BBB behind NGINX Proxy for Multi-Tenancy - UDP Issues

[AB]

I have a scenario where I am trying to deploy BBB on a virtual machine in a multi-tenancy environment with one ingress IP and about 10 other VMs with various sites and services running. 

By default, all inbound connections are running through NGINX to reverse proxy connections to the appropriate internal VM/Server based on URL, thereby routing traffic to each appropriate VM/Server. I've been able to successfully get the HTTPS portion of it working, but am stuck on audio, where despite forwarding all UDP 16xxx-32xxx traffic over to the BBB server via NGINX, it keeps getting stuck in a audio reconnection loop. 

Has anyone been able to successfully use NGINX Community Edition as a reverse proxy for BBB? If so, can you please share your wisdom on how you configured the setup and the specifics/considerations?

Thank you!  

[basisbit]

Hello A B,

this is a not supported use case. We suggest not further trying this approach, because it does not scale well (especially regarding traffic per second, ephemeral port exhaustion, DDoS-protection and quality of the service) and thus causes frustration for you and also especially for the users of the service.

Instead, we strongly suggest getting one IPv4 address and one subdomain for each BigBlueButton server.

To achieve a multitenancy setup with "nice" domains, instead only proxy http traffic through your bottleneck nginx reverse proxy, and have the audio and video RTC traffic still go directly to the specific BBB servers and not through the http proxy. As far as I know, people from https://infra.run/ are currently working to get such a setup more easily to work with BBB 2.6. You might want to ask them for any details and how far progress on this is, if you are interested in this.

[Daniel Schreiber]

Hi,

if you want multiple BBB servers appear behind a single hostname, see
the setup instructions:
https://docs.bigbluebutton.org/admin/clusterproxy.html

Each BBB server needs its own public IP address and DNS entry. You may
run the nginx reverse proxy on one of the BBB servers but it might make
sense to have a pair of two nginx proxies in a HA setup.

This setup works with BBB starting from BBB 2.4. We run this in
production since the release of BBB 2.4, currently with 2.5.

As basisbit pointed out you cannot share a single public IP for multiple
BBB servers but the cluster proxy setup makes multiple BBB servers
appear as a single host to the client.

Regards,

Daniel

Am 08.01.23 um 19:41 schrieb basisbit:

> --
> You received this message because you are subscribed to the Google
> Groups "BigBlueButton-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to bigbluebutton-...@googlegroups.com
> <mailto:bigbluebutton-...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/bigbluebutton-dev/ecea120d-4291-4c98-aa19-269d8a256dd6n%40googlegroups.com <https://groups.google.com/d/msgid/bigbluebutton-dev/ecea120d-4291-4c98-aa19-269d8a256dd6n%40googlegroups.com?utm_medium=email&utm_source=footer>.