search

blindsidenetworks / mattermost-plugin-bigbluebutton

BigBlueButton plugin for Mattermost :electric_plug:
Apache License 2.0
89 stars 43 forks source link

Clues Needed: Nginx Proxy for BBB #76

Closed eyebank closed 4 years ago

eyebank commented 4 years ago

I dislike burning a public for BBB (and for better protection) i'd like to use a reverse proxy in front of BBB server.

My setup Firewall NAT to BBB server will those open ports. Everything works fine (except recordings).

What i want (and it does not work) nginx reverse proxy for upstream BBB server. It appears i cannot shut down the BBB nginx server and place the sever behind a proxy server. What have most of you done? What can be done?

Thanks

rottaran commented 4 years ago

I left the BBB nginx running as it is inside the BBB's lxc container. My frontend nginx acts as reverse proxy towards BBB and towards mattermost. Moving BBB into a subpath requires quite some config changes. I would avoid this if possible.

My host nginx config:

server {
    listen 443 ssl http2;
## ... other stuff ...

    ## for big blue button
    location /bbb/ {
        proxy_pass http://BBBINTERNALIP/;
        tcp_nodelay on;
        proxy_redirect     off;
        proxy_set_header  Host $host;
        proxy_set_header  X-Real-IP $remote_addr;
        proxy_set_header  X-Forwarded-Proto https;
        proxy_set_header  X-Forwarded-For $remote_addr;
        proxy_set_header  X-Forwarded-Host $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_http_version 1.1;  # recommended with keepalive connections
        proxy_set_header X-Forwarded-Ssl on;
        client_max_body_size       10m;
        client_body_buffer_size    128k;
        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_buffering            off;
        keepalive_requests         1000000000;
    }

    location ~ ^/(open|close|idle|send|fcs|deskshare|html5client|_timesync|client|demo|pad|static|playback|presentation|bigbluebutton|screenshare|ws|verto|bbb-webrtc-sfu) {
        proxy_pass http://BBBINTERNALIP;
        tcp_nodelay on;
        proxy_redirect     off;
        proxy_set_header  Host $host;
        proxy_set_header  X-Real-IP $remote_addr;
        proxy_set_header  X-Forwarded-Proto https;
        proxy_set_header  X-Forwarded-For $remote_addr;
        proxy_set_header  X-Forwarded-Host $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_http_version 1.1;  # recommended with keepalive connections
        proxy_set_header X-Forwarded-Ssl on;
        client_max_body_size       10m;
        client_body_buffer_size    128k;
        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_buffering            off;
        keepalive_requests         1000000000;
    }
}

with the usual definitions for $connection_upgrade and $http_upgrade:

map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}

map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

Inside the BBB's nginx I did:

cat >>/etc/bigbluebutton/nginx/client <<EOF
location /bbb/ {
  rewrite ^/bbb(/.*)$ $1 last;
}

sed -i 's/server_name PUBLICHOSTNAME;/server_name BBBINTERNALIP PUBLICHOSTNAME/g' /etc/nginx/sites-available/bigbluebutton

sed -i 's*bigbluebutton.web.serverURL=https://PUBLICHOSTNAME*bigbluebutton.web.serverURL=https://PUBLICHOSTNAME/bbb*g' /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties

This configuration can be improved. Some URLs are defined in /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties and /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties. It might be possible to move them into the bbb subpath. Not all of the ^/(open|close|idle|send|fcs|deskshare|html5client|_timesync|client|demo|pad|static|playback|presentation|bigbluebutton|screenshare|ws|verto|bbb-webrtc-sfu) locations might be actually used.

rottaran commented 4 years ago

Everything works fine (except recordings).

By accident I found some error messages in the logs and then did the following. This might help and is nowhere in the extensive documentation. If it helps for you, please tell.

mkdir /home/bigbluebutton
chown bigbluebutton:bigbluebutton /home/bigbluebutton/

Also note that it takes some time until recordings become visible. There is some post processing as described on https://docs.bigbluebutton.org/dev/recording.html You can follow the post processing in real time via bbb-record --watch.

eyebank commented 4 years ago

Thank you @rottaran Thank you very much!

karthik1710 commented 4 years ago

Hi @rottaran, Im Trying to setup BBB behind Nginx reverse proxy has frontend. It would be great if you share the nginx reverse proxy conf and bbb nginx conf. Thanks