Operations handbook
Greenlight administration for production
Greenlight is the application layer around BigBlueButton rooms. That makes its accounts, PostgreSQL data, mail delivery, OIDC configuration and API credentials part of the production service—not incidental containers.
Executive brief
What matters
- 01
Prefer SSO for institutional deployments and restrict local registration to an explicit policy.
- 02
Back up and restore PostgreSQL with the application version and configuration documented.
- 03
Investigate missing recordings across BBB processing, API discovery and Greenlight visibility as separate stages.
01
Set account and room policy
Decide who may register, create rooms, invite guests and become an administrator. With OIDC, document just-in-time account behaviour and deprovisioning. Use a small number of named administrators and keep a controlled recovery account outside the normal federation path.
02
Protect dependencies and secrets
Use trusted HTTPS, working SMTP, durable PostgreSQL storage and protected OIDC and BigBlueButton credentials. Keep Greenlight separate from busy media nodes when practical. Monitor certificate expiry, mail failure, database health and backend API connectivity.
03
Manage recordings as a pipeline
A recording must finish capture, process on a BBB node, appear through the BBB or Scalelite API, and satisfy Greenlight visibility and ownership rules. When it is missing, verify each stage and use timestamps and record IDs. Repeated resync commands without identifying the broken stage can create confusion.
04
Upgrade with a restore point
Read release notes, pin the intended image or version, back up PostgreSQL and configuration, and test in staging. After upgrade, verify login, room creation, join roles, SMTP and historical recordings. A container replacement is easy; compatible data and a proven rollback are the real upgrade.
Evidence base
Sources and further reading
We prefer project documentation and first-party product guidance. Community links are included where they reveal recurring operational questions rather than establish product guarantees.
- Greenlight v3 installation docs.bigbluebutton.org ↗ (opens in a new tab)
- Greenlight external authentication docs.bigbluebutton.org ↗ (opens in a new tab)
- Greenlight community support discussions groups.google.com ↗ (opens in a new tab)
- BigBlueButton recording API docs.bigbluebutton.org ↗ (opens in a new tab)
Practical answers
Questions teams ask
Does Greenlight store BigBlueButton recordings?+
It presents and manages recording metadata while the recording files are produced and stored by the BigBlueButton/Scalelite architecture.
Can Greenlight use Google or Microsoft login?+
Yes through OIDC, directly or through a broker such as Keycloak. Configure exact callbacks and test lifecycle events.
Should Greenlight share the BBB media server?+
It can in small environments, but isolation gives the application and database a cleaner lifecycle and scaling path.
Continue the research
Related guides and infrastructure
SSO with Microsoft Entra ID, Google Workspace and LDAP
Connect Greenlight to Microsoft Entra ID, Google Workspace or LDAP using OpenID Connect and an identity broker.
Read next → Planning & architectureScalelite architecture and operations
Understand Scalelite load balancing, PostgreSQL, Redis, shared recordings, node lifecycle, monitoring and failure modes.
Read next → InfrastructureGreenlight hosting that can grow beyond one BBB node
Self-managed Greenlight hosting on an isolated VPS with PostgreSQL and Redis-ready resources, backups and deployment options.
Read next →