How to avoid people to hack your own Jitsi server?

I installed JitSi on a dedicated server. eg: meet.my-server.com

How do I do to avoid people to take bandwith by creating a html page on their own server with such a code:

<html
    <head>
        <meta charset="utf-8">
        <meta http-equiv="content-type" content="text/html;charset=utf-8">
    </head>
    <body>
        <script src="https://meet.my-server.com/external_api.js"></script>
        <script>
            var domain = "meet.my-server.com";
            var options = {
                roomName: "JitsiMeetAPIExample",
                width: 700,
                height: 180,
                parentNode: undefined,
                configOverwrite: {},
                interfaceConfigOverwrite: {
                    filmStripOnly: true
                }
            }
            var api = new JitsiMeetExternalAPI(domain, options);
        </script>
    </body>
</html>

I would like to be the only one able to allocate JitSi rooms in my own server.

In your nginx server config comment the location section for

external_api.js

and try

Thanks ! But if I do it, how do I embed my own rooms in my own web pages ?

That’s catch 22.

Use secure domain authentication https://github.com/jitsi/jicofo#secure-domain

1 Like