由于nginx的配置无效,无法使用自定义ssl证书运行BigBlueButton

tyu7yeag  于 2023-11-17  发布在  Nginx
关注(0)|答案(1)|浏览(162)

我正在尝试在我的家庭服务器上安装BigBlueButton,运行在Ubuntu 20.04下,使用以下command

$ sudo ./bbb-install.sh -w -v focal-270 -s bigbluebutton.mycustomdomain.org

字符串
我已经为我的域bigbluebutton.mycustomdomain.org提供了有效的Lets'Encrypt SSL证书。
不确定我是否应该发布上面命令的整个输出,但我尝试了-e-x-d(我的证书文件符号链接到/local/certs)选项(单独)和没有这些选项。每次我都得到相同的结果:

# Potential problems described below
curl: (60) SSL: no alternative certificate subject name matches target host name 'bigbluebutton.mycustomdomain.org'
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
.curl: (60) SSL: no alternative certificate subject name matches target host name 'bigbluebutton.mycustomdomain.org'
More details here: https://curl.haxx.se/docs/sslcerts.html


当我在浏览器中打开https://bigbluebutton.mycustomdomain.org时,我会看到nginx默认的欢迎页面(或我的其他配置了nginx的网站),其中包含一条消息,即SSL证书无效,因为它与另一个域相关。
这是由安装脚本生成的nginx配置文件/etc/nginx/sites-available/bigbluebutton(并从/etc/nginx/sites-enabled/bigbluebutton链接):

server_tokens off;

server {
  listen 80;
  listen [::]:80;
  server_name bigbluebutton.mycustomdomain.org;

  location ^~ / {
    return 301 https://$server_name$request_uri; #redirect HTTP to HTTPS
  }

  location ^~ /.well-known/acme-challenge/ {
    allow all;
    default_type "text/plain";
    root /var/www/bigbluebutton-default/assets;
  }

  location = /.well-known/acme-challenge/ {
    return 404;
  }
}

set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
real_ip_recursive on;
server {
  # this double listenting is intended. We terminate SSL on haproxy. HTTP2 is a
  # binary protocol. haproxy has to decide which protocol is spoken. This is
  # negotiated by ALPN.
  #
  # Depending on the ALPN value traffic is redirected to either port 82 (HTTP2,
  # ALPN value h2) or 81 (HTTP 1.0 or HTTP 1.1, ALPN value http/1.1 or no value)

  listen 127.0.0.1:82 http2 proxy_protocol;
  listen [::1]:82 http2;
  listen 127.0.0.1:81 proxy_protocol;
  listen [::1]:81;
  server_name bigbluebutton.mycustomdomain.org;

  # nginx does not know its external port/protocol behind haproxy, so use relative redirects.
  absolute_redirect off;
    
  # HSTS (uncomment to enable)
  #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

  access_log  /var/log/nginx/bigbluebutton.access.log;

  # This variable is used instead of $scheme by bigbluebutton nginx include
  # files, so $scheme can be overridden in reverse-proxy configurations.
  set $real_scheme "https";

  # BigBlueButton landing page.
  location / {
    root   /var/www/bigbluebutton-default/assets;
    try_files $uri @bbb-fe;
  }

  # Include specific rules for record and playback
  include /etc/bigbluebutton/nginx/*.nginx;
}


我不是nginxMaven,但将我的SSL证书配置放入此文件(就像我通常为其他网站所做的那样)显然不起作用:

ssl_certificate /etc/letsencrypt/live/bigbluebutton.mycustomdomain.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bigblugbutton.mycustomdomain.org/privkey.pem;


我认为原因是没有server块用于https连接的443端口。我还注意到include /etc/bigbluebutton/nginx/*.nginx;在文件的末尾,但似乎与服务器主机配置无关。
因此,我的问题是:如何正确配置BigBlueButton以接受我(现有)的SSL证书?

wfsdck30

wfsdck301#

@ezze
好的,请注意这是在BBB 2.7,我发现这后,研究的源代码

Certificate path: 

/etc/haproxy/certbundle.pem

Pls combine your custom certificate to "certbundle.pem"
1.chain=intermediate+root 
2.fullchain=cert+chain
3.certbundle=fullchain+privatekey

字符串

相关问题