Jitsi Meet behind NAT without ports 80 and 443, in Docker

Operating Systems & Open Source Open Source & Web-Based
1

I want to use Jitsi Meet as a skype/discord alternative for video chats for the following reasons:

  • Privacy, security and end to end encryption
  • Video quality from meet.jit.si seems to be better than Discord on poor connections, which I experience
  • Supports video calls with up to 3 people, and screen sharing
  • Runs in Docker with fairly limited fiddling
  • Supports pre-shared user/password authentication
  • Video and screen sharing on windows clients, video on iOS and android clients
  • Very limited client-side config needed on windows
  • People from WAN and on LAN can connect to the same call

I know Jitsi Meet is meant to be for teleconferencing, but assuming it meets the above, I already have a docker setup on my server, so adding one more container should be low incremental effort. I have a fairly normal home network setup (i.e. NAT). Glancing at the docker page on github (https://github.com/jitsi/docker-jitsi-meet), here are some potential hurdles I would like confirmed:

  • Need Let’s Encrypt for mobile support, and thus need to set the HTTP and HTTPS ports to 80 and 443, respectively
    • Does this mean I need to forward ports 80 and 443 to my docker container? That could screw up normal web browsing for all my other devices, right?
    • Do I need to forward ports for self-signed Jitsi Meet?
  • Setting internal authentication and disabling guests lets me provide my friends a username and password, and prevents randos from joining my calls and making their own, right?
  • DOCKER_HOST_ADDRESS would be set to the address of the linux box that runs docker, i.e. if I ssh into 192.168.1.12 to install docker containers, I set DOCKER_HOST_ADDRESS=192.168.1.12?
  • PUBLIC_URL can be set to my NoIP domain name
  • LETSENCRYPT_DOMAIN can be set to my NoIP domain name
  • It is completely sensible and secure to configure Jitsi Meet in the way described above, and leave it running all the time

Forwarding ports 80 and 443 may not be feasible. What are possible workarounds for getting free HTTP certificates without those ports being forwarded?

Thank you