ichdasich
commented
4 years ago Please describe the issue you are encountering in further detail.
Closed MTaghaddomi closed 4 years ago
ichdasich
commented
4 years ago Please describe the issue you are encountering in further detail.
MTaghaddomi
commented
4 years ago I didn't want to change nginx default configurations. so I just add /bbb location in bigbluebutton Nginx configuration nginx conf. I used bbb-auth.py script. I merged your greenlight branch with my own. The problem is all playbacks are protected now. I don't use scalelite and use vanilla bbb.
/etc/nginx/bigbluebutton :
server {
server_name example.com;
listen 443 ssl;
access_log /var/log/nginx/bigbluebutton.access.log;
location /gl-auth/auth.py {
gzip off;
root /var/www/html/gl-auth;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include /etc/nginx/fastcgi_params;
fastcgi_param DOCUMENT_ROOT /var/www/html/gl-auth/;
fastcgi_param SCRIPT_FILENAME /var/www/html/gl-auth/auth.py;
}
location = /auth {
internal;
proxy_pass https://localhost/gl-auth/auth.py;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location ~ /bbb/.* {
root /var/www/html/;
}
# BigBlueButton landing page.
location / {
root /var/www/bigbluebutton-default;
index index.html index.htm;
expires 1m;
}
# Include specific rules for record and playback
include /etc/bigbluebutton/nginx/*.nginx;
#error_page 404 /404.html;
# Redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /var/www/nginx-default;
#}
error_page 500 502 503 504 /index.html;
location = /index.html {
root /var/www/html/bbb-rec-perm/error-page/;
}
location = / {
return 307 /b;
}
server {
if ($host = example.com {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com;
server_name localhost;
return 404; # managed by Certbot
root /var/www/html;
location /gl-auth/auth.py {
gzip off;
root /var/www/html/gl-auth;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include /etc/nginx/fastcgi_params;
fastcgi_param DOCUMENT_ROOT /var/www/html/gl-auth/;
fastcgi_param SCRIPT_FILENAME /var/www/html/gl-auth/auth.py;
}
}
If they are set to 'private' (which is the default, if they were set to 'unlisted' before) they are of course protected. You will have to change that to 'unlisted' or 'public' to make them accessible. In case you already did that, please take a look at your nginx logs to see whether auth.py works as inteded, or throws errors.
MTaghaddomi
commented
4 years ago The tested playback was public.
nginx log:
2020/07/05 15:28:42 [error] 14253#14253: *872 connect() failed (111: Connection refused) while connecting to upstream, client: 31.57.123.186, server: example.com, request: "GET /playback/presentation/2.0/playback.html?meetingId=57588c32b2a7c686d7dcccaa9209086033de903b-1593178960444 HTTP/1.1", subrequest: "/auth", upstream: "https://[::1]:443/gl-auth/auth.py", host: "example.com"
MTaghaddomi
commented
4 years ago Is this issue might solve my problem? https://github.com/ichdasich/bbb-rec-perm/issues/5#issuecomment-648743626
ichdasich
commented
4 years ago Did you configure fastcgi? i.e., is the fcgi daemon running?
MTaghaddomi
commented
4 years ago I'm not sure. PHP didn't install on my server. Should I install it?
ichdasich
commented
4 years ago fcgi does not (necessarily) have to do sth. with php. Here it is to be able to execute the python CGI. See step 4 of the installation instructions.
MTaghaddomi
commented
4 years ago I've already installed it.
fcgiwrap is already the newest version (1.1.0-6).
ichdasich
commented
4 years ago Is it running and working? Can you share corresponding log lines from your nginx error log as well please?
MTaghaddomi
commented
4 years ago I think these logs are for the time I'd tested bbb-auth-passwd.py script. after I changed the script no line contains 'fcgi'
t: 127.0.0.1, server: example.com, request: "GET /gl-auth/auth.py HTTP/1.0", upstream: "fastcgi://unix:/var/run/fcgiwrap.socket:", host: "localhost" Is the server running on host "localhost" (::1) and acc" while reading response header from upstream, client: 127.0.0.1, server: example.com, request: "GET /gl-auth/auth.py HTTP/1.0", upstream: "fastcgi://unix:/var/run/fcgiwrap.socket:", host: "localhost" FATAL: password authentication failed for user "postgres"" while reading response header from upstream, client: 127.0.0.1, server: example.com, request: "GET /gl-auth/auth.py HTTP/1.0", upstream: "fastcgi://unix:/var/run/fcgiwrap.socket:", host: "localhost"
MTaghaddomi
commented
4 years ago I didn't want to change nginx default configurations. so I just add /bbb location in bigbluebutton Nginx configuration nginx conf. I used bbb-auth.py script. I merged your greenlight branch with my own. The problem is all playbacks are protected now. I don't use scalelite and use vanilla bbb.
/etc/nginx/bigbluebutton :
server { server_name example.com; listen 443 ssl; access_log /var/log/nginx/bigbluebutton.access.log; location /gl-auth/auth.py { gzip off; root /var/www/html/gl-auth; fastcgi_pass unix:/var/run/fcgiwrap.socket; include /etc/nginx/fastcgi_params; fastcgi_param DOCUMENT_ROOT /var/www/html/gl-auth/; fastcgi_param SCRIPT_FILENAME /var/www/html/gl-auth/auth.py; } location = /auth { internal; proxy_pass https://localhost/gl-auth/auth.py; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header X-Original-URI $request_uri; } location ~ /bbb/.* { root /var/www/html/; } # BigBlueButton landing page. location / { root /var/www/bigbluebutton-default; index index.html index.htm; expires 1m; } # Include specific rules for record and playback include /etc/bigbluebutton/nginx/*.nginx; #error_page 404 /404.html; # Redirect server error pages to the static page /50x.html # #error_page 500 502 503 504 /50x.html; #location = /50x.html { # root /var/www/nginx-default; #} error_page 500 502 503 504 /index.html; location = /index.html { root /var/www/html/bbb-rec-perm/error-page/; } location = / { return 307 /b; } server { if ($host = example.com { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name example.com; server_name localhost; return 404; # managed by Certbot root /var/www/html; location /gl-auth/auth.py { gzip off; root /var/www/html/gl-auth; fastcgi_pass unix:/var/run/fcgiwrap.socket; include /etc/nginx/fastcgi_params; fastcgi_param DOCUMENT_ROOT /var/www/html/gl-auth/; fastcgi_param SCRIPT_FILENAME /var/www/html/gl-auth/auth.py; } }
Is it possible I forgot some of the configurations? I don't change default conf. But I found this file in this repo which I think the config is duplicated. (It's already exists on /etc/nginx/site-available/bigbluebutton) Nginx default conf
ichdasich
commented
4 years ago Well, this looks like the password for postgres is not correct. did you change that in the script?
But, to be honest, fixing your integration, not following documentation, is kind of out-of-scope for this issue tracker. You can try to find somebody on the bbb user mailinglist, who might be able to help.
MTaghaddomi
commented
4 years ago Thanks for your guides. I try to fix the problem. however I'm not sure whether the default Nginx is required yet.
thank you for sharing this code. I think the document needs adding more information about detail of implementation. for example, I don't know why all of my records, are inaccessible. please provide more declarative documentation. thanks.