Last active
December 30, 2021 04:16
-
-
Save wemakefuture/12e1e3d88ed019a703a502ac3c262f62 to your computer and use it in GitHub Desktop.
BigBlueButton Install Conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
get BBB on Server running | |
wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -v xenial-220 -a | |
remove demo | |
sudo apt-get remove bbb-demo | |
sudo bbb-conf --restart | |
sudo bbb-conf --check | |
sethostname | |
sudo bbb-conf --setip bigbluebutton.example.com | |
You need to uncomment the: | |
nano /etc/nginx/nginx.conf | |
there uncomment | |
server_names_hash_bucket_size 64; | |
then go | |
sudo systemctl restart nginx | |
letsencrypt | |
sudo apt-get update | |
sudo apt-get install software-properties-common | |
sudo add-apt-repository universe | |
sudo add-apt-repository ppa:certbot/certbot | |
sudo apt-get install certbot | |
sudo certbot --webroot -w /var/www/bigbluebutton-default/ -d bigbluebutton.example.com certonly | |
check return: cert.pem chain.pem fullchain.pem privkey.pem | |
ls /etc/letsencrypt/live/bigbluebutton.example.com/ | |
SET FORCE SSL VIA REWRITE RULE: | |
nano /etc/nginx/sites-available/bigbluebutton | |
server { | |
listen 80; | |
server_name mysite.com; | |
return 301 https://$server_name$request_uri; #redirect HTTP to HTTPS | |
} | |
server { | |
listen [::]:80; | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
ssl_certificate /etc/letsencrypt/live/bigbluebutton.example.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/bigbluebutton.example.com/privkey.pem; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 10m; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256"; | |
ssl_prefer_server_ciphers on; | |
ssl_dhparam /etc/nginx/ssl/dhp-4096.pem; | |
sudo systemctl restart nginx | |
Crontab for lets encrypt | |
sudo crontab -e | |
30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log | |
35 2 * * 1 /bin/systemctl reload nginx | |
Go With the FLOW: check https://docs.bigbluebutton.org/2.2/install.html#assign-a-hostname | |
Configure FreeSWITCH for using SSLAnchor link for: configure freeswitch for using ssl | |
If you have a firewall on your server and have opened port 5066, change the rule to now open port 7443 instead. | |
Also, if your BigBlueButton server is behind a firewall, you may need to specify the value with an external IP address EXTERNAL_IP_ADDRESS:7443 to avoid getting an error 1002 in the client. For more details see Configure BigBlueButton behind a firewall. | |
Next, the websocket forwarding address in nginx. Edit the file /etc/bigbluebutton/nginx/sip.nginx and change the protocol and port on the proxy_pass line as shown: | |
location /ws { | |
proxy_pass https://203.0.113.1:7443; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "Upgrade"; | |
proxy_read_timeout 6h; | |
proxy_send_timeout 6h; | |
client_body_timeout 6h; | |
send_timeout 6h; | |
} | |
Configure BigBlueButton to load session via HTTPSAnchor link for: configure bigbluebutton to load session via https | |
With nginx now configured to use SSL, the next step is to configure FreeSWITCH to use HTTPS for initiating an audio connection. | |
Edit /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties and update the property bigbluebutton.web.serverURL to use HTTPS: | |
#---------------------------------------------------- | |
# This URL is where the BBB client is accessible. When a user successfully | |
# enters a name and password, she is redirected here to load the client. | |
bigbluebutton.web.serverURL=https://bigbluebutton.example.com | |
Next, edit the file /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties and update the property jnlpUrl and jnlpFile to HTTPS: | |
streamBaseUrl=rtmp://bigbluebutton.example.com/screenshare | |
jnlpUrl=https://bigbluebutton.example.com/screenshare | |
jnlpFile=https://bigbluebutton.example.com/screenshare/screenshare.jnlp | |
You must also update the file /var/www/bigbluebutton/client/conf/config.xml to tell the BigBlueButton client to load components via HTTPS. You can do the update with a single command | |
$ sudo sed -e 's|http://|https://|g' -i /var/www/bigbluebutton/client/conf/config.xml | |
If you would ever need to revert this change, you can run the reverse command: | |
$ sudo sed -e 's|https://|http://|g' -i /var/www/bigbluebutton/client/conf/config.xml | |
Open /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml editing and change: | |
kurento: | |
wsUrl: ws://bbb.example.com/bbb-webrtc-sfu | |
to | |
kurento: | |
wsUrl: wss://bbb.example.com/bbb-webrtc-sfu | |
Also change: | |
note: | |
enabled: true | |
url: http://bbb.example.com/pad | |
to | |
note: | |
enabled: true | |
url: https://bbb.example.com/pad | |
Next, modify the creation of recordings so they are served via HTTPS. Edit /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml and change the value for playback_protocol as follows: | |
playback_protocol: https | |
If you have installed the API demos in step 5, edit /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp and change the value of BigBlueButtonURL use HTTPS. | |
// This is the URL for the BigBlueButton server | |
String BigBlueButtonURL = "https://bigbluebutton.example.com/bigbluebutton/"; | |
Finally, to apply all of the configuration changes made, you must restart all components of BigBlueButton: | |
$ sudo bbb-conf --restart | |
Test your HTTPS configurationAnchor link for: test your https configuration | |
In order to ensure you didn’t make any mistakes that could cause security compromises, please test your HTTPS configuration. A well-respected site that can do a series of automated tests is https://www.ssllabs.com/ssltest/ - simply enter your server’s hostname, optionally check the “Do not show results” check box if you would like to keep it private, then Submit. | |
At time of writing, the configuration shown on this page should achieve an “A” ranking in the SSL Labs test page. | |
check: https://docs.bigbluebutton.org/2.2/customize.html#restrict-access-to-specific-ports | |
MS LOGIN: | |
Office365 OAuth2Anchor link for: office365 oauth2 | |
You will need an Office365 account to create an OAuth 2 key and secret. This will allow Greenlight users to authenticate with their own Office365 accounts. | |
To begin, head over to the following site and sign in to your Office365 account: https://portal.azure.com/ | |
In the menu on the left, click “Azure Active Directory”. | |
Under the “Manage” tab, click “App registrations”. | |
From here take the following steps: | |
Click “New Registration” | |
Choose any application name e.g “bbb-endpoint” | |
Set the Redirect URI to your url (must be https): “https://hostname/b/auth/office365/callback” | |
Click “Register” | |
Once your application has been created, Under the “Overview” tab, copy your “Application (client) ID” into the OFFICE365_KEY environment variable in your .env file. | |
Finally, click the “Certificates & secrets” under the “Manage” tab | |
From here take the following steps: | |
Click “New client secret” | |
Choose the “Never” option in the “Expires” option list | |
Copy the value of your password into the OFFICE365_SECRET environment variable in your .env file | |
check http://docs.bigbluebutton.org/greenlight/gl-config.html | |
EDIT AND ADJUST SERVER FIREWALL: | |
https://docs.bigbluebutton.org/2.2/configure-firewall | |
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04 | |
CUSTOMIZING | |
nano /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties | |
defaultWelcomeMessage=<default welcome message> | |
defaultWelcomeMessageFooter=<default welcome message footer> | |
sudo bbb-conf --restart | |
docker exec greenlight-v2 bundle exec rake user:create["name","email","password","admin"] | |
https://docs.bigbluebutton.org/greenlight/gl-customize.html#customizing-greenlight | |
With | |
services: | |
app: | |
entrypoint: [bin/start] | |
image: <image name>:release-v2 | |
Finally, from the ~/greenlight directory, start the application using: | |
docker-compose up -d | |
3. Configure GreenlightAnchor link for: 3 configure greenlight | |
Greenlight will read its environment configuration from the .env file. To generate this file, enter ~/greenlight directory and run: | |
cp sample.env .env | |
If you open the .env file you’ll see that it contains information for all of the Greenlight configuration options. Some of these are mandatory. | |
Generating a Secret KeyAnchor link for: generating a secret key | |
Greenlight needs a secret key in order to run in production. To generate this, run: | |
docker run --rm bigbluebutton/greenlight:v2 bundle exec rake secret | |
Inside your .env file, set the SECRET_KEY_BASE option to the last line in this command. You don’t need to surround it in quotations. | |
Setting BigBlueButton CredentialsAnchor link for: setting bigbluebutton credentials | |
By default, your Greenlight instance will automatically connect to tes | |
CHANGE IT WITH THE NAME OF RDOCKER |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment