Reference:

https://docs.bigbluebutton.org/2.3/install.html

Before start installing Bigbluebutton, we need to check

1) Minimum server requirements 2) Pre-installation checks

Install BigBlueButton:

wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s – -w -a -v xenial-22 -s example.exphosted.com -e thrikalsamys@peopleone.co

The above command install latest bigbluebutton version 2.3

you can check the status of your server with bbb-conf –check. When you run this command, you should see output similar to the following

sudo bbb-conf –check

You can also use sudo bbb-conf –status to check that all the BigBlueButton processes have started and are running

sudo bbb-conf –status

You can integrate BigBlueButton with one of the 3rd party integrations by providing the integration the server’s address and shared secret. You can use bbb-conf to display this information using bbb-conf –secret

sudo bbb-conf –secret 

  URL: http://bbb.example.com/bigbluebutton/
  Secret: 330a8b08c3b4c61533e1d0c334

Restart your server

You can restart and check your BigBlueButton server at any time using the commands

sudo bbb-conf –restart

sudo bbb-conf –check

Assign a hostname

For any production BigBlueButton server, you need to assign it a hostname.

sudo bbb-conf –setip HOSTNAME

For example, if your hostname was bigbluebutton.example.com, the command would be

sudo bbb-conf –setip bigbluebutton.example.com

At this point, you have BigBlueButton server listening to an IP address (or hostname) and responding to API requests. However, if you tried to login from the server’s default page with a browser, you would get an error

Configure SSL

Depending on your certificate authority (CA), you should now have 2 or more files, as follows:

Certificate Private key

Intermediate certificate (there may be more than one, or could be none) The next step is to install the files on the server.

Create the directory /etc/nginx/ssl:

$ sudo mkdir /etc/nginx/ssl

And now create the private key file for nginx to use (replace the hostname in the filename with your own). In addition, fix the permissions so that only root can read the private key:

cat >/etc/nginx/ssl/bigbluebutton.example.com.key «'END' Paste the contents of your key file here END

chmod 0600 /etc/nginx/ssl/bigbluebutton.example.com.key

And the certificate file. Note that nginx needs your server certificate and the list of intermediate certificates together in one file (replace the hostname in the filename with your own):

cat >/etc/nginx/ssl/bigbluebutton.example.com.crt «'END' Paste (in order) the contents of the following files: 1. The signed certificate from the CA 2. In order, each intermediate certificate provided by the CA (but do not include the root). END

In addition, we’ll generate a set of 4096-bit diffie-hellman parameters to improve security for some types of ciphers. This step can take several minutes to complete, particularly if run on a virtual machine.

sudo openssl dhparam -out /etc/nginx/ssl/dhp-4096.pem 4096

Now we can edit the nginx configuration to use SSL. Edit the file /etc/nginx/sites-available/bigbluebutton to add the marked lines. Ensure that you’re using the correct filenames to match the certificate and key files you created above. 

server {
  server_name bigbluebutton.example.com;
  listen 80;
  listen [::]:80;
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_certificate /etc/nginx/ssl/bigbluebutton.example.com.crt;
  ssl_certificate_key /etc/nginx/ssl/bigbluebutton.example.com.key;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256";
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhp-4096.pem;

For reference, note that the SSL settings used above are based on those proposed in https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ and provide support for all modern browsers (including IE8, but not IE6, on Windows XP). Please note that recommended SSL settings are subject to change as new vulnerabilities are found.

Configure BigBlueButton to load session via HTTPS

With nginx now configured to use SSL, the next step is to configure FreeSWITCH to use HTTPS for initiating an audio connection.

Edit /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties and update the property bigbluebutton.web.serverURL to use HTTPS:

#—————————————————- # This URL is where the BBB client is accessible. When a user successfully # enters a name and password, she is redirected here to load the client.

bigbluebutton.web.serverURL=https://bigbluebutton.example.com

Next, edit the file /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties and update the property jnlpUrl and jnlpFile to HTTPS: 

streamBaseUrl=rtmp://bigbluebutton.example.com/screenshare
jnlpUrl=https://bigbluebutton.example.com/screenshare
jnlpFile=https://bigbluebutton.example.com/screenshare/screenshare.jnlp

You must also update the file /var/www/bigbluebutton/client/conf/config.xml to tell the BigBlueButton client to load components via HTTPS.

You can do the update with a single command

$ sudo sed -e 's|http:|https:|g' -i /var/www/bigbluebutton/client/conf/config.xml

If you would ever need to revert this change, you can run the reverse command:

$ sudo sed -e 's|https:|http:|g' -i /var/www/bigbluebutton/client/conf/config.xml

Open /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml editing and change: 

kurento:
  wsUrl: ws://bbb.example.com/bbb-webrtc-sfu

to 

kurento:
  wsUrl: wss://bbb.example.com/bbb-webrtc-sfu

Also change: 

note:
  enabled: true
  url: http://bbb.example.com/pad

to 

note:
  enabled: true
  url: https://bbb.example.com/pad

Next, modify the creation of recordings so they are served via HTTPS.

Edit /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml and change the value for playback_protocol as

follows: 

playback_protocol: https

/var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp and change the value of BigBlueButtonURL use HTTPS. 

// This is the URL for the BigBlueButton server
String BigBlueButtonURL = "https://bigbluebutton.example.com/bigbluebutton/";

Finally, to apply all of the configuration changes made, you must restart all components of BigBlueButton:

sudo bbb-conf –restart

Uninstall Bigbluebutton

If anytime you need to uninstall bigbluebutton service from the ubuntu server. You can purge and remove each bbb packages one by one

dpkg -l | grep bbb 

apt-get purge bbb-apps
apt-get purge bbb-apps-akka
apt-get purge bbb-apps-screenshare
apt-get purge bbb-apps-sip
apt-get purge bbb-apps-video
apt-get purge bbb-apps-video-broadcast
apt-get purge bbb-client
apt-get purge bbb-config
apt-get purge bbb-demo
apt-get purge bbb-etherpad
apt-get purge bbb-freeswitch-core
apt-get purge bbb-freeswitch-sounds
apt-get purge bbb-fsesl-akka
apt-get purge bbb-html
apt-get purge bbb-mkclean
apt-get purge bbb-playback-presentation
apt-get purge bbb-record-core
apt-get purge bbb-red5
apt-get purge bbb-transcode-akka
apt-get purge bbb-web 
apt-get purge bbb-webrtc-sfu