Skip to content
This repository has been archived by the owner on Dec 14, 2021. It is now read-only.

Integration with (existing) NGINX #87

Open
xpbe0 opened this issue Jan 5, 2021 · 11 comments
Open

Integration with (existing) NGINX #87

xpbe0 opened this issue Jan 5, 2021 · 11 comments

Comments

@xpbe0
Copy link

xpbe0 commented Jan 5, 2021

Missing instructions in Integration with NGINX.
@xpbe0
Copy link
Author

xpbe0 commented Jan 5, 2021

(no issue)

@xpbe0 xpbe0 mentioned this issue Jan 5, 2021
Open
@worksasintended
Copy link

worksasintended commented Jan 13, 2021
edited

This is my working nginx config, nginx used as a reverse proxy with letsencrypt:
Of course you can skip the whole ssl_certicate part as a minimal example

server {
  server_name   bbb.example.com;

  location / {
    proxy_pass  http://127.0.0.1:8080;
    proxy_set_header X-Forwarded-Ssl on;
    proxy_set_header X-Forwarded-Host $host:$server_port;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
  }

    listen 443 ssl;
    ssl_certificate /somePath/fullchain.pem;
    ssl_certificate_key /somePath/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 

}
server {
    if ($host = bbb.example.com) {
        return 301 https://$host$request_uri;
    } 

    listen        80;
    server_name   bbb.example.com;
    return 404; 

}

@xpbe0
Copy link
Author

xpbe0 commented Jan 13, 2021
edited

hi, thanks a lot. I already send a PR with slightly bit more elaborated example. Of course lots of it can be scraped. The hidden beast is in:

    ...
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    ...

thanks and 🍻 for you

@kodaizen
Copy link

kodaizen commented Mar 1, 2021

Hello, I have bbb on a subdomain too.
Do you have Greenlight?
I have an error server after login.
In greenlight docker container, BIGBLUEBUTTON_ENDPOINT var point to main domain rather than subdomain.
How to change it?
Thanks

@xpbe0
Copy link
Author

xpbe0 commented Mar 1, 2021

@kodaizen : can you share your [anonymised] .env, ip addr list, ifconfig, docker network list and firewall-cmd --list-all-zones?

@MartinHarran
Copy link

I’m still only learning about most of the stuff involved here so I may be missing something basic.

My currents setup for general sites is a container from the jwilder/nginx-proxy image to handle reverse proxy along with a container from the companion image jrcs/letsencrypt-nginx-proxy-companion to handle SSL.

When I use the above config modifications, the bbb-docker_https_proxy_1 container cannot start as my nginx-proxy container is already listening on ports 80 and 443. From the log:

2021/03/25 08:50:06 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)

2021/03/25 08:50:06 [emerg] 1#1: bind() to 0.0.0.0:443 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use)

How do I get around this?

@cjhille
Copy link

cjhille commented Mar 25, 2021
edited

@MartinHarran There are a few things you need to change for jwilder's proxy.

In .env disable built in https proxy:

#ENABLE_HTTPS_PROXY=true

In docker-compose.yml add the jwilder proxy network

networks:
  bbb-net:
    ipam:
      driver: default
      config:
        - subnet: "10.7.7.0/24"
  nginx-proxy:
    external: true

In docker-compose.yml remove host networking for nginx service and add it to proxy's network

    #network_mode: host  # <- comment this
    networks:
      nginx-proxy:
      bbb-net:

In docker-compose.yml for nginx service expose 8080 and add the required env variables for the jwilder proxy

    expose:
      - "8080"
    environment:
      - VIRTUAL_HOST=${DOMAIN}
      - VIRTUAL_PORT=8080
      - LETSENCRYPT_HOST=${DOMAIN}
      - LETSENCRYPT_EMAIL=your.email@domain.tld

For the turn server to work you need to make some more adjustments.

in docker-compose.coturn.yml:

volumes:
    #- ssl_data:/etc/resty-auto-ssl # <- replace this with:
    - ./path/to/your/certs/your.domain.tld:/etc/proxy-cert # <- update your path here

and changing file paths in mod/coturn/entrypoint.sh to:

while [ ! -f /etc/proxy-cert/fullchain.pem ]
[...]
cat /etc/proxy-cert/fullchain.pem > /tmp/cert.pem
cat /etc/proxy-cert/key.pem > /tmp/key.pem

@xpbe0
Copy link
Author

xpbe0 commented Mar 25, 2021

@MartinHarran please see also PR: https://github.com/alangecker/bigbluebutton-docker/pull/88/files

@MartinHarran
Copy link

@MartinHarran There are a few things you need to change for jwilder's proxy.

@cjhille That worked perfectly, thank you very much for such detailed instructions

@MartinHarran
Copy link

@xpbe0 - cjhille's instructions worked perfectly, what is different in that PR that I should be looking at?

@xpbe0
Copy link
Author

xpbe0 commented Mar 29, 2021

hello @MartinHarran, there are differences in handling certs and netowrking. I didn't change anything in docker-compose.yml file. Also could be important to mention that I use branch v2.3.x

manfred-w pushed a commit to manfred-w/bigbluebutton-docker that referenced this issue May 18, 2021
@alangecker
fix wrong webhook IP alangecker#87
2c5150e
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@cjhille @MartinHarran @worksasintended @kodaizen @xpbe0