# Requirements

1.  Ansible 2.8+, available in Debian buster-backports or newer.

2.  Ubuntu 18.04 64-bit server

# Setup

1.  Fill in `bbb_letsencrypt_email` in `bigbluebutton.yml`

2.  On the machine with Ansible, run

    `ansible-galaxy install -r requirements.yml`

3.  If you want phone dial-in to work, modify `bbb_dialin_*` in

    bigbluebutton.yml accordingly.

    -   If you have a public IP and FQDN pointing to the Ubuntu 18.04 box

        a.  Change the `bbb_hostname:` value in bigbluebutton.yml to be

            the FQDN of the Ubuntu box.

        b.  On the machine with Ansible, run

        `ansible-playbook -u [ubuntu_box_username] -i [ubuntu_box_fqdn], bigbluebutton.yml`

    -   If you don't have a public IP for the Ubuntu 18.04 box

        a.  Replace the `bbb_letsencrypt_email:` line in

            bigbluebutton.yml with `bbb_letsencrypt_enable: false`

        b.  Change the `bbb_hostname:` value in bigbluebutton.yml to be

            `ubuntu1804bbb.vm`

        c.  Add a new line in both machines\' `/etc/hosts`:

            `[ubuntu_18.04_IP]  ubuntu1804bbb.vm`

        d.  On the machine with Ansible, run

            `ansible-playbook -u [ubuntu_box_username] -i ubuntu1804bbb.vm, bigbluebutton.yml`

4.  If you make any modifications, update the corresponding source code URL in

    `bigbluebutton.yml` to one for a repository containing your modifications.

5.  

    -   If you have a public IP and FQDN pointing to the Ubuntu 18.04 box

        visit https://[ubuntu_box_fqdn]/ in your browser, create an account,

	     click Home, then Start to begin

    -   If you don't have a public IP for the Ubuntu 18.04 box

        a.  Run the following commands on the Ubuntu 18.04 box

            ```

            openssl genrsa -des3 -out rootCA.key 4096

            openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt

            cat <<-EOF > fullchain.ext

            authorityKeyIdentifier=keyid,issuer

            basicConstraints=CA:FALSE

            keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

            subjectAltName = @alt_names

            [alt_names]

            DNS.1 = ubuntu1804bbb.vm

		      EOF

            openssl x509 -req -in /etc/letsencrypt/live/ubuntu1804bbb.vm/fullchain.pem.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out fullchain.crt -days 300 -sha256 -extfile fullchain.ext

            sudo chown root:root fullchain.crt rootCA.crt

            sudo mv fullchain.crt /etc/letsencrypt/live/ubuntu1804bbb.vm/fullchain.pem

            sudo mv rootCA.crt /usr/local/share/ca-certificates

            sudo update-ca-certificates

            sudo docker cp /usr/local/share/ca-certificates/rootCA.crt greenlight-v2:/usr/local/share/ca-certificates

            sudo docker exec greenlight-v2 update-ca-certificates

		      ```

         b.  Visit https://ubuntu1804bbb.vm/ in your browser, create an account, click Home, then Start to begin