vim /etc/network/interfaces
auto lo iface lo inet loopback auto ens18 iface ens18 inet static address 195.154.50.30 netmask 255.255.255.255 post-up ip route add 192.168.60.254 dev ens18 post-up ip route add 0.0.0.0/0 via 192.168.60.254 pre-down ip route del 0.0.0.0/0 via 192.168.60.254 pre-down ip route del 192.168.60.254 dev ens18
vim /etc/resolv.conf
nameserver 9.9.9.9 # or another DNS
search <FQDN>
vim /etc/hosts
<IP> <FQDN> <ALIAS>
reboot
If KVM : # apt install qemu-guest-agent
apt update apt upgrade locale-gen en_US.UTF-8 apt install haveged
wget https://raw.githubusercontent.com/bigbluebutton/bbb-install/master/bbb-install.sh chmod +x ./bbb-install.sh ./bbb-install.sh -v xenial-200 -s <FQDN> bbb-conf --setip <FQDN>
mkdir /etc/nginx/ssl cp private-key.key /etc/nginx/ssl chmod 0600 /etc/nginx/ssl/private-key.key cp certificate.crt /etc/nginx/ssl openssl dhparam -out /etc/nginx/ssl/dhp-2048.pem 2048
vim /etc/nginx/sites-enabled/bigbluebutton
Add after “server_name” :
listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/nginx/ssl/certificate.crt; ssl_certificate_key /etc/nginx/ssl/private-key.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256"; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/ssl/dhp-2048.pem;
vim /opt/freeswitch/conf/sip_profiles/external.xml
Change “ws-binding” to “wss-binding” and “:5066” by “:7443”.
vim /etc/bigbluebutton/nginx/sip.nginx
proxy_pass https://<FQDN>:7443;
vim /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
bigbluebutton.web.serverURL=https://<FQDN>
vim /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties
jnlpUrl=https://<FQDN>/screenshare jnlpFile=https://<FQDN>/screenshare/screenshare.jnlp
sed -e 's|http://|https://|g' -i /var/www/bigbluebutton/client/conf/config.xml vim /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml
playback_protocol: https
vim /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp
String BigBlueButtonURL = "https://<FQDN>/bigbluebutton/";
bbb-conf --restart
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6 echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-3.4.list apt update apt install install -y mongodb-org curl curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - apt install -y nodejs
apt install bbb-html5
To load HTML5 client by default, edit /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties :
# Force all attendees to join the meeting using the HTML5 client attendeesJoinViaHTML5Client=true
# Force all moderators to join the meeting using the HTML5 client moderatorsJoinViaHTML5Client=true
bbb-conf --restart
If the service “kurento-media-server” is masked :
systemctl unmask kurento-media-server
systemctl enable kurento-media-server
systemctl start kurento-media-server
apt install apt-transport-https ca-certificates curl software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" apt update apt install docker-ce
mkdir ~/greenlight && cd ~/greenlight docker run --rm bigbluebutton/greenlight:v2 cat ./sample.env > env docker run --rm bigbluebutton/greenlight:v2 bundle exec rake secret
Write the secret on the “SECRET_KEY_BASE” parameter in “~/greenlight/env”.
bbb-conf --secret
Write the URL and the secret in “~/greenlight/env” file on the “BIGBLUEBUTTON_ENDPOINT” and “BIGBLUEBUTTON_SECRET” parameters.
Check configuration :
docker run --rm --env-file env bigbluebutton/greenlight:v2 bundle exec rake conf:check
docker run --rm bigbluebutton/greenlight:v2 cat ./greenlight.nginx | sudo tee /etc/bigbluebutton/nginx/greenlight.nginx systemctl restart nginx
To make Greenlight the HTTP home page of BBB, add this on bottom of /etc/nginx/sites-available/bigbluebutton :
location = / {
return 307 /b;
}
Same, but for HTTPS :
location = / {
return 301 https://$server_name/b;
}
Rebot :
systemctl restart nginx
sudo curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose cd ~/greenlight docker run --rm bigbluebutton/greenlight:v2 cat ./docker-compose.yml > docker-compose.yml docker-compose up -d
docker-compose down
Edit /opt/freeswitch/conf/vars.xml
Remove
<X-PRE-PROCESS cmd="set" data="local_ip_v4=xxx.yyy.zzz.qqq">
Change
<X-PRE-PROCESS cmd="set" data="bind_server_ip=auto"/>
by
<X-PRE-PROCESS cmd="set" data="bind_server_ip=EXTERNAL_IP_ADDRESS"/>
Change
<X-PRE-PROCESS cmd="set" data="external_rtp_ip=stun:stun.freeswitch.org"/>
by
<X-PRE-PROCESS cmd="set" data="external_rtp_ip=EXTERNAL_IP_ADDRESS"/>
Change
<X-PRE-PROCESS cmd="set" data="external_sip_ip=stun:stun.freeswitch.org"/>
by
<X-PRE-PROCESS cmd="set" data="external_sip_ip=EXTERNAL_IP_ADDRESS"/>
Edit /opt/freeswitch/conf/sip_profiles/external.xml
Change
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="ext-sip-ip" value="$${local_ip_v4}"/>
by
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
<param name="ext-sip-ip" value="$${external_sip_ip}"/>
Edit /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties
bbb.sip.app.ip=<internal ip> bbb.sip.app.port=5070
freeswitch.ip=<internal ip> freeswitch.port=5060
Edit /etc/bigbluebutton/nginx/sip.nginx
location /ws {
proxy_pass https://<FQDN>:7443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}
bbb-conf --restart
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 80;
listen [::]:80;
server_name <FQDN>;
ssl_certificate /etc/nginx/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/private-key.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256";
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhp-2048.pem;
access_log /var/log/nginx/bigbluebutton.access.log combined_ssl;
# Handle RTMPT (RTMP Tunneling). Forwards requests
# to Red5 on port 5080
location ~ (/open/|/close/|/idle/|/send/|/fcs/) {
proxy_pass http://127.0.0.1:5080;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
keepalive_requests 1000000000;
}
# Handle desktop sharing tunneling. Forwards
# requests to Red5 on port 5080.
location /deskshare {
proxy_pass http://127.0.0.1:5080;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
include fastcgi_params;
}
# BigBlueButton landing page.
location / {
root /var/www/bigbluebutton-default;
index index.html index.htm;
expires 1m;
}
# Include specific rules for record and playback
include /etc/bigbluebutton/nginx/*.nginx;
#error_page 404 /404.html;
# Redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/nginx-default;
}
}