Changing ports trivially

[samnazarko]

Hi,

Hope this is the right place

I plan to trial this internally on a NAT'd Proxmox system and expose some ports to the internet.

443/80 are occupied presently by other services on this box. I figured that bbb can sit on an odd port because it will always be linked to from our chat (Mattermost); so no chance of typo.

I've made some changes to the script so that:

• DNS lookups are not performed (they'll fail in a NAT'd environment).
• Locales are exported correctly (otherwise PPA imports will fail)
• Challenges are not dependent on 443/80 and we can defer to a custom Let's Encrypt client instead. In our case -- it's usually beneficial to use DNS based validation as not every server is directly able to handle a challenge.

(happy to PR as RFCs). The first suggestion probably needs refinement; as checking DNS is not inherently bad.

I'm still being stung by running BBB on Port 444.

I've set my API to https://foo:444/bigbluebutton/api in Mattermost but it's still generating standard port 443 links for meetings. Is there a trivial way to resolve this? Currently I have iptables forwarding 444 -> 443 on this machine. (444 publicly exposed).

My other question is if this script is suitable for prod. I'm not keen on the idea of configuring Tomcat by hand which is why I opted for this Docker based solution. But I understand that BBB has a web based interface for configuring recordings etc that doesn't seem to be exposed presently. If I can configure things via a (presuming) /etc/ conf; then this is a non issue.

Cheers

Sam

[ffdixon]

Thanks for the feedback.

Locales are exported correctly (otherwise PPA imports will fail)

We would be interested in seeing the edits you made here. Something perhaps like

   if ! dpkg -s $1 > /dev/null 2>&1; then apt-get install -yq $1; fi

   if ! dpkg -s $1 > /dev/null 2>&1; then LC_CTYPE=en_US.UTF-8 apt-get install -yq $1; fi

Challenges are not dependent on 443/80

This one is a bit harder -- we've not tried to run BigBlueButton on anything except the standard ports of 443/80, and we actively encourage others to not do it as well. See

http://docs.bigbluebutton.org/support/faq.html#we-recommend-running-bigbluebutton-on-port-80443

Is it an option for you to install BigBlueButton on a dedicated server?

[samnazarko]

It was pretty late when I opened this issue so I took a hammer approach and did a dpkg-reconfigure locales and exported LANG=C LC_ALL=C which resolved the locales issue.

Running on dedicated hardware isn't an issue, although the VMs performance should be more than adequate. What we're a little short on is IPv4s; but I'll see if I can get this to work trivially.

[ajeecai]

@ffdixon I have the same situation like @samnazarko , where I wish to have a trial before I deploy it to a public cloud server. So now my server is located behind a NAT device, and port 443 is using by others, and I don't wish to map too many ports including 443/7443 and a wide range of UDP ports in gateway NAT device.

I am just thinking if I could do that with a TURN server in the same LAN of BBB server? Diagram supposed like this:

( BBB server) === ports ===== (TURN server) ----port 8443 ------- GW NAT -----public IP -------- client

So far as I tried, it didn't work, since installing TURN server it requires public IP too. Is any way to make it work? I think for flexible ports and networking architecure is non-trival since some users want to have a try first within some restrictions.

Thanks

[ffdixon]

@ajeecai I manage the BigBlueButton project, but this area of networking is still a bit of mystery to me and I'm not sure if it's possible.

where I wish to have a trial before I deploy it to a public cloud server

I would recommend setting up an account on Digital Ocean (or another cloud provider), creating a droplet (it's not going to cost much to run it for a few hours). Then, set yourself up with a domain name (you can purchase them at places like goDaddy for very little money), create a fully qualified domain name that (such as bbb.example.com) that points to the external IP address of your Digital Ocean server, and use bbb-install.sh to install BigBlueButton + SSL certificate (thanks to Let's Encrypt) in about 15 minutes.

[tweidinger]

I am currently trying the same approach of hosting it behind a (proxmox) firewall, where the 443/80 port are already occupied by other services on other machines (which have priority - setting this up for a friend for teaching during the current quarantine). I can understand why you officially don't want users to run it from non-standard ports. Still I would like to request this as a feature as well. My current workaround, until its feasible to set non default ports, includes getting additional external ip+macs from my hosting provider and running it on a vm (which has enough resources). @samnazarko Did you succeed in customizing the installer/dependencies?

[samnazarko]

We moved to Jitsi instead. It integrates in to Mattermost easily enough.

I think BBB is the better option, but we wanted a solution under Proxmox