Summary of Installation Notes(Forum article) for BigBlueButton (BBB) Open Source Video Conferencing System (Online Classroom System) – Upgrade from v2.4 to v2.6
In this upgrade, we are installing BigBlueButton (BBB) version 2.6, an open-source video conferencing system (online classroom system). Similar to the previous version (v2.4), we will be using Docker containers to run each application that constitutes BigBlueButton. The major changes from v2.4 to v2.6 include the adoption of mediasoup for WebRTC and support for IPv6. TLS authentication is now mandatory for Nginx, Coturn, and FreeSwitch. Therefore, it is recommended to obtain Let's Encrypt authentication files using Certbot in advance. The system will be operated within a Docker environment, and Ubuntu 20.06 or above is the recommended operating system. The minimum specifications for the host machine are 8 CPU cores, 16GB memory, and 500GB disk space (although lower specifications may suffice depending on the number of participants).
Forum article:BigBlueButton v2.6 on Docker(Update from v2.4, Support IPv6)
Host Machine : 4Core CPU, 12GB Memory, 500GB SSD, Ubuntu22.04
1. Downloading Docker version of BBB and Creating Docker Compose File
Downloading the Latest Stable Version of the Main Branch (with submodule option) to the "bbb2602-docker" Folder and Navigating to the Folder:
$ git clone [email protected]:bigbluebutton/docker.git -b main --recurse-submodules bbb2602-docker
$ cd bbb2602-docker
The script below creates the Docker Compose file, docker-compose.yml
, and the environment variable configuration file, .env
:
$ ./scripts/setup
Note: If you make any changes to the .env
file, please rebuild the docker-compose.yml
using the following command:
$ ./scripts/generate-compose
2. Obtaining TLS Certificates with Let's Encrypt for TLS Authentication
To obtain TLS certificates with Let's Encrypt using Certbot container (standalone mode) within the bbb2602-docker
folder for Nginx, FreeSwitch, and Coturn containers, follow these steps:
$ docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -p 80:80 certbot/certbot certonly --standalone -d www.example.com
Note: The authentication files will be saved in the /etc/letsencrypt
folder of the host machine. You will need to add the aforementioned Certbot/Docker update command to your host machine's clone job.
If you want to perform TLS authentication with WebSocket in FreeSwitch, you will need authentication files that include the private key file.
Create a symbolic link with the specified file name for this file.
$ sudo cat cert.pem privkey.pem fullchain.pem > wss.pem
$ sudo ln -s wss.pem agent.pem
$ sudo ln -s wss.pem tls.pem
$ sudo ln -s wss.pem dtls-srtp.pem
3. Creating the Nginx Reverse Proxy Configuration File
Setting up a reverse proxy server as the entry point of the system involves adding a reverse proxy configuration file to the existing Nginx server and ensuring it is loaded. Additionally, for HTTPS connections, the SSL/TLS certificate already obtained will be used within this file.
The reverse proxy configuration file is provided below:
docker/existing-web-server.md at develop · bigbluebutton/docker · GitHub
Please refer to the DockerHub page provided below and save the above configuration file as a template file named nginx_config_temp/reverse-proxy.conf.template
. This template file will be copied to the /etc/nginx/conf.d
directory as the configuration file during container startup.
https://hub.docker.com/_/nginx
nginx_config_temp/reverse-proxy.conf.template
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $remote_addr $endpoint_addr {
"~:" [::1];
default 127.0.0.1;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name ${NGINX_HOST};
ssl_certificate /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers on;
# on the host machine, "$ sudo openssl dhparam -out ./letsencrypt/dhp-4096.pem 4096"
ssl_dhparam /etc/letsencrypt/dhp-4096.pem;
access_log /var/log/nginx/bigbluebutton.access.log;
error_log /var/log/nginx/bigbluebutton.error.log;
location / {
proxy_http_version 1.1;
proxy_pass http://$endpoint_addr:48087;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
}
}
dhp-4096.pemファイルは下記のopensslコマンドで作成して下さい。
$ sudo openssl dhparam -out ./letsencrypt/dhp-4096.pem 4096
4. Editing the Docker Compose File docker-compose.yml
and the Environment Variable Configuration File .env
To incorporate IPv6 support (WebRTC-SFU) and the inclusion of the reverse proxy file into the docker-compose.yml
file.
Note: Below are the changes for the Nginx, WebRTC-SFU, Greenlight, Postgres, and Network sections in the docker-compose.yml
file:
- Nginx:Added template file
- WebRTC-SFU:Support IPv6 for WEBRTC and RTP LISTEN_IP
- Greenlight, Postgres:Upgrade for Greenlight v3
- Network:Added IPv6 address range
docker-compose.yml (Include only the modified/added sections)
services:
nginx:
volumes:
# added for reverse-proxy config template file; see https://hub.docker.com/_/nginx
# *.conf.template changed into /etc/nginx/conf.d/*.conf after variables transferred.
- ./nginx_config_temp:/etc/nginx/templates
environment:
# added below for variables in *.conf.template
- NGINX_HOST=www.example.com
# TODO: remove as soon as not required anymore by webrtc-sfu
kurento:
image: kurento/kurento-media-server:7.0.1
restart: unless-stopped
environment:
KMS_EXTERNAL_IPV4: 10.7.7.1
#KMS_EXTERNAL_IPV6: ${EXTERNAL_IPv6}
KMS_MIN_PORT: 10000
KMS_MAX_PORT: 10030
network_mode: host
volumes:
- vol-kurento:/var/kurento
webrtc-sfu:
build:
context: mod/webrtc-sfu
args:
BBB_BUILD_TAG: v2022-12-29-grails-524
image: alangecker/bbb-docker-webrtc-sfu:v2.9.12
restart: unless-stopped
depends_on:
- redis
- freeswitch
environment:
CLIENT_HOST: 10.7.7.1
REDIS_HOST: 10.7.7.5
# changed from default in default.example.yml
MCS_HOST: 10.7.7.1
MCS_ADDRESS: 10.7.7.1
FREESWITCH_IP: 10.7.7.1
FREESWITCH_SIP_IP: ${EXTERNAL_IPv6}
ESL_IP: 10.7.7.1
ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
# KURENTO: '[{"ip": "::", "url": "ws://[::1]:8888/kurento"}]'
KURENTO: '[{"ip": "0.0.0.0", "url": "ws://10.7.7.1:8888/kurento"}]'
MS_RTC_MIN: 16384
MS_RTC_MAX: 32768
# TODO: add mediasoup IPv6
# TODO: can listen to 0.0.0.0 for nat support? https://github.com/versatica/mediasoup/issues/487
# MS_WEBRTC_LISTEN_IPS: '[{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}, {"ip":"${EXTERNAL_IPv6}"}]'
MS_WEBRTC_LISTEN_IPS: '[{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}, {"ip":"${EXTERNAL_IPv6}"}]'
MS_RTP_LISTEN_IP: '{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}'
volumes:
- vol-mediasoup:/var/mediasoup
tmpfs:
- /var/log/bbb-webrtc-sfu
network_mode: host
# greenlight
greenlight:
image: bigbluebutton/greenlight:v3
restart: unless-stopped
env_file: .env
depends_on:
- postgres
- redis
environment:
DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight-v3
REDIS_URL: redis://redis:6379
BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api
BIGBLUEBUTTON_SECRET: ${SHARED_SECRET}
SECRET_KEY_BASE: ${RAILS_SECRET}
volumes:
- ./greenlight-data:/usr/src/app/storage
networks:
bbb-net:
ipv4_address: 10.7.7.21
ipv6_address: fdxx:xxxx:8a45:2::21
postgres:
image: postgres:14.6-alpine3.17
restart: unless-stopped
environment:
POSTGRES_DB: greenlight-v3
POSTGRES_USER: postgres
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s
timeout: 5s
retries: 5
volumes:
- ./postgres-data:/var/lib/postgresql/data
networks:
bbb-net:
ipv4_address: 10.7.7.22
ipv6_address: fdxx:xxxx:8a45:2::22
networks:
bbb-net:
enable_ipv6: true
ipam:
driver: default
config:
- subnet: "10.7.7.0/24"
- subnet: "fdxx:xxxx:8a45:2::/64"
In the .env
file, specify the directory for Coturn's TLS authentication files, enable recording, and configure the SMTP server (Gmail) for use with Greenlight.
.env (Include only the modified sections)
# coturn (a TURN Server)
# requires either the abhove HTTPS Proxy to be enabled
# or TLS certificates to be mounted to container
ENABLE_COTURN=true
COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/www.example.com/fullchain.pem
COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/www.example.com/privkey.pem
# Recording
# IMPORTANT: this is currently a big privacy issues, because it will
# record everything which happens in the conference, even when the button
# suggets, that it does not.
# https://github.com/bigbluebutton/bigbluebutton/issues/9202
# make sure that you get peoples consent, before they join a room
ENABLE_RECORDING=true
REMOVE_OLD_RECORDING=true
RECORDING_MAX_AGE_DAYS=7
# ====================================
# GREENLIGHT CONFIGURATION
# ====================================
### SMTP CONFIGURATION
# Emails are required for the basic features of Greenlight to function.
# Please refer to your SMTP provider to get the values for the variables below
[email protected]
SMTP_SENDER_NAME=FICUSONLINE
SMTP_SERVER=smtp.gmail.com
SMTP_PORT=587
SMTP_DOMAIN=gmail.com
SMTP_USERNAME=user_id
SMTP_PASSWORD=password
SMTP_AUTH=plain
SMTP_STARTTLS_AUTO=true
SMTP_SSL_VERIFY=false
5. Editing Container Configuration Files and the Host Machine's /etc/hosts
File
To change the IPv6 address mapping for FreeSwitch in the Nginx configuration file, and update the IPv6 network gateway address in the docker-compose.yml
file
bbb2602-docker/mod/nginx/bigbluebutton (include only modified sections)
map $remote_addr $freeswitch_addr {
"~:" [fdxx:xxxx:8a45:2::1];
default 10.7.7.1;
}
Other configuration files for FreeSwitch
mod/freeswitch/conf/vars.xml.tmpl
<X-PRE-PROCESS cmd="set" data="local_ip_v6=fdxx:xxxx:8a45:2::1"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/>
mod/freeswitch/conf/sip_profiles/external.xml
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="tls-cert-dir" value="/etc/letsencrypt/tls"/>
mod/freeswitch/conf/sip_profiles/external-ipv6.xml
<param name="tls-cert-dir" value="/etc/letsencrypt/tls"/>
mod/freeswitch/conf/autoload_configs/acl.conf.xml
<node type="allow" cidr="fdxx:xxxx:8a45:2::/64"/>
/etc/hosts (on the host machine)
.....
.....
10.7.7.1 www.example.com
.....
fdxx:xxxx:8a45:2::1 www.example.com
6. Run, confirm status
Start
$ docker compose up -d
[+] Running 22/22
✔ Network bbb2602-docker_bbb-net Created 0.2s
✔ Container bbb2602-docker-coturn-1 Started 1.2s
✔ Container bbb2602-docker-redis-1 Started 3.8s
✔ Container bbb2602-docker-jodconverter-1 Started 2.2s
✔ Container bbb2602-docker-kurento-1 Started 1.5s
✔ Container bbb-mongodb Started 2.4s
✔ Container bbb-freeswitch Started 1.5s
✔ Container bbb2602-docker-postgres-1 Started 2.3s
✔ Container bbb2602-docker-periodic-1 Started 7.8s
✔ Container bbb2602-docker-greenlight-1 Started 8.7s
✔ Container bbb2602-docker-etherpad-1 Started 9.1s
✔ Container bbb2602-docker-webrtc-sfu-1 Started 6.7s
✔ Container bbb2602-docker-apps-akka-1 Started 8.3s
✔ Container bbb2602-docker-fsesl-akka-1 Started 9.1s
✔ Container bbb2602-docker-bbb-pads-1 Started 13.3s
✔ Container bbb2602-docker-html5-frontend-2-1 Started 14.8s
✔ Container bbb2602-docker-html5-backend-1-1 Started 17.9s
✔ Container bbb2602-docker-html5-backend-2-1 Started 16.5s
✔ Container bbb2602-docker-html5-frontend-1-1 Started 16.6s
✔ Container bbb2602-docker-nginx-1 Started 19.6s
✔ Container bbb2602-docker-recordings-1 Started 19.0s
✔ Container bbb2602-docker-bbb-web-1 Started 19.8s
Confirm containers status
$ docker compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
bbb-freeswitch alangecker/bbb-docker-freeswitch:v2.6.0 "/bin/sh -c /entrypo…" freeswitch 14 minutes ago Up 14 minutes
bbb-mongodb mongo:4.4 "docker-entrypoint.s…" mongodb 14 minutes ago Up 14 minutes (healthy) 27017/tcp
bbb2602-docker-apps-akka-1 alangecker/bbb-docker-apps-akka:v2.6.0 "/bin/sh -c /entrypo…" apps-akka 14 minutes ago Up 13 minutes
bbb2602-docker-bbb-pads-1 alangecker/bbb-docker-pads:v1.4.1 "/bin/sh -c /entrypo…" bbb-pads 14 minutes ago Up 13 minutes
bbb2602-docker-bbb-web-1 alangecker/bbb-docker-web:v2.6.0 "/entrypoint.sh" bbb-web 14 minutes ago Up 13 minutes (healthy)
bbb2602-docker-coturn-1 coturn/coturn:4.6-alpine "docker-entrypoint.s…" coturn 14 minutes ago Up 14 minutes
bbb2602-docker-etherpad-1 alangecker/bbb-docker-etherpad:1.8.18-3 "/entrypoint.sh" etherpad 14 minutes ago Up 13 minutes (healthy) 9001/tcp
bbb2602-docker-fsesl-akka-1 alangecker/bbb-docker-fsesl-akka:v2.6.0 "/bin/sh -c /entrypo…" fsesl-akka 14 minutes ago Up 13 minutes
bbb2602-docker-greenlight-1 bigbluebutton/greenlight:v3 "./bin/start" greenlight 14 minutes ago Up 13 minutes 3000/tcp
bbb2602-docker-html5-backend-1-1 alangecker/bbb-docker-html5:v2.6.0 "/entrypoint.sh" html5-backend-1 14 minutes ago Up 13 minutes
bbb2602-docker-html5-backend-2-1 alangecker/bbb-docker-html5:v2.6.0 "/entrypoint.sh" html5-backend-2 14 minutes ago Up 13 minutes
bbb2602-docker-html5-frontend-1-1 alangecker/bbb-docker-html5:v2.6.0 "/entrypoint.sh" html5-frontend-1 14 minutes ago Up 13 minutes
bbb2602-docker-html5-frontend-2-1 alangecker/bbb-docker-html5:v2.6.0 "/entrypoint.sh" html5-frontend-2 14 minutes ago Up 13 minutes
bbb2602-docker-jodconverter-1 alangecker/bbb-docker-jodconverter:latest "/docker-entrypoint.…" jodconverter 14 minutes ago Up 14 minutes
bbb2602-docker-kurento-1 kurento/kurento-media-server:6.18 "/entrypoint.sh" kurento 14 minutes ago Up 3 minutes (healthy)
bbb2602-docker-nginx-1 alangecker/bbb-docker-nginx:1.23-v5.0.0-rc.2-v2.6.0 "/docker-entrypoint.…" nginx 14 minutes ago Up 13 minutes
bbb2602-docker-periodic-1 alangecker/bbb-docker-periodic:v2.5.0-rc.1 "/entrypoint.sh" periodic 14 minutes ago Up 13 minutes
bbb2602-docker-postgres-1 postgres:14.6-alpine3.17 "docker-entrypoint.s…" postgres 14 minutes ago Up 14 minutes (healthy) 5432/tcp
bbb2602-docker-recordings-1 alangecker/bbb-docker-recordings:v2.6.0 "/bin/sh -c /entrypo…" recordings 14 minutes ago Up 13 minutes
bbb2602-docker-redis-1 redis:7.0-alpine "docker-entrypoint.s…" redis 14 minutes ago Up 13 minutes (healthy) 6379/tcp
bbb2602-docker-webrtc-sfu-1 alangecker/bbb-docker-webrtc-sfu:v2.9.10 "docker-entrypoint.s…" webrtc-sfu 14 minutes ago Up 13 minutes
Check logs
$ docker compose logs (+servive_name)
By installing it on cloud servers such as Azure, AWS, or GCP, it is entirely possible to host online classes for individual online tutoring or educational institutions.