Closed alangecker closed 4 years ago
eveything seems fine now :)
network_mode: host
for the nginx proxy seems to break my setup with jwilder/nginx-proxy. For jwilder's docker proxy it is intended to use separate docker networks for each deployment and only expose the target upstream service to the proxy network like this.
docker-compose.yml
[...]
nginx:
image: nginx:1.19-alpine
networks:
nginx-proxy:
[...]
networks:
bbb-net:
[...]
nginx-proxy: # proxy network for jwilder main proxy
external: true
This can't be combined with host networking.
When disabling network_mode:host (and host port mapping) and exposing the new proxy port 8080 (used to be 80) to the jwilder proxy via:
nginx:
image: nginx:1.19-alpine
#network_mode: host
networks:
nginx-proxy:
#ports:
# - "8080:80"
expose:
- "8080"
environment:
- VIRTUAL_HOST=${DOMAIN}
- VIRTUAL_PORT=8080
, I can now login to greenlight but the BBB endpoints seem to be invalid. It's now stating that: "Serverfehler - BigBlueButton Endpunkt und Geheimnis ungültig." All of this used to work before this merge :(
All of this used to work before this merge :(
sorry to hear, that it broke your setup :/ it is quite difficult to make any changes with all possible custom setups in mind...
can you access the BBB API via the nginx proxy directly?
$ curl http://10.7.7.1:8080/bigbluebutton/api
and via the https proxy?
$ curl https://yourdomain/bigbluebutton/api
could you maybe share your whole docker-compose file? (https://gist.github.com/)
unfortunately I have no idea about jwilder's docker proxy...
Thank you for taking an interest in this, it is much appreciated 🙏
When I did docker inspect for the bbb proxy I realized, that I had forgotten to also (re)add the container to bbb-net (since this was replaced by host_networking). Now the system is back up and running.
However, I feel like there has to be a better way than to run the containers on host networking. For my setup host networking in not possible, since more HTTP services (i.e. rocket_chat, WP, jitsi) run on the same machine and traffic has to go to a reverse proxy first (jwilders-proxy or traeffik) to handle TLS and determine the upstream service. IMHO it's unfortunate for BBBs nginx to be blocking the hosts port (80). Is there a particular reason for this? I belive ipv6 http traffic should work without this as well.
Running BBB alongside other services on one host is one of the major advantages of this dockerized version. Although not recommend, it works flawlessly for me :)
For completeness (and users with similar issues) my bbb.yml and proxy.yml: https://gist.github.com/cjhille/3c01f711640d8c30bc5c0ad729f80f5b
The proxy.yml is pretty much vanilla and the bbb.yml is the same as @alangecker except for the nginx service, where I
nginx:
image: nginx:1.19-alpine
restart: unless-stopped
depends_on:
[...]
#ports:
# - "8080:80"
expose:
- "8080"
environment:
- VIRTUAL_HOST=${DOMAIN}
- VIRTUAL_PORT=8080
- LETSENCRYPT_HOST=${DOMAIN}
- LETSENCRYPT_EMAIL=letsencrypt-bbb.vegan-in-leipzig.de@byteanvil.com
volumes:
[...]
#network_mode: host
networks:
nginx-proxy:
bbb-net:
extra_hosts:
[...]
EDIT: another question .. what is the reason for host mapping 8080 to container port 80? Nginx is only listening on container port 8080 AFAICT
closes #24
quite handy for testing this branch with firefox
media.peerconnection.ice.relay_only
: force use of TURN servernetwork.dns.disableIPv6
disable IPv6 DNS