diff --git a/configuration.nix b/configuration.nix
index 1281ac4..5062c44 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -35,8 +35,8 @@ in
   networking = {
     hostName = config.services.userdata.hostname;
     firewall = {
-      allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ];
-      allowedUDPPorts = lib.mkForce [ 8443 ];
+      allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 4443 8443 ];
+      allowedUDPPorts = lib.mkForce [ 8443 10000 ];
     };
     nameservers = [ "1.1.1.1" "1.0.0.1" ];
   };
diff --git a/letsencrypt/acme.nix b/letsencrypt/acme.nix
index 2e9c99b..ea2467e 100644
--- a/letsencrypt/acme.nix
+++ b/letsencrypt/acme.nix
@@ -17,6 +17,12 @@ in
         dnsProvider = "cloudflare";
         credentialsFile = "/var/lib/cloudflare/Credentials.ini";
       };
+      "meet.${cfg.domain}" = {
+        domain = "meet.${cfg.domain}";
+        group = "acmerecievers";
+        dnsProvider = "cloudflare";
+        credentialsFile = "/var/lib/cloudflare/Credentials.ini";
+      };
     };
   };
 }
diff --git a/videomeet/jitsi.nix b/videomeet/jitsi.nix
index 27ed438..c3fbd3d 100644
--- a/videomeet/jitsi.nix
+++ b/videomeet/jitsi.nix
@@ -6,7 +6,7 @@ in
   services.jitsi-meet = {
     enable = config.services.userdata.jitsi.enable;
     hostName = "meet.${domain}";
-    nginx.enable = false;
+    nginx.enable = true;
     interfaceConfig = {
       SHOW_JITSI_WATERMARK = false;
       SHOW_WATERMARK_FOR_GUESTS = false;
diff --git a/webserver/nginx.nix b/webserver/nginx.nix
index 4536c5f..cdd6936 100644
--- a/webserver/nginx.nix
+++ b/webserver/nginx.nix
@@ -89,49 +89,6 @@ in
           };
         };
       };
-      "meet.${domain}" = {
-        forceSSL = true;
-        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
-        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
-        root = pkgs.jitsi-meet;
-        extraConfig = ''
-          ssi on;
-          add_header Strict-Transport-Security $hsts_header;
-          #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
-          add_header 'Referrer-Policy' 'origin-when-cross-origin';
-          add_header X-Frame-Options DENY;
-          add_header X-Content-Type-Options nosniff;
-          add_header X-XSS-Protection "1; mode=block";
-          proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
-          expires 10m;
-        '';
-        locations = {
-          "@root_path" = {
-            extraConfig = ''
-              rewrite ^/(.*)$ / break;
-            '';
-          };
-          "~ ^/([^/\\?&:'\"]+)$" = {
-            tryFiles = "$uri @root_path";
-          };
-          "=/http-bind" = {
-            proxyPass = "http://localhost:5280/http-bind";
-            extraConfig = ''
-              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-              proxy_set_header Host $host;
-            '';
-          };
-          "=/external_api.js" = {
-            alias = "${pkgs.jitsi-meet}/libs/external_api.min.js";
-          };
-          "=/config.js" = {
-            alias = "${pkgs.jitsi-meet}/config.js";
-          };
-          "=/interface_config.js" = {
-            alias = "${pkgs.jitsi-meet}/interface_config.js";
-          };
-        };
-      };
       "password.${domain}" = {
         sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
         sslCertificateKey = "/var/lib/acme/${domain}/key.pem";