bigbluebutton
Install failed in private network with an SSL issue
Today I installed bbb in private network with this command:
wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -a -g -v bionic-24 -s xxx.xxx.com
But got this error on Home page:
In logs, I saw SSL certificate errors: 2022-01-14 09:45:21 +0000 - ERROR: [24f2df04-cc94-4e81-8f19-9a1133f8f966] [9.200.36.84] BigBlueButtonException: Connection error. Your URL is probably incorrect: "https://xxxxxxxxx.com/bigbluebutton/api". Error: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate
Actually, I put my certificate files and key in "/etc/nginx/sites-available/bigbluebutton" as blow: server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name xxxxxxxxxxx.com;
ssl_certificate /etc/nginx/ssl/studio_con.pem;
ssl_certificate_key /etc/nginx/ssl/studio.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhp-4096.pem;
But from webside I could see the https works well, I could even download the .der file through chrome.
How should I certificat the BBB server? Thank you sincerely in advance!
I'm hitting similar issues, it's as-if greenlight is really written to be outside the trusted network/NAT.
Putting it inside just means you deal with ssl host mismatches, untrusted host issues from sourcing from a second ip, etc.
There is a documentation for manual installation. You can compare that document to the steps done by the install script, to see where the install script fails and makes false assumptions. By the way, according to the error message, my first candidate would be a missing / non-matching secret key.
Having the BBB server sitting behind a NAT inside a private network should be no problem as long as there is a TURN server outside the private network. The TURN server allows your communication partners in the internet to connect to the BBB server when they are sitting in another private network.
Hello Bigbluebutton/Bbb-Install group,
I write this message with a very bitter heart towards you. For quite many months you have been sending me emails without sorting out the basic issue of installation of BBB on my laptop.
Please help me.
Thank you
Dr. JS Nasila
On Sat, Jan 22, 2022 at 5:31 PM michi-80337 @.***> wrote:
There is a documentation for manual installation https://docs.bigbluebutton.org/greenlight/gl-install.html. You can compare that document to the steps done by the install script, to see where the install script fails and makes false assumptions. By the way, according to the error message, my first candidate would be a missing / non-matching secret key.
Having the BBB server sitting behind a NAT inside a private network should be no problem as long as there is a TURN server outside the private network. The TURN server allows your communication partners in the internet to connect to the BBB server when they are sitting in another private network.
— Reply to this email directly, view it on GitHub https://github.com/bigbluebutton/bbb-install/issues/467#issuecomment-1019292677, or unsubscribe https://github.com/notifications/unsubscribe-auth/AVIX3MIQKSUBXW7PVVMXKCLUXLEVFANCNFSM5L3IXLQQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you are subscribed to this thread.Message ID: @.***>
Hello. Add your ca cert into greenlight-v2 docker container
docker cp your_ca_root.crt greenlight-v2:/usr/local/share/ca-certificates/ docker exec -t greenlight-v2 update-ca-certificates
