Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow coturn installation with provided ssl #184

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

allow coturn installation with provided ssl #184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
85ec031
allow coturn installation with provided ssl
0lri Apr 29, 2020
54f4e19
ssl_protocols
0lri Nov 18, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,8 +146,9 @@ OPTIONS (install BigBlueButton):

OPTIONS (install coturn):

-d Skip SSL certificates request (use provided certificates from mounted volume)
-c <hostname>:<secret> Configure coturn with <hostname> and <secret> (required)
-e <email> Email for Let's Encrypt certbot (required)
-e <email> Email for Let's Encrypt certbot (required, without -d)


EXAMPLES
Expand All @@ -161,7 +162,8 @@ Setup a BigBlueButton server

Setup a coturn server

./bbb-install.sh -c turn.example.com:1234324 -e [email protected]
./bbb-install.sh -c turn.example.com:1234324 -e [email protected]
./bbb-install.sh -d -c turn.example.com:1234324

SUPPORT:
Source: https://github.com/bigbluebutton/bbb-install
Expand Down Expand Up @@ -403,6 +405,12 @@ wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -c turn.e

`bbb-install.sh` uses Let's Encrypt to configure coturn to use a SSL certificate. With a SSL certificate in place, coturn can relay access to your BigBlueButton server via TCP/IP on port 443. This means if a user is behind a restrictive firewall that blocks all outgoing UDP connections, the TURN server can accept connections from the user via TCP/IP on port 443 and relay the data to your BigBlueButton server via UDP.

To use provided SSL certificates from mounted volume, put the option `-d` in front of `-c` and omit the `-e` option.

~~~
wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -d -c turn.example.com:1234abcd
~~~

With the TURN server in place, you can configure your BigBlueButton server to use the TURN server by running the `bbb-install.sh` command again and adding the same `-c <FQDN>:<SECRET>`. For example,

~~~
Expand Down
23 changes: 16 additions & 7 deletions bbb-install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ OPTIONS (install BigBlueButton):

OPTIONS (install coturn only):

-d Skip SSL certificates request (use provided certificates from mounted volume)
-c <hostname>:<secret> Setup a coturn server with <hostname> and <secret> (required)
-e <email> Configure email for Let's Encrypt certbot (required)

Expand All @@ -100,6 +101,7 @@ Sample options for setup a BigBlueButton server
Sample options for setup of a coturn server (on a different server)

-c turn.example.com:1234324 -e [email protected]
-d -c turn.example.com:1234324

SUPPORT:
Community: https://bigbluebutton.org/support
Expand Down Expand Up @@ -200,7 +202,7 @@ main() {

# Check if we're installing coturn (need an e-mail address for Let's Encrypt)
if [ -z "$VERSION" ] && [ ! -z "$COTURN" ]; then
if [ -z "$EMAIL" ]; then err "Installing coturn needs an e-mail address for Let's Encrypt"; fi
if [ -z "$EMAIL" ] && [ -z "$PROVIDED_CERTIFICATE" ]; then err "Installing coturn needs an e-mail address for Let's Encrypt, or -d Skip SSL certificates"; fi
check_ubuntu 18.04

install_coturn
Expand Down Expand Up @@ -804,7 +806,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/$HOST/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2;
ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256";
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhp-4096.pem;
Expand Down Expand Up @@ -988,14 +990,21 @@ install_coturn() {
apt-get dist-upgrade -yq
need_pkg coturn

need_pkg software-properties-common
need_ppa certbot-ubuntu-certbot-bionic.list ppa:certbot/certbot 75BCA694 7BF5
apt-get -y install certbot
need_pkg software-properties-common
if [ -z "$PROVIDED_CERTIFICATE" ] ; then
need_ppa certbot-ubuntu-certbot-bionic.list ppa:certbot/certbot 75BCA694 7BF5
apt-get -y install certbot

if ! certbot certonly --standalone --non-interactive --preferred-challenges http \
if ! certbot certonly --standalone --non-interactive --preferred-challenges http \
--deploy-hook "systemctl restart coturn" \
-d $COTURN_HOST --email $EMAIL --agree-tos -n ; then
err "Let's Encrypt SSL request for $COTURN_HOST did not succeed - exiting"
err "Let's Encrypt SSL request for $COTURN_HOST did not succeed - exiting"
fi
else
say "Using provided ssl from /local/certs/"
mkdir -p /etc/letsencrypt/live/$COTURN_HOST/
ln -fs /local/certs/fullchain.pem /etc/letsencrypt/live/$COTURN_HOST/fullchain.pem
ln -fs /local/certs/privkey.pem /etc/letsencrypt/live/$COTURN_HOST/privkey.pem
fi

COTURN_REALM=$(echo $COTURN_HOST | cut -d'.' -f2-)
Expand Down