The action cannot be completed. Please try again [bbb v2.7.13]

330 views
Skip to first unread message

Adrián Pérez Aguilar

unread,
Sep 23, 2024, 5:31:32 AM9/23/24
to BigBlueButton-dev

Hello BBB community,

I've deployed a BigBlueButton Server 2.7.13 in a private network to have a fully controlled environment. We have a lab where we want to install BigBlueButton to perform 5G performance tests on the BBB application.

I'm not an expert on BBB, but what I did was install version 2.7.13 of BBB by running the following command: ./bbb-install.sh -v focal-270 -g -s <domain> -e <email> -w -k -x. Prior to that, I created the CA certificate since we're not using a public IP, and the Let's Encrypt tool cannot reach us.


Until here, everything was going fine:
root@morse-bbb-exp:/home/morse# bbb-conf --status
nginx ————————————————————————► [✔ - active]
freeswitch ———————————————————► [✔ - active]
redis-server —————————————————► [✔ - active]
bbb-apps-akka ————————————————► [✔ - active]
bbb-fsesl-akka ———————————————► [✔ - active]
mongod ———————————————————————► [✔ - active]
bbb-html5 ————————————————————► [✔ - active]
bbb-html5-backend@1 ——————————► [✔ - active]
bbb-html5-backend@2 ——————————► [✔ - active]
bbb-html5-frontend@1 —————————► [✔ - active]
bbb-html5-frontend@2 —————————► [✔ - active]
bbb-webrtc-sfu ———————————————► [✔ - active]
bbb-webrtc-recorder ——————————► [✔ - active]
kurento-media-server —————————► [✔ - active]
etherpad —————————————————————► [✔ - active]
bbb-web ——————————————————————► [✔ - active]
bbb-pads —————————————————————► [✔ - active]
bbb-export-annotations ———————► [✔ - active]
bbb-rap-caption-inbox ————————► [✔ - active]
bbb-rap-resque-worker ————————► [✔ - active]
bbb-rap-starter ——————————————► [✔ - active]

root@morse-bbb-exp:/home/morse# bbb-conf --check

BigBlueButton Server 2.7.13 (767)
                    Kernel version: 5.15.0-122-generic
                      Distribution: Ubuntu 20.04.6 LTS (64-bit)
                            Memory: 16373 MB
                         CPU cores: 4

/etc/bigbluebutton/bbb-web.properties (override for bbb-web)
/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties (bbb-web)
       bigbluebutton.web.serverURL: https://bbb.uma.internal
                defaultGuestPolicy: ALWAYS_ACCEPT
              defaultMeetingLayout: CUSTOM_LAYOUT

/etc/nginx/sites-available/bigbluebutton (nginx)
                       server_name: bbb.uma.internal
                              port: 80, [::]:80127.0.0.1:82 http2 proxy_protocol, [::1]:82 http2127.0.0.1:81 proxy_protocol, [::1]:81

/opt/freeswitch/etc/freeswitch/vars.xml (FreeSWITCH)
                       local_ip_v4: 10.11.23.218
                   external_rtp_ip: 10.11.23.218
                   external_sip_ip: 10.11.23.218

/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml (FreeSWITCH)
                        ext-rtp-ip: $${local_ip_v4}
                        ext-sip-ip: $${local_ip_v4}
                        ws-binding: 10.11.23.218:5066
                       wss-binding: 10.11.23.218:7443

UDP port ranges

                        FreeSWITCH: 16384-24576
                           kurento: 24577-32768
                    bbb-webrtc-sfu: 24577-32768
                    bbb-webrtc-recorder: 24577-32768

/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
                     playback_host: bbb.uma.internal
                 playback_protocol: https
                            ffmpeg: 4.2.7-0ubuntu0.1

/usr/share/bigbluebutton/nginx/sip.nginx (sip.nginx)
                        proxy_pass: 10.11.23.218
                          protocol: https

/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (bbb-webrtc-sfu)
/etc/bigbluebutton/bbb-webrtc-sfu/production.yml (bbb-webrtc-sfu - override)
    mediasoup.webrtc.*.announcedIp: 10.11.23.218
  mediasoup.plainRtp.*.announcedIp: 10.11.23.218
                        kurento.ip: 10.11.23.218
                       kurento.url: ws://127.0.0.1:8888/kurento
                 freeswitch.sip_ip: 10.11.23.218
                  recordingAdapter: Kurento
               recordScreenSharing: true
                     recordWebcams: true
                  codec_video_main: VP8
               codec_video_content: VP8

/etc/bbb-webrtc-recorder/bbb-webrtc-recorder.yml (bbb-webrtc-recorder)
/etc/bigbluebutton/bbb-webrtc-recorder.yml (bbb-webrtc-recorder - override)
               debug: false
               recorder.directory: /var/lib/bbb-webrtc-recorder

/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)
/etc/bigbluebutton/bbb-html5.yml (HTML5 client config override)
                             build: 350
                        kurentoUrl: wss://bbb.uma.internal/bbb-webrtc-sfu
            defaultFullAudioBridge: fullaudio
           defaultListenOnlyBridge: fullaudio
                    sipjsHackViaWs: true


Then I was able to reach the BBB domain (the BBB webpage) without any errors. I created an account to access it. However, after logging in, I tried to create a room but encountered the error: "The action can't be completed. Please try again."
 
In the console web interface, I can see the following messages once I click on the join button: 
bbb-error.png

I tried the solution posted here but it didn't work. 
I also checked the log in  /var/log/haproxy.log. And there I could see "SSL handshake failure".

Regarding the certificates, I created it by using "sudo openssl x509 -req -days 365 -in /local/certs/cert.csr -signkey /local/certs/privkey.pem -out /local/certs/fullchain.pem". I also added the fullchain.pem into the folder as (.crt) /usr/local/share/ca-certificates/bbb.crt

Also I added the lines:
  - ssl_certificate /local/certs/fullchain.pem;
  - ssl_certificate_key /local/certs/privkey.pem;
in the file /etc/nginx/sites-enabled/bigbluebutton

Do you know where the error may be?

Jean Pluzo

unread,
Sep 24, 2024, 4:17:32 AM9/24/24
to BigBlueButton-dev
Hola Adrian,

if you created self-signed certificates, the next step would be to put your CA (certificate authority) in your browser, otherwise the browser doesn't know who signed the certificate and will reject the connection.
Have you done this?

Regards,
J.

Adrián Pérez Aguilar

unread,
Sep 24, 2024, 4:57:03 AM9/24/24
to BigBlueButton-dev

HolaJean,

First of all, thank you very much for considering fixing this issue. I was finally able to resolve the "SSL handshake failure" by following this guide (which I highly recommend for anyone looking to set up a local deployment).

Now, I'm trying to access the BigBlueButton webpage from a Windows 10 PC, but I'm unable to get it to run in "secure mode":

Captura de pantalla 2024-09-24 104324.png1.png

I created the certificates using the following commands:  
  • openssl req -x509 -newkey rsa:4096 -keyout privkey.pem -out fullchain.pem -sha256 -days 3650 -nodes -subj "/C=<XX>/ST=<city>/L=<city>/O=<XXX>/OU=<XXX>/CN=<bb.example.com>"
  • where all parameters within "<>" are configured based on our setup (CN corresponds to the domain name).  

From what I've read, to establish secure connectivity between my Windows 10 PC and the BBB server, I should simply copy the fullchain.pem file to the Windows 10 machine as .crt and install it. However, for some reason, it doesn't establish a secure connection.

I'm not sure if it's an issue with openssl or something else, but I've tried it with the mkcert tool before and it worked.

If possible, I would like to know how to establish secure connectivity between both machines using self-signed certificates.

Thank you in advance,

BR

Reply all
Reply to author
Forward
0 new messages