Independent, self-managed infrastructure Read the production requirements

Network checklist

BigBlueButton firewall ports and network prerequisites

Web pages may load even while media fails. A production firewall must permit the documented HTTPS and real-time media paths end to end.

01

Required inbound ranges

The current production guide requires TCP 80 and 443 and UDP 16384–32768 to be accessible. Port 80 is also used during common certificate workflows before traffic settles on HTTPS.

02

Public hostname and TLS

WebRTC camera and microphone access requires a valid secure origin in modern browsers. Use a public hostname with a trusted certificate rather than exposing the application only by IP address.

03

TURN for restrictive networks

Some corporate, school or carrier networks block direct media paths. A TURN relay provides an alternative route, at the cost of additional bandwidth through the relay.

04

Test from the user side

A local firewall check is not enough. Validate from representative networks and monitor real meetings so that NAT, upstream filtering and asymmetric routing problems are visible.

The operational reality

BigBlueButton capacity depends on how people use media. Hardware specifications help narrow the choice, but your own load test, monitoring and failure plan turn that choice into a production design.

Questions answered

What teams ask before ordering

Is opening TCP 443 enough?+

No. HTTPS may work while WebRTC media fails. BigBlueButton also documents a UDP media range.

Do I always need TURN?+

Not every user needs it, but TURN improves reachability for clients behind restrictive firewalls.