BigBlueButton
1. Prepare a container
-
Create an Incus container. The latest stable version of BBB requires
ubuntu:22.04
:incus launch images:ubuntu/22.04 bbb \
-c security.nesting=true \
-c security.syscalls.intercept.mknod=true \
-c security.syscalls.intercept.setxattr=true
incus ls -
Set a better prompt, enable bash-completion, etc.:
incus shell bbb
cat <<'EOF' > ~/.bashrc_custom
# set a better prompt
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;31m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w \[\033[01;35m\]\$ \[\033[00m\]'
EOF
echo 'source ~/.bashrc_custom' >> ~/.bashrc
source ~/.bashrc
apt install --yes bash-completion
cat <<'EOF' >> ~/.bashrc_custom
# enable programmable completion features
if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
source /etc/bash_completion
fi
EOF
source ~/.bashrc
apt install --yes unattended-upgrades -
Set a fixed IP:
incus shell bbb
ip address
ip route
rm /etc/netplan/*.yaml
cat <<EOF > /etc/netplan/01-netcfg.yaml
network:
version: 2
ethernets:
eth0:
dhcp4: no
addresses:
- 10.31.96.203/8
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
routes:
- to: default
via: 10.31.96.1
EOF
chmod 600 /etc/netplan/01-netcfg.yaml
netplan apply
ip address
ip route
ping 8.8.8.8
2. Forward ports
2.1 80
and 443
cd /var/ds/sniproxy/
vim etc/sniproxy.conf
Add a line like this in the forward table:
table {
# . . . . .
# container: bbb
bbb.user1.fs.al 10.31.96.203
# . . . . .
}
Then restart sniproxy
:
ds restart
2.2 The other ports
We need to forward the TCP ports 3478,5066,7443
and the UDP ports
3478,3479,5349,5350,49152-65535
. We can do it with the command
incus network forward
. However, the port 3478
is already being
forwarded to the snikket
container, so we have to modify first the
ports that are forwarded to snikket
. Later, we will fix the
configuration of Snukket, so that it uses the TURN server that is
built in the BBB container.
-
Check the current port forwards:
hostname -I
HOST_IP=65.109.96.100
incus network forward list incusbr0
incus network forward show incusbr0 $HOST_IP -
Remove port
3478
(tcp and udp) from the forward table ofsnikket
:incus ls
SNIKKET_IP=10.31.96.202
incus network forward port remove \
incusbr0 $HOST_IP \
tcp 3478,3479,5349,5350
incus network forward port add \
incusbr0 $HOST_IP \
tcp 3479,5349,5350 \
$SNIKKET_IP
incus network forward port remove \
incusbr0 $HOST_IP \
udp 3478,3479,5349,5350,49152-65535
incus network forward port add \
incusbr0 $HOST_IP \
udp 3479,5349,5350 \
$SNIKKET_IP
incus network forward show \
incusbr0 $HOST_IP -
Forward the neccessary ports to the
bbb
container:incus ls
BBB_IP=10.31.96.203
incus network forward port add \
incusbr0 $HOST_IP \
tcp 3478,5066,7443 \
$BBB_IP
incus network forward port add incusbr0 \
$HOST_IP udp 3478,50001-65535 \
$BBB_IP
incus network forward show \
incusbr0 $HOST_IP
3. Install BBB
incus shell bbb
3.1 Prepare
-
Before running the installation script, let's make sure that we have the correct hostname:
hostname -b bbb.user1.fs.al
echo bbb.user1.fs.al > /etc/hostname
hostname -
Download the installation script:
apt install -y wget gnupg2
wget http://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc \
-O- | apt-key add -
base_url="https://raw.githubusercontent.com/bigbluebutton"
wget -q $base_url/bbb-install/v3.0.x-release/bbb-install.sh
chmod +x bbb-install.sh
./bbb-install.sh -
Create the customization script
/etc/bigbluebutton/bbb-conf/apply-config.sh
:mkdir -p /etc/bigbluebutton/bbb-conf/
cat <<'_EOF_' > /etc/bigbluebutton/bbb-conf/apply-config.sh
#!/bin/bash
### Customize UDP ports
### See: https://docs.bigbluebutton.org/administration/customize/#change-udp-ports
# Use ports 50001-55000 for FreeSWITCH
sed -i /opt/freeswitch/etc/freeswitch/autoload_configs/switch.conf.xml \
-e '/rtp-start-port/ s/value=".*"/value="50001"/' \
-e '/rtp-end-port/ s/value=".*"/value="55000"/'
# Use ports 55001-60000 for mediasoup
yq e -i ".mediasoup.worker.rtcMinPort = 55001" /etc/bigbluebutton/bbb-webrtc-sfu/production.yml
yq e -i ".mediasoup.worker.rtcMaxPort = 60000" /etc/bigbluebutton/bbb-webrtc-sfu/production.yml
# Use ports 60001-65535 for the TURN server
sed -i /etc/turnserver.conf \
-e '/^min-port/ c min-port=60001' \
-e '/^max-port/ c max-port=65535'
# Enable playback of recordings on iOS
mkdir -p /etc/bigbluebutton/recording/
cat <<EOF > /etc/bigbluebutton/recording/presentation.yml
video_formats:
- webm
- mp4
EOF
_EOF_
chmod +x /etc/bigbluebutton/bbb-conf/apply-config.shThis script will be executed automatically by
bbb-install.sh
.
3.2 Run the script
-
Create the script
update.sh
:cat <<'EOF' > update.sh
#!/bin/bash -x
apt update
apt -y upgrade
cd $(dirname $0)
#base_url="https://raw.githubusercontent.com/bigbluebutton"
#wget -q $base_url/bbb-install/v3.0.x-release/bbb-install.sh
#chmod +x bbb-install.sh
./bbb-install.sh \
-v jammy-300 \
-s bbb.user1.fs.al \
-e dashohoxha@gmail.com \
-t lti_key:lti_secret \
-g -k
EOF
lti_key=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w20 | head -n1)
lti_secret=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w20 | head -n1)
sed -i update.sh \
-e "s/lti_key/$lti_key/" \
-e "s/lti_secret/$lti_secret/" -
Run it:
chmod +x update.sh
./update.sh
bbb-conf --statusFor some reasons, it needs to be executed a second time, so that everything works (maybe it is related with the order of the modifications done by
apply-config.sh
)../update.sh
bbb-conf --status
3.3 Add users
docker exec greenlight-v3 \
bundle exec rake \
admin:create["BBB Admin","dashohoxha+admin@gmail.com","Qwerty.123"]
docker exec greenlight-v3 \
bundle exec rake \
user:create["User Name","dashohoxha+user1@gmail.com","Asdfgh.123"]
3.4 Enable video format
By default, the recorded videos can be viewed only in the "presentation" format. It is possible to enable other formats as well, like "video" and "screenshare". It can be done like this:
apt install -y \
bbb-playback-screenshare \
bbb-playback-video
mkdir -p /etc/bigbluebutton/recording
cat << _EOF_ > /etc/bigbluebutton/recording/recording.yml
steps:
archive: "sanity"
sanity: "captions"
captions:
- "process:presentation"
- "process:video"
- "process:screenshare"
"process:presentation": "publish:presentation"
"process:video": "publish:video"
"process:screenshare": "publish:screenshare"
_EOF_
systemctl restart bbb-rap-resque-worker.service
After this, it is a good idea to reinstall/update the BBB installation
(with ./update.sh
).
Then, it is also possible to regenerate all the enabled formats for
the meetings that were recorded previously, with bbb-record --rebuildall
.
Rebuilding all the recorded meetings usually takes a very long time, depending on their number and size.
4. Email notifications
To be able to send email notifications, we need to set the SMTP
variables on the configuration file greenlight-v3/.env
:
SMTP_SENDER_EMAIL=noreply@user1.fs.al
SMTP_SENDER_NAME=BBB
SMTP_SERVER=smtp.user1.fs.al
SMTP_PORT=25
SMTP_DOMAIN=user1.fs.al
Leave the rest of the SMTP settings commented because they are not needed.
We need to rebuild the containers, in order to apply these settings:
cd greenlight-v3/
docker compose down
docker compose up -d
Let's use swaks
to test that we can send emails from the bbb
container:
apt install swaks
swaks --from notify@user1.fs.al --to info@user1.fs.al -tlso
We will get an error like this:
== Trying smtp.user1.fs.al:25...
*** Error connecting to smtp.user1.fs.al:25:
*** IO::Socket::INET6: connect: Connection refused
Because the SMTP server (smtp.user1.fs.al
) is installed in the same
host as the container bbb
, there is a problem, because Incus
containers by default cannot access the host. So, we cannot access the
port 25
on the host, that is needed to send emails to the SMTP
server.
We need to open this port for the BBB container, and we can do it like this:
incus config device add \
bbb smtp25 proxy \
listen=tcp:0.0.0.0:25 \
connect=tcp:0.0.0.0:25 \
bind=container
incus config device show bbb
Test again with swaks
and verify that emails now can be sent.
5. Fix Snikket
Both Snikket and BBB have a built-in TURN server, to facilitate
audio/video communications. However, since they are installed on the
same host, we can forward the ports 3478/tcp
and 3478/udp
to only
one of them.
In the section above, we removed these ports from the snikket
container and forwarded them to the bbb
container. But we can also
change the Snikket configuration so that it uses the TURN server of
BBB, instead of its own.
-
Get the auth secret of the TURN server in the BBB container:
incus exec bbb -- cat /etc/turnserver.conf
We will see, among others, some lines like these:
use-auth-secret
static-auth-secret=xnYzKWcdGQRxE6fruR/vXDgECSHqxZqnAER46Kt+Qew=
realm=bbb.user1.fs.alThis is the secret that we need to copy.
-
Add the relevant settings to the configuration of Snikket:
incus shell snikket
cd snikket/
turnserver_secret="xnYzKWcdGQRxE6fruR/vXDgECSHqxZqnAER46Kt+Qew="
cat <<EOF >> snikket.conf
SNIKKET_TWEAK_TURNSERVER=0
SNIKKET_TWEAK_TURNSERVER_DOMAIN=bbb.user1.fs.al
SNIKKET_TWEAK_TURNSERVER_SECRET=$turnserver_secret
EOFThe first setting disables the internal (built-in) TURN server. The other two show which TURN server to use. For more details see: https://snikket.org/service/help/advanced/config/#snikket_tweak_turnserver
-
Rebuild the docker containers:
docker compose down
docker compose up -d