From 5a8217caa9d64e73448c4512d89a68410015e60e Mon Sep 17 00:00:00 2001 From: schrd Date: Wed, 25 Sep 2024 19:48:17 +0200 Subject: [PATCH] 3.0beta1 clusterfixes (#21132) * Fix: allow CORS requests to graphql API In cluster setups the Graphql API endpoints are fetched as a CORS request. We need to allow that. * Fix: Allow CORS requests to ping endpoint In cluster setups the ping is sent directly to the BBB server. So it needs to allow CORS requests for cluster setups. * Fix: construct relative API path for cluster setups * Fix: adjust docs for cluster setup As bbb-html5 client is static, setup instructions for cluster setup have to be changed accordingly. * Fix docs: remove superfluous ```yaml This must have been introduced by accident. --------- Co-authored-by: Daniel Schreiber --- .../imports/api/bbb-web-api/index.ts | 9 ++++-- bigbluebutton-web/bbb-web.nginx | 14 +++++++++ .../controllers/ConnectionController.groovy | 13 ++++++++ docs/docs/administration/cluster-proxy.md | 30 ++++++++----------- 4 files changed, 45 insertions(+), 21 deletions(-) diff --git a/bigbluebutton-html5/imports/api/bbb-web-api/index.ts b/bigbluebutton-html5/imports/api/bbb-web-api/index.ts index 837fd710bd..86b9aa4c76 100644 --- a/bigbluebutton-html5/imports/api/bbb-web-api/index.ts +++ b/bigbluebutton-html5/imports/api/bbb-web-api/index.ts @@ -6,15 +6,18 @@ class BBBWebApi { private routes = { index: { - path: '/bigbluebutton/api', + // this needs to be a relative path because it may be mounted as a subpath + // for example in cluster setups + path: 'bigbluebutton/api', cacheKey: `${this.cachePrefix}_index`, }, }; private static buildURL(route: string) { - const pathMatch = window.location.pathname.match('^(.*)/html5client/join$'); - const serverPathPrefix = pathMatch ? pathMatch[1] : ''; + const pathMatch = window.location.pathname.match('^(.*)/html5client/?$'); + const serverPathPrefix = pathMatch ? `${pathMatch[1]}/` : ''; const { hostname, protocol } = window.location; + return new URL(route, `${protocol}//${hostname}${serverPathPrefix}`); } diff --git a/bigbluebutton-web/bbb-web.nginx b/bigbluebutton-web/bbb-web.nginx index f103ce7d48..6e499eeb2f 100755 --- a/bigbluebutton-web/bbb-web.nginx +++ b/bigbluebutton-web/bbb-web.nginx @@ -92,6 +92,16 @@ proxy_set_header X-Original-URI $request_uri; } + location = /bigbluebutton/connection/checkGraphqlAuthorization { + internal; + proxy_pass http://127.0.0.1:8090; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-URI $request_uri; + # this is required for CORS preflight checks in cluster setup + proxy_set_header X-Original-Method $request_method; + } + location = /bigbluebutton/connection/legacyCheckAuthorization { internal; proxy_pass http://127.0.0.1:8090; @@ -154,6 +164,10 @@ add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0"; add_header Pragma "no-cache"; add_header Expires "0"; + # this Header is required for cluster setups as the ping check is a + # CORS request. No cookies are required so we can just allow anyone + # to use this endpoint. + add_header 'Access-Control-Allow-Origin' '*'; return 200 ""; } diff --git a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ConnectionController.groovy b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ConnectionController.groovy index 78ca7df618..658b868aac 100755 --- a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ConnectionController.groovy +++ b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ConnectionController.groovy @@ -62,6 +62,19 @@ class ConnectionController { def checkGraphqlAuthorization = { try { + /* the graphql connection in cluster setups is a CORS request. The OPTIONS + * call is done as a preflight quest by the browser and does not contain + * secrets. The Access-Allow-Origin Header is added by Grails. This is just + * the auth_request endpoint called by nginx to check authorization. + */ + if (request.getHeader("x-original-method") == 'OPTIONS') { + log.debug "OPTIONS SUCCESS \n" + response.setStatus(200) + response.addHeader("Cache-Control", "no-cache") + response.contentType = 'plain/text' + response.outputStream << 'graphql-success'; + return; + } String sessionToken = request.getHeader("x-session-token") UserSession userSession = meetingService.getUserSessionWithSessionToken(sessionToken) diff --git a/docs/docs/administration/cluster-proxy.md b/docs/docs/administration/cluster-proxy.md index f2d8bb3036..1ed5430381 100644 --- a/docs/docs/administration/cluster-proxy.md +++ b/docs/docs/administration/cluster-proxy.md @@ -130,28 +130,23 @@ public: url: 'https://bbb-01.example.com/pad' ``` -Create (or edit if it already exists) this unit override file: - -* `/etc/systemd/system/bbb-html5.service.d/cluster.conf` - -It should have the following content: +Copy `/usr/share/bigbluebutton/nginx/bbb-html5.nginx.static` to +`/usr/share/bigbluebutton/nginx/bbb-html5-cluster.nginx` and prepend the mount +point of bbb-html5 in all location sections: ``` -[Service] -Environment=ROOT_URL=https://127.0.0.1/bbb-01/html5client -Environment=DDP_DEFAULT_CONNECTION_URL=https://bbb-01.example.com/bbb-01/html5client -``` - -Prepend the mount point of bbb-html5 in all location sections except for the -`location @html5client` section in `/usr/share/bigbluebutton/nginx/bbb-html5.nginx`: - -``` -location @html5client { - ... +# running in production (static assets) +location /bbb-01/html5client { + gzip_static on; + alias /var/bigbluebutton/html5-client/; + index index.html; + try_files $uri $uri/ =404; } location /bbb-01/html5client/locales { - ... + alias /var/bigbluebutton/html5-client/locales; + autoindex on; + autoindex_format json; } ``` @@ -188,7 +183,6 @@ Create the file `/etc/bigbluebutton/bbb-graphql-middleware.yml` with the followi ```shell # If you are running a cluster proxy setup, you need to allow the url of the Frontend # Add an Authorized Cross Origin. See https://docs.bigbluebutton.org/administration/cluster-proxy -```yaml server: authorized_cross_origin: bbb-proxy.example.com ```