Bobby,
no, the signaling server is listening on 8443/https only and then through Apache’s default-ssl.conf (“ProxyPass”) the traffic is reverse proxied to ws://127.0.0.1:8086. There’s no additional certificate beside the SSL snakeoil certificate which came with Ubuntu 20.04 Server and which is referred to within default-ssl.conf to secure 8443/https.
And yes, this setup is for experimental use. It’s a prototype which will be migrated to a professional surrounding ( VM) at a later stage.
The NC server on Debian (VM) is productive and has it’s own Let’s Encrypt certificate. I installed it using apt install certbot python-certbot-apache && certbot certonly --apache
My idea was to install the signaling server separately and to leave the NC server untouched. This ought to have helped in identifying issues if things didn’t not work out as planned. For the signaling server I chose a small physical machine over a VM machine. The intention was again to reduce complexity for setting up and testing this prototype by avoiding the additional layer (NAT) from the virtual host.
Jotoeri,
yes, I use the apache reverse proxy and it’s listening to 8443!
I’ve just installed the letsencrypt certificate on the signaling server’s apache and this seems to have solved a big part of the problem! 
The initial error message is gone now and connection is established. Participants can join the call!
But, similar to the initial problem, the audio and video data reaches the android app only. Browser based clients do not receive any audio or video data. And again, this is not related to the type of internet connection. (local/remote/WiFi/LTE)
Firefox Web console says:
Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf eval blockiert (“script-src”). [1aa60d21-8dd3-40bb-bb16-fb86167082e6:27:22]
As far as I know, content security policy is handled on the server’s side. Probably, this error is related to the upgrade to NC20.0.5 this morning…
The error implies that there was an attempt to call an external script. I don’t know what that could be:
The corresponding source code is:
contentWindow.eval(
“(” + injectedToString() + “)(’” + eventName + “’, true);”
);
When using Edge, it’s working fine!
To sum up:
- problem is solved - obviously NC Talk objects a self-signed certificate and replacing it with a letsencrypt certificate did the trick
- Firefox blocked data and seems to be more restrictive than Edge and the Android Talk app in regards to content security. Could it be that this is a bug in NC 20.0.5 and shall I report it?
Anyway, thank you both for your help, I really appreciate it!
Cheers,
Niklas