Howto: SSL for BBB
1,429 views
Skip to first unread message
Jonathan Lynch
Dec 30, 2013, 9:24:49 PM12/30/13
to bigbluebu...@googlegroups.com
It's not too hard to do HTTPS in the current version.
- Install the certificate in nginx by editing /etc/nginx/sites-enabled/bigbluebutton
- Edit /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties and change bigbluebutton.web.serverURL to use https
- Edit /var/lib/tomcat6/webapps/lti/WEB-INF/classes/lti.properties and change bigbluebuttonURL and ltiEndPoint to use https
- bbb-conf --restart
That will get you SSL for HTTP. Doing SSL for RTMP is probably more complicated haven't looked into it yet...
Best,
Jonathan
Fred Dixon
Dec 31, 2013, 8:35:28 AM12/31/13
to BigBlueButton-users
Thanks for sharing this Jonathan.
Regards,... Fred
--
BigBlueButton Developer
BigBlueButton Developer
BigBlueButton on twitter: @bigbluebutton
--
You received this message because you are subscribed to the Google Groups "bigbluebutton-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-u...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-users.
For more options, visit https://groups.google.com/groups/opt_out.
Message has been deleted
fisherman
Feb 16, 2014, 8:06:06 PM2/16/14
to bigbluebu...@googlegroups.com
Hi Jonathan,
thanks for your hint. You wrote "in the current version" - from the date of your post I suppose you refer to 0.8.1?
I tried your suggestion in 0.8.1, but there is no lti.properties and no ltiEndPoint. So without this last change it doea not work (I see an error like
XML-Verarbeitungsfehler: "Junk" nach Dokument-Element
Adresse: https://servername.com/bigbluebutton/api/join?meetingID=a53166101239c93b155b0cc123bece21ad53afee&fullName=username&password=password&checksum=64198a30dde1e01239af8d1f1a6a12344e1401ff
Zeile Nr. 1, Spalte 153:<response><returncode>
thanks for your hint. You wrote "in the current version" - from the date of your post I suppose you refer to 0.8.1?
I tried your suggestion in 0.8.1, but there is no lti.properties and no ltiEndPoint. So without this last change it doea not work (I see an error like
XML-Verarbeitungsfehler: "Junk" nach Dokument-Element
Adresse: https://servername.com/bigbluebutton/api/join?meetingID=a53166101239c93b155b0cc123bece21ad53afee&fullName=username&password=password&checksum=64198a30dde1e01239af8d1f1a6a12344e1401ff
Zeile Nr. 1, Spalte 153:<response><returncode>
FAILED</returncode><errors><error key='noConfigFound' message='We could not find a config for this request.'/></errors></response><html>
--------------------------------------------------------------------------------------------------------------------------------------------------------^
Thanks,
Bernhard
--------------------------------------------------------------------------------------------------------------------------------------------------------^
Thanks,
Bernhard
Jonathan Lynch
Feb 17, 2014, 4:44:02 PM2/17/14
to bigbluebu...@googlegroups.com
Hi Bernhard,
Sorry for the confusion. Actually, step 3 is only necessary if you are using LTI like us. If you are getting an error there must be some other part missing. Is your server actually running at servername.com or did you edit that for anonymity?
To answer your question my bbb-conf says we have version 0.81.
Jonathan
fisherman
Feb 17, 2014, 5:00:35 PM2/17/14
to bigbluebu...@googlegroups.com
Hi Jonathan,
no reason to be sorry, every little hint is really appreciated :)
I replaced the servername and login for anonymity reasons. After I messed up the whole configuration (and being a bbb beginner) I will set up a new VM and try again.
Bernhard
no reason to be sorry, every little hint is really appreciated :)
I replaced the servername and login for anonymity reasons. After I messed up the whole configuration (and being a bbb beginner) I will set up a new VM and try again.
Bernhard
Fred Dixon
Feb 17, 2014, 6:13:31 PM2/17/14
to BigBlueButton-users
Hi Bernhard,
If you want to use the Learning Tools Interoperability integration with BigBlueButton, see
Regards,... Fred
--
BigBlueButton Developer
BigBlueButton Developer
BigBlueButton on twitter: @bigbluebutton
--
fisherman
Feb 17, 2014, 6:42:50 PM2/17/14
to bigbluebu...@googlegroups.com
Hi Fred,
thanks, this is something I *really* need - while playing with BBB I did not even realize that it provides this integration. Perfect!
thanks, this is something I *really* need - while playing with BBB I did not even realize that it provides this integration. Perfect!
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-users+unsub...@googlegroups.com.
Jonathan Lynch
Feb 25, 2014, 9:35:38 AM2/25/14
to bigbluebu...@googlegroups.com
Ran into a problem with upgrading bbb-client, caused by this hack. Once nginx is listening on two ports, it breaks the postinst script in the latest version of bbb-client (0.81ubuntu419):
Setting up bbb-client (0.81ubuntu419) ...
sed: -e expression #1, char 47: unterminated `s' command
dpkg: error processing bbb-client (--configure):
subprocess installed post-installation script returned error exit status 1
The solution is to edit /var/lib/dpkg/info/bbb-client.postinst and modify line 111, adding a head -1 to the end of the subcommand:
IP=$(cat /tmp/nginx-bigbluebutton | sed -n '/server_name/{s/.*name[ ]*//;s/;//;p}' | head -1)
This will allow the apt-get upgrade to succeed.
I guess I should say that this unofficial SSL hack is use-at-your-own-risk!
First User
Nov 25, 2014, 8:03:12 AM11/25/14
to bigbluebu...@googlegroups.com
Hi Jonathan,
I was wondering, if you have any directions for implementing SSL for most recent version 0.9.0-beta of BBB.
Regards,
AP
I was wondering, if you have any directions for implementing SSL for most recent version 0.9.0-beta of BBB.
Regards,
AP
Jonathan Lynch
Sep 3, 2015, 2:28:02 PM9/3/15
to bigbluebutton-users
Hi AP,
I'm sorry it's taken so long to respond; we're just now looking at upgrading to 0.9.1.
Unfortunately, the old 0.81 method no longer works. I've been hammering on it some and I've gotten https working for everything except the whiteboard and presentation modules... you know, the most important bits. :-) At this point it seems like the problem may be compiled into the SWF files themselves, but I'll keep working on it.
Jonathan
Jonathan Lynch
Sep 14, 2015, 3:21:44 PM9/14/15
to bigbluebutton-users
The 0.8 method won't work in 0.9, but I was able to get it working using a proxy server, mitmproxy, which I installed on the same ubuntu server running bigbluebutton.
apt-get install python-pip python-dev libffi-dev libssl-dev libxml2-dev libxslt1-devpip install mitmproxymitmdump -R https2http://bbb.example.com -p 443 --replace '%~s%http://bbb.example.com%https://bbb.example.com' --cert bbb.example.com.pem
bbb.example.com.pem needs to be your private key concatenated with the public cert and the intermediate bundle, in that order, all in a single file.
(Using this method, you're basically offloading SSL for your server into this mitmproxy server, which receives all SSL requests, strips the SSL, and then forwards them on to the bigbluebutton web server running on port 80, completely unaware of what's going on. Nginx responds to mitmproxy which, before sending the response back to the client, edits the content of the response and changes the http URLs back to https, ensuring that the client continues talking to the proxy instead of moving over to nginx directly.)
However, there's a big downside to this: as far as nginx can tell, all the traffic is coming from localhost! This severely limits the usefulness of any logging nginx might do.
As always, this is use-at-your-own-risk!
Jonathan
Calvin Walton
Sep 15, 2015, 2:51:02 PM9/15/15
to bigbluebu...@googlegroups.com
On Thu, 2015-09-03 at 11:28 -0700, Jonathan Lynch wrote:
> Hi AP,
>
> I'm sorry it's taken so long to respond; we're just now looking at
> upgrading to 0.9.1.
>
> Unfortunately, the old 0.81 method no longer works. I've been
> hammering on
> it some and I've gotten https working for everything except the
> whiteboard
> and presentation modules... you know, the most important bits. :-) At
> this
> point it seems like the problem may be compiled into the SWF files
> themselves, but I'll keep working on it.
>
> Jonathan
We actually have official documentation available for configuring HTTPS
> Hi AP,
>
> I'm sorry it's taken so long to respond; we're just now looking at
> upgrading to 0.9.1.
>
> Unfortunately, the old 0.81 method no longer works. I've been
> hammering on
> it some and I've gotten https working for everything except the
> whiteboard
> and presentation modules... you know, the most important bits. :-) At
> this
> point it seems like the problem may be compiled into the SWF files
> themselves, but I'll keep working on it.
>
> Jonathan
support for BigBlueButton 0.9.1. Please take a look at:
http://docs.bigbluebutton.org/install/install.html#configuring-https-on-bigbluebutton
and let us know if you have any issues.
--
Calvin Walton <calvin...@kepstin.ca>
BigBlueButton Developer
Jonathan Lynch
Sep 15, 2015, 4:51:52 PM9/15/15
to bigbluebu...@googlegroups.com
Hi Calvin,
That method will enable https on nginx. However, bigbluebutton has various configuration files and scripts that are hard-coded to http, especially in 0.9. My experience has been that the user will end up being redirected back to http.
Best,
Jonathan
On Tue, Sep 15, 2015 at 2:50 PM, Calvin Walton <calvin...@kepstin.ca> wrote:
We actually have official documentation available for configuring HTTPS
support for BigBlueButton 0.9.1. Please take a look at:
http://docs.bigbluebutton.org/install/install.html#configuring-https-on-bigbluebutton
and let us know if you have any issues.
--
Calvin Walton <calvin...@kepstin.ca>
BigBlueButton Developer
--
You received this message because you are subscribed to a topic in the Google Groups "bigbluebutton-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/bigbluebutton-users/e4pQUMfR8OQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to bigbluebutton-u...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-users.
For more options, visit https://groups.google.com/d/optout.
Calvin Walton
Sep 15, 2015, 5:09:00 PM9/15/15
to bigbluebu...@googlegroups.com
On Tue, 2015-09-15 at 16:51 -0400, Jonathan Lynch wrote:
> Hi Calvin,
>
> That method will enable https on nginx. However, bigbluebutton has
> various
> configuration files and scripts that are hard-coded to http,
> especially in
> 0.9. My experience has been that the user will end up being
> redirected back
> to http.
The instructions in this guide include steps that update all the config
> Hi Calvin,
>
> That method will enable https on nginx. However, bigbluebutton has
> various
> configuration files and scripts that are hard-coded to http,
> especially in
> 0.9. My experience has been that the user will end up being
> redirected back
> to http.
uration necessary in order to load the client over https without being
redirected back to http.
Please let me know if you find otherwise.
Jonathan Lynch
Sep 17, 2015, 3:10:18 PM9/17/15
to bigbluebutton-users
Calvin,
That works even better than my method. Thank you!
Jonathan
Reply all
Reply to author
Forward
0 new messages