Components not working when using a cluster configuration server

[GuiLeme]

Describe the bug

When reviewing PR #15457 inside a cluster configured server, some components simply did not work, with or without this PR, leading me to believe that we either wrongly documented the proxy configuration server, or there are some untreated errors in BBB regarding the proxy configuration, so I would like to share them, in order to discuss the best alternative to tackle it.

• Couldn't manage to upload a presentation and BBB-web didn't seem to work in the first place; (1)
• Audio only and microphone weren't working; (2)
• Shared-notes didn't even loaded;
• Cameras didn't work;
• Deskshare didn't work as well.

1. These were partially solved by the PR mentioned above, but, since some updates in bbb-web, the /etc/bigbluebutton/bbb-web.properties file didn't read the properties grails.cors.enabled, grails.cors.allowedOrigins, grails.cors.allowCredentials. So what we had to do was change these same properties, but applying them to the /usr/share/bbb-web/WEB-INF/classes/application.yml file, running the following commands:

sudo yq w -i /usr/share/bbb-web/WEB-INF/classes/application.yml grails.cors.enabled true
sudo yq w -i /usr/share/bbb-web/WEB-INF/classes/application.yml grails.cors.allowedOrigins https://bbb-proxy.example.dev
sudo yq w -i /usr/share/bbb-web/WEB-INF/classes/application.yml grails.cors.allowCredentials true

And so we need to add this in the proxy part of the documentation. And see why those configs are not being read by bbb-web.properties anymore.

2. This second item was simply resolved by entering /usr/share/bigbluebutton/nginx/sip.nginx and replacing the line

proxy_pass http://146.190.152.131:5066;

for

proxy_pass https://146.190.152.131:7443;

on the grounds that bbb-conf --restart kept showing

# Potential problems described below
.................
# Warning: You have this server defined for https, but in
#
#   /usr/share/bigbluebutton/nginx/sip.nginx
#
#  did not find the use of https in definition for proxy_pass
#
#            proxy_pass http://<my-ip>:5066;
#

# Warning: You have this server defined for https, but in
#
#   /usr/share/bigbluebutton/nginx/sip.nginx
#
#  did not find the use of port 7443 in definition for proxy_pass
#
#            proxy_pass http://<my-ip>:5066;

So it would be interesting to add this in the docs, just in case.

Now, for the last 2 items, I am in doubt if changing one config from ws:// to wss:// would solve the problem, simply because, in bbb-webrtc-sfu, we are considering all requests to being local, but once having a proxy, it is the proxy that is going to call sfu.

[GuiLeme]

So, after talking to @schrd, he mentioned some configurations that were not yet in the documentation for the cluster server.
Those are in /etc/bigbluebutton/bbb-html5.yml (the override config file for html settings), and goes as follows:

public:
  kurento:
    wsUrl: wss://bbb-01.example.com/bbb-webrtc-sfu
  media:
    stunTurnServersFetchAddress: https://bbb-01.example.com/bigbluebutton/api/stuns
    sip_ws_host: bbb-01.example.com
  note:
    url: https://bbb-01.example.com/pad
  pads:
    url: https://bbb-01.example.com/pad
  app:
    basename: "/bbb-01/html5client"
    bbbWebBase: https://bbb-01.example.com/bigbluebutton
    learningDashboardBase: https://bbb-01.example.com/learning-dashboard
  presentation:
    uploadEndpoint: https://bbb-01.example.com/bigbluebutton/presentation/upload

This is the entire settings file, with the missing properties being public.pads.url, public.note.url, public.kurento.wsUrl. These new settings can resolve Cameras didn't work; and Deskshare didn't work as well., and will be added in the next version of the Documentation.

But still, even with those configs, pads doesn't seem to work correctly, the error I am facing is:

It seemed that this error should be resolved by #15753, but that was not the case. Still, my gut tells me that this has something to do with CORS not being correctly set in the etherpad component, it needs more investigation, though.

[schrd]

Etherpad can send the cors headers itself. It needs to adjust the config though: alangecker/bbb-etherpad-plugin#7 (comment)

Still not documented yet, sorry

[GuiLeme]

A little late, but it is interesting to document it:

@schrd found a workaround for Shared-notes didn't even loaded; which is to add the bbb_01 instance as an allowed origin in the /usr/share/bbb-web/WEB-INF/classes/application.yml, so it would be something like:

cors:
  enabled: true
  allowedOrigins:
    - https://bbb-proxy.example.dev
    - https://bbb-01.example.com
  allowCredentials: true

But this is just a workaround for now, and we will keep digging to see if we find a permanent solution for this.

[schrd]

In contrast to previous versions it is no longer possible to set the cors properties in /etc/bigbluebutton/bbb-web.properties. I don't understand why. It is however possible to set these properties using the -D command line option to the java process. A good option would be to specify this in /etc/default/bbb-web:

JDK_JAVA_OPTIONS="-Dgrails.cors.enabled=true -Dgrails.cors.allowCredentials=true -Dgrails.cors.allowedOrigins=https://bbb.-proxy.example.dev,https://https://bbb-01.example.com"