How to avoid people to hack your own Jitsi server?

I installed JitSi on a dedicated server. eg:

How do I do to avoid people to take bandwith by creating a html page on their own server with such a code:

        <meta charset="utf-8">
        <meta http-equiv="content-type" content="text/html;charset=utf-8">
        <script src=""></script>
            var domain = "";
            var options = {
                roomName: "JitsiMeetAPIExample",
                width: 700,
                height: 180,
                parentNode: undefined,
                configOverwrite: {},
                interfaceConfigOverwrite: {
                    filmStripOnly: true
            var api = new JitsiMeetExternalAPI(domain, options);

I would like to be the only one able to allocate JitSi rooms in my own server.

In your nginx server config comment the location section for


and try

Thanks ! But if I do it, how do I embed my own rooms in my own web pages ?

That’s catch 22.

Use secure domain authentication

1 Like