我正在尝试在我的家庭服务器上安装BigBlueButton,运行在Ubuntu 20.04下,使用以下command:
$ sudo ./bbb-install.sh -w -v focal-270 -s bigbluebutton.mycustomdomain.org
字符串
我已经为我的域bigbluebutton.mycustomdomain.org
提供了有效的Lets'Encrypt SSL证书。
不确定我是否应该发布上面命令的整个输出,但我尝试了-e
,-x
,-d
(我的证书文件符号链接到/local/certs
)选项(单独)和没有这些选项。每次我都得到相同的结果:
# Potential problems described below
curl: (60) SSL: no alternative certificate subject name matches target host name 'bigbluebutton.mycustomdomain.org'
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
.curl: (60) SSL: no alternative certificate subject name matches target host name 'bigbluebutton.mycustomdomain.org'
More details here: https://curl.haxx.se/docs/sslcerts.html
型
当我在浏览器中打开https://bigbluebutton.mycustomdomain.org时,我会看到nginx默认的欢迎页面(或我的其他配置了nginx的网站),其中包含一条消息,即SSL证书无效,因为它与另一个域相关。
这是由安装脚本生成的nginx配置文件/etc/nginx/sites-available/bigbluebutton
(并从/etc/nginx/sites-enabled/bigbluebutton
链接):
server_tokens off;
server {
listen 80;
listen [::]:80;
server_name bigbluebutton.mycustomdomain.org;
location ^~ / {
return 301 https://$server_name$request_uri; #redirect HTTP to HTTPS
}
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /var/www/bigbluebutton-default/assets;
}
location = /.well-known/acme-challenge/ {
return 404;
}
}
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
real_ip_recursive on;
server {
# this double listenting is intended. We terminate SSL on haproxy. HTTP2 is a
# binary protocol. haproxy has to decide which protocol is spoken. This is
# negotiated by ALPN.
#
# Depending on the ALPN value traffic is redirected to either port 82 (HTTP2,
# ALPN value h2) or 81 (HTTP 1.0 or HTTP 1.1, ALPN value http/1.1 or no value)
listen 127.0.0.1:82 http2 proxy_protocol;
listen [::1]:82 http2;
listen 127.0.0.1:81 proxy_protocol;
listen [::1]:81;
server_name bigbluebutton.mycustomdomain.org;
# nginx does not know its external port/protocol behind haproxy, so use relative redirects.
absolute_redirect off;
# HSTS (uncomment to enable)
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log /var/log/nginx/bigbluebutton.access.log;
# This variable is used instead of $scheme by bigbluebutton nginx include
# files, so $scheme can be overridden in reverse-proxy configurations.
set $real_scheme "https";
# BigBlueButton landing page.
location / {
root /var/www/bigbluebutton-default/assets;
try_files $uri @bbb-fe;
}
# Include specific rules for record and playback
include /etc/bigbluebutton/nginx/*.nginx;
}
型
我不是nginxMaven,但将我的SSL证书配置放入此文件(就像我通常为其他网站所做的那样)显然不起作用:
ssl_certificate /etc/letsencrypt/live/bigbluebutton.mycustomdomain.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bigblugbutton.mycustomdomain.org/privkey.pem;
型
我认为原因是没有server
块用于https连接的443端口。我还注意到include /etc/bigbluebutton/nginx/*.nginx;
在文件的末尾,但似乎与服务器主机配置无关。
因此,我的问题是:如何正确配置BigBlueButton以接受我(现有)的SSL证书?
1条答案
按热度按时间wfsdck301#
@ezze
好的,请注意这是在BBB 2.7,我发现这后,研究的源代码
字符串