[BBB in an LXC container] bbb-install fails with public IP DNS verified, but local NATted IP didn't match!

[zenny]

Hi,

Trying to run the bbb-install.sh script,but it reports that

bbb-install: DNS lookup for bbb.example.com resolved to <PUBLIC IP ADDRESS> but didn't match local 192.168.200.100.

Obviously, I am trying in the NATted LXC container with local IP. Any way to overcome this?

Cheers, /z

[ffdixon]

Try copying down the script

wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh > install.sh
chmod +x install.sh

Then edit the file and remove this line https://github.com/bigbluebutton/bbb-install/blob/master/bbb-install.sh#L314.

Run it locally and let the installation go through. Let us know if that gets you going with an install in LCX.

[zenny]

@ffdixon : Removing https://github.com/bigbluebutton/bbb-install/blob/master/bbb-install.sh#L314 didn't make any difference:

#./bbb-install.sh -v xenial-200 -s bbb.example.com -e postmaster@example.com -t -g
bbb-install: DNS lookup for bbb.example.com resolved to <PUBLIC_IP> but didn't match local 192.168.200.100.

However, it seems like it seems like the conflict between public IP and NATted local IP somewhere, and has nothing to do with the freeswitch systemd script(L289-295). Just my wild guess.

[ffdixon]

Sorry, gave you the wrong check line to remove. Try downloading bbb-install.sh to a local file and removing https://github.com/bigbluebutton/bbb-install/blob/master/bbb-install.sh#L294.

This is the line that contains the check

if [ "$DIG_IP" != "$IP" ]; then err "DNS lookup for $1 resolved to $DIG_IP but didn't match local $IP."; fi

[zenny]

@ffdixon Yep, commenting the line 294 went through the installation greenlight as docker inside lxc seems not achievable or even if achievable may be insecure, I guess.

A script to install greenlight without docker would be very valuable, imho

[ffdixon]

Running docker inside LXC is a bit tricky. We haven't tested this ourselves, but this link might get you going

https://stgraber.org/2016/04/13/lxd-2-0-docker-in-lxd-712/

[somuelle-tmt]

Who is working on this issue? "Single command" doesn't work if you have do download an modify the the script in every new install!

The line 294 is already outdated, now you have to edit line 321.

[ffdixon]

We can add an option to bypass the local network check. I'll be the one to implement it.

[zenny]

@ffdixon adding an option to bypass the local network check ease people to deploy in containers.

About your suggestion on https://github.com/bigbluebutton/bbb-install/issues/14#issuecomment-400892752, the provided link only deals with something under lxd, not vanilla lxc (like it comes with promox4/5).

Under vanilla lxc, it ouputs like:

+ docker ps
+ docker run -d -p 5000:80 --restart=unless-stopped -v /root/greenlight/db/production:/usr/src/app/db/production --env-file /root/greenlight/env -
-name greenlight-v2 bigbluebutton/greenlight:v2
Unable to find image 'bigbluebutton/greenlight:v2' locally
v2: Pulling from bigbluebutton/greenlight
05d1a5232b46: Extracting [==================================================>]  45.31MB/45.31MB
5cee356eda6b: Download complete 
89d3385f0fd3: Download complete 
80ae6b477848: Download complete 
28bdf9e584cc: Download complete 
bdeb28e714e4: Download complete 
5922247af93e: Download complete 
a777432baaad: Download complete 
19c0a7a5b752: Download complete 
ddd0f4a356bf: Download complete 
e04b71294a23: Download complete 
cab4a4ab944c: Download complete 
e0ac9a5a71a8: Download complete 
f4e329526ddf: Download complete 
docker: failed to register layer: ApplyLayer exit status 1 stdout:  stderr: permission denied.

[ffdixon]

There looks to be a little bit more required to run docker in LXC (see https://stgraber.org/2016/04/13/lxd-2-0-docker-in-lxd-712/). We'll look deeper into adding that logic to bbb-install.sh.

[somuelle-tmt]

I just looked through the script and saw that all the required steps for BBB behind NAT, like setting up dummy NIC and changing all the configurations to externals IP are actually in there. In my two installations with this script neither the dummy nic nor the configurations was put in my config files.

[ffdixon]

We've tested the installation script on servers that are internet accessible (which is where the internal/external IP address logic is in place). However, the external (public) IP address for a LXC/LXD container will not be correct.

We'll need to add some logic to detect when running in a LXC/LXD and configure accordingly.

[ffdixon]

HI Guys, looking at this now. Are you setting up your LXC containers with an IP address or hostname? If hostname, are you putting in the DNS entry in /etc/hosts?

We're thinking of extending the script to check for this special case of LXC + hostname + /etc/hosts entry -- and skip the external DNS check.

[Makr91]

I've had this same issue, but not in LXC, but in VMware ESXi, This was the only thread I found to comment out line 214 as mentioned above. I work as SysAdmin at Managed Hosting Provider as such we have all our machines behind a NAT. We generally assign Hostname, Internal, and External IP address. We generally set the hostname on the local DNS server or externally if it's for an client with external DNS.

[falahati]

Same thing in a VM environment behind NAT. Please consider adding a new switch for passing the external IP address so that it can be used for modifying configuration files as well. This is preferable to the auto-detection of LXC and such. So that if your hostname's IP address doesn't match with the local one you should be forced to use this new switch to explicitly mention the external IP address of the server.

[ffdixon]

If anyone has good chops with BASH scripting, we'd appreciate if someone took a shot at making the change to bbb-install.sh, testing it on their local VM to make sure it works, and sending a pull request.

[Salamit]

I have this issue. I'm trying to install a TURN server on AWS. I would help if I knew BASH.

bbb-install: DNS lookup for turn.mysite.com resolved to (public ip)XX.XXX.XXX.XX but didn't match local XXX.XX.XX.XXX.

[hamzaachi]

I am also experiencing the same issue, VM NATed behind firewall

[kkingstoun]

I have also the same problem, but

ifdown lo

helps to go to the next step. Right now I have a problem with Error: Unable to connect to the FreeeSWITCH Event Socket Layer on port 8021.

Update:

I passed even this step, but finally, I cannot pass the echo test - connection error.

I set this server on VM, so probably this is a problem. In my log there is some strange IP addresses:

Stopping BigBlueButton

Starting BigBlueButton

BigBlueButton Server 2.2.4 (1846) Kernel version: 4.4.0-177-generic Distribution: Ubuntu 16.04.6 LTS (64-bit) Memory: 8076 MB CPU cores: 4

/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties (bbb-web) bigbluebutton.web.serverURL: https://MY_PUBLIC_DOMAIN_ADDRES defaultGuestPolicy: ALWAYS_ACCEPT svgImagesRequired: true

/etc/nginx/sites-available/bigbluebutton (nginx) server name: MY_PUBLIC_DOMAIN_ADDRES port: 80, [::]:80 port: 443 ssl bbb-client dir: /var/www/bigbluebutton

/var/www/bigbluebutton/client/conf/config.xml (bbb-client) Port test (tunnel): rtmp://MY_PUBLIC_DOMAIN_ADDRES red5: MY_PUBLIC_DOMAIN_ADDRES useWebrtcIfAvailable: true

/opt/freeswitch/etc/freeswitch/vars.xml (FreeSWITCH) local_ip_v4: MY_PUBLIC_IP external_rtp_ip: 104.24.113.6 external_sip_ip: 104.24.113.6

/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml (FreeSWITCH) ext-rtp-ip: $${external_rtp_ip} ext-sip-ip: $${external_sip_ip} ws-binding: :5066 wss-binding: 104.24.112.6:7443

/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback) playback_host: MY_PUBLIC_DOMAIN_ADDRES playback_protocol: https ffmpeg: 4.2.2-1bbb1~ubuntu16.04

/etc/bigbluebutton/nginx/sip.nginx (sip.nginx) proxy_pass: 104.24.113.6

/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (Kurento SFU) kurento.ip: 104.24.112.6 kurento.url: ws://127.0.0.1:8888/kurento localIpAddress: MY_PUBLIC_IP recordScreenSharing: true recordWebcams: true codec_video_main: VP8 codec_video_content: VP8

/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client) build: 873 kurentoUrl: wss://MY_PUBLIC_DOMAIN_ADDRES/bbb-webrtc-sfu enableListenOnly: true

Potential problems described below IP does not match: IP from ifconfig: MY_PUBLIC_IP /etc/nginx/sites-available/bigbluebutton: MY_PUBLIC_DOMAIN_ADDRES Warning: API URL IPs do not match host:

                           IP from ifconfig: MY_PUBLIC_IP

/var/lib/tomcat7/demo/bbb_api_conf.jsp: MY_PUBLIC_DOMAIN_ADDRES

.................. Warning: The setting of 104.24.113.6 for proxy_pass in

/etc/bigbluebutton/nginx/sip.nginx

does not match the local IP address (MY_PUBLIC_IP). (This is OK if you've manually changed the values)

Warning: The API demos are installed and accessible from:

https://MY_PUBLIC_DOMAIN_ADDRES

and

https://MY_PUBLIC_DOMAIN_ADDRES/demo/demo1.jsp

These API demos allow anyone to access your server without authentication to create/manage meetings and recordings. They are for testing purposes only. If you are running a production system, remove them by running:

apt-get purge bbb-demo

Could you check this?

[firmlager99]

Hello. I also get this error, when I try to install BBB. Is there a solution to get the install.sh work anyway?

[tatangs]

same question I also get this error, when I try to install BBB. Is there a solution to get the install.sh work anyway?

[falahati]

@tatangs , @firmlager99 : @ffdixon workaround still works.

But then you need to review the configuration files and replace the invalid external IP address with the correct one manually.

[tatangs]

@falahati which file? and what kind configuration?

[ricardonvs]

It worked for me to install on EC2 by inserting the public name and ip in /etc/hosts ip example.com

[dashohoxha]

There is a blog that describes how to install BBB inside an LXC container: https://discuss.linuxcontainers.org/t/how-to-use-a-second-ip-with-a-container-and-routed-nic/

At the end there is a trick about fixing the services:

# Override /lib/systemd/system/freeswitch.service
mkdir /etc/systemd/system/freeswitch.service.d
cat <<EOF | tee /etc/systemd/system/freeswitch.service.d/override.conf
[Service]
CPUSchedulingPolicy=other
EOF

# override /usr/lib/systemd/system/bbb-html5-frontend@.service
mkdir /etc/systemd/system/bbb-html5-frontend@.service.d
cat <<EOF | tee /etc/systemd/system/bbb-html5-frontend@.service.d/override.conf
[Service]
CPUSchedulingPolicy=other
EOF

# override /usr/lib/systemd/system/bbb-html5-backend@.service
mkdir /etc/systemd/system/bbb-html5-backend@.service.d
cat <<EOF | tee /etc/systemd/system/bbb-html5-backend@.service.d/override.conf
[Service]
CPUSchedulingPolicy=other
EOF

systemctl daemon-reload
bbb-conf --restart
bbb-conf --status

I am not sure if this trick is needed only when installing on an LXC container or it needs to be applied when installing to a Docker container as well. However I think that the script bbb-install.sh can do this automatically. To detect that we are installing inside an LXC container, we can look at /proc/1/environ, which has a content like this: container=lxc.

I may also try to provide a PR if needed.

[dashohoxha]

Hey @ffdixon I have tested the script bbb-install-2.6-turn.sh and everything seems to be working well for me. (https://groups.google.com/g/bigbluebutton-dev/c/02DK0jxG8Jw)

I am installing it inside an LXC/LXD container (instructions here: http://dashohoxha.fs.al/docs/install-bbb-with-lxd.html)

In the section 5.2. Fix the services there is a fix that is needed for the case of LXC containers. It is also described here: https://groups.google.com/g/bigbluebutton-setup/c/77AtQ4Hl7ag/m/0_k76m1xAwAJ

It would be nice if the installation script (bbb-install-2.6-turn.sh) applies it automatically, because this is the aim of the script, to automate the installation process. On the previous message I describe the steps. To detect that we are installing inside an LXC container, we can use a test like this:

if [[ $(cat /proc/1/environ | tr '\0' '\n') == 'container=lxc' ]]
then
    echo "The script is running inside an LXC container"
fi

I may also try to provide a PR if you want.

[ffdixon]

Hi @dashohoxha, a pull request for making it easier to install BigBlueButton on LXC containers would be welcome.