Secured but with a hole

self-hosted server (deb9), using https://jitsi.github.io/handbook/docs/devops-guide/secure-domain to ‘secure’ site. it’s a bit clunky but works.

but i want to make a hole below the waterline. i would like to enable a hostless/passwordless hang-out place. it would be wise if it had some limits and ability to monitor or be alerted if abused. of course abuse is in the eye of the beholder.

thanks for any clues.