オンライン学習・ビデオ会議システム BigBlueButton on Docker (導入メモ)

Linux Server
26

Docker-Composeファイル環境変数設定ファイル.envファイル作成スクリプトの実行

DockerイメージによりCertbotスタンドアローンモードで起動。TLS認証を取得(coturnで必要)後Docker-Compose起動に必要な .env ファイル作成のため下記スクリプトを実行。

$ ./scripts/setup
Should greenlight be included? (y/n): y
Should an automatic HTTPS Proxy be included? (y/n): n
Should a coturn be included? (y/n): y
Coturn needs TLS to function properly.
   Since automatic HTTPS Proxy is disabled,
   you must provide a relative or absolute path
   to your certificates.
Please enter path to cert.pem: ../letsencrypt/live/xx.xx.xx/cert.pem
Please enter path to key.pem: ../letsencrypt/live/xx.xx.xx/privkey.pem
Please enter the domain name: f9e.duckdns.org
Should the recording feature be included?
   IMPORTANT: this is currently a big privacy issues, because it will 
   record everything which happens in the conference, even when the button
   suggests, that it does not.
   make sure that you always get people's consent, before they join a room!
   https://github.com/bigbluebutton/bigbluebutton/issues/9202
Choice (y/n): y
Should a Prometheus exporter be included? (y/n): n
Should old recordings be removed? (y/n): y
Please enter max age(days) for keeping recordings: 1
Is xx.xx.xx.xx your external IPv4 address? (y/n): y
Unable to find image 'jwilder/dockerize:latest' locally
latest: Pulling from jwilder/dockerize
88286f41530e: Pulling fs layer
3cabffebe5fe: Pulling fs layer
88286f41530e: Download complete
88286f41530e: Pull complete
3cabffebe5fe: Verifying Checksum
3cabffebe5fe: Download complete
3cabffebe5fe: Pull complete
Digest: sha256:b4da07ad265d2dd83fc91a73f56df54def78ba3db5c4fb74cbb9b7e79b7b3c58
Status: Downloaded newer image for jwilder/dockerize:latest
--------------------------------------------------
configuration file .env got successfully created!

you can look through it for further adjusments
  $ nano .env

make sure to recreate the docker-compose.yml after each change
  $ ./scripts/generate-compose

to start bigbluebutton run
  $ docker-compose up -d

Nginxの設定ファイル

NginxのSSL(TLS)設定は下記内容を参照のこと。

certbot --nginx

Using Let’s Encrypt

https://docs.bigbluebutton.org/2.2/install.html#using-lets-encrypt

Nginxリバースプロキシ設定ファイルテンプレート

reverse-proxy.conf.template

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}
map $remote_addr $endpoint_addr {
    "~:"    [::1];
    default    127.0.0.1;
}

server {
  listen 443 ssl http2 default_server;
  listen [::]:443 ssl http2 default_server;
  server_name ${NGINX_HOST};

  ssl_certificate /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem;
  
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
  ssl_prefer_server_ciphers on;
  # on the host machine, "$ sudo openssl dhparam -out ./letsencrypt/dhp-4096.pem 4096"
  ssl_dhparam /etc/letsencrypt/dhp-4096.pem;

  access_log  /var/log/nginx/bigbluebutton.access.log;
  error_log /var/log/nginx/bigbluebutton.error.log;

  location / {
    proxy_http_version 1.1;
    proxy_pass http://$endpoint_addr:48087;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_cache_bypass $http_upgrade;
  }
}