3.0beta1 clusterfixes (#21132)

* Fix: allow CORS requests to graphql API

In cluster setups the Graphql API endpoints are fetched as a CORS
request. We need to allow that.

* Fix: Allow CORS requests to ping endpoint

In cluster setups the ping is sent directly to the BBB server. So it
needs to allow CORS requests for cluster setups.

* Fix: construct relative API path for cluster setups

* Fix: adjust docs for cluster setup

As bbb-html5 client is static, setup instructions for cluster setup have
to be changed accordingly.

* Fix docs: remove superfluous  ```yaml

This must have been introduced by accident.

---------

Co-authored-by: Daniel Schreiber <daniel.schreiber@hrz.tu-chemnitz.de>
This commit is contained in:
schrd 2024-09-25 19:48:17 +02:00 committed by GitHub
parent cce7ef8ec2
commit 5a8217caa9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 45 additions and 21 deletions

View File

@ -6,15 +6,18 @@ class BBBWebApi {
private routes = {
index: {
path: '/bigbluebutton/api',
// this needs to be a relative path because it may be mounted as a subpath
// for example in cluster setups
path: 'bigbluebutton/api',
cacheKey: `${this.cachePrefix}_index`,
},
};
private static buildURL(route: string) {
const pathMatch = window.location.pathname.match('^(.*)/html5client/join$');
const serverPathPrefix = pathMatch ? pathMatch[1] : '';
const pathMatch = window.location.pathname.match('^(.*)/html5client/?$');
const serverPathPrefix = pathMatch ? `${pathMatch[1]}/` : '';
const { hostname, protocol } = window.location;
return new URL(route, `${protocol}//${hostname}${serverPathPrefix}`);
}

View File

@ -92,6 +92,16 @@
proxy_set_header X-Original-URI $request_uri;
}
location = /bigbluebutton/connection/checkGraphqlAuthorization {
internal;
proxy_pass http://127.0.0.1:8090;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
# this is required for CORS preflight checks in cluster setup
proxy_set_header X-Original-Method $request_method;
}
location = /bigbluebutton/connection/legacyCheckAuthorization {
internal;
proxy_pass http://127.0.0.1:8090;
@ -154,6 +164,10 @@
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires "0";
# this Header is required for cluster setups as the ping check is a
# CORS request. No cookies are required so we can just allow anyone
# to use this endpoint.
add_header 'Access-Control-Allow-Origin' '*';
return 200 "";
}

View File

@ -62,6 +62,19 @@ class ConnectionController {
def checkGraphqlAuthorization = {
try {
/* the graphql connection in cluster setups is a CORS request. The OPTIONS
* call is done as a preflight quest by the browser and does not contain
* secrets. The Access-Allow-Origin Header is added by Grails. This is just
* the auth_request endpoint called by nginx to check authorization.
*/
if (request.getHeader("x-original-method") == 'OPTIONS') {
log.debug "OPTIONS SUCCESS \n"
response.setStatus(200)
response.addHeader("Cache-Control", "no-cache")
response.contentType = 'plain/text'
response.outputStream << 'graphql-success';
return;
}
String sessionToken = request.getHeader("x-session-token")
UserSession userSession = meetingService.getUserSessionWithSessionToken(sessionToken)

View File

@ -130,28 +130,23 @@ public:
url: 'https://bbb-01.example.com/pad'
```
Create (or edit if it already exists) this unit override file:
* `/etc/systemd/system/bbb-html5.service.d/cluster.conf`
It should have the following content:
Copy `/usr/share/bigbluebutton/nginx/bbb-html5.nginx.static` to
`/usr/share/bigbluebutton/nginx/bbb-html5-cluster.nginx` and prepend the mount
point of bbb-html5 in all location sections:
```
[Service]
Environment=ROOT_URL=https://127.0.0.1/bbb-01/html5client
Environment=DDP_DEFAULT_CONNECTION_URL=https://bbb-01.example.com/bbb-01/html5client
```
Prepend the mount point of bbb-html5 in all location sections except for the
`location @html5client` section in `/usr/share/bigbluebutton/nginx/bbb-html5.nginx`:
```
location @html5client {
...
# running in production (static assets)
location /bbb-01/html5client {
gzip_static on;
alias /var/bigbluebutton/html5-client/;
index index.html;
try_files $uri $uri/ =404;
}
location /bbb-01/html5client/locales {
...
alias /var/bigbluebutton/html5-client/locales;
autoindex on;
autoindex_format json;
}
```
@ -188,7 +183,6 @@ Create the file `/etc/bigbluebutton/bbb-graphql-middleware.yml` with the followi
```shell
# If you are running a cluster proxy setup, you need to allow the url of the Frontend
# Add an Authorized Cross Origin. See https://docs.bigbluebutton.org/administration/cluster-proxy
```yaml
server:
authorized_cross_origin: bbb-proxy.example.com
```