Install & configure let’s encrypt ssl in BigBlueButton server

By Prem KumarBigBlueButton
BigBlueButton LetsEncrypt install

Now a days bigbluebutton comes with let’s encrypt ssl certificate but i am writing this blog in case it doesn’t installed correctly or corrupted so go through below steps to install the let’s encrypt free ssl and configure it with bigbluebutton

Requirements :

bigbluebutton server should have a host name associated with your server public ip , after that you can set this host name to bigbluebutton via this command

sudo bbb-conf --setip bigbluebutton.avinyaweb.com

Install SSL certificate

Make sure that you have assigned a domain name to your bigbluebutton and run below commands as a root user:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get install certbot

Now we need to generate a set of 4096-bit diffie-hellman parameters for security purpose, it could take some time depends on your server resources.

sudo mkdir -p /etc/nginx/ssl
sudo openssl dhparam -out /etc/nginx/ssl/dhp-4096.pem 4096

Now we will request the ssl certificate from let’s encrypt using the tool certbot we just installed. Make sure to replace the domain name of your bigbluebutton server :

sudo certbot --webroot -w /var/www/bigbluebutton-default/ -d bigbluebutton.avinyaweb.com certonly

It will generate these .pem files which are responsible for your newly installed SSL certificate

$ ls /etc/letsencrypt/live/bigbluebutton.example.com/
cert.pem  chain.pem  fullchain.pem  privkey.pem

Now change the nginx file run this command sudo vim /etc/nginx/sites-available/bigbluebutton and don’t forgot to update the server hostname (value of server_name), check below text

server {
  server_name bigbluebutton.avinyaweb.com;
  listen 80;
  listen [::]:80;
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_certificate /etc/letsencrypt/live/bigbluebutton.avinyaweb.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/bigbluebutton.avinyaweb.com/privkey.pem;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256";
  ssl_prefer_server_ciphers on;
  ssl_dhparam /etc/nginx/ssl/dhp-4096.pem;

Next Reload the Nginx Server sudo systemctl reload nginx

Setup for renew as let’s encrypt expire after 90 days of installation , to renew we will setup a cronjob and use crontab to renew the ssl , and we will make weekly renewal request, Please use below command to open the crontab editor

sudo crontab -e

Put these lines at the bottom of the file , this will execute certbot renew every week to renew the ssl for our bigbluebutton server

30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log
35 2 * * 1 /bin/systemctl reload nginx

If you are facing any issue you can hire bigbluebutton expert developer. We have Top rated 5+ years of bigbluebutton development experienced expert.

Configure FreeSwitch to use SSL:

As our freeswitch now have to use ssl to make communication so we will update the nginx file for freeswitch and update the proxy_pass to use https instead of http

sudo vim /etc/bigbluebutton/nginx/sip.nginx

Update this line proxy_pass http://EXTERNAL_IP:5066; to proxy_pass https://EXTERNAL_IP:7443; and don’t forgot to use your bigbluebutton server’s external ip address instead of EXTERNAL_IP

For More Reference check below image

Configure SSL on your BigBlueButton server

Configure BigBlueButton to use HTTPS

Do the following edits in files :

  • Edit /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties and find for bigbluebutton.web.serverURL and update the url to SSL Like
bigbluebutton.web.serverURL=https://bigbluebutton.avinayweb.com
  • next run below command
sudo sed -e 's|http://|https://|g' -i /var/www/bigbluebutton/client/conf/config.xml

Next edit the following file /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml

  • kurento: > wsUrl: ws://bbb.example.com/bbb-webrtc-sfu to wss://bbb.example.com/bbb-webrtc-sfu
  • note: > url: http://bbb.example.com/pad to https://bbb.example.com/pad

Next edit the following file /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml and update this playback_protocol: https

Next Restart the bigbluebutton via using command sudo bbb-conf --restart

Now your bigbluebutton is fully secured by let’s encrypt SSL and you can verify it by checking the lock sign in url bar inside chrome or firefox browser. Now if you are planing to customize your bigbluebutton installation please have a look on bigbluebutton customization.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.