Setup behind a reverse proxy

[santifa]

I used this repository to setup jitsi on a central virtual machine behind a reverse proxy.
To notice the difference: The reverse proxy is another virtual machine which handles all requests on port 80 and 443 and
redirects the requests to the appropriate machine. Additionally, the reverse proxy handles the LE certificates.

I have a running setup with some modifications to this repository.
I would give my problems and recommendations back to you:

First, the hostname of a videobridge doesn't mean the name of the final videobridge.
I added another field to the videobridge group in the hosts file videobridge_name='meet'
and in the nginx.conf replaced the original colibri location with {{ videobridge_name | default(videobridge) }}.

Second, the virtual machine running jitsi is not facing the outside directly but through a reverse proxy.
So, I need the NAT_HARVESTER_ addresses and introduced to variables:

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS={{ videobridge_local_address | default('127.0.0.1') }}
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS={{ videobridge_public_address }}

This was needed to get video bridging working properly.

The last one was, that I disabled certbot since the certificates are handled by another server and are magically deployed to the directory /etc/letsencrypt/live/{{ meet_domain }}. This fails when the coturn component is active. It deploys a script to the
location /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh which is non-existent. I added to following lines as solution:

- name: Create hook script dir
  ansible.builtin.file:
    path: /etc/letsencrypt/renewal-hooks/deploy/
    state: directory
  when: not debian_certbot

Hope this helps someone stumbling across the same issues.
Thanks for your hard work.

[inittab]

Hi, Henrik. Thanks for your feedback. I'll try to merge your suggestions as time permits.