Closed eyebank closed 4 years ago
I left the BBB nginx running as it is inside the BBB's lxc container. My frontend nginx acts as reverse proxy towards BBB and towards mattermost. Moving BBB into a subpath requires quite some config changes. I would avoid this if possible.
My host nginx config:
server {
listen 443 ssl http2;
## ... other stuff ...
## for big blue button
location /bbb/ {
proxy_pass http://BBBINTERNALIP/;
tcp_nodelay on;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1; # recommended with keepalive connections
proxy_set_header X-Forwarded-Ssl on;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
keepalive_requests 1000000000;
}
location ~ ^/(open|close|idle|send|fcs|deskshare|html5client|_timesync|client|demo|pad|static|playback|presentation|bigbluebutton|screenshare|ws|verto|bbb-webrtc-sfu) {
proxy_pass http://BBBINTERNALIP;
tcp_nodelay on;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1; # recommended with keepalive connections
proxy_set_header X-Forwarded-Ssl on;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
keepalive_requests 1000000000;
}
}
with the usual definitions for $connection_upgrade
and $http_upgrade
:
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
Inside the BBB's nginx I did:
cat >>/etc/bigbluebutton/nginx/client <<EOF
location /bbb/ {
rewrite ^/bbb(/.*)$ $1 last;
}
sed -i 's/server_name PUBLICHOSTNAME;/server_name BBBINTERNALIP PUBLICHOSTNAME/g' /etc/nginx/sites-available/bigbluebutton
sed -i 's*bigbluebutton.web.serverURL=https://PUBLICHOSTNAME*bigbluebutton.web.serverURL=https://PUBLICHOSTNAME/bbb*g' /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
This configuration can be improved. Some URLs are defined in /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties
and /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties
. It might be possible to move them into the bbb subpath. Not all of the ^/(open|close|idle|send|fcs|deskshare|html5client|_timesync|client|demo|pad|static|playback|presentation|bigbluebutton|screenshare|ws|verto|bbb-webrtc-sfu)
locations might be actually used.
Everything works fine (except recordings).
By accident I found some error messages in the logs and then did the following. This might help and is nowhere in the extensive documentation. If it helps for you, please tell.
mkdir /home/bigbluebutton
chown bigbluebutton:bigbluebutton /home/bigbluebutton/
Also note that it takes some time until recordings become visible. There is some post processing as described on https://docs.bigbluebutton.org/dev/recording.html You can follow the post processing in real time via bbb-record --watch
.
Thank you @rottaran Thank you very much!
Hi @rottaran, Im Trying to setup BBB behind Nginx reverse proxy has frontend. It would be great if you share the nginx reverse proxy conf and bbb nginx conf. Thanks
I dislike burning a public for BBB (and for better protection) i'd like to use a reverse proxy in front of BBB server.
My setup Firewall NAT to BBB server will those open ports. Everything works fine (except recordings).
What i want (and it does not work) nginx reverse proxy for upstream BBB server. It appears i cannot shut down the BBB nginx server and place the sever behind a proxy server. What have most of you done? What can be done?
Thanks