diff --git a/bigbluebutton.nginx b/bigbluebutton.nginx index 4e573ce..50650fd 100644 --- a/bigbluebutton.nginx +++ b/bigbluebutton.nginx @@ -9,8 +9,8 @@ server { server { server_name bbb.csclub.uwaterloo.ca; - listen 443 ssl; - listen [::]:443 ssl; + listen 443 ssl http2; + listen [::]:443 ssl http2; ssl_certificate /etc/nginx/ssl/csclub-wildcard-chain.crt; ssl_certificate_key /etc/nginx/ssl/csclub-wildcard.key; @@ -25,39 +25,39 @@ server { # Handle RTMPT (RTMP Tunneling). Forwards requests # to Red5 on port 5080 - location ~ (/open/|/close/|/idle/|/send/|/fcs/) { - proxy_pass http://127.0.0.1:5080; - proxy_redirect off; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + #location ~ (/open/|/close/|/idle/|/send/|/fcs/) { + # proxy_pass http://127.0.0.1:5080; + # proxy_redirect off; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - client_max_body_size 10m; - client_body_buffer_size 128k; + # client_max_body_size 10m; + # client_body_buffer_size 128k; - proxy_connect_timeout 90; - proxy_send_timeout 90; - proxy_read_timeout 90; + # proxy_connect_timeout 90; + # proxy_send_timeout 90; + # proxy_read_timeout 90; - proxy_buffering off; - keepalive_requests 1000000000; - } + # proxy_buffering off; + # keepalive_requests 1000000000; + #} # Handle desktop sharing tunneling. Forwards # requests to Red5 on port 5080. - location /deskshare { - proxy_pass http://127.0.0.1:5080; - proxy_redirect default; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - client_max_body_size 10m; - client_body_buffer_size 128k; - proxy_connect_timeout 90; - proxy_send_timeout 90; - proxy_read_timeout 90; - proxy_buffer_size 4k; - proxy_buffers 4 32k; - proxy_busy_buffers_size 64k; - proxy_temp_file_write_size 64k; - include fastcgi_params; - } + #location /deskshare { + # proxy_pass http://127.0.0.1:5080; + # proxy_redirect default; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # client_max_body_size 10m; + # client_body_buffer_size 128k; + # proxy_connect_timeout 90; + # proxy_send_timeout 90; + # proxy_read_timeout 90; + # proxy_buffer_size 4k; + # proxy_buffers 4 32k; + # proxy_busy_buffers_size 64k; + # proxy_temp_file_write_size 64k; + # include fastcgi_params; + #} # BigBlueButton landing page. location / { diff --git a/playbook.yml b/playbook.yml index 8221f06..38244a8 100644 --- a/playbook.yml +++ b/playbook.yml @@ -6,6 +6,20 @@ gem: gem2.7 bundle: "/opt/greenlight/.gem/ruby/{{ ruby_version }}/bin/bundle" tasks: + - name: install prerequisites + apt: + name: + - software-properties-common + - apt-transport-https + - sudo + - net-tools + - openjdk-8-jre + - curl + - wget + - gpg-agent + - dirmngr + - name: update-java-alternatives + command: update-java-alternatives -s java-1.8.0-openjdk-amd64 - name: add PPA for bigbluebutton support packages apt_repository: repo: ppa:bigbluebutton/support @@ -17,78 +31,70 @@ repo: ppa:libreoffice/ppa - name: add GPG key for MongoDB apt_key: - url: https://www.mongodb.org/static/pgp/server-3.4.asc + url: https://www.mongodb.org/static/pgp/server-4.2.asc - name: add repo for MongoDB apt_repository: - repo: "deb [arch=amd64] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" - filename: mongodb-org-3.4 + repo: "deb [arch=amd64] http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse" + filename: mongodb-org-4.2 - name: add GPG key for Nodesource apt_key: url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key - name: add repo for Nodesource apt_repository: - repo: deb https://deb.nodesource.com/node_14.x xenial main + repo: deb https://deb.nodesource.com/node_14.x bionic main filename: nodesource - name: add GPG key for bigbluebutton apt_key: url: https://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc - name: add repo for bigbluebutton apt_repository: - repo: deb https://ubuntu.bigbluebutton.org/xenial-22/ bigbluebutton-xenial main + repo: deb https://ubuntu.bigbluebutton.org/bionic-23/ bigbluebutton-bionic main filename: bigbluebutton - - name: add GPG key for Brightbox ruby-ng - apt_key: - keyserver: keyserver.ubuntu.com - id: 80F70E11F0F0D5F10CB20E62F5DA5F09C3173AA6 - name: add repo for Brightbox ruby-ng apt_repository: - repo: deb http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu xenial main - filename: brightbox.ruby-ng + repo: ppa:brightbox/ruby-ng - name: add GPG key for CSC apt_key: url: http://debian.csclub.uwaterloo.ca/csclub.asc - name: add CSC Debian repo apt_repository: - repo: deb http://debian.csclub.uwaterloo.ca xenial main + repo: deb http://debian.csclub.uwaterloo.ca bionic main filename: csclub - name: update apt cache apt: update_cache: true - - name: install apt-transport-https + - name: install packages apt: - name: apt-transport-https - state: latest - - name: install curl - apt: - name: curl - state: latest - - name: install MongoDB - apt: - name: mongodb-org - state: latest - - name: install nodejs - apt: - # consider apt pinning this - name: nodejs - state: latest - - name: install bigbluebutton - apt: - name: bigbluebutton - state: latest - - name: install bbb-html5 - apt: - name: bbb-html5 - state: latest - - name: install greenlight - apt: - name: greenlight - state: latest + name: + - mongodb-org + - nodejs + - bigbluebutton + - bbb-html5 + - greenlight - name: set BBB hostname # We should only need to do this once. Make sure to remove # /tmp/bbb-setip-done if the FQDN changes for whatever reason. shell: 'bbb-conf --setip {{ ansible_fqdn }} && touch /tmp/bbb-setip-done' args: creates: /tmp/bbb-setip-done + - name: disable CPUSchedulingPolicy for Freeswitch + replace: + path: /lib/systemd/system/freeswitch.service + regexp: "^CPUSchedulingPolicy=rr" + replace: "#CPUSchedulingPolicy=rr" + notify: reload systemd + - name: disable IOSchedulingClass for Freeswitch + replace: + path: /lib/systemd/system/freeswitch.service + regexp: "^IOSchedulingClass=realtime" + replace: "#IOSchedulingClass=realtime" + notify: reload systemd + - name: disable CPUSchedulingPolicy for bbb-html5 + replace: + path: /usr/lib/systemd/system/bbb-html5-backend@.service + regexp: "^CPUSchedulingPolicy=fifo" + replace: "#CPUSchedulingPolicy=fifo" + notify: reload systemd # Make sure to place the certificate and key in this directory, # and run `chmod 0600` on the key - name: create SSL directory @@ -113,11 +119,11 @@ path: /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties regexp: 'http://' replace: 'https://' - - name: configure BBB to load session via HTTPS (2) - replace: - path: /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties - regexp: 'http://' - replace: 'https://' + #- name: configure BBB to load session via HTTPS (2) + # replace: + # path: /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties + # regexp: 'http://' + # replace: 'https://' - name: configure BBB to load session via HTTPS (3) replace: path: /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml @@ -188,7 +194,7 @@ - name: use custom STUN servers copy: src: '{{ playbook_dir }}/turn-stun-servers.xml' - dest: /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml + dest: /etc/bigbluebutton/turn-stun-servers.xml - name: update FreeSWITCH to listen for connections on external IP (1) replace: path: /opt/freeswitch/conf/vars.xml