Differences

This shows you the differences between two versions of the page.

--- bigbluebutton_setup [2021/08/01 16:57]
157.51.110.15
+++ bigbluebutton_setup [2021/09/02 13:48] (current)
157.49.226.162
@@ Line 37: / Line 37: @@
 **sudo bbb-conf --restart**
 **sudo bbb-conf –check**
@@ Line 62: / Line 63: @@
 Create the directory /etc/nginx/ssl:
 **$ sudo mkdir /etc/nginx/ssl**
 And now create the private key file for nginx to use (replace the hostname in the filename with your own). In addition, fix the permissions so that only root can read the private key:
-# cat >/etc/nginx/ssl/bigbluebutton.example.com.key <<'END'
+cat >/etc/nginx/ssl/bigbluebutton.example.com.key <<'END'
 Paste the contents of your key file here
 END
@@ Line 72: / Line 74: @@
 **chmod 0600 /etc/nginx/ssl/bigbluebutton.example.com.key**
+And the certificate file. Note that nginx needs your server certificate and the list of intermediate certificates together in one file (replace the hostname in the filename with your own):
+cat >/etc/nginx/ssl/bigbluebutton.example.com.crt <<'END'
+Paste (in order) the contents of the following files:
+. The signed certificate from the CA
+. In order, each intermediate certificate provided by the CA (but do not include the root).
+END
+In addition, we’ll generate a set of 4096-bit diffie-hellman parameters to improve security for some types of ciphers. This step can take several minutes to complete, particularly if run on a virtual machine.
+**sudo openssl dhparam -out /etc/nginx/ssl/dhp-4096.pem 4096**
+Now we can edit the nginx configuration to use SSL. Edit the file /etc/nginx/sites-available/bigbluebutton to add the marked lines. Ensure that you’re using the correct filenames to match the certificate and key files you created above.
+  server {
+    server_name bigbluebutton.example.com;
+    listen 80;
+    listen [::]:80;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    ssl_certificate /etc/nginx/ssl/bigbluebutton.example.com.crt;
+    ssl_certificate_key /etc/nginx/ssl/bigbluebutton.example.com.key;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256";
+  ssl_prefer_server_ciphers on;
+  ssl_dhparam /etc/nginx/ssl/dhp-4096.pem;
+For reference, note that the SSL settings used above are based on those proposed in https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ and provide support for all modern browsers (including IE8, but not IE6, on Windows XP). Please note that recommended SSL settings are subject to change as new vulnerabilities are found.
+**Configure BigBlueButton to load session via HTTPS**
+With nginx now configured to use SSL, the next step is to configure FreeSWITCH to use HTTPS for initiating an audio connection.
+Edit **/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties** and update the property bigbluebutton.web.serverURL to use HTTPS:
+#----------------------------------------------------
+# This URL is where the BBB client is accessible. When a user successfully
+# enters a name and password, she is redirected here to load the client.
+bigbluebutton.web.serverURL=https://bigbluebutton.example.com
+Next, edit the file **/usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties** and update the property jnlpUrl and jnlpFile to HTTPS:
+  streamBaseUrl=rtmp://bigbluebutton.example.com/screenshare
+  jnlpUrl=https://bigbluebutton.example.com/screenshare
+  jnlpFile=https://bigbluebutton.example.com/screenshare/screenshare.jnlp
+You must also update the file /var/www/bigbluebutton/client/conf/config.xml to tell the BigBlueButton
+client to load components via HTTPS.
+You can do the update with a single command
+**$ sudo sed -e 's|http://|https://|g' -i /var/www/bigbluebutton/client/conf/config.xml**
+If you would ever need to revert this change, you can run the reverse command:
+**$ sudo sed -e 's|https://|http://|g' -i /var/www/bigbluebutton/client/conf/config.xml**
+Open **/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml** editing and change:
+  kurento:
+    wsUrl: ws://bbb.example.com/bbb-webrtc-sfu
+to
+  kurento:
+    wsUrl: wss://bbb.example.com/bbb-webrtc-sfu
+Also change:
+  note:
+    enabled: true
+    url: http://bbb.example.com/pad
+to
+  note:
+    enabled: true
+    url: https://bbb.example.com/pad
+Next, modify the creation of recordings so they are served via HTTPS.
+Edit **/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml** and change the value for playback_protocol as
+follows:
+  playback_protocol: https
+/var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp and change the value of BigBlueButtonURL use HTTPS.
+  // This is the URL for the BigBlueButton server
+  String BigBlueButtonURL = "https://bigbluebutton.example.com/bigbluebutton/";
+Finally, to apply all of the configuration changes made, you must restart all components of BigBlueButton:
+**sudo bbb-conf –restart**
+=====Uninstall Bigbluebutton=====
+If anytime you need to uninstall bigbluebutton service from the ubuntu server. You can purge and remove each bbb packages one by one
+**dpkg -l | grep bbb**
+  apt-get purge bbb-apps
+  apt-get purge bbb-apps-akka
+  apt-get purge bbb-apps-screenshare
+  apt-get purge bbb-apps-sip
+  apt-get purge bbb-apps-video
+  apt-get purge bbb-apps-video-broadcast
+  apt-get purge bbb-client
+  apt-get purge bbb-config
+  apt-get purge bbb-demo
+  apt-get purge bbb-etherpad
+  apt-get purge bbb-freeswitch-core
+  apt-get purge bbb-freeswitch-sounds
+  apt-get purge bbb-fsesl-akka
+  apt-get purge bbb-html
+  apt-get purge bbb-mkclean
+  apt-get purge bbb-playback-presentation
+  apt-get purge bbb-record-core
+  apt-get purge bbb-red5
+  apt-get purge bbb-transcode-akka
+  apt-get purge bbb-web
+  apt-get purge bbb-webrtc-sfu

DokuWiki

Site Tools

Differences

Page Tools