BigBlueButton

1. Prepare a container

Create an Incus container. The latest stable version of BBB requires ubuntu:22.04:

incus launch images:ubuntu/22.04 bbb \
    -c security.nesting=true \
    -c security.syscalls.intercept.mknod=true \
    -c security.syscalls.intercept.setxattr=true

incus ls

Set a better prompt, enable bash-completion, etc.:

incus shell bbb

cat <<'EOF' > ~/.bashrc_custom
# set a better prompt
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;31m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w \[\033[01;35m\]\$ \[\033[00m\]'
EOF

echo 'source ~/.bashrc_custom' >> ~/.bashrc
source ~/.bashrc

apt install --yes bash-completion

cat <<'EOF' >> ~/.bashrc_custom
# enable programmable completion features
if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
    source /etc/bash_completion
fi
EOF
source ~/.bashrc

apt install --yes unattended-upgrades

Set a fixed IP:

incus shell bbb

ip address
ip route

rm /etc/netplan/*.yaml
cat <<EOF > /etc/netplan/01-netcfg.yaml
network:
  version: 2
  ethernets:
    eth0:
      dhcp4: no
      addresses:
        - 10.31.96.203/8
      nameservers:
        addresses: [8.8.8.8, 8.8.4.4]
      routes:
        - to: default
          via: 10.31.96.1
EOF
chmod 600 /etc/netplan/01-netcfg.yaml
netplan apply

ip address
ip route
ping 8.8.8.8

2. Forward ports

2.1 `80` and `443`

cd /var/ds/sniproxy/
vim etc/sniproxy.conf

Add a line like this in the forward table:

table {
    # . . . . .

    # container: bbb
    bbb.user1.fs.al        10.31.96.203

    # . . . . .
}

Then restart sniproxy:

ds restart

2.2 The other ports

We need to forward the TCP ports 3478,5066,7443 and the UDP ports 3478,3479,5349,5350,49152-65535. We can do it with the command incus network forward. However, the port 3478 is already being forwarded to the snikket container, so we have to modify first the ports that are forwarded to snikket. Later, we will fix the configuration of Snukket, so that it uses the TURN server that is built in the BBB container.

Check the current port forwards:

hostname -I
HOST_IP=65.109.96.100

incus network forward list incusbr0
incus network forward show incusbr0 $HOST_IP

Remove port 3478 (tcp and udp) from the forward table of snikket:

incus ls
SNIKKET_IP=10.31.96.202

incus network forward port remove \
      incusbr0 $HOST_IP \
      tcp 3478,3479,5349,5350
incus network forward port add \
      incusbr0 $HOST_IP \
      tcp 3479,5349,5350 \
      $SNIKKET_IP
incus network forward port remove \
      incusbr0 $HOST_IP \
      udp 3478,3479,5349,5350,49152-65535
incus network forward port add \
      incusbr0 $HOST_IP \
      udp 3479,5349,5350 \
      $SNIKKET_IP
incus network forward show \
      incusbr0 $HOST_IP

Forward the neccessary ports to the bbb container:

incus ls
BBB_IP=10.31.96.203

incus network forward port add \
      incusbr0 $HOST_IP \
      tcp 3478,5066,7443 \
      $BBB_IP
incus network forward port add incusbr0 \
      $HOST_IP udp 3478,50001-65535 \
      $BBB_IP
incus network forward show \
      incusbr0 $HOST_IP

3. Install BBB

incus shell bbb

3.1 Prepare

Before running the installation script, let's make sure that we have the correct hostname:
```
hostname -b bbb.user1.fs.al
echo bbb.user1.fs.al > /etc/hostname
hostname
```

Download the installation script:

apt install -y wget gnupg2
wget http://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc \
    -O- | apt-key add -

base_url="https://raw.githubusercontent.com/bigbluebutton"
wget -q $base_url/bbb-install/v3.0.x-release/bbb-install.sh

chmod +x bbb-install.sh
./bbb-install.sh

Create the customization script /etc/bigbluebutton/bbb-conf/apply-config.sh:

mkdir -p /etc/bigbluebutton/bbb-conf/

cat <<'_EOF_' > /etc/bigbluebutton/bbb-conf/apply-config.sh
#!/bin/bash

### Customize UDP ports
### See: https://docs.bigbluebutton.org/administration/customize/#change-udp-ports

# Use ports 50001-55000 for FreeSWITCH
sed -i /opt/freeswitch/etc/freeswitch/autoload_configs/switch.conf.xml \
    -e '/rtp-start-port/ s/value=".*"/value="50001"/' \
    -e '/rtp-end-port/ s/value=".*"/value="55000"/'

# Use ports 55001-60000 for mediasoup
yq e -i ".mediasoup.worker.rtcMinPort = 55001" /etc/bigbluebutton/bbb-webrtc-sfu/production.yml
yq e -i ".mediasoup.worker.rtcMaxPort = 60000" /etc/bigbluebutton/bbb-webrtc-sfu/production.yml

# Use ports 60001-65535 for the TURN server
sed -i /etc/turnserver.conf \
    -e '/^min-port/ c min-port=60001' \
    -e '/^max-port/ c max-port=65535'

# Enable playback of recordings on iOS
mkdir -p /etc/bigbluebutton/recording/
cat <<EOF > /etc/bigbluebutton/recording/presentation.yml
video_formats:
- webm
- mp4
EOF
_EOF_

chmod +x /etc/bigbluebutton/bbb-conf/apply-config.sh

This script will be executed automatically by bbb-install.sh.

3.2 Run the script

Create the script update.sh:

cat <<'EOF' > update.sh
#!/bin/bash -x

apt update
apt -y upgrade

cd $(dirname $0)

#base_url="https://raw.githubusercontent.com/bigbluebutton"
#wget -q $base_url/bbb-install/v3.0.x-release/bbb-install.sh
#chmod +x bbb-install.sh

./bbb-install.sh \
    -v jammy-300 \
    -s bbb.user1.fs.al \
    -e dashohoxha@gmail.com \
    -t lti_key:lti_secret \
    -g -k
EOF

lti_key=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w20 | head -n1)
lti_secret=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w20 | head -n1)
sed -i update.sh \
    -e "s/lti_key/$lti_key/" \
    -e "s/lti_secret/$lti_secret/"

Run it:
```
chmod +x update.sh
./update.sh

bbb-conf --status
```
For some reasons, it needs to be executed a second time, so that everything works (maybe it is related with the order of the modifications done by apply-config.sh).
```
./update.sh
bbb-conf --status
```

3.3 Add users

docker exec greenlight-v3 \
    bundle exec rake \
    admin:create["BBB Admin","dashohoxha+admin@gmail.com","Qwerty.123"]

docker exec greenlight-v3 \
    bundle exec rake \
    user:create["User Name","dashohoxha+user1@gmail.com","Asdfgh.123"]

3.4 Enable video format

By default, the recorded videos can be viewed only in the "presentation" format. It is possible to enable other formats as well, like "video" and "screenshare". It can be done like this:

apt install -y \
    bbb-playback-screenshare \
    bbb-playback-video

mkdir -p /etc/bigbluebutton/recording
cat << _EOF_ > /etc/bigbluebutton/recording/recording.yml
steps:
  archive: "sanity"
  sanity: "captions"
  captions:
    - "process:presentation"
    - "process:video"
    - "process:screenshare"
  "process:presentation": "publish:presentation"
  "process:video": "publish:video"
  "process:screenshare": "publish:screenshare"
_EOF_

systemctl restart bbb-rap-resque-worker.service

After this, it is a good idea to reinstall/update the BBB installation (with ./update.sh).

Then, it is also possible to regenerate all the enabled formats for the meetings that were recorded previously, with bbb-record --rebuildall.

warning

Rebuilding all the recorded meetings usually takes a very long time, depending on their number and size.

4. Email notifications

To be able to send email notifications, we need to set the SMTP variables on the configuration file greenlight-v3/.env :

SMTP_SENDER_EMAIL=noreply@user1.fs.al
SMTP_SENDER_NAME=BBB
SMTP_SERVER=smtp.user1.fs.al
SMTP_PORT=25
SMTP_DOMAIN=user1.fs.al

Leave the rest of the SMTP settings commented because they are not needed.

We need to rebuild the containers, in order to apply these settings:

cd greenlight-v3/
docker compose down
docker compose up -d

Let's use swaks to test that we can send emails from the bbb container:

apt install swaks
swaks --from notify@user1.fs.al --to info@user1.fs.al -tlso

We will get an error like this:

== Trying smtp.user1.fs.al:25...
*** Error connecting to smtp.user1.fs.al:25:
***     IO::Socket::INET6: connect: Connection refused

Because the SMTP server (smtp.user1.fs.al) is installed in the same host as the container bbb, there is a problem, because Incus containers by default cannot access the host. So, we cannot access the port 25 on the host, that is needed to send emails to the SMTP server.

We need to open this port for the BBB container, and we can do it like this:

incus config device add \
    bbb smtp25 proxy \
    listen=tcp:0.0.0.0:25 \
    connect=tcp:0.0.0.0:25 \
    bind=container

incus config device show bbb

Test again with swaks and verify that emails now can be sent.

5. Fix Snikket

Both Snikket and BBB have a built-in TURN server, to facilitate audio/video communications. However, since they are installed on the same host, we can forward the ports 3478/tcp and 3478/udp to only one of them.

In the section above, we removed these ports from the snikket container and forwarded them to the bbb container. But we can also change the Snikket configuration so that it uses the TURN server of BBB, instead of its own.

Get the auth secret of the TURN server in the BBB container:
```
incus exec bbb -- cat /etc/turnserver.conf
```
We will see, among others, some lines like these:
```
use-auth-secret
static-auth-secret=xnYzKWcdGQRxE6fruR/vXDgECSHqxZqnAER46Kt+Qew=
realm=bbb.user1.fs.al
```
This is the secret that we need to copy.
Add the relevant settings to the configuration of Snikket:
```
incus shell snikket
cd snikket/

turnserver_secret="xnYzKWcdGQRxE6fruR/vXDgECSHqxZqnAER46Kt+Qew="

cat <<EOF >> snikket.conf
SNIKKET_TWEAK_TURNSERVER=0
SNIKKET_TWEAK_TURNSERVER_DOMAIN=bbb.user1.fs.al
SNIKKET_TWEAK_TURNSERVER_SECRET=$turnserver_secret
EOF
```
The first setting disables the internal (built-in) TURN server. The other two show which TURN server to use. For more details see: https://snikket.org/service/help/advanced/config/#snikket_tweak_turnserver
Rebuild the docker containers:
```
docker compose down
docker compose up -d
```

1. Prepare a container​

2. Forward ports​

2.1 80 and 443​

2.2 The other ports​

3. Install BBB​

3.1 Prepare​

3.2 Run the script​

3.3 Add users​

3.4 Enable video format​

4. Email notifications​

5. Fix Snikket​