BBB is a great open source video conferencing software used primary for one-to-many video conferencing. It’s used extensively as a teaching platform by universities and is also a great tool for employee training in private organizations. In order to install BBB you will need to have beginner to intermediate skills using the Linux operating system.


  • Bare metal server with 8 core CPU, 16 GB RAM, 500GB Hard Drive, NIC
  • Public static IPV4 address
  • 10Mbps minimum synchronous Internet speed, 100Mbps+ recommended (speed will determine quality based on the number of concurrent connections)
  • Registered public DNS namespace for FQDN

It’s best to install BBB server directly to a WAN IP, this allows it to be used without NAT and a STUN server, making setup a lot easier. The BBB setup described below includes an open-source firewall so that the server is protected. If you wish to configure BBB server with a direct WAN interface, just plug it in to your ISP’s router and skip to the section below titled Configuring the BBB Server.

I like to set up BBB behind a Sonicwall router for several reasons. Aside from Sonicwall being a solid and secure firewall, we can add additional services such as Geo-IP filtering and malware scanning that adds extra security. To achive our task, we are going to set one of the Sonicwall ports in transparent mode, which will bridge a WAN port while allowing firewall rules to be applied to the traffic.

To begin, navigate to network –> zones and create a public zone and name it Video (or BBB). Navigate to network-> interfaces and select an interface where you want to connect the BBB server’s NIC card to. Set the interface’s zone to Video and the mode to transparent. Create an object with the WAN IP address you are going to use for the BBB server and add it to the transparent range.



Navigate to objects-> service objects. Create a service object for UDP port range 16384-32768. The create a service group and add the service object you created in addition to http and https service objects.


Once you are done, go to rules –> access rules and add a rule to allow traffic through the bridged interface.


Finally, go back to network –> zones and add security services you may be subscribe to.


This will create an additional layer of security on top of the open source firewall that is set up with BBB. Note: BBB uses SSH port 22 for management. I do not recommend opening it to the general public. It’s preferable to VPN into the Sonicwall and then SSH into the BBB server or alternatively create a rule to allow SSH access only from a specific WAN IP address.


Configuring the Big Blue Button Server

Download and install Ubuntu 18.04 LTS on a physical server, it’s not recommended to install BBB on a virtual machine. During the installation, name your server ‘BBB’ of whatever host name you choose and add a public IP address to the NIC settings. Connect the NIC to the ISP router directly in order to avoid NAT which is not recommended for video/audio applications. Connecting directly to WAN will avoid having to set up a STUN server and abide by the KISS principle.

Once the Ubuntu OS is installed and your server has Internet access, run the following command to update your system:

sudo apt-get update


Next, run the following command to access root:

sudo -i


Now download and run the BBB installation shell using the following command:

wget -qO- | bash -s -- -w –l –g -a -v bionic-24 -s -e

Obviously you will want to replace with your own FQDN and use your own email instead of


This command will install:

  • The latest version of BBB (2.4x at the time of this writing).
  • An open source firewall (UFW) and open TCP ports 22, 80, 443 and UDP range 16384-32768, all necessary for BBB to function and be remotely managed.
  • Set the server’s host name to the FQDN you chose.
  • Provide an email address for Let’s Encrypt to generate an SSL certificate for the FQDN.
  • Installs Greenlight, an interface for meetings, invites and recordings.

While the shell is installing and configuring BBB, let’s check a few things:

  • Ping your FQDN and make sure it resolves to the public IP address that you configured on the server’s NIC.
  • Make sure you have access to the domain registrar or to the server that hosts the FQDN zone file
Note: I personally would not leave port 22 open unless you can restrict the IP addresses that can connect to it via SSH.


Leave a comment

Your email address will not be published. Required fields are marked *

error: Sorry, copy/paste is disabled
Skip to content