Re: [bigbluebutton-setup] BBB in AWS EC2 instance behind an ELB

1,336 views
Skip to first unread message
Message has been deleted

Fred Dixon

unread,
Sep 18, 2019, 1:10:14 PM9/18/19
to BigBlueButton-.
Hi Patrizio,

> EC2 instance:  t2.2xlarge (Variable ECUs, 8 vCPUs, 2.3 GHz, Intel Broadwell E5-2686v4, 32 GiB memory)

We don't have any experiences with the t2.2xlarge instances.  The variable CPU may cause you problems later on that manifest themselves as issues in the software (which are resulting from compressed CPU).

To give you a reference of a working BigBlueButton server on EC2, we would recommend setting up BigBlueButton on a C5.xlarge, see


with a hostname pointing to the public IP of the server.  The use bbb-install.sh setup the server using Let's Encrypt to generate the SSL certificate.

You may not use this server for production, but it will give you a reference of a working server that you can use to compare against your existing server.

> We registered our bbb.domain.com to point to an AWS Classic Elastic Load Balancer (which has no IP address), with a certificate from Amazon Certificate Manager.

You might be the first one who has tried this setup.  We recommend running BigBlueButton as a stand-alone, dedicated server.  You don't need any proxy in front of the server (which in itself may cause issues).  Is it an option for you to run your BigBluebButton server stand-alone?


Regards,... Fred


On Wed, Sep 18, 2019 at 12:00 PM Patrizio Passeri <patrizio...@gmail.com> wrote:

Hello,

 

I have been trying to get BigBlueButton in our AWS environment for a few weeks now, but I don’t seem to be able to get it working correctly as I’m still getting “error 1002”, possibly caused by FreeSWITCH service.

 

Errors:

Microphone:   Error 1002: Could not make a WebSocket connection

LIsten only: Error: Connection error

Share webcam:    Error 1020: media could not reach the server

 

We are going to use BigBlueButton as remote training platform, therefore we decided to install it on AWS, which gives us the flexibility that our company requires, but at the same time it introduces several hurdles that are not documented.

 

Specs:

EC2 instance:  t2.2xlarge (Variable ECUs, 8 vCPUs, 2.3 GHz, Intel Broadwell E5-2686v4, 32 GiB memory)

EBS:         50 GB (gp2)

AMI:       Canonical, Ubuntu, 16.04 LTS, amd64 xenial image build on 2019-06-28

 

BigBlueButton 2.2 Beta version installed with bbb-install.sh with the following steps:

 

 

We registered our bbb.domain.com to point to an AWS Classic Elastic Load Balancer (which has no IP address), with a certificate from Amazon Certificate Manager.

Since the EC2 instance is in private subnet (which is standard practice in AWS), the only way to get to the instance is via the Load Balancer.

The AWS Security Groups (the AWS firewall managed service, which also has no IP address) seem to be correctly configured , as we can get to the BBB site and everything seems to work but the media (audio and webcam).

The actual EC2 instance has a self-signed certificate, therefore the load balancer receives traffic on port 443 and forwards it to the Linux server onto port 443.

 

This is a brief description of our setup:

 

https://bbb.domain.com:443 à AWS Classic Load Balancer – port: 443 (AWS HTTPS ACM Certificate) à Private Subnet à EC2 instance – port: 443

 

The main issue seems to be with FreeSWITCH configuration that it sometimes requires an external IP address for the BBB server, but since our server is in a private-subnet there is no external IP, but only an Elastic Load Balancer, which also has no IP address.

 

As a workaround I am planning to upgrade our Classic Elastic Load Balancer to a Network Elastic Load Balancer, which would allow me to assign it an external IP address, and then update FreeSWITCH configuration to point to the LB external IP address.

 

Since the load balancer is configured on our internal and external DNS, I can’t simply replace the LB, as it would take days to be updated, but it needs to be upgraded.

 

In my case, I don’t think a TURN sever would help, but please advise if I am wrong. I also read about the configuration of a dummy NIC, but again, I don’t think it would help me.

 

See some logs for further details:

 

 

systemctl status freeswitch.service

 

root@bbb:~# systemctl status freeswitch.service

● freeswitch.service - freeswitch

   Loaded: loaded (/lib/systemd/system/freeswitch.service; enabled; vendor preset: enabled)

   Active: failed (Result: start-limit-hit) since Tue 2019-09-17 15:43:36 UTC; 3min 11s ago

  Process: 18406 ExecStart=/opt/freeswitch/bin/freeswitch -u freeswitch -g daemon -ncwait $DAEMON_OPTS (c

 Main PID: 13127 (code=exited, status=0/SUCCESS)

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Control process exited, code=exited st

Sep 17 15:43:36 bbb.domain.com systemd[1]: Failed to start freeswitch.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Unit entered failed state.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Failed with result 'exit-code'.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Service hold-off time over, scheduling

Sep 17 15:43:36 bbb.domain.com systemd[1]: Stopped freeswitch.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Start request repeated too quickly.

Sep 17 15:43:36 bbb.domain.com systemd[1]: Failed to start freeswitch.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Unit entered failed state.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Failed with result 'start-limit-hit'.

 

 

 

journalctl -u freeswitch.service

root@bbb:~# journalctl -u freeswitch.service

-- Logs begin at Mon 2019-09-16 15:03:14 UTC, end at Tue 2019-09-17 15:57:09 UTC. --

Sep 16 15:03:18 bbb.domain.com systemd[1]: Starting freeswitch...

Sep 16 15:03:18 bbb.domain.com freeswitch[1216]: 1311 Backgrounding.

Sep 16 15:03:21 bbb.domain.com systemd[1]: Started freeswitch.

Sep 17 11:34:22 bbb.domain.com systemd[1]: Stopping freeswitch...

Sep 17 11:34:28 bbb.domain.com systemd[1]: Stopped freeswitch.

Sep 17 11:34:28 bbb.domain.com systemd[1]: Starting freeswitch...

Sep 17 11:34:28 bbb.domain.com freeswitch[13107]: 13127 Backgrounding.

Sep 17 11:34:31 bbb.domain.com systemd[1]: Started freeswitch.

Sep 17 15:43:29 bbb.domain.com systemd[1]: Stopping freeswitch...

Sep 17 15:43:35 bbb.domain.com systemd[1]: Stopped freeswitch.

Sep 17 15:43:35 bbb.domain.com systemd[1]: Starting freeswitch...

Sep 17 15:43:35 bbb.domain.com freeswitch[17848]: 17864 Backgrounding.

Sep 17 15:43:35 bbb.domain.com systemd[1]: freeswitch.service: Control process exited, code=exited st

Sep 17 15:43:35 bbb.domain.com systemd[1]: Failed to start freeswitch.

Sep 17 15:43:35 bbb.domain.com systemd[1]: freeswitch.service: Unit entered failed state.

Sep 17 15:43:35 bbb.domain.com systemd[1]: freeswitch.service: Failed with result 'exit-code'.

Sep 17 15:43:35 bbb.domain.com systemd[1]: freeswitch.service: Service hold-off time over, scheduling

Sep 17 15:43:35 bbb.domain.com systemd[1]: Stopped freeswitch.

Sep 17 15:43:35 bbb.domain.com systemd[1]: Starting freeswitch...

Sep 17 15:43:35 bbb.domain.com freeswitch[18315]: 18336 Backgrounding.

Sep 17 15:43:35 bbb.domain.com systemd[1]: freeswitch.service: Control process exited, code=exited st

Sep 17 15:43:35 bbb.domain.com systemd[1]: Failed to start freeswitch.

Sep 17 15:43:35 bbb.domain.com systemd[1]: freeswitch.service: Unit entered failed state.

Sep 17 15:43:35 bbb.domain.com systemd[1]: freeswitch.service: Failed with result 'exit-code'.

Sep 17 15:43:35 bbb.domain.com systemd[1]: freeswitch.service: Service hold-off time over, scheduling

Sep 17 15:43:35 bbb.domain.com systemd[1]: Stopped freeswitch.

Sep 17 15:43:35 bbb.domain.com systemd[1]: Starting freeswitch...

Sep 17 15:43:35 bbb.domain.com freeswitch[18382]: 18383 Backgrounding.

Sep 17 15:43:35 bbb.domain.com systemd[1]: freeswitch.service: Control process exited, code=exited st

Sep 17 15:43:35 bbb.domain.com systemd[1]: Failed to start freeswitch.

Sep 17 15:43:35 bbb.domain.com systemd[1]: freeswitch.service: Unit entered failed state.

Sep 17 15:43:35 bbb.domain.com systemd[1]: freeswitch.service: Failed with result 'exit-code'.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Service hold-off time over, scheduling

Sep 17 15:43:36 bbb.domain.com systemd[1]: Stopped freeswitch.

Sep 17 15:43:36 bbb.domain.com systemd[1]: Starting freeswitch...

Sep 17 15:43:36 bbb.domain.com freeswitch[18392]: 18397 Backgrounding.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Control process exited, code=exited st

Sep 17 15:43:36 bbb.domain.com systemd[1]: Failed to start freeswitch.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Unit entered failed state.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Failed with result 'exit-code'.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Service hold-off time over, scheduling

Sep 17 15:43:36 bbb.domain.com systemd[1]: Stopped freeswitch.

Sep 17 15:43:36 bbb.domain.com systemd[1]: Starting freeswitch...

Sep 17 15:43:36 bbb.domain.com freeswitch[18406]: 18412 Backgrounding.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Control process exited, code=exited st

Sep 17 15:43:36 bbb.domain.com systemd[1]: Failed to start freeswitch.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Unit entered failed state.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Failed with result 'exit-code'.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Service hold-off time over, scheduling

Sep 17 15:43:36 bbb.domain.com systemd[1]: Stopped freeswitch.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Start request repeated too quickly.

Sep 17 15:43:36 bbb.domain.com systemd[1]: Failed to start freeswitch.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Unit entered failed state.

Sep 17 15:43:36 bbb.domain.com systemd[1]: freeswitch.service: Failed with result 'start-limit-hit'.

 

 

Thanks in advance for your help.

 

Regards,

 

Patrizio

 

 

 

 

 

 

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/12467199-fe44-432d-a394-a0d148f3bf0f%40googlegroups.com.


--
BigBlueButton Developer
@bigbluebutton

Chad Pilkey

unread,
Sep 18, 2019, 3:38:38 PM9/18/19
to BigBlueButton-Setup
This part in particular is also not going to work:

Configured all FreeSWITCH config files to point to bbb.domain.com and not to the internal IP address.

Anything that was configured as an IP address needs to stay as an IP address.

On Wednesday, September 18, 2019 at 1:10:14 PM UTC-4, Fred Dixon wrote:
Hi Patrizio,

> EC2 instance:  t2.2xlarge (Variable ECUs, 8 vCPUs, 2.3 GHz, Intel Broadwell E5-2686v4, 32 GiB memory)

We don't have any experiences with the t2.2xlarge instances.  The variable CPU may cause you problems later on that manifest themselves as issues in the software (which are resulting from compressed CPU).

To give you a reference of a working BigBlueButton server on EC2, we would recommend setting up BigBlueButton on a C5.xlarge, see


with a hostname pointing to the public IP of the server.  The use bbb-install.sh setup the server using Let's Encrypt to generate the SSL certificate.

You may not use this server for production, but it will give you a reference of a working server that you can use to compare against your existing server.

> We registered our bbb.domain.com to point to an AWS Classic Elastic Load Balancer (which has no IP address), with a certificate from Amazon Certificate Manager.

You might be the first one who has tried this setup.  We recommend running BigBlueButton as a stand-alone, dedicated server.  You don't need any proxy in front of the server (which in itself may cause issues).  Is it an option for you to run your BigBluebButton server stand-alone?


Regards,... Fred


To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.

Patrizio Passeri

unread,
Sep 19, 2019, 6:50:05 AM9/19/19
to BigBlueButton-Setup
Hi Fred,
Thanks for your reply.
We're currently using a t2.2xlarge for our Proof of Concept, but we will be using a C5.xlarge in production. 

About the actual architecture, for security reasons I am not allowed to have a production EC2 instance in a public sub-net, therefore I'm stuck with a Load Balancer and an EC2 instance in a private sub-net with only a private IP address and no public IP. 

I'm considering upgrading to a Network Load Balancer from Classic LB as the NLB can be assigned to an Elastic IP address, which would solve the issue of not having an external IP for the instance. However, we had several issues configuring our DNS A record, therefore I can't create a new one (which would be quick on AWS), but I need to upgrade the one I have (which my break my current setup).

That's why I would like to know if assigning an IP address to a Load Balancer would solve my issue.

Regards,

Patrizio



On Wednesday, 18 September 2019 18:10:14 UTC+1, Fred Dixon wrote:
Hi Patrizio,

> EC2 instance:  t2.2xlarge (Variable ECUs, 8 vCPUs, 2.3 GHz, Intel Broadwell E5-2686v4, 32 GiB memory)

We don't have any experiences with the t2.2xlarge instances.  The variable CPU may cause you problems later on that manifest themselves as issues in the software (which are resulting from compressed CPU).

To give you a reference of a working BigBlueButton server on EC2, we would recommend setting up BigBlueButton on a C5.xlarge, see


with a hostname pointing to the public IP of the server.  The use bbb-install.sh setup the server using Let's Encrypt to generate the SSL certificate.

You may not use this server for production, but it will give you a reference of a working server that you can use to compare against your existing server.

> We registered our bbb.domain.com to point to an AWS Classic Elastic Load Balancer (which has no IP address), with a certificate from Amazon Certificate Manager.

You might be the first one who has tried this setup.  We recommend running BigBlueButton as a stand-alone, dedicated server.  You don't need any proxy in front of the server (which in itself may cause issues).  Is it an option for you to run your BigBluebButton server stand-alone?


Regards,... Fred


To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.

Patrizio Passeri

unread,
Sep 19, 2019, 6:51:53 AM9/19/19
to BigBlueButton-Setup
Hi Chad,
Thanks for your comment, but I haven't got an external IP address. 
Do you know if assigning an external IP address to my Load Balancer might solve this issue?

Fred Dixon

unread,
Sep 19, 2019, 7:11:12 AM9/19/19
to BigBlueButton-.
Hi Patrizio,

> That's why I would like to know if assigning an IP address to a Load Balancer would solve my issue.

We've not tried this configuration before.  It's worth giving it a shot, but we don't know if you'll be successful.  You will need to configure FreeSWITCH to bind to the external IP address of the load balancer, see



Regards,... Fred

To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.


--
BigBlueButton Developer
@bigbluebutton

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/9d5a4d9c-b748-4804-97aa-0d4e03fe0edc%40googlegroups.com.

Patrizio Passeri

unread,
Sep 19, 2019, 7:18:58 AM9/19/19
to BigBlueButton-Setup
Thanks Fred.

I think that's gonna be my next step. 
In the meantime I might get an EC2 on a public sub-net, just to check the configuration.
Regards,
Patrizio


On Thursday, 19 September 2019 12:11:12 UTC+1, Fred Dixon wrote:
Hi Patrizio,

> That's why I would like to know if assigning an IP address to a Load Balancer would solve my issue.

We've not tried this configuration before.  It's worth giving it a shot, but we don't know if you'll be successful.  You will need to configure FreeSWITCH to bind to the external IP address of the load balancer, see



Regards,... Fred
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.


--
BigBlueButton Developer
@bigbluebutton

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages