A few considerations before we start:
- Required OS: Ubuntu 18.04 (bionic)
- This is intended to run on containers/local-machine setup, such as LXC (don't use it in Production servers)
- This process is similar to BBB 2.2's install. One difference is that we encapsulated Libreoffice in docker for increased security.
- For public/production servers, we recommend installing BigBlueButton using bbb-install.sh
We'll do this in 3 steps:
Install needed tools
sudo apt-get update && sudo apt-get install curl wget net-tools software-properties-common haveged apt-transport-https openjdk-8-jdk -y
Add needed repositories
sudo add-apt-repository ppa:bigbluebutton/support -y
sudo add-apt-repository ppa:rmescandon/yq -y
sudo add-apt-repository ppa:libreoffice/ppa
Upgrade packages
sudo apt-get update && sudo apt-get dist-upgrade
Add key for MongoDB's repository
wget -qO - https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add -
Add APT's source for MongoDB
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list
Install MongoDB
sudo apt-get update && sudo apt-get install -y mongodb-org
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt-get install nodejs
Add key for BigBlueButton
wget https://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc -O- | sudo apt-key add -
Add APT's source for BigBlueButton
echo "deb https://ubuntu.bigbluebutton.org/bionic-24 bigbluebutton-bionic main" | sudo tee /etc/apt/sources.list.d/bigbluebutton.list
Install it
sudo apt-get update && sudo apt-get install bigbluebutton
If you want to test the installation, you can install demos:
sudo apt-get install bbb-demo
Before testing, make sure you have set secure: false
in /usr/share/bbb-web/WEB-INF/classes/application.yml
file:
# ...
server:
session:
cookie:
secure: false
# ...
You can access http://BBB_IP_ADDRESS , and you will be able to join bbb-demo (probably WebRTC media won't work because it needs HTTPS to be set). BBB_IP_ADDRESS is the ip address of your container/machine running this installation.
Depending on your certificate authority (CA), you should now have 2 or more files, as follows:
- Certificate
- Private key
- Intermediate certificate (there may be more than one, or could be none)
The next step is to install the files on the server.
Create the directory /etc/nginx/ssl
:
mkdir /etc/nginx/ssl
And now create the private key file for nginx to use (replace the hostname in the filename with your own). In addition, fix the permissions so that only root can read the private key:
# cat >/etc/nginx/ssl/bigbluebutton.example.com.key <<'END'
Paste the contents of your key file here
END
chmod 0600 /etc/nginx/ssl/bigbluebutton.example.com.key
And the certificate file. Note that nginx needs your server certificate and the list of intermediate certificates together in one file (replace the hostname in the filename with your own):
# cat >/etc/nginx/ssl/bigbluebutton.example.com.crt <<'END'
Paste (in order) the contents of the following files:
1. The signed certificate from the CA
2. In order, each intermediate certificate provided by the CA (but do not include the root).
END
In addition, we'll generate a set of 2048-bit diffie-hellman parameters to improve security for some types of ciphers. This step can take several minutes to complete, particularly if run on a virtual machine.
openssl dhparam -out /etc/nginx/ssl/dhp-2048.pem 2048
Now we can edit the nginx configuration to use SSL. Edit the file /etc/nginx/sites-available/bigbluebutton
to add the marked lines. Ensure that you're using the correct filenames to match the certificate and key files you created above.
server {
server_name bigbluebutton.example.com;
listen 80;
listen [::]:80;
# Add the code below
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/ssl/bigbluebutton.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/bigbluebutton.example.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256";
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhp-2048.pem;
For reference, note that the SSL settings used above are based on those proposed in https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ and provide support for all modern browsers (including IE8, but not IE6, on Windows XP). Please note that recommended SSL settings are subject to change as new vulnerabilities are found.
With nginx now configured to use SSL, the next step is to configure FreeSWITCH to use HTTPS for initiating an audio connection.
Edit /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
and update the property bigbluebutton.web.serverURL
to use HTTPS:
#----------------------------------------------------
# This URL is where the BBB client is accessible. When a user successfully
# enters a name and password, she is redirected here to load the client.
bigbluebutton.web.serverURL=https://bigbluebutton.example.com
Next, modify the creation of recordings so they are served via HTTPS. Edit /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml
and change the value for playback_protocol as follows:
playback_protocol: https
If you have installed the API demos in step 4, edit /var/lib/tomcat8/webapps/demo/bbb_api_conf.jsp
and change the value of BigBlueButtonURL
use HTTPS.
// This is the URL for the BigBlueButton server
String BigBlueButtonURL = "https://bigbluebutton.example.com/bigbluebutton/";
Finally, to apply all of the configuration changes made, you must restart all components of BigBlueButton:
bbb-conf --restart
First, you need to install the core development tools.
sudo apt-get install git-core ant ant-contrib openjdk-8-jdk-headless
With the JDK installed, you need to set the JAVA_HOME variable. Edit ~/.profile
(here we are using vim to edit the file)
vi ~/.profile
Add the following line at the end of the file
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
Reload your profile (this will happen automatically when you next login, but we'll do it explicitly here to load the new environment variable).
source ~/.profile
Do a quick test to ensure JAVA_HOME is set.
$ echo $JAVA_HOME
/usr/lib/jvm/java-8-openjdk-amd64
In the next step, you need to install a number of tools using sdkman.
curl -s "https://get.sdkman.io" | bash
source "$HOME/.sdkman/bin/sdkman-init.sh"
sdk install gradle 5.5.1
sdk install grails 3.3.9
sdk install sbt 1.2.8
sdk install maven 3.5.0
To develop bbb-web, you'll need these permissions:
sudo chmod -R ugo+rwx /var/bigbluebutton
sudo chmod -R ugo+rwx /var/log/bigbluebutton
Install Meteor.js.
curl https://install.meteor.com/ | sh
The HTML5 client in BigBlueButton 2.4 depends on Meteor version 2.5.x. Navigate to bigbluebutton-html5/
and set the appropriate version of Meteor
cd ~/dev/bigbluebutton/bigbluebutton-html5
meteor update --allow-superuser --release 2.5
There is one change required to settings.yml to get webcam and screenshare working in the client (assuming you're using HTTPS already). The first step is to find the value for kurento.wsUrl
packaged settings.yml.
grep "wsUrl" /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml
Next, edit the development settings.yml and change wsUrl
to match what was retrieved before.
vi private/config/settings.yml
You're now ready to run the HTML5 code. First shut down the packaged version of the HTML5 client so you are not running two copies in parallel.
sudo systemctl stop bbb-html5
Install the npm dependencies.
meteor npm install
Finally, run the HTML5 code.
env NODE_TLS_REJECT_UNAUTHORIZED=0 npm start
NODE_TLS_REJECT_UNAUTHORIZED=0 allows you to run html5 with a self-signed certificate. Remove this var, if you are using a valid certificate.