the JVB.
You can host Jitsi alongside other sites and services, and Nginx becomes the single gateway to the internet.
Related reviews
I needed to get n8n, Redis, and the database working. I had hired another contractor before and everything kept breaking. I hired Mikhail, and the next day everything was working quickly, like clockwork!
christ_media · n8n installation on your VPS server. Configuration of n8n, Docker, AI, Telegram
Experienced buyer2025-09-24 · ⭐ 5/5
There was a task to get n8n, redis and the database working. I had previously ordered from another contractor, it kept breaking all the time. Ordered from Mikhail, the next day everything started working fast, like clockwork!
Thank you for the fast and excellent work. Everything was done promptly and just as needed!
Dr-zelenin · n8n installation on your VPS server. Configuration of n8n, Docker, AI, Telegram
2025-09-06 · ⭐ 5/5
Thank you for the quick and good work. Everything was done promptly and as needed!
Quick solution — I highly recommend Mikhail as a contractor! I tried to build a similar configuration myself and even followed AI advice, which ended up costing a lot of time and money (due to server downtime). So my advice: hire professionals — it's cheaper =) Thanks to Mikhail for his professionalism.
ladohinpy · n8n installation on your VPS server. Configuration of n8n, Docker, AI, Telegram.
2025-08-25 · ⭐ 5/5
Quick fix for the problem, I recommend Mikhail as a contractor to everyone! I tried to assemble a similar configuration myself and following advice from neural networks, which resulted in a lot of wasted effort and money (due to server downtime). So my advice in the end — turn to professionals, it will be cheaper =) Thanks to Mikhail for his professionalism.
Mikhail completed the setup of another VPS. He quickly and professionally bypassed certain hosting providers' restrictions.
NadoBy · n8n installation on your VPS server. n8n, Docker, AI, Telegram setup
An accustomed customer2025-08-12 · ⭐ 5/5
Mikhail completed the setup of another VPS. Quickly, professionally bypassing certain limitations of hosting providers.
Great job, thank you! Mikhail is a true professional — I recommend him!
Dina_Perova · N8n installation on your VPS server. Setup of n8n, Docker, AI, Telegram
An established customer2025-07-03 · ⭐ 5/5
Excellent work, thank you! Mikhail is a professional in his field, I recommend him!
Thanks to Mikhail for his responsiveness. We spoke by phone; he explained how I could do it myself. This is my second time reaching out — everything’s great and prompt.
kireevk · Consultation on Nginx Proxy Manager and Portainer
A customer who has settled in2025-02-25 · ⭐ 5/5
Thanks to Mikhail for his responsiveness. We had a call; he explained how I could do it myself. This is my second time contacting him; everything is great and prompt.