trouble setting up TLS/SSL with BBB: invalid number of arguments in "ssl_certificate" directive in /etc/nginx/sites-enabled/bigbluebutton:7
857 views
Skip to first unread message
Roger
Apr 13, 2017, 12:53:58 AM4/13/17
to BigBlueButton-dev
Please note that BBB was working fine before with HTTP, but now I have tried to set it up with HTTPS according to this link:
The problem now is that BBB will no longer startup. This is what I get from debug:
rmoore@Bach:~/dev/bigbluebutton/bigbluebutton-client$ sudo bbb-conf --debug
-- ERRORS found in /usr/share/red5/log/* --
/usr/share/red5/log/sip.log:2017-04-12 22:40:59,858-06:00 [Thread-11] ERROR o.b.voiceconf.sip.SipPeer - Failed to register with Sip Server.
-- Errors found in /var/log/nginx/error.log --
2017/04/12 22:40:12 [emerg] 11484#0: invalid number of arguments in "ssl_certificate" directive in /etc/nginx/sites-enabled/bigbluebutton:7
-- Exceptions found in /var/log/bigbluebutton --
/var/log/bigbluebutton/sanity.log.20170303:I, [2017-03-03T20:54:13.536797 #16978] INFO -- : 20:54:13.536 [FLVFinalizer#1488599650682] DEBUG n.s.e.config.ConfigurationHelper - No CacheExceptionHandlerFactory class specified. Skipping...
Please note that I am attempting to use a self-generated certificate (see https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04). This is basically what I have for my cert and key files:
rmoore@Bach:~/dev/bigbluebutton/bigbluebutton-client$ less /etc/nginx/ssl/tuberedu.org.crt
-----BEGIN CERTIFICATE-----
MIIEJzCCAw+gAwIBAgIJALf4MRiB7kgXMA0GCSqGSIb3DQEBCwUAMIGpMQswCQYD
//... elided
B9o/MBHy6LeqbDo712e2WSI3ipMK6xH+79bT25Jva/vvkaXzPccd/dfnoB330x+h
HsFtBWnIOeFwFNQ=
-----END CERTIFICATE-----
rmoore@Bach:~/dev/bigbluebutton/bigbluebutton-client$ less /etc/nginx/ssl/tuberedu.org.key
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUHwN/tqQX5/WZ
// ...elided
mOPp9y20ybtg9lXqfFR8I36ty4BR7frPxJoql3Y+yWIgP+7d20e1LmoXWngj1G5/
HmwXAYBXNKwnzknv6lOhIJ5N
-----END PRIVATE KEY-----
This is my output from clean and check:
rmoore@Bach:~/dev/bigbluebutton/bigbluebutton-client$ sudo bbb-conf --clean
# The following properties in /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties have no value:
# defaultWelcomeMessageFooter
# IP does not match:
# IP from ifconfig: 184.70.109.62
# /etc/nginx/sites-available/bigbluebutton: tuberedu.org
# Warning: API URL IPs do not match host:
#
# IP from ifconfig: 184.70.109.62
# /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp: tuberedu.org
Doing a restart of BigBlueButton and cleaning out all log files...
* Stopping daemon monitor monit [ OK ]
* Stopping Red5 Server red5 [ OK ]
* Stopping Tomcat servlet engine tomcat7 [ OK ]
Killing: 8021
* Stopping bbb-record-core
bbb-apps-akka stop/waiting
bbb-fsesl-akka stop/waiting
Cleaning Log Files ...
* nginx is not running
* Red5 Server is not running.
* Tomcat servlet engine is not running.
11380 Backgrounding.
Waiting for FreeSWITCH to start: ....................
* Starting Red5 Server red5
[ OK ]
* Starting Tomcat servlet engine tomcat7 [ OK ]
* Starting daemon monitor monit [ OK ]
Note: monit will automatically start bbb-record-core and LibreOffice within 60 seconds.
bbb-apps-akka start/running, process 11719
bbb-fsesl-akka start/running, process 11733
Waiting for BigBlueButton to finish starting up (this may take a minute): ......Startup unsuccessful: could not connect to http://tuberedu.org/bigbluebutton/api
rmoore@Bach:~/dev/bigbluebutton/bigbluebutton-client$
rmoore@Bach:~/dev/bigbluebutton/bigbluebutton-client$
rmoore@Bach:~/dev/bigbluebutton/bigbluebutton-client$ sudo bbb-conf --check
BigBlueButton Server 1.0.0 (1062)
Kernel version: 4.4.0-57-generic
Distribution: Ubuntu 14.04.5 LTS (64-bit)
Memory: 32067 MB
/var/www/bigbluebutton/client/conf/config.xml (bbb-client)
Port test (tunnel): tuberedu.org
Red5: tuberedu.org
useWebrtcIfAvailable: true
/opt/freeswitch/conf/sip_profiles/external.xml (FreeSWITCH)
websocket port: 5066
WebRTC enabled: true
/etc/nginx/sites-available/bigbluebutton (nginx)
server name: tuberedu.org
port: 80
port: 443 ssl
bbb-client dir: /home/rmoore/dev/bigbluebutton/bigbluebutton-client
/var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties (bbb-web)
bbb-web host: tuberedu.org
/var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp (API demos)
url: tuberedu.org
/var/www/bigbluebutton/check/conf/config.xml (client check)
client check: tuberedu.org
/usr/share/red5/webapps/bigbluebutton/WEB-INF/red5-web.xml (red5)
voice conference: FreeSWITCH
capture video: true
capture desktop: true
/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
playback host: tuberedu.org
** Potential problems described below **
# The following properties in /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties have no value:
# defaultWelcomeMessageFooter
# IP does not match:
# IP from ifconfig: 184.70.109.62
# /etc/nginx/sites-available/bigbluebutton: tuberedu.org
# Warning: API URL IPs do not match host:
#
# IP from ifconfig: 184.70.109.62
# /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp: tuberedu.org
# Not Running: Nginx
# Warning: nginx is not serving the client from /var/www/bigbluebutton/.
# Instead, it's being served from
#
# /home/rmoore/dev/bigbluebutton/bigbluebutton-client
#
# (This is OK if you have setup a development environment.)
# Error: The voice application failed to register with the sip server.
# Try running:
#
# sudo bbb-conf --clean
#
# Error: Could not connect to the configured hostname/IP address
#
#
# If your BigBlueButton server is behind a firewall, see FAQ.
# Error: Could not detect FreeSWITCH listening on port 5060
# Warning: The API demos are installed and accessible from:
#
#
# These API demos allow anyone to access your server without authentication
# to create/manage meetings and recordings. They are for testing purposes only.
# If you are running a production system, remove them by running:
#
# sudo apt-get purge bbb-demo
# Warning: The client self check is installed and accessible from:
#
#
# Error: Unable to reach default URL for presentation:
#
#
# Check value for beans.presentationService.defaultUploadedPresentation in
# /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
Does anyone have any suggestions? TIA.
Roger
Apr 13, 2017, 1:24:09 AM4/13/17
to BigBlueButton-dev
OK, found I was missing a couple semi-colons at the end of these lines, but BBB is still not running:
ssl_certificate /etc/nginx/ssl/tuberedu.org.crt;
ssl_certificate_key /etc/nginx/ssl/tuberedu.org.key;
Roger
Apr 13, 2017, 1:35:08 AM4/13/17
to BigBlueButton-dev
OK, fixed a couple errors, but now I'm getting an java null pointer exception (see attachment) and it is still giving me errors like this when I try a clean:
# Error: Could not detect FreeSWITCH listening on port 5060
# Error: Unable to reach default URL for presentation:
#
#
# Check value for beans.presentationService.defaultUploadedPresentation in
# /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
On Wednesday, April 12, 2017 at 10:53:58 PM UTC-6, Roger wrote:
Chad Pilkey
Apr 13, 2017, 11:29:14 AM4/13/17
to BigBlueButton-dev
Tomcat doesn't like self-signed certificates so you're going to hit a wall when you try to load up the client. If your server is public you can use Let'sEncrypt to create a legitimate certificate. We even have a specific section in the install steps for using Let'sEncrypt http://docs.bigbluebutton.org/1.1/install.html#using-lets-encrypt
Roger Moore
Apr 13, 2017, 7:19:24 PM4/13/17
to bigblueb...@googlegroups.com
Great, thanks, I'm not a lawyer so I just want to make sure I get this right--is a public server one that lets anybody access it who wants to and that has all the source code on it published to a freely available source on the web like github or sourceforge?
--
You received this message because you are subscribed to a topic in the Google Groups "BigBlueButton-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/bigbluebutton-dev/YyoktHvcmHo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to bigbluebutton-dev+unsubscribe@googlegroups.com.
To post to this group, send email to bigbluebutton-dev@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-dev.
For more options, visit https://groups.google.com/d/optout.
Roger Moore
Apr 13, 2017, 8:49:09 PM4/13/17
to bigblueb...@googlegroups.com
Yes, that fixed it, thank you!
Chad Pilkey
Apr 17, 2017, 12:00:03 PM4/17/17
to BigBlueButton-dev
I just meant a server with a public IP. You can't use Let's Encrypt with a private IP like 192.168.x.x.
To unsubscribe from this group and all its topics, send an email to bigbluebutton-...@googlegroups.com.
To post to this group, send email to bigblueb...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages