Integration with (existing) NGINX

[xpbe0]

Missing instructions in Integration with NGINX.

[xpbe0]

(no issue)

[worksasintended]

This is my working nginx config, nginx used as a reverse proxy with letsencrypt: Of course you can skip the whole ssl_certicate part as a minimal example

server {
  server_name   bbb.example.com;

  location / {
    proxy_pass  http://127.0.0.1:8080;
    proxy_set_header X-Forwarded-Ssl on;
    proxy_set_header X-Forwarded-Host $host:$server_port;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
  }

    listen 443 ssl;
    ssl_certificate /somePath/fullchain.pem;
    ssl_certificate_key /somePath/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 

}
server {
    if ($host = bbb.example.com) {
        return 301 https://$host$request_uri;
    } 

    listen        80;
    server_name   bbb.example.com;
    return 404; 

}

[xpbe0]

hi, thanks a lot. I already send a PR with slightly bit more elaborated example. Of course lots of it can be scraped. The hidden beast is in:

    ...
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    ...

thanks and 🍻 for you

[kodaizen]

Hello, I have bbb on a subdomain too. Do you have Greenlight? I have an error server after login. In greenlight docker container, BIGBLUEBUTTON_ENDPOINT var point to main domain rather than subdomain. How to change it? Thanks

[xpbe0]

@kodaizen : can you share your [anonymised] .env, ip addr list, ifconfig, docker network list and firewall-cmd --list-all-zones?

[MartinHarran]

I’m still only learning about most of the stuff involved here so I may be missing something basic.

My currents setup for general sites is a container from the jwilder/nginx-proxy image to handle reverse proxy along with a container from the companion image jrcs/letsencrypt-nginx-proxy-companion to handle SSL.

When I use the above config modifications, the bbb-docker_https_proxy_1 container cannot start as my nginx-proxy container is already listening on ports 80 and 443. From the log:

2021/03/25 08:50:06 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)

2021/03/25 08:50:06 [emerg] 1#1: bind() to 0.0.0.0:443 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use)

How do I get around this?

[cjhille]

@MartinHarran There are a few things you need to change for jwilder's proxy.

In .env disable built in https proxy:

#ENABLE_HTTPS_PROXY=true

In docker-compose.yml add the jwilder proxy network

networks:
  bbb-net:
    ipam:
      driver: default
      config:
        - subnet: "10.7.7.0/24"
  nginx-proxy:
    external: true

In docker-compose.yml remove host networking for nginx service and add it to proxy's network

    #network_mode: host  # <- comment this
    networks:
      nginx-proxy:
      bbb-net:

In docker-compose.yml for nginx service expose 8080 and add the required env variables for the jwilder proxy

    expose:
      - "8080"
    environment:
      - VIRTUAL_HOST=${DOMAIN}
      - VIRTUAL_PORT=8080
      - LETSENCRYPT_HOST=${DOMAIN}
      - LETSENCRYPT_EMAIL=your.email@domain.tld

For the turn server to work you need to make some more adjustments.

in docker-compose.coturn.yml:

volumes:
    #- ssl_data:/etc/resty-auto-ssl # <- replace this with:
    - ./path/to/your/certs/your.domain.tld:/etc/proxy-cert # <- update your path here

and changing file paths in mod/coturn/entrypoint.sh to:

while [ ! -f /etc/proxy-cert/fullchain.pem ]
[...]
cat /etc/proxy-cert/fullchain.pem > /tmp/cert.pem
cat /etc/proxy-cert/key.pem > /tmp/key.pem

[xpbe0]

@MartinHarran please see also PR: https://github.com/alangecker/bigbluebutton-docker/pull/88/files

[MartinHarran]

@MartinHarran There are a few things you need to change for jwilder's proxy.

@cjhille That worked perfectly, thank you very much for such detailed instructions

[MartinHarran]

@xpbe0 - cjhille's instructions worked perfectly, what is different in that PR that I should be looking at?

[xpbe0]

hello @MartinHarran, there are differences in handling certs and netowrking. I didn't change anything in docker-compose.yml file. Also could be important to mention that I use branch v2.3.x