search

ichdasich / bbb-rec-perm

Authentication Hook for nginx to restrict access to BigBlueButton recordings
Creative Commons Zero v1.0 Universal
17 stars 8 forks source link

How to implement this solution #1

Closed hananaq closed 4 years ago

hananaq commented 4 years ago

i want to implement you solution to my BBB server to protect the recordings from being accessed without permission but im new in this field, can you walk me through how to implement it, where to put the files ?

ichdasich commented 4 years ago

I currently do not really have the resources to provide consulting. But I will put "Update documentation" on my todo, and will also throw in some more pointers to reading resources etc.; Probably somewhen later today.

what-ri commented 4 years ago

Hi IchDasIch,

Approximate guideline/instructions how to implement your solution would be amazing! Thank you for your time & helping out hundreds of users who are concerned about security.

what-ri commented 4 years ago
  1. Git clone the latest greenlite IchDasIch fork git clone -b rec_restrictions https://github.com/ichdasich/greenlight.git

  1. Compile it with docker / run it - follow the Customize install instructions from BBB page

  2. Git clone rec-perm git clone https://github.com/ichdasich/bbb-rec-perm

  3. Install fcgiwrap if it's missing apt-get install fcgiwrap

  4. Install bcrypt apt-get install python3-bcrypt

  5. Install psycopg apt-get install python3-psycopg2

If you are using out of the box bbb without scalelite - you only need auth-passwd-bbb.py (rename it to auth.py) Edit the auth.py script as suggested by anrxc in the other issue posted. Edit you postgresql password to reflect .env file in /root/greenlight/ - out of the box "password" with lower case.

  1. Edit your nginx config (attached example) bigbluebutton.conf.txt

  2. Replace BBB.nginx files in /etc/bigbluebutton/nginx cp /bbb-rec-perm/nginx-conf/etc/bigbluebutton/nginx/* /etc/bigbluebutton/nginx

  3. Edit your path to error page in these files

Thank you for the great script!

ichdasich commented 4 years ago

uhm, whatever you do, do not use the custom-26a/custom-changes; These have changes specific to my infrastructure/setup. ;-)

You should use https://github.com/ichdasich/greenlight/tree/rec_restrictions and merge that with the current upstream branch you want to use. I will update that branch to the current tag in a bit.

Apart from that: Mind if I use the documentation you just wrote in README.md?

what-ri commented 4 years ago

Sure, go ahead.

ichdasich commented 4 years ago

Added documentation. Closing this. Thanks again!