I’m having issues getting Active Directory on port 3269 to work in jitsi.
In my mind I’d like to configure the following.
Can I have the main root jitsi domain ONLY accessible from my internal private 10.X.X.X network somehow via Apache virtualhost and still allow guests to connect to anything after the / and join meetings?
So this would only allow my internal network to create meetings but once they sent out the email with what the meeting name will be, anyone on the internet with that link could connect and join that meeting but they could never create a meeting.
This seems like a decent security measure that would not require logging in and also wouldn’t expose a login form to the internet for someone to possibly attempt credential stuffing or brute forcing of logins.
I hope this makes sense.
https://meet.example.com in Apache virtualhost would only allow 10.x.x.x and if anyone on the internet tried accessing that page, they would get a 404 or other error.
In this above url, anything after the / anybody on the internet could access and join meetings but again if they simply go to my main jitsi homepage they would get an error.
For what it’s worth, I’m using let’sencrypt for the ssl cert so I don’t need that to interfere with the changes to virtualhost in apache so it can continue to be accessible and update the cert.
Seems like a rather simple config change but I can’t wrap my head around how to do this and still keep Jitsi functioning 100%.