2020-07-16 20:09:48 +02:00
AWSTemplateFormatVersion: 2010-09-09
Description: OpenVidu Platform
Parameters:
# Domain and SSL certificate configuration
WhichCert:
Description: >
[selfsigned] Self signed certificate. Not recommended for production use.
[owncert] Valid certificate purchased in a Internet services company.
[letsencrypt] Generate a new certificate using Let's Encrypt.
Type: String
AllowedValues:
- selfsigned
- owncert
- letsencrypt
Default: selfsigned
PublicElasticIP:
Description: "Previously created AWS Elastic IP to associate it to the OpenVidu EC2 instance. If certificate type is 'selfsigned' this value is optional. If certificate type is 'owncert' or 'letsencrypt' this value is mandatory. Example 13.33.145.23."
Type: String
AllowedPattern: ^$|^([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])$
ConstraintDescription: The public Elastic IP does not have a valid IPv4 format
MyDomainName:
Description: "Valid domain name pointing to previous IP. If certificate type is 'selfsigned' this value is optional. If certificate type is 'owncert' or 'letsencrypt' this value is mandatory. Example: openvidu.company.com"
Type: String
AllowedPattern: ^$|^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$
ConstraintDescription: The domain name does not have a valid domain name format
OwnCertCRT:
Description: "If certificate type is 'owncert' this is the URL where CRT file will be downloaded"
Type: String
OwnCertKEY:
Description: "If certificate type is 'owncert' this is the URL where KEY file will be downloaded"
Type: String
LetsEncryptEmail:
Description: "If certificate type is 'letsencrypt', this email will be used for Let's Encrypt notifications"
Type: String
# OpenVidu configuration
OpenViduSecret:
2020-11-06 00:03:12 +01:00
Description: "Secret to connect to this OpenVidu Platform. Cannot be empty and must contain only alphanumeric characters [a-zA-Z0-9], hypens ('-') and underscores ('_')"
2020-07-16 20:09:48 +02:00
Type: String
2020-11-05 16:39:22 +01:00
AllowedPattern: ^[a-zA-Z0-9_-]+$
2020-07-16 20:09:48 +02:00
NoEcho: true
2020-11-05 16:39:22 +01:00
ConstraintDescription: "Cannot be empty and must contain only alphanumeric characters [a-zA-Z0-9], hypens ('-') and underscores ('_')"
2020-07-16 20:09:48 +02:00
# EC2 Instance configuration
InstanceType:
Description: "Specifies the EC2 instance type for your OpenVidu instance"
Type: String
2020-11-05 16:57:24 +01:00
Default: c5.xlarge
2020-07-16 20:09:48 +02:00
AllowedValues:
- t2.large
- t2.xlarge
- t2.2xlarge
- t3.large
- t3.xlarge
- t3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
- m4.16xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- c4.large
- c4.xlarge
- c4.2xlarge
- c4.4xlarge
- c4.8xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
ConstraintDescription: "Must be a valid EC2 instance type"
KeyName:
Description: "Name of an existing EC2 KeyPair to enable SSH access to the instance. It is mandatory to perform some administrative tasks of OpenVidu."
Type: 'AWS::EC2::KeyPair::KeyName'
ConstraintDescription: "must be the name of an existing EC2 KeyPair"
# Other configuration
WantToDeployDemos:
Description: "Choose if you want to deploy OpenVidu Call application alongside OpenVidu platform."
Type: String
AllowedValues:
- true
- false
Default: true
WantToSendInfo:
Description: "Choose if you want to send to OpenVidu team the version deployed and AWS region."
Type: String
AllowedValues:
- true
- false
Default: true
Mappings:
OVAMIMAP:
eu-west-1:
AMI: OV_AMI_ID
Metadata:
'AWS::CloudFormation::Interface':
ParameterGroups:
- Label:
default: Domain and SSL certificate configuration
Parameters:
- WhichCert
- PublicElasticIP
- MyDomainName
- OwnCertCRT
- OwnCertKEY
- LetsEncryptEmail
- Label:
default: OpenVidu configuration
Parameters:
- OpenViduSecret
- Label:
default: EC2 Instance configuration
Parameters:
- InstanceType
- KeyName
- Label:
default: Other configuration
Parameters:
- WantToDeployDemos
- WantToSendInfo
ParameterLabels:
# SSL certificate configuration
WhichCert:
default: "Certificate Type"
PublicElasticIP:
default: "AWS Elastic IP (EIP)"
MyDomainName:
default: "Domain Name pointing to Elastic IP"
OwnCertCRT:
default: "URL to the CRT file (owncert)"
OwnCertKEY:
default: "URL to the key file (owncert)"
LetsEncryptEmail:
default: "Email for Let's Encrypt (letsencrypt)"
# OpenVidu configuration
OpenViduSecret:
default: "Openvidu Secret"
# EC2 Instance configuration
InstanceType:
default: "Instance type"
KeyName:
default: "SSH Key"
# Other configuration
WantToDeployDemos:
default: "Deploy OpenVidu Call application"
WantToSendInfo:
default: "Send deployment info to OpenVidu team"
Conditions:
WhichCertPresent: !Not [ !Equals [!Ref WhichCert, ""] ]
PublicElasticIPPresent: !Not [ !Equals [!Ref PublicElasticIP, ""] ]
Resources:
OpenviduServer:
Type: 'AWS::EC2::Instance'
Metadata:
Comment: 'Install and configure OpenVidu Server and Demos'
AWS::CloudFormation::Init:
config:
files:
'/usr/local/bin/ping.sh':
content: |
#!/bin/bash
INXDB_URL=193.147.51.51
INXDB_DB=ov_server
INXDB_MEASUREMENT=server
OV_VERSION=OPENVIDU_VERSION
EC2_AVAIL_ZONE=$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone)
EC2_REGION=$(echo "$EC2_AVAIL_ZONE" | sed 's/[a-z]$//')
curl -i -XPOST "http://$INXDB_URL:8086/write?db=$INXDB_DB" \
--data-binary "$INXDB_MEASUREMENT,region=$EC2_REGION ov_version=\"$OV_VERSION\" "
mode: "000755"
owner: "root"
group: "root"
'/usr/local/bin/check_app_ready.sh':
content: |
#!/bin/bash
while true; do
HTTP_STATUS=$(curl -Ik http://localhost:5443 | head -n1 | awk '{print $2}')
if [ $HTTP_STATUS == 200 ]; then
break
fi
sleep 5
done
mode: "000755"
owner: "root"
group: "root"
'/usr/local/bin/feedGroupVars.sh':
content: !Sub |
#!/bin/bash -x
WORKINGDIR=/opt/openvidu
# Replace secret
sed -i "s/OPENVIDU_SECRET=/OPENVIDU_SECRET=${OpenViduSecret}/" $WORKINGDIR/.env
# Replace domain name
if [[ "${MyDomainName}" != '' && "${PublicElasticIP}" != '' ]]; then
sed -i "s/DOMAIN_OR_PUBLIC_IP=/DOMAIN_OR_PUBLIC_IP=${MyDomainName}/" $WORKINGDIR/.env
elif [[ "${MyDomainName}" == '' && "${PublicElasticIP}" != '' ]]; then
sed -i "s/DOMAIN_OR_PUBLIC_IP=/DOMAIN_OR_PUBLIC_IP=${PublicElasticIP}/" $WORKINGDIR/.env
else
[ ! -d "/usr/share/openvidu" ] && mkdir -p /usr/share/openvidu
PublicHostname=$(curl http://169.254.169.254/latest/meta-data/public-hostname)
sed -i "s/DOMAIN_OR_PUBLIC_IP=/DOMAIN_OR_PUBLIC_IP=$PublicHostname/" $WORKINGDIR/.env
echo $PublicHostname > /usr/share/openvidu/old-host-name
fi
# Replace certificated type
sed -i "s/CERTIFICATE_TYPE=selfsigned/CERTIFICATE_TYPE=${WhichCert}/" $WORKINGDIR/.env
sed -i "s/LETSENCRYPT_EMAIL=user@example.com/LETSENCRYPT_EMAIL=${LetsEncryptEmail}/" $WORKINGDIR/.env
# Without Application
if [ "${WantToDeployDemos}" == "false" ]; then
sed -i "s/WITH_APP=true/WITH_APP=false/" $WORKINGDIR/docker-compose.yml
rm $WORKINGDIR/docker-compose.override.yml
fi
mode: "000755"
owner: "root"
group: "root"
'/usr/local/bin/buildCerts.sh':
content: !Sub |
#!/bin/bash -x
WORKINGDIR=/opt/openvidu
wget --no-check-certificate -O $WORKINGDIR/owncert/certificate.cert ${OwnCertCRT}
wget --no-check-certificate -O $WORKINGDIR/owncert/certificate.key ${OwnCertKEY}
mode: "000755"
owner: "root"
group: "root"
'/usr/local/bin/restartCE.sh':
content: !Sub |
#!/bin/bash -x
WORKINGDIR=/opt/openvidu
# Get new amazon URL
OldPublicHostname=$(cat /usr/share/openvidu/old-host-name)
PublicHostname=$(curl http://169.254.169.254/latest/meta-data/public-hostname)
sed -i "s/$OldPublicHostname/$PublicHostname/" $WORKINGDIR/.env
echo $PublicHostname > /usr/share/openvidu/old-host-name
# Restart all services
pushd /opt/openvidu
2020-12-09 21:57:28 +01:00
docker-compose up -d kms
until docker-compose ps | grep kms | grep healthy; do
echo "Waiting kms..."
done
2020-07-16 20:09:48 +02:00
docker-compose up -d
popd
mode: "000755"
owner: "root"
group: "root"
Properties:
ImageId: !FindInMap [OVAMIMAP, !Ref 'AWS::Region', AMI]
InstanceType: !Ref InstanceType
SecurityGroups:
- !Ref WebServerSecurityGroup
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: !Ref 'AWS::StackName'
UserData:
Fn::Base64: !Sub |
#!/bin/bash -x
set -eu -o pipefail
cfn-init --region ${AWS::Region} --stack ${AWS::StackId} --resource OpenviduServer
# Replace .env variables
/usr/local/bin/feedGroupVars.sh || { echo "[Openvidu] Parameters incorrect/insufficient"; exit 1; }
# Launch on reboot
echo "@reboot /usr/local/bin/restartCE.sh" | crontab
# Download certs if "WichCert" mode
if [ "${WhichCert}" == "owncert" ]; then
/usr/local/bin/buildCerts.sh || { echo "[Openvidu] error with the certificate files"; exit 1; }
fi
# Start openvidu application
pushd /opt/openvidu
2020-12-09 21:57:28 +01:00
docker-compose up -d kms
until docker-compose ps | grep kms | grep healthy; do
echo "Waiting kms..."
done
2020-07-16 20:09:48 +02:00
docker-compose up -d
popd
# Send info to openvidu
if [ "${WantToSendInfo}" == "true" ]; then
/usr/local/bin/ping.sh
fi
rm /usr/local/bin/ping.sh
# Wait for the app
/usr/local/bin/check_app_ready.sh
# Start up the cfn-hup daemon to listen for changes to the Web Server metadata
/usr/local/bin/cfn-hup -v || { echo "[Openvidu] Failed to start cfn-hup"; exit 1; }
# sending the finish call
/usr/local/bin/cfn-signal -e $? --stack ${AWS::StackId} --resource WaitCondition --region ${AWS::Region}
BlockDeviceMappings:
- DeviceName: /dev/sda1
Ebs:
VolumeType: io1
Iops: 200
DeleteOnTermination: true
VolumeSize: 100
MyEIP:
Type: 'AWS::EC2::EIPAssociation'
Condition: PublicElasticIPPresent
Properties:
InstanceId: !Ref OpenviduServer
EIP: !Ref PublicElasticIP
WaitCondition:
Type: 'AWS::CloudFormation::WaitCondition'
CreationPolicy:
ResourceSignal:
Timeout: PT30M
Count: '1'
WebServerSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: SSH, Proxy and OpenVidu WebRTC Ports
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 3478
ToPort: 3478
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: 3478
ToPort: 3478
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: 40000
2020-10-14 17:30:28 +02:00
ToPort: 57000
2020-07-16 20:09:48 +02:00
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 40000
2020-10-14 17:30:28 +02:00
ToPort: 57000
2020-07-16 20:09:48 +02:00
CidrIp: 0.0.0.0/0
Outputs:
OpenViduServerURL:
Description: Use this URL to connect OpenVidu Server
Value: !Join
- ''
- - 'https://'
- !GetAtt
- OpenviduServer
- PublicDnsName
OpenViduServerURLLE:
Description: Use this URL to connect OpenVidu Server
Value: !Join
- ''
- - 'https://'
- !Ref MyDomainName
Condition: WhichCertPresent
OpenViduCallURL:
Description: If you choose to deploy OpenVidu Call application, use this URL
Value: !Join
- ''
- - 'https://'
- !GetAtt
- OpenviduServer
- PublicDnsName
OpenViduCallURLLE:
Description: If you choose to deploy OpenVidu Call application, use this URL
Value: !Join
- ''
- - 'https://'
- !Ref MyDomainName
Condition: WhichCertPresent
