Updated 8 April 2021


BigBlueButton is an open source Web conferencing solution. Initially, it was developed for educational purposes. Its name comes from the original concept that starting a web conference should be as easy as possible, like pressing a "big blue button".

Creating a LXC container

BigBlueButton is developed and tested on Ubuntu Xenial. You can install Ubuntu in a LXC container. To create a LXC container, first install the necessary packages:

emerge -a app-emulation/lxc dev-libs/libcgroup

Run cgconfig to create cgroup systemd:

/etc/init.d/cgconfig start

Confinguring Docker start in LXC

If Docker used inside a LXC container, load the necessary kernel modules on the host and add to them to autostart:

modprobe -a br_netfilter ip_tables nf_conntrack_netlink nf_nat overlay xt_conntrack

echo -e "br_netfilter\nip_tables\nnf_conntrack_netlink\nnf_nat\noverlay\nxt_conntrack" > /etc/modules-load.d/docker.conf

Create a container for BigBlueButton:

lxc-create -t download -n bigbluebutton -- -d ubuntu -r xenial -a amd64

Launch the container:

lxc-start bigbluebutton

Configure your network according to the instructions, but do not assign an IP address nor a gateway by editing the configuration file of the container.

Add the permission to run the hello-world test for Docker:

lxc.cgroup.devices.allow = c 10:200 rwm

Edit the network settings inside the container. Specify the relevant IP, the network mask, the default gateway and the DNS server addresses:

auto eth0
iface eth0 inet static

Restart the container.

lxc-stop -r bigbluebutton

Attach the container:

lxc-attach bigbluebutton

Update the binary repository:

apt-get update

Install the SSH client and server:

apt-get install ssh openssh-server -y

Edit the root password:


Allow the root user to connect via SSH:

PermitRootLogin yes

Restart SSH:

systemctl restart ssh

Reset the locale:

sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen

sed -i -e 's/# ru_RU.UTF-8 UTF-8/ru_RU.UTF-8 UTF-8/' /etc/locale.gen

dpkg-reconfigure --frontend=noninteractive locales

update-locale LANG=en_US.UTF-8

Make sure that the locale is specified as an environment variable:

systemctl show-environment

Add the server's definition as

/etc/hosts bigbluebutton localhost

Since the installation process runs in a container, some BigBlueButton components require an entropy source. Install the random number generator:

apt-get install haveged -y

Add the daemon to autostart and run it:

systemctl enable haveged

systemctl start haveged

Install the repo management toolkit:

apt-get install software-properties-common -y

Installing and configuring BigBlueButton

Add the repos to install from:

add-apt-repository ppa:bigbluebutton/support -y

add-apt-repository ppa:rmescandon/yq -y

Enable the MongoDB repository and install the database:

wget -qO - | apt-key add -

echo "deb [ arch=amd64,arm64 ] xenial/mongodb-org/3.4 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-3.4.list

apt-get update

apt-get install -y mongodb-org curl

Add the NodeJS repository with version 8.x and install it:

curl -sL | bash -

apt-get install -y nodejs

Add the BigBlueButton key and repository:

wget -O- | apt-key add -

echo "deb bigbluebutton-xenial main" | tee /etc/apt/sources.list.d/bigbluebutton.list

apt-get update

Start the installation process for BigBlueButton:

apt-get install bigbluebutton -y

You will have to accept the EULA licence.

Due to the LXC limitations, the installation process cannot be completed as Redis and FreeSWITCH cannot be started.

Fix the Redis startup module by disabling missing restrictions:

Description=Advanced key-value store
Documentation=, man:redis-server(1)

ExecStart=/usr/bin/redis-server /etc/redis/redis.conf

ExecStartPre=-/bin/run-parts --verbose /etc/redis/redis-server.pre-up.d
ExecStartPost=-/bin/run-parts --verbose /etc/redis/
ExecStop=-/bin/run-parts --verbose /etc/redis/redis-server.pre-down.d
ExecStop=/bin/kill -s TERM $MAINPID
ExecStopPost=-/bin/run-parts --verbose /etc/redis/


# redis-server writes its own config file when in cluster mode so we allow
# writing there (NB. ProtectSystem=true over ProtectSystem=full)


Run Redis:

systemctl daemon-reload

systemctl start redis

Fix the FreeSWITCH startup module by disabling missing restrictions:


; service
ExecStart=/opt/freeswitch/bin/freeswitch -u freeswitch -g daemon -ncwait $DAEMON_OPTS
; exec




Start FreeSWITCH:

systemctl daemon-reload

systemctl start freeswitch

Resume the installation process:

apt-get install -f

Install BigBlueButton HTML5:

apt-get install bbb-html5

To reduce impulse noises, adjust the sound level for voice transmission between users:

<profile name="cdquality">
  <param name="domain" value="$${domain}"/>
  <param name="rate" value="48000"/>
  <param name="interval" value="20"/>
  <param name="energy-level" value="10"/>

Restart BigBlueButton:

bbb-conf --restart

Check for configuration errors:

bbb-conf --check
BigBlueButton Server 2.2.3 (1833)
                    Kernel version: 4.19.96-calculate
                      Distribution: Ubuntu 16.04.6 LTS (64-bit)
                            Memory: 131797 MB
                         CPU cores: 16

/usr/share/bbb-web/WEB-INF/classes/ (bbb-web)
                defaultGuestPolicy: ALWAYS_ACCEPT
                 svgImagesRequired: true

/etc/nginx/sites-available/bigbluebutton (nginx)
                       server name:
                              port: 80, [::]:80
                    bbb-client dir: /var/www/bigbluebutton

/var/www/bigbluebutton/client/conf/config.xml (bbb-client)
                Port test (tunnel): rtmp://
              useWebrtcIfAvailable: true

/opt/freeswitch/etc/freeswitch/vars.xml (FreeSWITCH)

/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml (FreeSWITCH)
                        ext-rtp-ip: $${local_ip_v4}
                        ext-sip-ip: $${local_ip_v4}
                        ws-binding: :5066
                       wss-binding: :7443

/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
                 playback_protocol: http
                            ffmpeg: 4.2.2-1bbb1~ubuntu16.04

/etc/bigbluebutton/nginx/sip.nginx (sip.nginx)

/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (Kurento SFU)
                       kurento.url: ws://
               recordScreenSharing: true
                     recordWebcams: true
                  codec_video_main: VP8
               codec_video_content: VP8

/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)
                             build: 870
                        kurentoUrl: wss://
                  enableListenOnly: true

# Potential problems described below

Specify the host name for BigBlueButton,

bbb-conf --setip

HTTPS configuration

Getting Let's Encrypt certificat

Get a certificate for domain, as explained in the manual.

HTTPS configuration for Nginx

Create a certificate directory:

mkdir /etc/nginx/ssl

Copy the certificates received via Let's Encrypt:

cp fullchain.pem /etc/nginx/ssl/

cp privkey.pem /etc/nginx/ssl/

Create a DH key:

openssl dhparam -out /etc/nginx/ssl/dhp-4096.pem 4096

Add HTTPS Nginx:

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;

    ssl_certificate /etc/nginx/ssl/;
    ssl_certificate_key /etc/nginx/ssl/;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/ssl/dhp-4096.pem;

    if ($scheme = http) {
        return 301 https://$server_name$request_uri;

FreeSWITCH configuration for SSL

Configure FreeSWITCH for using SSL. To do this, specify the external address:

location /ws {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_read_timeout 6h;
    proxy_send_timeout 6h;
    client_body_timeout 6h;
    send_timeout 6h;


Note that the external IP address is specified in this configuration, not the host name.

BigBlueButton configuration for running HTTPS sessions

Configure BigBlueButton for running HTTPS sessions and HTML5:

# This URL is where the BBB client is accessible. When a user sucessfully
# enters a name and password, she is redirected here to load the client.
# Do not commit changes to this field.
# Force all attendees to join the meeting using the HTML5 client

# Force all moderators to join the meeting using the HTML5 client

Share the screen access, via HTTPS as well:


Tell the client to load components via HTTPS:

sed -e 's|http://|https://|g' -i /var/www/bigbluebutton/client/conf/config.xml

Configure WebRTC via the SSL socket:

    wsUrl: wss://
    enabled: true

Configure record handling via HTTPS:

playback_protocol: https

Restart BigBlueButton:

bbb-conf --restart

Restart Nginx:

systemctl restart nginx

TURN server configuration

Configure your TURN server,, as described in the manual.

Tell BigBlueButton to use the configured server as the STUN and TURN servers. To connect to the TURN server, use key 4b85833c7fdf06130bd7398ac9af558b. It is stored in static-auth-secret, in your TURN server settings.

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns=""

    <bean id="stun0" class="">
        <constructor-arg index="0" value=""/>

    <bean id="turn0" class="">
        <constructor-arg index="0" value="4b85833c7fdf06130bd7398ac9af558b"/>
        <constructor-arg index="1" value=""/>
        <constructor-arg index="2" value="86400"/>

    <bean id="turn1" class="">
        <constructor-arg index="0" value="4b85833c7fdf06130bd7398ac9af558b"/>
        <constructor-arg index="1" value=""/>
        <constructor-arg index="2" value="86400"/>

    <bean id="stunTurnService"
        <property name="stunServers">
                <ref bean="stun0"/>
        <property name="turnServers">
                <ref bean="turn0"/>
                <ref bean="turn1"/>

Restart BigBlueButton:

bbb-conf --restart

Configuring Greenlight

Greenlight is a Ruby on Rails application that provides a simple interface for users to create rooms, run conferences, and manage conference records.

Install the utilities required to attach the repository:

apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y

Add the keys and attach the Docker repository:

curl -fsSL | apt-key add -

apt-key fingerprint 0EBFCD88

add-apt-repository "deb [arch=amd64] $(lsb_release -cs) stable"

apt-get update

Install Docker 17.09.1:

apt-get install docker-ce=17.09.1~ce-0~ubuntu docker-compose -y

Check whether Docker is running by starting the hello-world container:

docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete 
Digest: sha256:f9dfddf63636d84ef479d645ab5885156ae030f611a56f3a7ac7f2fdd86d7e4e
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

Disable docker-ce update:

echo docker-ce hold | dpkg --set-selections

Create a configuration directory for GreenLight:

mkdir ~/greenlight && cd ~/greenlight

Create a sample GreenLight configuration file:

docker run --rm bigbluebutton/greenlight:v2 cat ./sample.env > .env

Create a secret key for GreenLight:

docker run --rm bigbluebutton/greenlight:v2 bundle exec rake secret


Save this value in the SECRET_KEY_BASE file variable.env:

# Create a Secret Key for Rails
# You can generate a secure one through the Greenlight docker image
# with the command.
#   docker run --rm bigbluebutton/greenlight:v2 bundle exec rake secret

Get the BigBlueButton URL and its key:

bbb-conf --secret
    Secret: zZ7XSEB7EjubByrCxAthTNYomDVbMwjUbfT4xqoa3p

    Link to the API-Mate:

Save this value in the BIGBLUEBUTTON_ENDPOINT and BIGBLUEBUTTON_SECRET file variables.env:

# The endpoint and secret for your BigBlueButton server.
# Set these if you are running GreenLight on a single BigBlueButton server.
# You can retrive these by running the following command on your BigBlueButton server:
#   bbb-conf --secret

Check the GreenLight settings:

docker run --rm --env-file .env bigbluebutton/greenlight:v2 bundle exec rake conf:check
Checking environment: Passed
Checking Connection: Passed
Checking Secret: Passed

Add a Nginx configuration:

docker run --rm bigbluebutton/greenlight:v2 cat ./greenlight.nginx | tee /etc/bigbluebutton/nginx/greenlight.nginx

Add a BigBlueButton reference to the GreenLight page:

    # Redirect server error pages to the static page /50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
            root   /var/www/nginx-default;
    location = / {
        return 307 /b;

Create a script for docker-compose:

docker run --rm bigbluebutton/greenlight:v2 cat ./docker-compose.yml > docker-compose.yml

Generate a password for PostgreSQL:

export pass=$(openssl rand -hex 8); sed -i 's/POSTGRES_PASSWORD=password/POSTGRES_PASSWORD='$pass'/g' docker-compose.yml;sed -i 's/DB_PASSWORD=password/DB_PASSWORD='$pass'/g' .env

Edit the version of docker-compose:

sed -i "s/version: '3'/version: '2'/" docker-compose.yml

Start the container:

docker-compose up -d

Restart Nginx:

systemctl restart nginx

Create the admin account:

docker exec greenlight-v2 bundle exec rake user:create["Admin Name","","password","admin"]

All done! Once opened, the site will look somewhat like this:

BigBlueButton installed

To join as the administrator, specify e-mail and the admin password.

Configuring mail notifications

To enable account confirmation via email, specify the sending mail server settings:

# Set this to true if you want GreenLight to send verification emails upon
# the creation of a new account

# Specify the email address that all mail is sent from

Restart Greenlight:

docker-compose down && docker-compose up -d

Changing user password

To change a user's password, you can use the RubyOnRail terminal:

docker exec -it greenlight-v2 bundle exec rails c

Loading production environment (Rails 5.2.3)
irb(main):001:0> User.find_by(email: "").update_attribute(:password, "new_secret")
=> true

When this has been done, the user password can be reset on the account editing page:

Reset user password

Updating BigBlueButton

Attach the container:

lxc-attach bigbluebutton

Update the binary repository:

apt-get update

Update all system packages:

apt-get dist-upgrade

Update the Greenlight image:

cd ~/greenlight

docker pull bigbluebutton/greenlight:v2

Make sure the settings have not moved after update:

<profile name="cdquality">
  <param name="domain" value="$${domain}"/>
  <param name="rate" value="48000"/>
  <param name="interval" value="20"/>
  <param name="energy-level" value="10"/>

Restart the container.

lxc-stop -r bigbluebutton

Recovering Docker images when using Btrfs

If your container runs on a Btrfs filesystem, Docker will use subvolumes for the images, which will not be copied when snapshotting for this container. You need to download again the source files to run Greenlight.

Download again all the Docker images used for Greenlight:

cd ~/greenlight

docker pull bigbluebutton/greenlight:v2

docker pull postgres:9.5

Restart Greenlight:

docker-compose down && docker-compose up -d