3.0beta1 clusterfixes (#21132)

* Fix: allow CORS requests to graphql API In cluster setups the Graphql API endpoints are fetched as a CORS request. We need to allow that. * Fix: Allow CORS requests to ping endpoint In cluster setups the ping is sent directly to the BBB server. So it needs to allow CORS requests for cluster setups. * Fix: construct relative API path for cluster setups * Fix: adjust docs for cluster setup As bbb-html5 client is static, setup instructions for cluster setup have to be changed accordingly. * Fix docs: remove superfluous ```yaml This must have been introduced by accident. --------- Co-authored-by: Daniel Schreiber <daniel.schreiber@hrz.tu-chemnitz.de>
2024-09-25 19:48:17 +02:00 · 2024-09-25 19:48:17 +02:00 · 5a8217caa9
commit 5a8217caa9
parent cce7ef8ec2
4 changed files with 45 additions and 21 deletions
--- a/bigbluebutton-html5/imports/api/bbb-web-api/index.ts
+++ b/bigbluebutton-html5/imports/api/bbb-web-api/index.ts
@ -6,15 +6,18 @@ class BBBWebApi {
  private routes = {
    index: {
-      path: '/bigbluebutton/api',
+      // this needs to be a relative path because it may be mounted as a subpath
      // for example in cluster setups
      path: 'bigbluebutton/api',
      cacheKey: `${this.cachePrefix}_index`,
    },
  };
  private static buildURL(route: string) {
-    const pathMatch = window.location.pathname.match('^(.*)/html5client/join$');
+    const pathMatch = window.location.pathname.match('^(.*)/html5client/?$');
-    const serverPathPrefix = pathMatch ? pathMatch[1] : '';
+    const serverPathPrefix = pathMatch ? `${pathMatch[1]}/` : '';
    const { hostname, protocol } = window.location;
    return new URL(route, `${protocol}//${hostname}${serverPathPrefix}`);
  }
--- a/bigbluebutton-web/bbb-web.nginx
+++ b/bigbluebutton-web/bbb-web.nginx
@ -92,6 +92,16 @@
 			proxy_set_header         X-Original-URI $request_uri;
 		}
 		location = /bigbluebutton/connection/checkGraphqlAuthorization {
 			internal;
 			proxy_pass               http://127.0.0.1:8090;
 			proxy_pass_request_body  off;
 			proxy_set_header         Content-Length "";
 			proxy_set_header         X-Original-URI $request_uri;
 			# this is required for CORS preflight checks in cluster setup
 			proxy_set_header        X-Original-Method $request_method;
 		}
 		location = /bigbluebutton/connection/legacyCheckAuthorization {
 			internal;
 			proxy_pass               http://127.0.0.1:8090;
@ -154,6 +164,10 @@
            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
            add_header Pragma "no-cache";
            add_header Expires "0";
            # this Header is required for cluster setups as the ping check is a
            # CORS request. No cookies are required so we can just allow anyone
            # to use this endpoint.
            add_header 'Access-Control-Allow-Origin' '*';
            return 200 "";
        }
--- a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ConnectionController.groovy
+++ b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ConnectionController.groovy
@ -62,6 +62,19 @@ class ConnectionController {
  def checkGraphqlAuthorization = {
    try {
      /* the graphql connection in cluster setups is a CORS request. The OPTIONS
       * call is done as a preflight quest by the browser and does not contain
       * secrets. The Access-Allow-Origin Header is added by Grails. This is just
       * the auth_request endpoint called by nginx to check authorization.
       */
      if (request.getHeader("x-original-method") == 'OPTIONS') {
          log.debug "OPTIONS SUCCESS \n"
          response.setStatus(200)
          response.addHeader("Cache-Control", "no-cache")
          response.contentType = 'plain/text'
          response.outputStream << 'graphql-success';
          return;
      }
      String sessionToken = request.getHeader("x-session-token")
      UserSession userSession = meetingService.getUserSessionWithSessionToken(sessionToken)
--- a/docs/docs/administration/cluster-proxy.md
+++ b/docs/docs/administration/cluster-proxy.md
@ -130,28 +130,23 @@ public:
    url: 'https://bbb-01.example.com/pad'
 ```
-Create (or edit if it already exists) this unit override file:
+Copy `/usr/share/bigbluebutton/nginx/bbb-html5.nginx.static` to
-
+`/usr/share/bigbluebutton/nginx/bbb-html5-cluster.nginx` and prepend the mount
-* `/etc/systemd/system/bbb-html5.service.d/cluster.conf`
+point of bbb-html5 in all location sections:
 It should have the following content:
 ```
-[Service]
+# running in production (static assets)
-Environment=ROOT_URL=https://127.0.0.1/bbb-01/html5client
+location /bbb-01/html5client {
-Environment=DDP_DEFAULT_CONNECTION_URL=https://bbb-01.example.com/bbb-01/html5client
+    gzip_static on;
-```
+    alias /var/bigbluebutton/html5-client/;
-
+    index index.html;
-Prepend the mount point of bbb-html5 in all location sections except for the
+    try_files $uri $uri/ =404;
 `location @html5client` section in `/usr/share/bigbluebutton/nginx/bbb-html5.nginx`:
 ```
 location @html5client {
  ...
 }
 location /bbb-01/html5client/locales {
-  ...
+  alias /var/bigbluebutton/html5-client/locales;
  autoindex on;
  autoindex_format json;
 }
 ```
@ -188,7 +183,6 @@ Create the file `/etc/bigbluebutton/bbb-graphql-middleware.yml` with the followi
 ```shell
 # If you are running a cluster proxy setup, you need to allow the url of the Frontend
 # Add an Authorized Cross Origin. See https://docs.bigbluebutton.org/administration/cluster-proxy
 ```yaml
 server:
  authorized_cross_origin: bbb-proxy.example.com
 ```