From f05671b620af6ba6c2a95b1a3c45fc36f89f3f4b Mon Sep 17 00:00:00 2001 From: DemetryNaN <35523939+DemetryNaN@users.noreply.github.com> Date: Thu, 3 Jun 2021 10:16:42 +0300 Subject: [PATCH 1/2] Add description for integration with nginx --- docs/existing-web-server.md | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/docs/existing-web-server.md b/docs/existing-web-server.md index d4f4f33..8d50f7e 100644 --- a/docs/existing-web-server.md +++ b/docs/existing-web-server.md @@ -15,7 +15,39 @@ At this point, choose one of the following sections according to which Web serve Eventually, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton/`. ## Integration with nginx -> *Not written yet. can you imagine writing down some instructions?* +1. Add the following directives to the _https_ virtual host `bbb.example.com` +``` +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + server_name bbb.example.com; + + listen 80; + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/bbb.example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/bbb.example.com/privkey.pem; + + access_log /var/log/nginx/bigbluebutton.access.log; + error_log /var/log/nginx/bigbluebutton.error.log; + + location / { + proxy_pass http://127.0.0.1:8080; + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} +``` +2. Restart nginx +``` +service nginx restart +``` ## Integration with Apache 1. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules, whenever they are not already enabled: From 9082bd5c227cd8980eeea49a35dddec1382b4058 Mon Sep 17 00:00:00 2001 From: DemetryNaN <35523939+DemetryNaN@users.noreply.github.com> Date: Sat, 31 Jul 2021 12:04:42 +0300 Subject: [PATCH 2/2] Update description for integration with nginx Added IPv6 forwarding. Because freeswitch currently requires, that IPv6 requests get also forwarded via IPv6. otherwise the WebRTC connections won't work. --- docs/existing-web-server.md | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/docs/existing-web-server.md b/docs/existing-web-server.md index 8d50f7e..867e32f 100644 --- a/docs/existing-web-server.md +++ b/docs/existing-web-server.md @@ -21,13 +21,16 @@ map $http_upgrade $connection_upgrade { default upgrade; '' close; } +map $remote_addr $endpoint_addr { + "~:" [::1]; + default 127.0.0.1; +} server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; server_name bbb.example.com; - listen 80; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/bbb.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bbb.example.com/privkey.pem; @@ -35,14 +38,18 @@ server { error_log /var/log/nginx/bigbluebutton.error.log; location / { - proxy_pass http://127.0.0.1:8080; proxy_http_version 1.1; - proxy_set_header Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + proxy_pass http://$endpoint_addr:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_cache_bypass $http_upgrade; } } + ``` 2. Restart nginx ```