From 1a0713ebbb23c2835adb66004df47173ead3df82 Mon Sep 17 00:00:00 2001 From: OscarSotoSanchez Date: Wed, 13 May 2020 16:25:53 +0200 Subject: [PATCH] secure redis --- .../docker-compose.yml | 7 +++-- .../install_openvidu.sh | 2 +- .../docker/openvidu-redis/Dockerfile | 7 +++++ .../docker/openvidu-redis/create_image.sh | 1 + .../docker/openvidu-redis/entrypoint.sh | 26 +++++++++++++++++++ 5 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 openvidu-server/docker/openvidu-redis/Dockerfile create mode 100755 openvidu-server/docker/openvidu-redis/create_image.sh create mode 100644 openvidu-server/docker/openvidu-redis/entrypoint.sh diff --git a/openvidu-server/docker/openvidu-docker-compose/docker-compose.yml b/openvidu-server/docker/openvidu-docker-compose/docker-compose.yml index b817f162..a3ac20bc 100644 --- a/openvidu-server/docker/openvidu-docker-compose/docker-compose.yml +++ b/openvidu-server/docker/openvidu-docker-compose/docker-compose.yml @@ -36,6 +36,7 @@ services: - SERVER_PORT=5443 - KMS_URIS=["ws://localhost:8888/kurento"] - COTURN_REDIS_IP=127.0.0.1 + - COTURN_REDIS_PASSWORD=${OPENVIDU_SECRET} kms: image: ${KMS_IMAGE:-kurento/kurento-media-server:6.13.2} @@ -52,9 +53,11 @@ services: - GST_DEBUG=${KMS_DEBUG_LEVEL:-} redis: - image: redis:5.0.7 + image: openvidu/openvidu-redis:1.0.0 restart: always network_mode: host + environment: + - REDIS_PASSWORD=${OPENVIDU_SECRET} coturn: image: openvidu/openvidu-coturn:1.0.0 @@ -64,7 +67,7 @@ services: - REDIS_IP=127.0.0.1 - TURN_LISTEN_PORT=3478 - DB_NAME=0 - - DB_PASSWORD=turn + - DB_PASSWORD=${OPENVIDU_SECRET} - MIN_PORT=57001 - MAX_PORT=65535 diff --git a/openvidu-server/docker/openvidu-docker-compose/install_openvidu.sh b/openvidu-server/docker/openvidu-docker-compose/install_openvidu.sh index d1e842b9..47237ad4 100755 --- a/openvidu-server/docker/openvidu-docker-compose/install_openvidu.sh +++ b/openvidu-server/docker/openvidu-docker-compose/install_openvidu.sh @@ -2,7 +2,7 @@ # Global variables OPENVIDU_FOLDER=openvidu -OPENVIDU_VERSION=v2.14.0 +OPENVIDU_VERSION=master fatal_error() { printf "\n =======¡ERROR!=======" diff --git a/openvidu-server/docker/openvidu-redis/Dockerfile b/openvidu-server/docker/openvidu-redis/Dockerfile new file mode 100644 index 00000000..5b00a28c --- /dev/null +++ b/openvidu-server/docker/openvidu-redis/Dockerfile @@ -0,0 +1,7 @@ +FROM redis:6.0.1-alpine + +COPY ./entrypoint.sh /usr/local/bin + +RUN chmod +x /usr/local/bin/entrypoint.sh + +CMD /usr/local/bin/entrypoint.sh diff --git a/openvidu-server/docker/openvidu-redis/create_image.sh b/openvidu-server/docker/openvidu-redis/create_image.sh new file mode 100755 index 00000000..310620b0 --- /dev/null +++ b/openvidu-server/docker/openvidu-redis/create_image.sh @@ -0,0 +1 @@ +docker build --rm -t openvidu/openvidu-redis . diff --git a/openvidu-server/docker/openvidu-redis/entrypoint.sh b/openvidu-server/docker/openvidu-redis/entrypoint.sh new file mode 100644 index 00000000..3a319247 --- /dev/null +++ b/openvidu-server/docker/openvidu-redis/entrypoint.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +[ -z "${REDIS_BINDING}" ] && REDIS_BINDING="127.0.0.1" + +printf "\n" +printf "\n =======================================" +printf "\n = REDIS CONF =" +printf "\n =======================================" +printf "\n" + +printf "\n REDIS_BINDING: %s" "${REDIS_BINDING}" +printf "\n REDIS_PASSWORD: %s" "${REDIS_PASSWORD}" + +mkdir -p /usr/local/etc/redis +cat>/usr/local/etc/redis/redis.conf<