A few considerations before we start:
- Required OS: Ubuntu 18.04 (bionic)
- This is intended to run on containers/local-machine setup, such as LXC (don't use it in Production servers)
- This process is similar to BBB 2.2's install. One difference is that we encapsulated Libreoffice in docker for increased security.
- For public/production servers, we recommend installing BigBlueButton using bbb-install.sh
We'll do this in 3 steps:
Install needed tools
sudo apt-get update && sudo apt-get install curl wget net-tools software-properties-common haveged apt-transport-https openjdk-8-jdk -yAdd needed repositories
sudo add-apt-repository ppa:bigbluebutton/support -ysudo add-apt-repository ppa:rmescandon/yq -ysudo add-apt-repository ppa:libreoffice/ppaUpgrade packages
sudo apt-get update && sudo apt-get dist-upgradeAdd key for MongoDB's repository
wget -qO - https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add -Add APT's source for MongoDB
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.listInstall MongoDB
sudo apt-get update && sudo apt-get install -y mongodb-orgcurl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -sudo apt-get install nodejsAdd key for BigBlueButton
wget https://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc -O- | sudo apt-key add -Add APT's source for BigBlueButton
echo "deb https://ubuntu.bigbluebutton.org/bionic-24 bigbluebutton-bionic main" | sudo tee /etc/apt/sources.list.d/bigbluebutton.listInstall it
sudo apt-get update && sudo apt-get install bigbluebuttonIf you want to test the installation, you can install demos:
sudo apt-get install bbb-demoBefore testing, make sure you have set secure: false in /usr/share/bbb-web/WEB-INF/classes/application.yml file:
# ...
server:
session:
cookie:
secure: false
# ...
You can access http://BBB_IP_ADDRESS , and you will be able to join bbb-demo (probably WebRTC media won't work because it needs HTTPS to be set). BBB_IP_ADDRESS is the ip address of your container/machine running this installation.
Depending on your certificate authority (CA), you should now have 2 or more files, as follows:
- Certificate
- Private key
- Intermediate certificate (there may be more than one, or could be none)
The next step is to install the files on the server.
Create the directory /etc/nginx/ssl:
mkdir /etc/nginx/sslAnd now create the private key file for nginx to use (replace the hostname in the filename with your own). In addition, fix the permissions so that only root can read the private key:
# cat >/etc/nginx/ssl/bigbluebutton.example.com.key <<'END'
Paste the contents of your key file here
END
chmod 0600 /etc/nginx/ssl/bigbluebutton.example.com.keyAnd the certificate file. Note that nginx needs your server certificate and the list of intermediate certificates together in one file (replace the hostname in the filename with your own):
# cat >/etc/nginx/ssl/bigbluebutton.example.com.crt <<'END'
Paste (in order) the contents of the following files:
1. The signed certificate from the CA
2. In order, each intermediate certificate provided by the CA (but do not include the root).
ENDIn addition, we'll generate a set of 2048-bit diffie-hellman parameters to improve security for some types of ciphers. This step can take several minutes to complete, particularly if run on a virtual machine.
openssl dhparam -out /etc/nginx/ssl/dhp-2048.pem 2048Now we can edit the nginx configuration to use SSL. Edit the file /etc/nginx/sites-available/bigbluebutton to add the marked lines. Ensure that you're using the correct filenames to match the certificate and key files you created above.
server {
server_name bigbluebutton.example.com;
listen 80;
listen [::]:80;
# Add the code below
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/ssl/bigbluebutton.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/bigbluebutton.example.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256";
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhp-2048.pem;
For reference, note that the SSL settings used above are based on those proposed in https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ and provide support for all modern browsers (including IE8, but not IE6, on Windows XP). Please note that recommended SSL settings are subject to change as new vulnerabilities are found.
With nginx now configured to use SSL, the next step is to configure FreeSWITCH to use HTTPS for initiating an audio connection.
Edit /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties and update the property bigbluebutton.web.serverURL to use HTTPS:
#----------------------------------------------------
# This URL is where the BBB client is accessible. When a user successfully
# enters a name and password, she is redirected here to load the client.
bigbluebutton.web.serverURL=https://bigbluebutton.example.comNext, modify the creation of recordings so they are served via HTTPS. Edit /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml and change the value for playback_protocol as follows:
playback_protocol: httpsIf you have installed the API demos in step 4, edit /var/lib/tomcat8/webapps/demo/bbb_api_conf.jsp and change the value of BigBlueButtonURL use HTTPS.
// This is the URL for the BigBlueButton server
String BigBlueButtonURL = "https://bigbluebutton.example.com/bigbluebutton/";Finally, to apply all of the configuration changes made, you must restart all components of BigBlueButton:
bbb-conf --restartFirst, you need to install the core development tools.
sudo apt-get install git-core ant ant-contrib openjdk-8-jdk-headlessWith the JDK installed, you need to set the JAVA_HOME variable. Edit ~/.profile (here we are using vim to edit the file)
vi ~/.profileAdd the following line at the end of the file
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64Reload your profile (this will happen automatically when you next login, but we'll do it explicitly here to load the new environment variable).
source ~/.profileDo a quick test to ensure JAVA_HOME is set.
$ echo $JAVA_HOME
/usr/lib/jvm/java-8-openjdk-amd64In the next step, you need to install a number of tools using sdkman.
curl -s "https://get.sdkman.io" | bash
source "$HOME/.sdkman/bin/sdkman-init.sh"
sdk install gradle 5.5.1
sdk install grails 3.3.9
sdk install sbt 1.2.8
sdk install maven 3.5.0To develop bbb-web, you'll need these permissions:
sudo chmod -R ugo+rwx /var/bigbluebutton
sudo chmod -R ugo+rwx /var/log/bigbluebuttonInstall Meteor.js.
curl https://install.meteor.com/ | shThe HTML5 client in BigBlueButton 2.4 depends on Meteor version 2.5.x. Navigate to bigbluebutton-html5/ and set the appropriate version of Meteor
cd ~/dev/bigbluebutton/bigbluebutton-html5meteor update --allow-superuser --release 2.5There is one change required to settings.yml to get webcam and screenshare working in the client (assuming you're using HTTPS already). The first step is to find the value for kurento.wsUrl packaged settings.yml.
grep "wsUrl" /usr/share/meteor/bundle/programs/server/assets/app/config/settings.ymlNext, edit the development settings.yml and change wsUrl to match what was retrieved before.
vi private/config/settings.ymlYou're now ready to run the HTML5 code. First shut down the packaged version of the HTML5 client so you are not running two copies in parallel.
sudo systemctl stop bbb-html5Install the npm dependencies.
meteor npm installFinally, run the HTML5 code.
env NODE_TLS_REJECT_UNAUTHORIZED=0 npm startNODE_TLS_REJECT_UNAUTHORIZED=0 allows you to run html5 with a self-signed certificate. Remove this var, if you are using a valid certificate.