Alternative to Jitsi Secure LDAP/AD Authentication VirtualHost Limit Jitsi Homepage to Private Network

I’m having issues getting Active Directory on port 3269 to work in jitsi.

In my mind I’d like to configure the following.

Can I have the main root jitsi domain ONLY accessible from my internal private 10.X.X.X network somehow via Apache virtualhost and still allow guests to connect to anything after the / and join meetings?

So this would only allow my internal network to create meetings but once they sent out the email with what the meeting name will be, anyone on the internet with that link could connect and join that meeting but they could never create a meeting.

This seems like a decent security measure that would not require logging in and also wouldn’t expose a login form to the internet for someone to possibly attempt credential stuffing or brute forcing of logins.

I hope this makes sense.


An example: in Apache virtualhost would only allow 10.x.x.x and if anyone on the internet tried accessing that page, they would get a 404 or other error.

In this above url, anything after the / anybody on the internet could access and join meetings but again if they simply go to my main jitsi homepage they would get an error.

For what it’s worth, I’m using let’sencrypt for the ssl cert so I don’t need that to interfere with the changes to virtualhost in apache so it can continue to be accessible and update the cert.

Seems like a rather simple config change but I can’t wrap my head around how to do this and still keep Jitsi functioning 100%.

Also this may be possible via a .htaccess file placed in /usr/share/jitsi-meet.

Again, not sure how to quite configure this but it seems rather simple.

Allow the local system and private 10.x.x.x network to access the root domain to create meetings and return a forbidden if tried from the internet.

Then allow all subdirectories from internet.

I think this in .htaccess file should work for the subdirectories.

<Files subdirectory/*>
allow from all

Just need to allow the root domain of from the local system and from a private network so everything works still.