BigBlueButton Behind a Firewall AND webserver
1,225 views
Skip to first unread message
Alvaro Andres
Jan 4, 2011, 5:54:19 PM1/4/11
to BigBlueButton-Setup
Hi
I´ve already posted this in another discussion, maybe was not the best
place to do it so i started this new one, i have a BBB server behind a
Firewall (endian) and have already done the steps mentioned by Fred in
this link to provide acces to the necesary ports so BB works fine
http://www.google.com/url?sa=D&q=http://code.google.com/p/bigbluebutton/wiki/FAQ%23Can_I_provide_external_access_to_a_BigBlueButton_server_behind_m&usg=AFQjCNHzXh20DTDX2kW_ypd3xllqbAA9nA
So far so good ... and this is a rough map of my setup
////////////////////
/// Internet ///
///////////////////
|
|
+-----------------+ My Firewall port forwards port 80
| My Firewall | To My Apache web server, and ports
+-----------------+ 9123 & 1935 to my BBB server
|
| My LAN
|
+-----------------------+ +---------------------------------+
| My LAN Switch |------| My Apache web server |
+-----------------------+ +---------------------------------+
|
|
+----------------------+
| My BBB server |
+----------------------+
Now, i configured BBB to respond to www.mydomain.com via "sudo bbb-
conf --setip www.mydomain.com" and changed /etc/hosts of my BBB server
so it points www.mydomain.com to itself, i know the server works fine
because i tricked an ubuntu machine inside my LAN via /etc/hosts to
point www.mydomain.com to the LAN ip address of the BBB server, fired
a browser, pointed it to www.mydomain.com and worked nicely, now my
problem is i can't do it from the internet because our port 80 is
pointing to our apache web server with our precious web site and i
simply can't portforward port 80 to another server, also i can't use
any other port to point BBB web interface (corporate policy, every web
service provided by us has to be accesible from internet under our
domain, like this: www.mydomain.com/service, so using bbb-conf to
configure it to use another port and then portforwarding it from my
firewall wont do) ... then the solution seems to be configure a
reverse proxy in my apache server, i did this some time ago when BBB
was version 0.6.X like this
<Location "/bbb">
ProxyPass http://172.16.1.130
ProxyPassReverse http://172.16.1.130
ProxyPassReverse /
ProxyHTMLExtended On
SetOutputFilter proxy-html
ProxyHTMLURLMap /bbb /bbb
</Location>
<Location "/bigbluebutton">
ProxyPass http://172.16.1.130/bigbluebutton
ProxyPassReverse http://172.16.1.130/bigbluebutton
ProxyPassReverse /
ProxyHTMLExtended On
SetOutputFilter proxy-html
ProxyHTMLURLMap /bigbluebutton /bigbluebutton
</Location>
<Location "/images">
ProxyPass http://172.16.1.130/images
ProxyPassReverse http://172.16.1.130/images
ProxyPassReverse /
ProxyHTMLExtended On
SetOutputFilter proxy-html
ProxyHTMLURLMap /images /images
</Location>
<Location "/client">
ProxyPass http://172.16.1.130/client
ProxyPassReverse http://172.16.1.130/client
ProxyPassReverse /
ProxyHTMLExtended On
SetOutputFilter proxy-html
ProxyHTMLURLMap /client /client
</Location>
so if i typed www.mydomain.com/bbb from internet it used to access BBB
(obviously 172.16.1.130 is the private LAN IP for my BBB server) but
since update to version 0.7 this doesn't work (all i see is "Welcome
to nginx!"), any clues? did i miss some other URL or something else in
this version? by the way, i have just one public ip address so mapping
a subdomain to another ip is not viable either.
Thanks in advance
I´ve already posted this in another discussion, maybe was not the best
place to do it so i started this new one, i have a BBB server behind a
Firewall (endian) and have already done the steps mentioned by Fred in
this link to provide acces to the necesary ports so BB works fine
http://www.google.com/url?sa=D&q=http://code.google.com/p/bigbluebutton/wiki/FAQ%23Can_I_provide_external_access_to_a_BigBlueButton_server_behind_m&usg=AFQjCNHzXh20DTDX2kW_ypd3xllqbAA9nA
So far so good ... and this is a rough map of my setup
////////////////////
/// Internet ///
///////////////////
|
|
+-----------------+ My Firewall port forwards port 80
| My Firewall | To My Apache web server, and ports
+-----------------+ 9123 & 1935 to my BBB server
|
| My LAN
|
+-----------------------+ +---------------------------------+
| My LAN Switch |------| My Apache web server |
+-----------------------+ +---------------------------------+
|
|
+----------------------+
| My BBB server |
+----------------------+
Now, i configured BBB to respond to www.mydomain.com via "sudo bbb-
conf --setip www.mydomain.com" and changed /etc/hosts of my BBB server
so it points www.mydomain.com to itself, i know the server works fine
because i tricked an ubuntu machine inside my LAN via /etc/hosts to
point www.mydomain.com to the LAN ip address of the BBB server, fired
a browser, pointed it to www.mydomain.com and worked nicely, now my
problem is i can't do it from the internet because our port 80 is
pointing to our apache web server with our precious web site and i
simply can't portforward port 80 to another server, also i can't use
any other port to point BBB web interface (corporate policy, every web
service provided by us has to be accesible from internet under our
domain, like this: www.mydomain.com/service, so using bbb-conf to
configure it to use another port and then portforwarding it from my
firewall wont do) ... then the solution seems to be configure a
reverse proxy in my apache server, i did this some time ago when BBB
was version 0.6.X like this
<Location "/bbb">
ProxyPass http://172.16.1.130
ProxyPassReverse http://172.16.1.130
ProxyPassReverse /
ProxyHTMLExtended On
SetOutputFilter proxy-html
ProxyHTMLURLMap /bbb /bbb
</Location>
<Location "/bigbluebutton">
ProxyPass http://172.16.1.130/bigbluebutton
ProxyPassReverse http://172.16.1.130/bigbluebutton
ProxyPassReverse /
ProxyHTMLExtended On
SetOutputFilter proxy-html
ProxyHTMLURLMap /bigbluebutton /bigbluebutton
</Location>
<Location "/images">
ProxyPass http://172.16.1.130/images
ProxyPassReverse http://172.16.1.130/images
ProxyPassReverse /
ProxyHTMLExtended On
SetOutputFilter proxy-html
ProxyHTMLURLMap /images /images
</Location>
<Location "/client">
ProxyPass http://172.16.1.130/client
ProxyPassReverse http://172.16.1.130/client
ProxyPassReverse /
ProxyHTMLExtended On
SetOutputFilter proxy-html
ProxyHTMLURLMap /client /client
</Location>
so if i typed www.mydomain.com/bbb from internet it used to access BBB
(obviously 172.16.1.130 is the private LAN IP for my BBB server) but
since update to version 0.7 this doesn't work (all i see is "Welcome
to nginx!"), any clues? did i miss some other URL or something else in
this version? by the way, i have just one public ip address so mapping
a subdomain to another ip is not viable either.
Thanks in advance
Fred Dixon
Jan 4, 2011, 10:54:28 PM1/4/11
to bigbluebu...@googlegroups.com
What's happening is the incoming requests are not being recognized by
BigBlueButton's configuration in nginx. To see what the incoming
requests look like, try this
BigBlueButton's configuration in nginx. To see what the incoming
requests look like, try this
tail -f /var/log/nginx/access.log
and then access the BigBlueButton server through it's hostname. You can also try
tail -f /var/log/nginx/bigbluebutton.access.log
in another window to see which log file is picking up the incoming
request. Based on the output of access.log, you can try modifying the
server_name parameter in /etc/nginx/sites-available/bigbluebutton to
have it match the incoming request (and show you the output in
bigbluebutton.access.log).
Regards,... Fred
> --
> You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
> To post to this group, send email to bigbluebu...@googlegroups.com.
> To unsubscribe from this group, send email to bigbluebutton-s...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/bigbluebutton-setup?hl=en.
>
>
Alvaro Andres
Jan 5, 2011, 11:52:39 AM1/5/11
to BigBlueButton-Setup
Hi Fred, thanks for the quick response, well ... i ran both tail
commands and tried to access www.mydomain.com/bbb from internet and
none of them showed anything ... but /var/log/nginx/
localhost.access.log shows this
172.16.1.112 - - [05/Jan/2011:10:20:20 -0500] "GET / HTTP/1.1" 304 0
"-" ...
that's the LAN ip address of my apache webserver, and that's the same
log activity i see when i try to acces my BBB server directly usung
it's LAN ip address (same result, welcome to nginx!) ... so i
configured again BBB to it's original ip addres with " bbb-conf --
setip 172.16.1.130" and tried to access again from internet, just in
case ... this time i saw a no css version of the BBB default landing
page but when i tried to access obviously it didn't work, it was
trying to contact the LAN ip address from internet ... so, back to
"bbb-conf --setip www.mydomain.com" ... and ... tadaaaaaaa! the
problem seems to be that my apache's reverse proxy is querying the BB
server by it's ip address directly and BBB server expects to be
queried as www.mydomain.com ... what to do? i did a QAD hack (Quick
And Dirty, very ugly i might say, ugh :P ) i added "172.16.1.30
www.mydomain.com" to /etc/hosts file of my apache web server, then
went to apache config and changed all references to 172.16.1.130 to
www.mydomain.com in the reverse proxies configuration, it worked just
fine but ... i didn't quite like it ... any sugestions?
On 4 ene, 22:54, Fred Dixon <ffdi...@gmail.com> wrote:
> What's happening is the incoming requests are not being recognized by
> BigBlueButton's configuration in nginx. To see what the incoming
> requests look like, try this
>
> tail -f /var/log/nginx/access.log
>
> and then access the BigBlueButton server through it's hostname. You can also try
>
> tail -f /var/log/nginx/bigbluebutton.access.log
>
> in another window to see which log file is picking up the incoming
> request. Based on the output of access.log, you can try modifying the
> server_name parameter in /etc/nginx/sites-available/bigbluebutton to
> have it match the incoming request (and show you the output in
> bigbluebutton.access.log).
>
> Regards,... Fred
>
> On Tue, Jan 4, 2011 at 5:54 PM, Alvaro Andres
>
>
>
>
>
>
>
> <alvaroandres.riv...@gmail.com> wrote:
> > Hi
> > I´ve already posted this in another discussion, maybe was not the best
> > place to do it so i started this new one, i have a BBB server behind a
> > Firewall (endian) and have already done the steps mentioned by Fred in
> > this link to provide acces to the necesary ports so BB works fine
> >http://www.google.com/url?sa=D&q=http://code.google.com/p/bigbluebutt...
> > so it pointswww.mydomain.comto itself, i know the server works fine
> > a browser, pointed it towww.mydomain.comand worked nicely, now my
commands and tried to access www.mydomain.com/bbb from internet and
none of them showed anything ... but /var/log/nginx/
localhost.access.log shows this
172.16.1.112 - - [05/Jan/2011:10:20:20 -0500] "GET / HTTP/1.1" 304 0
"-" ...
that's the LAN ip address of my apache webserver, and that's the same
log activity i see when i try to acces my BBB server directly usung
it's LAN ip address (same result, welcome to nginx!) ... so i
configured again BBB to it's original ip addres with " bbb-conf --
setip 172.16.1.130" and tried to access again from internet, just in
case ... this time i saw a no css version of the BBB default landing
page but when i tried to access obviously it didn't work, it was
trying to contact the LAN ip address from internet ... so, back to
"bbb-conf --setip www.mydomain.com" ... and ... tadaaaaaaa! the
problem seems to be that my apache's reverse proxy is querying the BB
server by it's ip address directly and BBB server expects to be
queried as www.mydomain.com ... what to do? i did a QAD hack (Quick
And Dirty, very ugly i might say, ugh :P ) i added "172.16.1.30
www.mydomain.com" to /etc/hosts file of my apache web server, then
went to apache config and changed all references to 172.16.1.130 to
www.mydomain.com in the reverse proxies configuration, it worked just
fine but ... i didn't quite like it ... any sugestions?
On 4 ene, 22:54, Fred Dixon <ffdi...@gmail.com> wrote:
> What's happening is the incoming requests are not being recognized by
> BigBlueButton's configuration in nginx. To see what the incoming
> requests look like, try this
>
> tail -f /var/log/nginx/access.log
>
> and then access the BigBlueButton server through it's hostname. You can also try
>
> tail -f /var/log/nginx/bigbluebutton.access.log
>
> in another window to see which log file is picking up the incoming
> request. Based on the output of access.log, you can try modifying the
> server_name parameter in /etc/nginx/sites-available/bigbluebutton to
> have it match the incoming request (and show you the output in
> bigbluebutton.access.log).
>
> Regards,... Fred
>
> On Tue, Jan 4, 2011 at 5:54 PM, Alvaro Andres
>
>
>
>
>
>
>
> <alvaroandres.riv...@gmail.com> wrote:
> > Hi
> > I´ve already posted this in another discussion, maybe was not the best
> > place to do it so i started this new one, i have a BBB server behind a
> > Firewall (endian) and have already done the steps mentioned by Fred in
> > this link to provide acces to the necesary ports so BB works fine
> > So far so good ... and this is a rough map of my setup
>
> > ////////////////////
> > /// Internet ///
> > ///////////////////
> > |
> > |
> > +-----------------+ My Firewall port forwards port 80
> > | My Firewall | To My Apache web server, and ports
> > +-----------------+ 9123 & 1935 to my BBB server
> > |
> > | My LAN
> > |
> > +-----------------------+ +---------------------------------+
> > | My LAN Switch |------| My Apache web server |
> > +-----------------------+ +---------------------------------+
> > |
> > |
> > +----------------------+
> > | My BBB server |
> > +----------------------+
>
> > Now, i configured BBB to respond towww.mydomain.comvia "sudo bbb-
> > conf --setipwww.mydomain.com" and changed /etc/hosts of my BBB server
>
> > ////////////////////
> > /// Internet ///
> > ///////////////////
> > |
> > |
> > +-----------------+ My Firewall port forwards port 80
> > | My Firewall | To My Apache web server, and ports
> > +-----------------+ 9123 & 1935 to my BBB server
> > |
> > | My LAN
> > |
> > +-----------------------+ +---------------------------------+
> > | My LAN Switch |------| My Apache web server |
> > +-----------------------+ +---------------------------------+
> > |
> > |
> > +----------------------+
> > | My BBB server |
> > +----------------------+
>
> > Now, i configured BBB to respond towww.mydomain.comvia "sudo bbb-
> > so it pointswww.mydomain.comto itself, i know the server works fine
> > because i tricked an ubuntu machine inside my LAN via /etc/hosts to
> > pointwww.mydomain.comto the LAN ip address of the BBB server, fired
> > a browser, pointed it towww.mydomain.comand worked nicely, now my
> > problem is i can't do it from the internet because our port 80 is
> > pointing to our apache web server with our precious web site and i
> > simply can't portforward port 80 to another server, also i can't use
> > any other port to point BBB web interface (corporate policy, every web
> > service provided by us has to be accesible from internet under our
> > domain, like this:www.mydomain.com/service, so using bbb-conf to
> > configure it to use another port and then portforwarding it from my
> > firewall wont do) ... then the solution seems to be configure a
> > reverse proxy in my apache server, i did this some time ago when BBB
> > was version 0.6.X like this
>
> > <Location "/bbb">
> > ProxyPasshttp://172.16.1.130
> > ProxyPassReversehttp://172.16.1.130
> > pointing to our apache web server with our precious web site and i
> > simply can't portforward port 80 to another server, also i can't use
> > any other port to point BBB web interface (corporate policy, every web
> > service provided by us has to be accesible from internet under our
> > domain, like this:www.mydomain.com/service, so using bbb-conf to
> > configure it to use another port and then portforwarding it from my
> > firewall wont do) ... then the solution seems to be configure a
> > reverse proxy in my apache server, i did this some time ago when BBB
> > was version 0.6.X like this
>
> > <Location "/bbb">
> > ProxyPasshttp://172.16.1.130
> > ProxyPassReverse /
> > ProxyHTMLExtended On
> > SetOutputFilter proxy-html
> > ProxyHTMLURLMap /bbb /bbb
> > </Location>
>
> > <Location "/bigbluebutton">
> > ProxyPasshttp://172.16.1.130/bigbluebutton
> > ProxyPassReversehttp://172.16.1.130/bigbluebutton
> > ProxyHTMLExtended On
> > SetOutputFilter proxy-html
> > ProxyHTMLURLMap /bbb /bbb
> > </Location>
>
> > <Location "/bigbluebutton">
> > ProxyPasshttp://172.16.1.130/bigbluebutton
> > ProxyPassReverse /
> > ProxyHTMLExtended On
> > SetOutputFilter proxy-html
> > ProxyHTMLURLMap /bigbluebutton /bigbluebutton
> > </Location>
>
> > <Location "/images">
> > ProxyPasshttp://172.16.1.130/images
> > ProxyPassReversehttp://172.16.1.130/images
> > ProxyHTMLExtended On
> > SetOutputFilter proxy-html
> > ProxyHTMLURLMap /bigbluebutton /bigbluebutton
> > </Location>
>
> > <Location "/images">
> > ProxyPasshttp://172.16.1.130/images
> > ProxyPassReverse /
> > ProxyHTMLExtended On
> > SetOutputFilter proxy-html
> > ProxyHTMLURLMap /images /images
> > </Location>
>
> > <Location "/client">
> > ProxyPasshttp://172.16.1.130/client
> > ProxyPassReversehttp://172.16.1.130/client
> > ProxyHTMLExtended On
> > SetOutputFilter proxy-html
> > ProxyHTMLURLMap /images /images
> > </Location>
>
> > <Location "/client">
> > ProxyPasshttp://172.16.1.130/client
> > ProxyPassReverse /
> > ProxyHTMLExtended On
> > SetOutputFilter proxy-html
> > ProxyHTMLURLMap /client /client
> > </Location>
>
> > so if i typedwww.mydomain.com/bbbfrom internet it used to access BBB
> > ProxyHTMLExtended On
> > SetOutputFilter proxy-html
> > ProxyHTMLURLMap /client /client
> > </Location>
>
Fred Dixon
Jan 5, 2011, 4:13:51 PM1/5/11
to bigbluebu...@googlegroups.com
Hi Alvaro,
I think you've done the right thing to solve the problem ... we
recommend adding an entry to the /etc/hosts file in the following FAQ:
<quote>
Internally, BigBlueButton must be able to call external.host.org to
make API requests. In this example, if the internal BigBlueButton
server is at 192.168.10.198, add the following line to /etc/hosts.
192.168.10.198 external.host.org
<endquote>
Regards,... Fred
Reply all
Reply to author
Forward
0 new messages