Make self-hosted jitsi-meet publicly inaccessible but still use it through jitsi-iframes on different virtual host (server block)


I have a working jitsi-meet instance publicly accessible through
I have a different web-site working as a nginx server block on the same server as
In the app website I use jitsi-iframes to set-up a communication channel (using the as entry point) and that works fine.

--> ----+
                    ngninx --> jitsi-meet
--> --+

What I’m trying to accomplish is that the jitsi service is only accessibly through the app website.

Question: how do I make the jitsi server block (virtual host) publicly inaccessible but still accessible for the jitsi-iframes on the app website?

--> ----+
                     ngninx --> jitsi-meet
  X --+

OR (preferred)
How do I remove the server block altogether but still use jitsi-meet through jitsi-iframes on the

--> ----+
                     ngninx --> jitsi-meet

I guess the Iframe should look something like this:

        var domain = "localhost";
        var options = {
            roomName: "JitsiMeetAPIExample",
            parentNode: undefined,
            configOverwrite: {},
            interfaceConfigOverwrite: {}

But I have no idea how to configure nginx and/or jitsi-meet or even where to start looking for an answer.
I have set-up jitsi-meet as self-hosted following the quick install guild on Unbuntu 18.0.4
Thanks for your help.

I didn’t test it but according to the IFRame API doc there is an argument for jwt while creating the api object.

api = new JitsiMeetExternalAPI(domain, options)

If you activate the JWT authentication, nobody can use your server directly without having a valid token. You can create the token on your application server

You may read about Access-Control-Allow-Origin … maybe you can modify your nginx config to allow access only from the domain as origin … never tested it, but sounds like it should work …