bigbluebutton-docker
bigbluebutton-docker copied to clipboard
alangecker
Integration with (existing) NGINX
This is my working nginx config, nginx used as a reverse proxy with letsencrypt: Of course you can skip the whole ssl_certicate part as a minimal example
server {
server_name bbb.example.com;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
listen 443 ssl;
ssl_certificate /somePath/fullchain.pem;
ssl_certificate_key /somePath/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = bbb.example.com) {
return 301 https://$host$request_uri;
}
listen 80;
server_name bbb.example.com;
return 404;
}
hi, thanks a lot. I already send a PR with slightly bit more elaborated example. Of course lots of it can be scraped. The hidden beast is in:
...
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
...
thanks and 🍻 for you
Hello, I have bbb on a subdomain too. Do you have Greenlight? I have an error server after login. In greenlight docker container, BIGBLUEBUTTON_ENDPOINT var point to main domain rather than subdomain. How to change it? Thanks
@kodaizen : can you share your [anonymised] .env, ip addr list, ifconfig, docker network list and firewall-cmd --list-all-zones?
I’m still only learning about most of the stuff involved here so I may be missing something basic.
My currents setup for general sites is a container from the jwilder/nginx-proxy image to handle reverse proxy along with a container from the companion image jrcs/letsencrypt-nginx-proxy-companion to handle SSL.
When I use the above config modifications, the bbb-docker_https_proxy_1 container cannot start as my nginx-proxy container is already listening on ports 80 and 443. From the log:
2021/03/25 08:50:06 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
2021/03/25 08:50:06 [emerg] 1#1: bind() to 0.0.0.0:443 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use)
How do I get around this?
@MartinHarran There are a few things you need to change for jwilder's proxy.
In .env disable built in https proxy:
#ENABLE_HTTPS_PROXY=true
In docker-compose.yml add the jwilder proxy network
networks:
bbb-net:
ipam:
driver: default
config:
- subnet: "10.7.7.0/24"
nginx-proxy:
external: true
In docker-compose.yml remove host networking for nginx service and add it to proxy's network
#network_mode: host # <- comment this
networks:
nginx-proxy:
bbb-net:
In docker-compose.yml for nginx service expose 8080 and add the required env variables for the jwilder proxy
expose:
- "8080"
environment:
- VIRTUAL_HOST=${DOMAIN}
- VIRTUAL_PORT=8080
- LETSENCRYPT_HOST=${DOMAIN}
- [email protected]
For the turn server to work you need to make some more adjustments.
in docker-compose.coturn.yml:
volumes:
#- ssl_data:/etc/resty-auto-ssl # <- replace this with:
- ./path/to/your/certs/your.domain.tld:/etc/proxy-cert # <- update your path here
and changing file paths in mod/coturn/entrypoint.sh to:
while [ ! -f /etc/proxy-cert/fullchain.pem ]
[...]
cat /etc/proxy-cert/fullchain.pem > /tmp/cert.pem
cat /etc/proxy-cert/key.pem > /tmp/key.pem
@MartinHarran please see also PR: https://github.com/alangecker/bigbluebutton-docker/pull/88/files
@MartinHarran There are a few things you need to change for jwilder's proxy.
@cjhille That worked perfectly, thank you very much for such detailed instructions
@xpbe0 - cjhille's instructions worked perfectly, what is different in that PR that I should be looking at?
hello @MartinHarran, there are differences in handling certs and netowrking. I didn't change anything in docker-compose.yml file. Also could be important to mention that I use branch v2.3.x