BBB over HTTPS Setup

[Orson Kwan]

Hi everyone,

I'm having some trouble with figuring out how to setup BBB to
communicate via HTTPS.
I've so far managed to have the main default homepage to display on
HTTPS, but I'm not sure how to configure the Red5 files to support
transmission via SSL.

At this current point, I get a java.lang.NullPointerException with the
JSP files, and I believe this is because I haven't setup Red5 properly
to support SSL. I have followed this guide: http://gregoire.org/2008/05/26/rtmps-in-red5/
and I still haven't quite figured out even just displaying the default
Red5 homepage via SSL on https://localhost:8443/ This guide doesn't
suggest it, but I am thinking maybe I need to setup SSL on the Tomcat
servlet as well? Let me know if I'm going down the wrong path.

Any help would be appreciated! Thanks.

Orson

[Orson Kwan]

After some browsing, my error is essentially the one mentioned here:
http://groups.google.com/group/bigbluebutton-setup/browse_thread/thread/d0ab5faea1067835?pli=1
.

I get this attribute list:

Attribute List
javax.servlet.forward.request_uri /bigbluebutton/demo/demo1.jsp
javax.servlet.forward.context_path /bigbluebutton
javax.servlet.forward.servlet_path /demo/demo1.jsp
javax.servlet.forward.query_string username=test&action=create
javax.servlet.error.servlet_name jsp
urlMapping.FILTERED true
charEncodingFilter.FILTERED true
org.codehaus.groovy.grails.CONTROLLER_NAME_ATTRIBUTE demo
javax.servlet.error.request_uri /bigbluebutton/demo/demo1.jsp
securityContextFilter.FILTERED true
grailsWebRequest.FILTERED true
javax.servlet.jsp.jspException java.lang.NullPointerException
javax.servlet.error.status_code 500
org.codehaus.groovy.grails.ACTION_NAME_ATTRIBUTE demo1.jsp
com.opensymphony.sitemesh.APPLIED_ONCE true
javax.servlet.error.exception java.lang.NullPointerException
org.codehaus.groovy.grails.WEB_REQUEST ServletWebRequest: uri=/
bigbluebutton/demo/
demo1.jsp;client=127.0.0.1;session=35A9604DDACB351250642836422B4A98


The thing is, if I have BBB set on port 80, everything seems to work
fine. It is just when I change it to HTTPS (443) I get the mentioned
above error.
I have edited the URL in bigbluebutton.properties to be https, and
created a new security salt that matches both files (with
bbb_api_conf.jsp) too.

In running bbb-conf --check I get this:
/var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/
bigbluebutton.properties (bbb-web)
bbb-web host:

which is blank. I also get potential problems, because the IP from
ifconfig is an IP address, while I have set the server_name to be a
domain name I don't think this is relevant to the issue, but maybe
worth mentioning?

I think it is probably some setting I missed. Thanks!

Orson

[Orson Kwan]

I hope you guys don't mind me documenting my progress here - it might
help someone else out there in the future. :)

Upon browsing the error logs, I noticed these:
"*10 open() "/var/www/nginx-default/bigbluebutton/api/create" failed
(2: No such file or directory)" with the request: "GET /bigbluebutton/
api/create?name=Demo+Meeting&meetingID=Demo
+Meeting&attendeePW=ap&moderatorPW=mp&voiceBridge=74829&checksum=605036f3c89c98e557e345ca2e3f7c6e5b149f43
HTTP/1.1"

*6 open() "/var/www/nginx-default/bigbluebutton/api/create" failed (2:
No such file or directory), with the request: "GET /bigbluebutton/api/
create?name=Demo+Meeting&meetingID=Demo
+Meeting&attendeePW=ap&moderatorPW=mp&voiceBridge=74829&checksum=605036f3c89c98e557e345ca2e3f7c6e5b149f43
HTTP/1.1",

I am assuming that the client/host values are correct, as this works
on normal HTTP (port 80). So let me know if there is anything I can
take from the above errors from my logs.

I have fixed the above error with reinstalling BBB with the blank
value for bbb-webhost when I run bbb-conf --check.

Thanks in advance,
Orson

[Denis Zgonjanin]

I don't think we've ever tried running bbb over rtmps. You might be the first to try it. Document it here as you make progress, and if you succeed that'd be great - we'll turn it into a tutorial :)

- Denis

Orson

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To post to this group, send email to bigbluebu...@googlegroups.com.
To unsubscribe from this group, send email to bigbluebutton-s...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/bigbluebutton-setup?hl=en.

[Fred Dixon]

Hi Orson,

As Denis said, your going down an uncharted road, but you should be able to complete the journey.

Your basically looking for places where http has been hardcoded into the BigBlueButton configuration files.  bbb-conf here is your friend, as it already knows how to update the bigbluebutton configuration files with a new IP.  Look at the code for bbb-conf to see how it implements --setip and you'll see all the configuration files that have URLs pointing to a specific IP.  

You can try changing entries from http to https and that should get you further along.

Regards,... Fred

[Orson Kwan]

Thanks for the tips - I've tried changing all the http entries in the
files mentioned to https.

It still comes up with the same error, so would looking at setting up
BBB over RTMPS should be the direction I should be heading in?
The tutorials aren't that clear on how it is setup, so I will give it
a go, and document here if I make any progress.

Also, what is the usual cause of that error? Is it something to do
with the URL being parsed to the *.jsp files?

On Sep 8, 11:50 am, Fred Dixon <ffdi...@gmail.com> wrote:
> Hi Orson,
>
> As Denis said, your going down an uncharted road, but you should be able to
> complete the journey.
>
> Your basically looking for places where http has been hardcoded into the
> BigBlueButton configuration files.  bbb-conf here is your friend, as it
> already knows how to update the bigbluebutton configuration files with a new
> IP.  Look at the code for bbb-conf to see how it implements --setip and
> you'll see all the configuration files that have URLs pointing to a specific
> IP.
>
> You can try changing entries from http to https and that should get you
> further along.
>
> Regards,... Fred
>

> On Tue, Sep 7, 2010 at 9:20 PM, Denis Zgonjanin <deniszgonja...@gmail.com>wrote:
>
> > I don't think we've ever tried running bbb over rtmps. You might be the
> > first to try it. Document it here as you make progress, and if
> > you succeed that'd be great - we'll turn it into a tutorial :)
>
> > - Denis
>

> >> bigbluebutton-s...@googlegroups.com<bigbluebutton-setup%2Bunsu...@googlegroups.com>
> >> .

> >> For more options, visit this group at
> >>http://groups.google.com/group/bigbluebutton-setup?hl=en.
>
> >  --
> > You received this message because you are subscribed to the Google Groups
> > "BigBlueButton-Setup" group.
> > To post to this group, send email to bigbluebu...@googlegroups.com.
> > To unsubscribe from this group, send email to

> > bigbluebutton-s...@googlegroups.com<bigbluebutton-setup%2Bunsu...@googlegroups.com>
> > .

[Orson Kwan]

I finally was able to setup SSL on the Red5 server, that is I can
access https://localhost:8443/ with the certificate working fine
without any SSL problems.
I have also changed the rtmp:// to rtmps:// in the config.xml file -
but I still seem to get that same error with the null pointer
exception.
Am I missing a file where I should be editing? Either RTMP/RTMPS or
HTTP/HTTPS?

I have edited the following files so far:
bbb_api_conf.jsp
bigbluebutton.properties
config.xml

Any suggestions would be welcome. Thanks.

Orson

[Jan]

Hello,

Thanks for posting your progress. I'm also trying to setup BBB with an
ssl connection. Local connections on the server itself may be open,
but all connections from the client to the server should be running
over ssl. I managed to get the basic BBB up and running with nginx as
SSL proxy. Deskshare and presentation upload is not working the way it
should. And I also couldn't check the webcam since i do not have one
here.

I'll try to summarize my steps below. Hope I don't forget anything :)
had been playing around with the config files for quite a while. First
time that I'm using nginx, red5 or tomcat.. :)

(replace IP and domain with correct values.. xx.xx.xx.xx,
conference.domain.com used as placeholders)

1) set up an ssl proxy in nginx:
/etc/nginx/sites-available/bigbluebutton

# forwarding http to https
# to make sure https is used as default
server {
add_header Cache-Control public;
access_log /var/log/nginx/bigbluebutton-http.access.log;
error_log /var/log/nginx/bigbluebutton-http.error.log;
expires 90d;
listen 80;
root /var/empty;
server_name xx.xx.xx.xx conference.domain.com;
add_header Strict-Transport-Security max-age=2592000;
location / {
if ($host ~* ^(xx\.xx\.xx\.xx|conference\.domain\.com)
$ ){
rewrite ^/(.*)$ https://conference.domain.com/$1
permanent;
}
return 444;
}
}


# ssl proxy for http
# (i changed the http servers default port from 80 to 60080)
server {
listen 443 default ssl;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
server_name xx.xx.xx.xx conference.domain.com;
access_log /var/log/nginx/bigbluebutton.proxy.access.log;
error_log /var/log/nginx/bigbluebutton.proxy.error.log;
location / {
proxy_pass http://127.0.0.1:60080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect default;
include fastcgi_params;
}
}

2) I used the create.jsp demo as basis and replaced http:// with https://

3) changes to bbb_api_conf.jsp:
BBB URL to https://conference...

4) changes to bbb_api.jsp:
This is what helped me to get past the null pointer exception.
change the following methods to use http://localhost:8080/bigbluebutton/
instead of the BigBlueButtonURL parameter:
getJoinURL()
isMeetingRunning()
endMeeting()
Since those are local connections, I don't mind the missing
encryption.

5) changes to config.xml:
replaced all http with https://conference...
replaced all rtmp with rtmps://xx.xx.xx.xx

Somehow using the domain instead of the IP for rtmps did not work. The
client says that all modules were loaded 100%, but the conference
itself did not start. But I'd guess that is a problem with my nginx
forwarding.

6) red5 .. bigbluebutton.properties
this should be: ami.host = 127.0.0.1
(but i think that was the standard value..? )


With that, the basic conference started and people were able to join.
Now I'm stuck with these problems: Trying to upload a presentation
results in an IOError #2038, which seems to be a very generic error
generated by flash. The deskshare is working, but as far as I could
tell, no encryption is used. I guess for that the applet needs to be
changed...?

Hope this helps a bit. Will post when I find out more. Any tips
regarding the presentation upload (or security problems i might have
caused..) would be very welcome :)

Thanks!

Jan

On 9 Sep., 08:43, Orson Kwan <orson.k...@gmail.com> wrote:
> I finally was able to setup SSL on the Red5 server, that is I can

> accesshttps://localhost:8443/with the certificate working fine

> > > >> +Meeting&attendeePW=ap&moderatorPW=mp&voiceBridge=74829&checksum=605036f3c8­9c98e557e345ca2e3f7c6e5b149f43

> > > >> HTTP/1.1"
>
> > > >> *6 open() "/var/www/nginx-default/bigbluebutton/api/create" failed (2:
> > > >> No such file or directory), with the request: "GET /bigbluebutton/api/
> > > >> create?name=Demo+Meeting&meetingID=Demo
>

> > > >> +Meeting&attendeePW=ap&moderatorPW=mp&voiceBridge=74829&checksum=605036f3c8­9c98e557e345ca2e3f7c6e5b149f43

> > > >> HTTP/1.1",
>
> > > >> I am assuming that the client/host values are correct, as this works
> > > >> on normal HTTP (port 80). So let me know if there is anything I can
> > > >> take from the above errors from my logs.
>
> > > >> I have fixed the above error with reinstalling BBB with the blank
> > > >> value for bbb-webhost when I run bbb-conf --check.
>
> > > >> Thanks in advance,
> > > >> Orson
>
> > > >> --
> > > >> You received this message because you are subscribed to the Google Groups
> > > >> "BigBlueButton-Setup" group.
> > > >> To post to this group, send email to bigbluebu...@googlegroups.com
> > > >> .
> > > >> To unsubscribe from this group, send email to

> > > >> bigbluebutton-s...@googlegroups.com<bigbluebutton-setup%2Bunsu­bsc...@googlegroups.com>

> > > >> .
> > > >> For more options, visit this group at
> > > >>http://groups.google.com/group/bigbluebutton-setup?hl=en.
>
> > > >  --
> > > > You received this message because you are subscribed to the Google Groups
> > > > "BigBlueButton-Setup" group.
> > > > To post to this group, send email to bigbluebu...@googlegroups.com.
> > > > To unsubscribe from this group, send email to

> > > > bigbluebutton-s...@googlegroups.com<bigbluebutton-setup%2Bunsu­bsc...@googlegroups.com>

[Jan]

Hi,

seems like the self-signed certificate caused a problem with the
presentation upload. After changing it, the presentation is sent
(through https on the server's port 443), but as soon as 100% are
reached the IOError 2038 occurs. I don't really know where to go next.
I didn't see any error messages except for the IOError in the log
files. The folder /var/bigbluebutton is rw accessible for all but
stays empty. Are there any other config files with hard-coded links
than the ones mentioned in the posts above?

Thank you very much in advance for any suggestions!

Jan

>                         rewrite ^/(.*)$https://conference.domain.com/$1

> permanent;
>                 }
>                 return 444;
>         }
>
> }
>
> # ssl proxy for http
> # (i changed the http servers default port from 80 to 60080)
> server {
>         listen 443 default ssl;
>         ssl_certificate /etc/nginx/ssl/server.crt;
>         ssl_certificate_key /etc/nginx/ssl/server.key;
>         server_name  xx.xx.xx.xx conference.domain.com;
>         access_log  /var/log/nginx/bigbluebutton.proxy.access.log;
>         error_log  /var/log/nginx/bigbluebutton.proxy.error.log;
>         location / {

>                 proxy_passhttp://127.0.0.1:60080;

>                 proxy_set_header Host $host;
>                 proxy_set_header X-Real-IP $remote_addr;
>                 proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
>                 proxy_set_header X-Forwarded-Proto https;
>                 proxy_redirect default;
>                 include    fastcgi_params;
>         }
>
> }
>
> 2) I used the create.jsp demo as basis and replaced http:// with https://
>
> 3) changes to bbb_api_conf.jsp:

> BBB URL tohttps://conference...

>
> 4) changes to bbb_api.jsp:
> This is what helped me to get past the null pointer exception.

> change the following methods to usehttp://localhost:8080/bigbluebutton/

> instead of the BigBlueButtonURL parameter:
> getJoinURL()
> isMeetingRunning()
> endMeeting()
> Since those are local connections, I don't mind the missing
> encryption.
>
> 5) changes to config.xml:

> replaced all http withhttps://conference...

> replaced all rtmp with rtmps://xx.xx.xx.xx
>
> Somehow using the domain instead of the IP for rtmps did not work. The
> client says that all modules were loaded 100%, but the conference
> itself did not start. But I'd guess that is a problem with my nginx
> forwarding.
>
> 6) red5 .. bigbluebutton.properties
> this should be: ami.host = 127.0.0.1
> (but i think that was the standard value..? )
>
> With that, the basic conference started and people were able to join.
> Now I'm stuck with these problems: Trying to upload a presentation
> results in an IOError #2038, which seems to be a very generic error
> generated by flash. The deskshare is working, but as far as I could
> tell, no encryption is used. I guess for that the applet needs to be
> changed...?
>
> Hope this helps a bit. Will post when I find out more. Any tips
> regarding the presentation upload (or security problems i might have
> caused..) would be very welcome :)
>
> Thanks!
>
> Jan
>
> On 9 Sep., 08:43, Orson Kwan <orson.k...@gmail.com> wrote:
>
>
>
> > I finally was able to setup SSL on the Red5 server, that is I can

> > accesshttps://localhost:8443/withthe certificate working fine

[Scott]

Jan,

did you get things worked out yet? Just curious, as I'm starting to work on getting bigblue working with an SSL cert  - in reading the above, you didn't touch the nginx.conf file? Strictly bigbluebutton in /etc/nginx/sites-available?
Why the change in port 80 to 60080? On a stand alone server, this wouldn't be necessary, correct? (if any question sounds lame, it's because this is my first time dealing with any type of ssl cert)

Anyone else ever make any leeway in getting bigblue secure?

[Jan]

Hi Scott,

sadly I got stuck at the IOError 2038 problem.
Am pretty sure that I didn't change the nginx.conf file. /etc/nginx/
sites-available/bigbluebutton and the different .jsp files seemed to
be the most important ones. But I didn't (and still don't) have much
experience with nginx...
Changing port 80 to something else isn't necessary I guess. Was just
experimenting a little trying to understand the whole structure of
bbb.

[Scott]

Jan,

Thanks for the reply.. I'll be working on this, as we just got our cert back this week..for your certs, did you use a .pem or .crt? Seems I've seen both being used with nginx...

[HostBBB.com]

Scott, Jan

Did anyone ever get this working?

regards,
Stephen
hostbbb.com

[Scott]

Stephen,

Not yet---currently only have our login page going through https - once authenticated, I redirect all users back to http....not the best setup, but at least it encrypts the login information being sent to ldap.

Figured I would revisit making all of bigblue secure once .80 is officially released (for recording video and such) - however, I would like to hear if you make any leeway!

[Steve]

Looking forward to seeing how this turns out. I'd really like to get
all BBB traffic going through SSL as well. Does anybody know when .80
might be released?

[Joystick[FI]]

At the moment this is the solution that works for me :

- Changed nginx listen port to 467, modified client and bbb-web conf
files
- Installed Apache to work ad SSL-reverse-proxy server listening on
443 and redirect traffic to localhost:467.

Not best solution because all http traffic goes thru https but rtmp
traffic not, but it works.

Marco

[Sebastian]

Hi,

did someone in the meantime had success in getting BBB completely
behind SSL?
I'm new to BBB, and also new to nginx/tomcat/red5. Got nginx to talk
to me via https, and but then got stuck on the rest. I also ran into
the Null Pointer Exception first, I'm now stuck with the flash
connecting to the server after login.


Sebastian

[jonas]

Hi,

is there any progress on getting BBB to run over HTTPS? The server I am trying to set up is is an environment were http connections are not allowed (i.e. port 80 is blocked) but https is.

As a first step, I tried to change the port of BBB, but I keep running into the NullPointerExection in getJoinUrl of bbb_api.jsp.

I understand that changing the port is not recommendet, but I see not alternative in my case. 

The problem appears to be that the doc Variable is still NULL, even though the parseXML call (~line 196) apparently does not cause an exception.

Retrieving the "url" variable (~line 193) with wget succeeds and the return code in that file is even SUCCESS.

Also the value returned by postURL(url,xml_params).toString() starts with SUCCESS

Still I get a NullPointer exception when doc.getElementsByTagName("returncode").item(0).getTextContent().trim().equals("SUCCESS") is called (~line 201).

Any Ideas or hints?

thanks a lot

jonas

[Richard Alam]

On Wed, Jun 20, 2012 at 2:28 PM, jonas <jonas....@googlemail.com> wrote:
> Hi,
>
> is there any progress on getting BBB to run over HTTPS? The server I am
> trying to set up is is an environment were http connections are not allowed
> (i.e. port 80 is blocked) but https is.
> As a first step, I tried to change the port of BBB, but I keep running into
> the NullPointerExection in getJoinUrl of bbb_api.jsp.

Check your salt in bbb-api-conf.jsp and
/var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties.

Make sure they are the same.

Richard

> I understand that changing the port is not recommendet, but I see not
> alternative in my case.
>
> The problem appears to be that the doc Variable is still NULL, even though
> the parseXML call (~line 196) apparently does not cause an exception.
> Retrieving the "url" variable (~line 193) with wget succeeds and the return
> code in that file is even SUCCESS.
> Also the value returned by postURL(url,xml_params).toString() starts with
> SUCCESS
>
> Still I get a NullPointer exception when
> doc.getElementsByTagName("returncode").item(0).getTextContent().trim().equals("SUCCESS")
> is called (~line 201).
>
> Any Ideas or hints?
>
> thanks a lot
> jonas
>

> --
> You received this message because you are subscribed to the Google Groups
> "BigBlueButton-Setup" group.

> To view this discussion on the web visit
> https://groups.google.com/d/msg/bigbluebutton-setup/-/1sOIU8d8ZKYJ.

>
> To post to this group, send email to bigbluebu...@googlegroups.com.
> To unsubscribe from this group, send email to

> bigbluebutton-s...@googlegroups.com.

> For more options, visit this group at
> http://groups.google.com/group/bigbluebutton-setup?hl=en.



--

-----
BigBlueButton Developer
http://www.bigbluebutton.org
http://code.google.com/p/bigbluebutton

[jonas]

Hi Richard,

thanks for the quick reply. The salts are identical. Shouldn't an incorrect salt cause the result of the postURL call to be FAILED and not SUCCESS?

Of course I might be wrong with interpreting the code, as I did not have much time yet to study it in detail.

jonas

[jonas]

ok, currently I do not the the nullpointer exception anymore. But its still not working, which leaves the main question whether there has been any progress on getting BBB over htpps to fully work

thanks

jonas

[Fred Dixon]

Hi Jonas,

While its not the answer you may want to hear, so far, we (the core developers) have not done any work have the BigBlueButton client to communicate securely with the BigBlueButton server.  See

   http://code.google.com/p/bigbluebutton/wiki/FAQ#Can_I_provide_secure_access_to_BigBlueButton_? 

Regards,... Fred

-- 
BigBlueButton Developer

http://bigbluebutton.org/
http://code.google.com/p/bigbluebutton

BigBlueButton on twitter: @bigbluebutton

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.

To view this discussion on the web visit https://groups.google.com/d/msg/bigbluebutton-setup/-/4qLsbheDMsMJ.

[Marc Matthes]

Jonas was wondering if you have ever gotten the SSL for BBB figured out and created a play of how you did that?

[Rob Dyke]

I've got a few helper scripts for HTTPS support in here: https://github.com/robdyke/bigbluebutton