One of the best things about Jitsi is in my opinion also one of the worst things of it. It doesn’t need any preconfigured users and anybody can create new rooms.<\/p>\n\n\n\n
With a bit of tweaking the nginx config, we can define allowed room-names and deny all others. That way you as admin can quickly shuffle around the allowed rooms or just leave one permanently allowed for quickly meet your friends.<\/p>\n\n\n\n
Sure, this is quite a weak security measure, as anybody can enter the allowed rooms, but it is certainly better than letting anybody who knows your FQDN to create rooms as they desire.<\/p>\n\n\n\n
The following config-block should be within the server{} declaration.
We allow two rooms in this example – roomone and roomtwo.
You will also need to replace YOUR.FQDN with the actual path to your config.js… <\/p>\n\n\n\n
index index.html index.htm;
error_page 404 \/static\/404.html;
location = \/config.js {
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0alias \/etc\/jitsi\/meet\/v.nativenet.ch-config.js;
}
location = \/external_api.js {
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;
}
location ~ ^\/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)\/(.*)$
{
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0add_header ‘Access-Control-Allow-Origin’ ‘*’;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0alias \/usr\/share\/jitsi-meet\/$1\/$2;
}
# BOSH
location = \/http-bind {
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0proxy_pass \u00a0\u00a0\u00a0\u00a0\u00a0http:\/\/localhost:5280\/http-bind;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0proxy_set_header X-Forwarded-For $remote_addr;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0proxy_set_header Host $http_host;
}
# xmpp websockets
location = \/xmpp-websocket {
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0proxy_pass http:\/\/127.0.0.1:5280\/xmpp-websocket?prefix=$prefix&$args;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0proxy_http_version 1.1;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0proxy_set_header Upgrade $http_upgrade;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0proxy_set_header Connection “upgrade”;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0proxy_set_header Host $http_host;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0tcp_nodelay on;
}
location ~ ^\/roomone {
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0try_files $uri @root_path;
}
location ~ ^\/roomtwo {
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0try_files $uri @root_path;
}
location @root_path {
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0rewrite ^\/(.*)$ \/ break;
}
location ~ ^\/([^\/?&:'”]+)\/config.js$
{
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0set $subdomain “$1.”;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0set $subdir “$1\/”;
\u00a0\u00a0\u00a0alias \/etc\/jitsi\/meet\/YOUR.FQDN-config.js;
}
location ~ ^\/([^\/?&:'”]+)\/http-bind {
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0set $subdomain “$1.”;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0set $subdir “$1\/”;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0set $prefix “$1”;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0rewrite ^\/(.*)$ \/http-bind;
}
# websockets for subdomains
location ~ ^\/([^\/?&:'”]+)\/xmpp-websocket {
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0set $subdomain “$1.”;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0set $subdir “$1\/”;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0set $prefix “$1”;
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0rewrite ^\/(.*)$ \/xmpp-websocket;
}
<\/p>\n","protected":false},"excerpt":{"rendered":"
One of the best things about Jitsi is in my opinion also one of the worst things of it. It doesn’t need any preconfigured users and anybody can create new rooms. With a bit of tweaking the nginx config, we … Weiterlesen