Skip to main content

BigBlueButton

1. Prepare a container

  1. Create an Incus container. The latest stable version of BBB requires ubuntu:22.04:

    incus launch images:ubuntu/22.04 bbb \
    -c security.nesting=true \
    -c security.syscalls.intercept.mknod=true \
    -c security.syscalls.intercept.setxattr=true

    incus ls
  2. Set a better prompt, enable bash-completion, etc.:

    incus shell bbb

    cat <<'EOF' > ~/.bashrc_custom
    # set a better prompt
    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;31m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w \[\033[01;35m\]\$ \[\033[00m\]'
    EOF

    echo 'source ~/.bashrc_custom' >> ~/.bashrc
    source ~/.bashrc

    apt install --yes bash-completion

    cat <<'EOF' >> ~/.bashrc_custom
    # enable programmable completion features
    if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
    source /etc/bash_completion
    fi
    EOF
    source ~/.bashrc

    apt install --yes unattended-upgrades
  3. Set a fixed IP:

    incus shell bbb

    ip address
    ip route

    rm /etc/netplan/*.yaml
    cat <<EOF > /etc/netplan/01-netcfg.yaml
    network:
    version: 2
    ethernets:
    eth0:
    dhcp4: no
    addresses:
    - 10.31.96.203/8
    nameservers:
    addresses: [8.8.8.8, 8.8.4.4]
    routes:
    - to: default
    via: 10.31.96.1
    EOF
    chmod 600 /etc/netplan/01-netcfg.yaml
    netplan apply

    ip address
    ip route
    ping 8.8.8.8

2. Forward ports

2.1 80 and 443

cd /var/ds/sniproxy/
vim etc/sniproxy.conf

Add a line like this in the forward table:

table {
# . . . . .

# container: bbb
bbb.user1.fs.al 10.31.96.203

# . . . . .
}

Then restart sniproxy:

ds restart

2.2 The other ports

We need to forward the TCP ports 3478,5066,7443 and the UDP ports 3478,3479,5349,5350,49152-65535. We can do it with the command incus network forward. However, the port 3478 is already being forwarded to the snikket container, so we have to modify first the ports that are forwarded to snikket. Later, we will fix the configuration of Snukket, so that it uses the TURN server that is built in the BBB container.

  1. Check the current port forwards:

    hostname -I
    HOST_IP=65.109.96.100

    incus network forward list incusbr0
    incus network forward show incusbr0 $HOST_IP
  2. Remove port 3478 (tcp and udp) from the forward table of snikket:

    incus ls
    SNIKKET_IP=10.31.96.202

    incus network forward port remove \
    incusbr0 $HOST_IP \
    tcp 3478,3479,5349,5350
    incus network forward port add \
    incusbr0 $HOST_IP \
    tcp 3479,5349,5350 \
    $SNIKKET_IP
    incus network forward port remove \
    incusbr0 $HOST_IP \
    udp 3478,3479,5349,5350,49152-65535
    incus network forward port add \
    incusbr0 $HOST_IP \
    udp 3479,5349,5350 \
    $SNIKKET_IP
    incus network forward show \
    incusbr0 $HOST_IP
  3. Forward the neccessary ports to the bbb container:

    incus ls
    BBB_IP=10.31.96.203

    incus network forward port add \
    incusbr0 $HOST_IP \
    tcp 3478,5066,7443 \
    $BBB_IP
    incus network forward port add incusbr0 \
    $HOST_IP udp 3478,50001-65535 \
    $BBB_IP
    incus network forward show \
    incusbr0 $HOST_IP

3. Install BBB

incus shell bbb

3.1 Prepare

  1. Before running the installation script, let's make sure that we have the correct hostname:

    hostname -b bbb.user1.fs.al
    echo bbb.user1.fs.al > /etc/hostname
    hostname
  2. Download the installation script:

    apt install -y wget gnupg2
    wget http://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc \
    -O- | apt-key add -

    base_url="https://raw.githubusercontent.com/bigbluebutton"
    wget -q $base_url/bbb-install/v3.0.x-release/bbb-install.sh

    chmod +x bbb-install.sh
    ./bbb-install.sh
  3. Create the customization script /etc/bigbluebutton/bbb-conf/apply-config.sh:

    mkdir -p /etc/bigbluebutton/bbb-conf/

    cat <<'_EOF_' > /etc/bigbluebutton/bbb-conf/apply-config.sh
    #!/bin/bash

    ### Customize UDP ports
    ### See: https://docs.bigbluebutton.org/administration/customize/#change-udp-ports

    # Use ports 50001-55000 for FreeSWITCH
    sed -i /opt/freeswitch/etc/freeswitch/autoload_configs/switch.conf.xml \
    -e '/rtp-start-port/ s/value=".*"/value="50001"/' \
    -e '/rtp-end-port/ s/value=".*"/value="55000"/'

    # Use ports 55001-60000 for mediasoup
    yq e -i ".mediasoup.worker.rtcMinPort = 55001" /etc/bigbluebutton/bbb-webrtc-sfu/production.yml
    yq e -i ".mediasoup.worker.rtcMaxPort = 60000" /etc/bigbluebutton/bbb-webrtc-sfu/production.yml

    # Use ports 60001-65535 for the TURN server
    sed -i /etc/turnserver.conf \
    -e '/^min-port/ c min-port=60001' \
    -e '/^max-port/ c max-port=65535'

    # Enable playback of recordings on iOS
    mkdir -p /etc/bigbluebutton/recording/
    cat <<EOF > /etc/bigbluebutton/recording/presentation.yml
    video_formats:
    - webm
    - mp4
    EOF
    _EOF_

    chmod +x /etc/bigbluebutton/bbb-conf/apply-config.sh

    This script will be executed automatically by bbb-install.sh.

3.2 Run the script

  1. Create the script update.sh:

    cat <<'EOF' > update.sh
    #!/bin/bash -x

    apt update
    apt -y upgrade

    cd $(dirname $0)

    #base_url="https://raw.githubusercontent.com/bigbluebutton"
    #wget -q $base_url/bbb-install/v3.0.x-release/bbb-install.sh
    #chmod +x bbb-install.sh

    ./bbb-install.sh \
    -v jammy-300 \
    -s bbb.user1.fs.al \
    -e dashohoxha@gmail.com \
    -t lti_key:lti_secret \
    -g -k
    EOF

    lti_key=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w20 | head -n1)
    lti_secret=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w20 | head -n1)
    sed -i update.sh \
    -e "s/lti_key/$lti_key/" \
    -e "s/lti_secret/$lti_secret/"
  2. Run it:

    chmod +x update.sh
    ./update.sh

    bbb-conf --status

    For some reasons, it needs to be executed a second time, so that everything works (maybe it is related with the order of the modifications done by apply-config.sh).

    ./update.sh
    bbb-conf --status

3.3 Add users

docker exec greenlight-v3 \
bundle exec rake \
admin:create["BBB Admin","dashohoxha+admin@gmail.com","Qwerty.123"]
docker exec greenlight-v3 \
bundle exec rake \
user:create["User Name","dashohoxha+user1@gmail.com","Asdfgh.123"]

3.4 Enable video format

By default, the recorded videos can be viewed only in the "presentation" format. It is possible to enable other formats as well, like "video" and "screenshare". It can be done like this:

apt install -y \
bbb-playback-screenshare \
bbb-playback-video

mkdir -p /etc/bigbluebutton/recording
cat << _EOF_ > /etc/bigbluebutton/recording/recording.yml
steps:
archive: "sanity"
sanity: "captions"
captions:
- "process:presentation"
- "process:video"
- "process:screenshare"
"process:presentation": "publish:presentation"
"process:video": "publish:video"
"process:screenshare": "publish:screenshare"
_EOF_

systemctl restart bbb-rap-resque-worker.service

After this, it is a good idea to reinstall/update the BBB installation (with ./update.sh).

Then, it is also possible to regenerate all the enabled formats for the meetings that were recorded previously, with bbb-record --rebuildall.

warning

Rebuilding all the recorded meetings usually takes a very long time, depending on their number and size.

4. Email notifications

To be able to send email notifications, we need to set the SMTP variables on the configuration file greenlight-v3/.env :

SMTP_SENDER_EMAIL=noreply@user1.fs.al
SMTP_SENDER_NAME=BBB
SMTP_SERVER=smtp.user1.fs.al
SMTP_PORT=25
SMTP_DOMAIN=user1.fs.al

Leave the rest of the SMTP settings commented because they are not needed.

We need to rebuild the containers, in order to apply these settings:

cd greenlight-v3/
docker compose down
docker compose up -d

Let's use swaks to test that we can send emails from the bbb container:

apt install swaks
swaks --from notify@user1.fs.al --to info@user1.fs.al -tlso

We will get an error like this:

== Trying smtp.user1.fs.al:25...
*** Error connecting to smtp.user1.fs.al:25:
*** IO::Socket::INET6: connect: Connection refused

Because the SMTP server (smtp.user1.fs.al) is installed in the same host as the container bbb, there is a problem, because Incus containers by default cannot access the host. So, we cannot access the port 25 on the host, that is needed to send emails to the SMTP server.

We need to open this port for the BBB container, and we can do it like this:

incus config device add \
bbb smtp25 proxy \
listen=tcp:0.0.0.0:25 \
connect=tcp:0.0.0.0:25 \
bind=container

incus config device show bbb

Test again with swaks and verify that emails now can be sent.

5. Fix Snikket

Both Snikket and BBB have a built-in TURN server, to facilitate audio/video communications. However, since they are installed on the same host, we can forward the ports 3478/tcp and 3478/udp to only one of them.

In the section above, we removed these ports from the snikket container and forwarded them to the bbb container. But we can also change the Snikket configuration so that it uses the TURN server of BBB, instead of its own.

  1. Get the auth secret of the TURN server in the BBB container:

    incus exec bbb -- cat /etc/turnserver.conf

    We will see, among others, some lines like these:

    use-auth-secret
    static-auth-secret=xnYzKWcdGQRxE6fruR/vXDgECSHqxZqnAER46Kt+Qew=
    realm=bbb.user1.fs.al

    This is the secret that we need to copy.

  2. Add the relevant settings to the configuration of Snikket:

    incus shell snikket
    cd snikket/

    turnserver_secret="xnYzKWcdGQRxE6fruR/vXDgECSHqxZqnAER46Kt+Qew="

    cat <<EOF >> snikket.conf
    SNIKKET_TWEAK_TURNSERVER=0
    SNIKKET_TWEAK_TURNSERVER_DOMAIN=bbb.user1.fs.al
    SNIKKET_TWEAK_TURNSERVER_SECRET=$turnserver_secret
    EOF

    The first setting disables the internal (built-in) TURN server. The other two show which TURN server to use. For more details see: https://snikket.org/service/help/advanced/config/#snikket_tweak_turnserver

  3. Rebuild the docker containers:

    docker compose down
    docker compose up -d