FICUSONLINE F9E
BigBlueButton v2.6 on Docker
Summary of Installation Notes(Forum article) for BigBlueButton (BBB) Open Source Video Conferencing System (Online Classroom System) – Upgrade from v2.4 to v2.6
Takanobu FuseAdministrator

27 min read

2 years ago

Cloud / Server

Summary of Installation Notes(Forum article) for BigBlueButton (BBB) Open Source Video Conferencing System (Online Classroom System) – Upgrade from v2.4 to v2.6

In this upgrade, we are installing BigBlueButton (BBB) version 2.6, an open-source video conferencing system (online classroom system). Similar to the previous version (v2.4), we will be using Docker containers to run each application that constitutes BigBlueButton. The major changes from v2.4 to v2.6 include the adoption of mediasoup for WebRTC and support for IPv6. TLS authentication is now mandatory for Nginx, Coturn, and FreeSwitch. Therefore, it is recommended to obtain Let's Encrypt authentication files using Certbot in advance. The system will be operated within a Docker environment, and Ubuntu 20.06 or above is the recommended operating system. The minimum specifications for the host machine are 8 CPU cores, 16GB memory, and 500GB disk space (although lower specifications may suffice depending on the number of participants).

Forum article:BigBlueButton v2.6 on Docker(Update from v2.4, Support IPv6)

Host Machine : 4Core CPU, 12GB Memory, 500GB SSD, Ubuntu22.04

BigBlueButton Docker

Docker Compose Bbb Docker


1. Downloading Docker version of BBB and Creating Docker Compose File

Downloading the Latest Stable Version of the Main Branch (with submodule option) to the "bbb2602-docker" Folder and Navigating to the Folder:

$ git clone [email protected]:bigbluebutton/docker.git -b main --recurse-submodules bbb2602-docker
$ cd bbb2602-docker

The script below creates the Docker Compose file, docker-compose.yml, and the environment variable configuration file, .env:

$ ./scripts/setup

Note: If you make any changes to the .env file, please rebuild the docker-compose.yml using the following command:

$ ./scripts/generate-compose

 

2. Obtaining TLS Certificates with Let's Encrypt for TLS Authentication

To obtain TLS certificates with Let's Encrypt using Certbot container (standalone mode) within the bbb2602-docker folder for Nginx, FreeSwitch, and Coturn containers, follow these steps:

$ docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -p 80:80 certbot/certbot certonly --standalone -d www.example.com

Note: The authentication files will be saved in the /etc/letsencrypt folder of the host machine. You will need to add the aforementioned Certbot/Docker update command to your host machine's clone job.

If you want to perform TLS authentication with WebSocket in FreeSwitch, you will need authentication files that include the private key file.

Create a symbolic link with the specified file name for this file.

$ sudo cat cert.pem privkey.pem fullchain.pem > wss.pem
$ sudo ln -s wss.pem agent.pem
$ sudo ln -s wss.pem tls.pem
$ sudo ln -s wss.pem dtls-srtp.pem

 

3. Creating the Nginx Reverse Proxy Configuration File

Setting up a reverse proxy server as the entry point of the system involves adding a reverse proxy configuration file to the existing Nginx server and ensuring it is loaded. Additionally, for HTTPS connections, the SSL/TLS certificate already obtained will be used within this file.

The reverse proxy configuration file is provided below:

docker/existing-web-server.md at develop · bigbluebutton/docker · GitHub

Please refer to the DockerHub page provided below and save the above configuration file as a template file named nginx_config_temp/reverse-proxy.conf.template. This template file will be copied to the /etc/nginx/conf.d directory as the configuration file during container startup.

https://hub.docker.com/_/nginx

nginx_config_temp/reverse-proxy.conf.template

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}
map $remote_addr $endpoint_addr {
    "~:"    [::1];
    default    127.0.0.1;
}

server {
  listen 443 ssl http2 default_server;
  listen [::]:443 ssl http2 default_server;
  server_name ${NGINX_HOST};

  ssl_certificate /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem;
  
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
  ssl_prefer_server_ciphers on;
  # on the host machine, "$ sudo openssl dhparam -out ./letsencrypt/dhp-4096.pem 4096"
  ssl_dhparam /etc/letsencrypt/dhp-4096.pem;

  access_log  /var/log/nginx/bigbluebutton.access.log;
  error_log /var/log/nginx/bigbluebutton.error.log;

  location / {
    proxy_http_version 1.1;
    proxy_pass http://$endpoint_addr:48087;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_cache_bypass $http_upgrade;
  }
}

dhp-4096.pemファイルは下記のopensslコマンドで作成して下さい。

$ sudo openssl dhparam -out ./letsencrypt/dhp-4096.pem 4096

 

4. Editing the Docker Compose File docker-compose.yml and the Environment Variable Configuration File .env

To incorporate IPv6 support (WebRTC-SFU) and the inclusion of the reverse proxy file into the docker-compose.yml file.

Note: Below are the changes for the Nginx, WebRTC-SFU, Greenlight, Postgres, and Network sections in the docker-compose.yml file:

  • Nginx:Added template file
  • WebRTC-SFU:Support IPv6 for WEBRTC and RTP LISTEN_IP
  • Greenlight, Postgres:Upgrade for Greenlight v3
  • Network:Added IPv6 address range

docker-compose.yml (Include only the modified/added sections)

services:

  nginx:

    volumes:
      
      # added for reverse-proxy config template file; see https://hub.docker.com/_/nginx
      # *.conf.template changed into /etc/nginx/conf.d/*.conf after variables transferred.
      - ./nginx_config_temp:/etc/nginx/templates
    environment:
      # added below for variables in *.conf.template
      - NGINX_HOST=www.example.com

  #  TODO: remove as soon as not required anymore by webrtc-sfu
  kurento:
    image: kurento/kurento-media-server:7.0.1
    restart: unless-stopped
    environment:
      KMS_EXTERNAL_IPV4: 10.7.7.1
      #KMS_EXTERNAL_IPV6: ${EXTERNAL_IPv6}
      KMS_MIN_PORT: 10000
      KMS_MAX_PORT: 10030
    network_mode: host
    volumes:
      - vol-kurento:/var/kurento

  webrtc-sfu:
    build: 
      context: mod/webrtc-sfu
      args:
        BBB_BUILD_TAG: v2022-12-29-grails-524
    image: alangecker/bbb-docker-webrtc-sfu:v2.9.12
    restart: unless-stopped
    depends_on:
      - redis
      - freeswitch
    environment:
      CLIENT_HOST: 10.7.7.1
      REDIS_HOST: 10.7.7.5
      # changed from default in default.example.yml
      MCS_HOST: 10.7.7.1
      MCS_ADDRESS: 10.7.7.1

      FREESWITCH_IP: 10.7.7.1
      FREESWITCH_SIP_IP: ${EXTERNAL_IPv6}
      ESL_IP: 10.7.7.1
      ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
      # KURENTO: '[{"ip": "::", "url": "ws://[::1]:8888/kurento"}]'
      KURENTO: '[{"ip": "0.0.0.0", "url": "ws://10.7.7.1:8888/kurento"}]'
      MS_RTC_MIN: 16384 
      MS_RTC_MAX: 32768
      # TODO: add mediasoup IPv6
      # TODO: can listen to 0.0.0.0 for nat support? https://github.com/versatica/mediasoup/issues/487
      # MS_WEBRTC_LISTEN_IPS: '[{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}, {"ip":"${EXTERNAL_IPv6}"}]'
      MS_WEBRTC_LISTEN_IPS: '[{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}, {"ip":"${EXTERNAL_IPv6}"}]'
      MS_RTP_LISTEN_IP: '{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}'
    volumes:
      - vol-mediasoup:/var/mediasoup
    tmpfs:
      - /var/log/bbb-webrtc-sfu
    network_mode: host   


  # greenlight
  greenlight:
    image: bigbluebutton/greenlight:v3
    restart: unless-stopped
    env_file: .env
    depends_on:
      - postgres
      - redis

    environment:
      DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight-v3
      REDIS_URL: redis://redis:6379
      
      BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api
      
      BIGBLUEBUTTON_SECRET: ${SHARED_SECRET}
      SECRET_KEY_BASE: ${RAILS_SECRET}
    volumes:
       - ./greenlight-data:/usr/src/app/storage
    networks:
      bbb-net:
        ipv4_address: 10.7.7.21
        ipv6_address: fdxx:xxxx:8a45:2::21

  postgres:
    image: postgres:14.6-alpine3.17
    restart: unless-stopped
    environment:
      POSTGRES_DB: greenlight-v3
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      timeout: 5s
      retries: 5
    volumes:
      - ./postgres-data:/var/lib/postgresql/data
    networks:
      bbb-net:
        ipv4_address: 10.7.7.22
        ipv6_address: fdxx:xxxx:8a45:2::22

networks:
  bbb-net:
    enable_ipv6: true
    ipam:
      driver: default
      config:
        - subnet: "10.7.7.0/24"
        - subnet: "fdxx:xxxx:8a45:2::/64"

In the .env file, specify the directory for Coturn's TLS authentication files, enable recording, and configure the SMTP server (Gmail) for use with Greenlight.

.env (Include only the modified sections)

# coturn (a TURN Server)
# requires either the abhove HTTPS Proxy to be enabled
# or TLS certificates to be mounted to container
ENABLE_COTURN=true
COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/www.example.com/fullchain.pem
COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/www.example.com/privkey.pem

# Recording
# IMPORTANT: this is currently a big privacy issues, because it will
# record everything which happens in the conference, even when the button
# suggets, that it does not.
# https://github.com/bigbluebutton/bigbluebutton/issues/9202
# make sure that you get peoples consent, before they join a room
ENABLE_RECORDING=true
REMOVE_OLD_RECORDING=true
RECORDING_MAX_AGE_DAYS=7

# ====================================
# GREENLIGHT CONFIGURATION
# ====================================

### SMTP CONFIGURATION
# Emails are required for the basic features of Greenlight to function.
# Please refer to your SMTP provider to get the values for the variables below
[email protected]
SMTP_SENDER_NAME=FICUSONLINE
SMTP_SERVER=smtp.gmail.com
SMTP_PORT=587
SMTP_DOMAIN=gmail.com
SMTP_USERNAME=user_id
SMTP_PASSWORD=password
SMTP_AUTH=plain
SMTP_STARTTLS_AUTO=true
SMTP_SSL_VERIFY=false

 

5. Editing Container Configuration Files and the Host Machine's /etc/hosts File

To change the IPv6 address mapping for FreeSwitch in the Nginx configuration file, and update the IPv6 network gateway address in the docker-compose.yml file

bbb2602-docker/mod/nginx/bigbluebutton (include only modified sections)

map $remote_addr $freeswitch_addr {
    "~:"    [fdxx:xxxx:8a45:2::1];
    default    10.7.7.1;
}

 

Other configuration files for FreeSwitch

mod/freeswitch/conf/vars.xml.tmpl

    <X-PRE-PROCESS cmd="set" data="local_ip_v6=fdxx:xxxx:8a45:2::1"/>

    <X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/> 

mod/freeswitch/conf/sip_profiles/external.xml

    <param name="rtp-ip" value="$${local_ip_v4}"/>

    <param name="tls-cert-dir" value="/etc/letsencrypt/tls"/>

mod/freeswitch/conf/sip_profiles/external-ipv6.xml

    <param name="tls-cert-dir" value="/etc/letsencrypt/tls"/>

mod/freeswitch/conf/autoload_configs/acl.conf.xml

    <node type="allow" cidr="fdxx:xxxx:8a45:2::/64"/>

/etc/hosts (on the host machine)

.....
.....
10.7.7.1 www.example.com
.....
fdxx:xxxx:8a45:2::1 www.example.com

 

6. Run, confirm status

Start

$ docker compose up -d
[+] Running 22/22
 ✔ Network bbb2602-docker_bbb-net               Created                                                                    0.2s 
 ✔ Container bbb2602-docker-coturn-1            Started                                                                    1.2s 
 ✔ Container bbb2602-docker-redis-1             Started                                                                    3.8s 
 ✔ Container bbb2602-docker-jodconverter-1      Started                                                                    2.2s 
 ✔ Container bbb2602-docker-kurento-1           Started                                                                    1.5s 
 ✔ Container bbb-mongodb                        Started                                                                    2.4s 
 ✔ Container bbb-freeswitch                     Started                                                                    1.5s 
 ✔ Container bbb2602-docker-postgres-1          Started                                                                    2.3s 
 ✔ Container bbb2602-docker-periodic-1          Started                                                                    7.8s 
 ✔ Container bbb2602-docker-greenlight-1        Started                                                                    8.7s 
 ✔ Container bbb2602-docker-etherpad-1          Started                                                                    9.1s 
 ✔ Container bbb2602-docker-webrtc-sfu-1        Started                                                                    6.7s 
 ✔ Container bbb2602-docker-apps-akka-1         Started                                                                    8.3s 
 ✔ Container bbb2602-docker-fsesl-akka-1        Started                                                                    9.1s 
 ✔ Container bbb2602-docker-bbb-pads-1          Started                                                                   13.3s 
 ✔ Container bbb2602-docker-html5-frontend-2-1  Started                                                                   14.8s 
 ✔ Container bbb2602-docker-html5-backend-1-1   Started                                                                   17.9s 
 ✔ Container bbb2602-docker-html5-backend-2-1   Started                                                                   16.5s 
 ✔ Container bbb2602-docker-html5-frontend-1-1  Started                                                                   16.6s 
 ✔ Container bbb2602-docker-nginx-1             Started                                                                   19.6s 
 ✔ Container bbb2602-docker-recordings-1        Started                                                                   19.0s 
 ✔ Container bbb2602-docker-bbb-web-1           Started                                                                   19.8s 

 

Confirm containers status

$ docker compose ps
NAME                                IMAGE                                                 COMMAND                  SERVICE             CREATED             STATUS                    PORTS
bbb-freeswitch                      alangecker/bbb-docker-freeswitch:v2.6.0               "/bin/sh -c /entrypo…"   freeswitch          14 minutes ago      Up 14 minutes             
bbb-mongodb                         mongo:4.4                                             "docker-entrypoint.s…"   mongodb             14 minutes ago      Up 14 minutes (healthy)   27017/tcp
bbb2602-docker-apps-akka-1          alangecker/bbb-docker-apps-akka:v2.6.0                "/bin/sh -c /entrypo…"   apps-akka           14 minutes ago      Up 13 minutes             
bbb2602-docker-bbb-pads-1           alangecker/bbb-docker-pads:v1.4.1                     "/bin/sh -c /entrypo…"   bbb-pads            14 minutes ago      Up 13 minutes             
bbb2602-docker-bbb-web-1            alangecker/bbb-docker-web:v2.6.0                      "/entrypoint.sh"         bbb-web             14 minutes ago      Up 13 minutes (healthy)   
bbb2602-docker-coturn-1             coturn/coturn:4.6-alpine                              "docker-entrypoint.s…"   coturn              14 minutes ago      Up 14 minutes             
bbb2602-docker-etherpad-1           alangecker/bbb-docker-etherpad:1.8.18-3               "/entrypoint.sh"         etherpad            14 minutes ago      Up 13 minutes (healthy)   9001/tcp
bbb2602-docker-fsesl-akka-1         alangecker/bbb-docker-fsesl-akka:v2.6.0               "/bin/sh -c /entrypo…"   fsesl-akka          14 minutes ago      Up 13 minutes             
bbb2602-docker-greenlight-1         bigbluebutton/greenlight:v3                           "./bin/start"            greenlight          14 minutes ago      Up 13 minutes             3000/tcp
bbb2602-docker-html5-backend-1-1    alangecker/bbb-docker-html5:v2.6.0                    "/entrypoint.sh"         html5-backend-1     14 minutes ago      Up 13 minutes             
bbb2602-docker-html5-backend-2-1    alangecker/bbb-docker-html5:v2.6.0                    "/entrypoint.sh"         html5-backend-2     14 minutes ago      Up 13 minutes             
bbb2602-docker-html5-frontend-1-1   alangecker/bbb-docker-html5:v2.6.0                    "/entrypoint.sh"         html5-frontend-1    14 minutes ago      Up 13 minutes             
bbb2602-docker-html5-frontend-2-1   alangecker/bbb-docker-html5:v2.6.0                    "/entrypoint.sh"         html5-frontend-2    14 minutes ago      Up 13 minutes             
bbb2602-docker-jodconverter-1       alangecker/bbb-docker-jodconverter:latest             "/docker-entrypoint.…"   jodconverter        14 minutes ago      Up 14 minutes             
bbb2602-docker-kurento-1            kurento/kurento-media-server:6.18                     "/entrypoint.sh"         kurento             14 minutes ago      Up 3 minutes (healthy)    
bbb2602-docker-nginx-1              alangecker/bbb-docker-nginx:1.23-v5.0.0-rc.2-v2.6.0   "/docker-entrypoint.…"   nginx               14 minutes ago      Up 13 minutes             
bbb2602-docker-periodic-1           alangecker/bbb-docker-periodic:v2.5.0-rc.1            "/entrypoint.sh"         periodic            14 minutes ago      Up 13 minutes             
bbb2602-docker-postgres-1           postgres:14.6-alpine3.17                              "docker-entrypoint.s…"   postgres            14 minutes ago      Up 14 minutes (healthy)   5432/tcp
bbb2602-docker-recordings-1         alangecker/bbb-docker-recordings:v2.6.0               "/bin/sh -c /entrypo…"   recordings          14 minutes ago      Up 13 minutes             
bbb2602-docker-redis-1              redis:7.0-alpine                                      "docker-entrypoint.s…"   redis               14 minutes ago      Up 13 minutes (healthy)   6379/tcp
bbb2602-docker-webrtc-sfu-1         alangecker/bbb-docker-webrtc-sfu:v2.9.10              "docker-entrypoint.s…"   webrtc-sfu          14 minutes ago      Up 13 minutes             

 

Check logs

$ docker compose logs (+servive_name)

By installing it on cloud servers such as Azure, AWS, or GCP, it is entirely possible to host online classes for individual online tutoring or educational institutions.