Limit Jitsi rooms with nginx

One of the best things about Jitsi is in my opinion also one of the worst things of it. It doesn’t need any preconfigured users and anybody can create new rooms.

With a bit of tweaking the nginx config, we can define allowed room-names and deny all others. That way you as admin can quickly shuffle around the allowed rooms or just leave one permanently allowed for quickly meet your friends.

Sure, this is quite a weak security measure, as anybody can enter the allowed rooms, but it is certainly better than letting anybody who knows your FQDN to create rooms as they desire.

The following config-block should be within the server{} declaration.
We allow two rooms in this example – roomone and roomtwo.
You will also need to replace YOUR.FQDN with the actual path to your config.js…

index index.html index.htm;
error_page 404 /static/404.html;

location = /config.js {
       alias /etc/jitsi/meet/v.nativenet.ch-config.js;
}

location = /external_api.js {
       alias /usr/share/jitsi-meet/libs/external_api.min.js;
}

location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
       add_header ‘Access-Control-Allow-Origin’ ‘*’;
       alias /usr/share/jitsi-meet/$1/$2;
}

# BOSH
location = /http-bind {
       proxy_pass      http://localhost:5280/http-bind;
       proxy_set_header X-Forwarded-For $remote_addr;
       proxy_set_header Host $http_host;
}

# xmpp websockets
location = /xmpp-websocket {
       proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection “upgrade”;
       proxy_set_header Host $http_host;
       tcp_nodelay on;
}

location ~ ^/roomone {
       try_files $uri @root_path;
}
location ~ ^/roomtwo {
       try_files $uri @root_path;
}

location @root_path {
       rewrite ^/(.*)$ / break;
}

location ~ ^/([^/?&:'”]+)/config.js$
{
      set $subdomain “$1.”;
      set $subdir “$1/”;
   alias /etc/jitsi/meet/YOUR.FQDN-config.js;
}
location ~ ^/([^/?&:'”]+)/http-bind {
       set $subdomain “$1.”;
       set $subdir “$1/”;
       set $prefix “$1”;
       rewrite ^/(.*)$ /http-bind;
}

# websockets for subdomains
location ~ ^/([^/?&:'”]+)/xmpp-websocket {
       set $subdomain “$1.”;
       set $subdir “$1/”;
       set $prefix “$1”;
       rewrite ^/(.*)$ /xmpp-websocket;
}