BBB 2.3 clean install using own SSL certificates.

Crimzin

unread,

May 11, 2021, 3:15:25 AM5/11/21

to BigBlueButton-Setup

Dear BBB Peeps,

I am at my wits end....

I am trying to install a BBB server to integrate with a formaLMS learning site I built.

Been struggling to do a clean install for the past 3 weeks.

It started with 2.2 and then 2 weeks ago it changed to 2.3, which started the process all over again.

At least with 2.2 I had some sort of HTML screen going.

I own a wildcard certificate for my domain.
ubuntu 18LTS server is a clean install on my VMware environment
I even tried installing it in hyper-v on my pc to try test it

I am looking for an install script that installs a clean BBB server and I DO NOT WANT TO USE let's encrypt.

I have my own key/crt files for a valid SSL.

All that my little heart desires is a simple bash install of BBB and to import my own SSL files and that it works.

I have the servers, the SSL files and the firewall is set up to point to the server.

Please Help me. I am on my knees right now.

BBB On Demand

unread,

May 11, 2021, 3:35:26 AM5/11/21

to bigbluebu...@googlegroups.com

Put the certificates in the /etc/nginx folders - eg as host.crt & host.key

# Create the dhparam
openssl dhparam -out /etc/nginx/dhp-4096.pem 4096

Edit /etc/nginx/sites-available/bigbluebutton and replace the top bit with this (insert your domain)

server {
listen 80;
listen [::]:80;

listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/host.crt;
ssl_certificate_key /etc/nginx/host.key;
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 100m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_dhparam /etc/nginx/dhp-4096.pem;

Just restart nginx:

systemctl restart nginx

Check it worked:

systemctl status nginx

Actually - we use an upgraded version of nginx to get TLSv1.3 - so if this does not work you might need to edit ssl_protocols and ssl_ciphers but there are tons of examples on the internet (there are trade off decisions between security and compatability). Let me know if you want the script to upgrade nginx so the version above works.

Regards

R

-------------------------

Richard Phillips

bbbondemand.com

--------------------------

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/de76a181-7bf6-4783-9737-d1954aee39f5n%40googlegroups.com.

Crimzin

unread,

May 11, 2021, 4:27:45 AM5/11/21

to BigBlueButton-Setup

Hi Richard,

Thank you for the reply. I am doing another clean install of ubuntu and then update/upgrade/dist-upgrade.

once that is done what bash script should I run?

The last on I used was

wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -w -a -v bionic-23 -s bigblubutton."commented out" -e "commented out"

I dont want greenlight or let's encrypt. just a working BBB to integrate to.

Could you give me the correct wget cmb please.

Thank you for coming back to me.

Crimzin

unread,

May 11, 2021, 4:53:48 AM5/11/21

to BigBlueButton-Setup

Here is the clean install of ubuntu server so you can see I am not doing anything funny.

ubuntu 18lts installation.doc

Crimzin

unread,

May 11, 2021, 5:14:37 AM5/11/21

to BigBlueButton-Setup

Should I run the following?:

wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -w -v bionic-23 -s bigbluebutton."commented out" -a -d

Crimzin

unread,

May 11, 2021, 5:53:42 AM5/11/21

to BigBlueButton-Setup

Applying updates in /etc/bigbluebutton/bbb-conf/apply-config.sh:

- Enable Firewall and opening 22/tcp, 80/tcp, 443/tcp and 16384:32768/udp

Rules updated

Rules updated (v6)

Rules updated

Rules updated (v6)

Rules updated

Rules updated (v6)

Firewall is active and enabled on system startup

Starting BigBlueButton

Job for nginx.service failed because the control process exited with error code.

See "systemctl status nginx.service" and "journalctl -xe" for details.

default

BigBlueButton Server 2.3.0 (2148)

Kernel version: 4.15.0-143-generic

Distribution: Ubuntu 18.04.5 LTS (64-bit)

Memory: 5584 MB

CPU cores: 1

/etc/bigbluebutton/bbb-web.properties (override for bbb-web)

/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties (bbb-web)

bigbluebutton.web.serverURL: https://bigbluebutton."comented out".

defaultGuestPolicy: ALWAYS_ACCEPT

svgImagesRequired: true

/etc/nginx/sites-available/bigbluebutton (nginx)

server_name: bigbluebutton."comented out".

port: 80, [::]:80

port: 443 ssl

/opt/freeswitch/etc/freeswitch/vars.xml (FreeSWITCH)

local_ip_v4: 192.168.0.3

external_rtp_ip: "comented out".

external_sip_ip: "comented out".

/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml (FreeSWITCH)

ext-rtp-ip: $${external_rtp_ip}

ext-sip-ip: $${external_sip_ip}

ws-binding: "comented out". :5066

wss-binding: "comented out". :7443

/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)

playback_host: bigbluebutton."comented out".co.za

playback_protocol: https

ffmpeg: 4.2.4-1ubuntu0.1bbb2~18.04

/etc/bigbluebutton/nginx/sip.nginx (sip.nginx)

proxy_pass: "comented out".

protocol: http

/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (Kurento SFU)

kurento.ip: "comented out".

kurento.url: ws://127.0.0.1:8888/kurento

kurento.sip_ip: "comented out".

localIpAddress: 192.168.0.3

recordScreenSharing: true

recordWebcams: true

codec_video_main: VP8

codec_video_content: VP8

/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)

build: 1669

kurentoUrl: wss://bigbluebutton.gewspecmon.co.za/bbb-web rtc-sfu

enableListenOnly: true

sipjsHackViaWs: true

/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml (STUN Server)

stun: stun.l.google.com:19302

/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini (STUN Server)

stun: 172.217.212.127:19302

# Potential problems described below

# Not running: Nginx

curl: (7) Failed to connect to bigbluebutton. "comented out". port 443: Connection refused

.curl: (7) Failed to connect to bigbluebutton. "comented out". port 443: Connection refused

Militades sunfire

unread,

May 11, 2021, 5:55:21 AM5/11/21

to bigbluebu...@googlegroups.com

uhm .. it says nginx is not running at all

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/a4af286b-ce51-4ea9-b2fc-5c5b334b8cd1n%40googlegroups.com.

Crimzin

unread,

May 11, 2021, 6:03:33 AM5/11/21

to BigBlueButton-Setup

that's a clean install of ubuntu and bbb sh.

can you review the script I ran and see if I did something wrong please?

BBB On Demand

unread,

May 11, 2021, 6:23:35 AM5/11/21

to bigbluebu...@googlegroups.com

What version of Ubuntu are you using?

Your nginx is not working - run

journalctl -u nginx and scroll to the bottom to see the problems.

Maybe you mangled the additions I sent - eg having line breaks in the ssl_ciphers line

I don't know whether the current 2.3 installer uses an nginx which supports tls 1.3 - and that might be why it has not started - but if not, you can upgrade with:

add-apt-repository ppa:nginx/stable
apt install -y nginx

I have not checked the flags you are using, but for comparison this is what I use along with the bespoke nginx config previously described.

HOST=$(hostname --fqdn)

wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -v bionic-230 -s $HOST -w

R

On Tue, 11 May 2021 at 11:03, Crimzin <ma...@bbbondemand.com> wrote:

that's a clean install of ubuntu and bbb sh.

can you review the script I ran and see if I did something wrong please?

On Tuesday, May 11, 2021 at 11:55:21 AM UTC+2 mili...@gmx.de wrote:

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/3b374ba5-5b86-4767-8707-80a941f21394n%40googlegroups.com.

Fred Dixon

unread,

May 11, 2021, 6:25:35 AM5/11/21

to BigBlueButton-.

Have you tried using bbb-install.sh with the '-d' option

> -d Skip SSL certificates request (use provided certificates from mounted volume)

> Been struggling to do a clean install for the past 3 weeks.

Are you encountering an error during install or running BigBlueButton after install?

Regards,... Fred

--

You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/de76a181-7bf6-4783-9737-d1954aee39f5n%40googlegroups.com.

--

BigBlueButton Developer

http://bigbluebutton.org/

Like BigBlueButton? Tweet us at @bigbluebutton

Johan wasserfall

unread,

May 11, 2021, 7:44:15 AM5/11/21

to bigbluebu...@googlegroups.com

Hi,

I reset the VM back to the snapshot before installing and then used your script.

HOST=$(hostname --fqdn)

wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -v bionic-230 -s $HOST -w

It is all running now.

@bigbluebutton:~# bbb-conf -status

default

nginx —————————————————► [✔ - active]

freeswitch ————————————► [✔ - active]

redis-server ——————————► [✔ - active]

bbb-apps-akka —————————► [✔ - active]

bbb-fsesl-akka ————————► [✔ - active]

mongod ————————————————► [✔ - active]

bbb-html5 —————————————► [✔ - active]

bbb-webrtc-sfu ————————► [✔ - active]

kurento-media-server ——► [✔ - active]

etherpad ——————————————► [✔ - active]

bbb-web ———————————————► [✔ - active]

I now need to set up the SSL.

Which steps do I need to go thru to get it up and running.

As you can see the

--------------------------------

server {

listen 80;

listen [::]:80;

server_name 192.168.0.3;

access_log /var/log/nginx/bigbluebutton.access.log;

# BigBlueButton landing page.

location / {

root /var/www/bigbluebutton-default;

index index.html index.htm;

expires 1m;

}

# Include specific rules for record and playback

include /etc/bigbluebutton/nginx/*.nginx;

#error_page 404 /404.html;

# Redirect server error pages to the static page /50x.html

#

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root /var/www/nginx-default;

}

---------------------------------

I can get into http:

If I enter a test user and click join I get:

Regards,

Crim

--
You received this message because you are subscribed to a topic in the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/bigbluebutton-setup/JFnAjkrGBJE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to bigbluebutton-s...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/010201795af3fe10-9531e1ef-2fae-4df7-a04f-b22dc15b5601-000000%40eu-west-1.amazonses.com.

Virus-free. www.avast.com

image001.png

image002.png

Crimzin

unread,

May 12, 2021, 2:35:05 AM5/12/21

to BigBlueButton-Setup

Hi All, we need a step by step on setting up the SSL as it is not currently in the install documentation.

Currently I am stuck.

BBB On Demand

unread,

May 12, 2021, 3:04:46 AM5/12/21

to bigbluebu...@googlegroups.com

Johan

I think the reason you are not seeing the demo working is that the install script used (from me) did not include the flag to install the demos.

In terms of ssl - you need to edit the /etc/nginx/sites-enabled/bigbluebutton and replace all down to access_logs with something similar to the sample I posted earlier (with your server name).

Other than that, I think you are about there.

R

On Tue, 11 May 2021 at 12:44, Johan wasserfall <ma...@bbbondemand.com> wrote:

Hi,

I reset the VM back to the snapshot before installing and then used your script.

HOST=$(hostname --fqdn)

wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -v bionic-230 -s $HOST -w

It is all running now.

@bigbluebutton:~# bbb-conf -status
default
nginx —————————————————► [✔ - active]
freeswitch ————————————► [✔ - active]
redis-server ——————————► [✔ - active]
bbb-apps-akka —————————► [✔ - active]
bbb-fsesl-akka ————————► [✔ - active]
mongod ————————————————► [✔ - active]
bbb-html5 —————————————► [✔ - active]
bbb-webrtc-sfu ————————► [✔ - active]
kurento-media-server ——► [✔ - active]
etherpad ——————————————► [✔ - active]
bbb-web ———————————————► [✔ - active]

I now need to set up the SSL.

Which steps do I need to go thru to get it up and running.

As you can see the
--------------------------------

server {
     listen   80;
     listen [::]:80;
     server_name 192.168.0.3;

What version of Ubuntu are you using?

--
You received this message because you are subscribed to a topic in the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/bigbluebutton-setup/JFnAjkrGBJE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to bigbluebutton-s...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/010201795af3fe10-9531e1ef-2fae-4df7-a04f-b22dc15b5601-000000%40eu-west-1.amazonses.com.

Virus-free. www.avast.com

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/014401d7465a%24f29ebfd0%24d7dc3f70%24%40gmail.com.

Crimzin

unread,

May 12, 2021, 3:29:09 AM5/12/21

to BigBlueButton-Setup

Hi Ric,

I did as you mentioned earlier. unfortunately it did not work. could you or Fred PM me at crim...@gmail.com so that I can show you more in-depth. certain things I do not want to post.

Kind regards

To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/3b374ba5-5b86-4767-8707-80a941f21394n%40googlegroups.com.

--
You received this message because you are subscribed to a topic in the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/bigbluebutton-setup/JFnAjkrGBJE/unsubscribe.

To unsubscribe from this group and all its topics, send an email to bigbluebutton-setup+unsub...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/010201795af3fe10-9531e1ef-2fae-4df7-a04f-b22dc15b5601-000000%40eu-west-1.amazonses.com.

Virus-free. www.avast.com

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.

To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.

zohan

unread,

Sep 5, 2021, 7:36:03 PM9/5/21

to BigBlueButton-Setup

I'm following the thread and I wonder Crim was able to resolve all of his issue?