diff --git a/openvidu-server/deployments/ce/docker-compose/.env b/openvidu-server/deployments/ce/docker-compose/.env index 279ec85e..0a6a7da8 100644 --- a/openvidu-server/deployments/ce/docker-compose/.env +++ b/openvidu-server/deployments/ce/docker-compose/.env @@ -39,6 +39,9 @@ LETSENCRYPT_EMAIL=user@example.com # SDKs, REST clients and browsers will have to connect to this port # HTTPS_PORT=443 +# If true request to with www will be redirected to non-www requests +# REDIRECT_WWW=false + # Access restrictions # In this section you will be able to restrict the IPs from which you can access to # Openvidu API and the Administration Panel diff --git a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml index 4e1cbdae..baeef2dc 100644 --- a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml +++ b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml @@ -92,3 +92,4 @@ services: - PROXY_MODE=CE - WITH_APP=true - SUPPORT_DEPRECATED_API=${SUPPORT_DEPRECATED_API:-true} + - REDIRECT_WWW=${REDIRECT_WWW:-false} diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env index 6cf0d1ae..02c68e18 100644 --- a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env +++ b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env @@ -42,6 +42,9 @@ LETSENCRYPT_EMAIL=user@example.com # SDKs, REST clients and browsers will have to connect to this port # HTTPS_PORT=443 +# If true request to with www will be redirected to non-www requests +# REDIRECT_WWW=false + # Access restrictions # In this section you will be able to restrict the IPs from which you can access to # Openvidu API and the Administration Panel diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml index e8681b99..034d6035 100644 --- a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml +++ b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml @@ -86,6 +86,7 @@ services: - PROXY_MODE=PRO - WITH_APP=true - SUPPORT_DEPRECATED_API=${SUPPORT_DEPRECATED_API:-true} + - REDIRECT_WWW=${REDIRECT_WWW:-false} elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0 diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf deleted file mode 100644 index eecf11c5..00000000 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf +++ /dev/null @@ -1,105 +0,0 @@ -# Your app -#upstream yourapp { -# server localhost:5442; -#} - -upstream openviduserver { - server localhost:5443; -} - -server { - listen {https_port} ssl; - server_name {domain_name}; - - ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 5m; - ssl_stapling on; - ssl_stapling_verify on; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - - ssl_prefer_server_ciphers on; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Proto https; - proxy_headers_hash_bucket_size 512; - proxy_redirect off; - - # Websockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Welcome - root /var/www/html; - - # Your app - #location / { - # proxy_pass http://yourapp; # Openvidu call by default - #} - - ################################# - # Common rules # - ################################# - # Dashboard rule - location /dashboard { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - # Websocket rule - location ~ /openvidu$ { - proxy_pass http://openviduserver; - } - - ################################# - # New API # - ################################# - location /openvidu/layouts { - rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - - location /openvidu/recordings { - proxy_pass http://openviduserver; - } - - location /openvidu/api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/info { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/accept-certificate { - proxy_pass http://openviduserver; - } - - location /openvidu/cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - ################################# - # LetsEncrypt # - ################################# - location /.well-known/acme-challenge { - root /var/www/certbot; - try_files $uri $uri/ =404; - } -} diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf index 9b1c21ab..efc7d333 100644 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf @@ -1,7 +1,4 @@ -# Openvidu call -upstream yourapp { - server localhost:5442; -} +{app_upstream} upstream openviduserver { server localhost:5443; @@ -11,89 +8,20 @@ server { listen {https_port} ssl; server_name {domain_name}; - ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + {ssl_config} - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 5m; - ssl_stapling on; - ssl_stapling_verify on; + {proxy_config} - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - - ssl_prefer_server_ciphers on; + {app_config} - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Proto https; - proxy_headers_hash_bucket_size 512; - proxy_redirect off; + ######################## + # OpenVidu Locations # + ######################## + {common_api_ce} - # Websockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + {deprecated_api_ce} - # Welcome - #root /var/www/html; - - # Your app - location / { - proxy_pass http://yourapp; # Openvidu call by default - } - - ################################# - # Common rules # - ################################# - # Dashboard rule - location /dashboard { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - # Websocket rule - location ~ /openvidu$ { - proxy_pass http://openviduserver; - } - - ################################# - # New API # - ################################# - location /openvidu/layouts { - rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - - location /openvidu/recordings { - proxy_pass http://openviduserver; - } - - location /openvidu/api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/info { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/accept-certificate { - proxy_pass http://openviduserver; - } - - location /openvidu/cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } + {new_api_ce} ################################# # LetsEncrypt # diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf deleted file mode 100644 index 6cb723f0..00000000 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf +++ /dev/null @@ -1,146 +0,0 @@ -# Your app -#upstream yourapp { -# server localhost:5442; -#} - -upstream openviduserver { - server localhost:5443; -} - -server { - listen {https_port} ssl; - server_name {domain_name}; - - ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 5m; - ssl_stapling on; - ssl_stapling_verify on; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - - ssl_prefer_server_ciphers on; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Proto https; - proxy_headers_hash_bucket_size 512; - proxy_redirect off; - - # Websockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Welcome - root /var/www/html; - - # Your app - #location / { - # proxy_pass http://yourapp; # Openvidu call by default - #} - - ################################# - # Common rules # - ################################# - # Dashboard rule - location /dashboard { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - # Websocket rule - location ~ /openvidu$ { - proxy_pass http://openviduserver; - } - - ################################# - # Deprecated API # - ################################# - # Openvidu Server - location /layouts/custom { - rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - - location /recordings { - proxy_pass http://openviduserver; - } - - location /api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /info { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location /config { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /accept-certificate { - proxy_pass http://openviduserver; - } - - location /cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - ################################# - # New API # - ################################# - location /openvidu/layouts { - rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - - location /openvidu/recordings { - proxy_pass http://openviduserver; - } - - location /openvidu/api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/info { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/accept-certificate { - proxy_pass http://openviduserver; - } - - location /openvidu/cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - ################################# - # LetsEncrypt # - ################################# - location /.well-known/acme-challenge { - root /var/www/certbot; - try_files $uri $uri/ =404; - } -} diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app.conf deleted file mode 100644 index e4c1f8d7..00000000 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app.conf +++ /dev/null @@ -1,146 +0,0 @@ -# Openvidu call -upstream yourapp { - server localhost:5442; -} - -upstream openviduserver { - server localhost:5443; -} - -server { - listen {https_port} ssl; - server_name {domain_name}; - - ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 5m; - ssl_stapling on; - ssl_stapling_verify on; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - - ssl_prefer_server_ciphers on; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Proto https; - proxy_headers_hash_bucket_size 512; - proxy_redirect off; - - # Websockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Welcome - #root /var/www/html; - - # Your app - location / { - proxy_pass http://yourapp; # Openvidu call by default - } - - ################################# - # Common rules # - ################################# - # Dashboard rule - location /dashboard { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - # Websocket rule - location ~ /openvidu$ { - proxy_pass http://openviduserver; - } - - ################################# - # Deprecated API # - ################################# - # Openvidu Server - location /layouts/custom { - rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - - location /recordings { - proxy_pass http://openviduserver; - } - - location /api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /info { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location /config { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /accept-certificate { - proxy_pass http://openviduserver; - } - - location /cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - ################################# - # New API # - ################################# - location /openvidu/layouts { - rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - - location /openvidu/recordings { - proxy_pass http://openviduserver; - } - - location /openvidu/api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/info { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/accept-certificate { - proxy_pass http://openviduserver; - } - - location /openvidu/cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - ################################# - # LetsEncrypt # - ################################# - location /.well-known/acme-challenge { - root /var/www/certbot; - try_files $uri $uri/ =404; - } -} diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/default-root.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/default-root.conf new file mode 100644 index 00000000..eaef697f --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/default-root.conf @@ -0,0 +1,2 @@ +# Welcome +root /var/www/html; \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/location-yourapp.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/location-yourapp.conf new file mode 100644 index 00000000..1f714085 --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/location-yourapp.conf @@ -0,0 +1,4 @@ +# Your App +location / { + proxy_pass http://yourapp; # Openvidu call by default +} \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-ce/common-api-ce.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-ce/common-api-ce.conf new file mode 100644 index 00000000..e5609e8d --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-ce/common-api-ce.conf @@ -0,0 +1,14 @@ +################################# +# Common rules # +################################# +# Dashboard rule +location /dashboard { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; +} + +# Websocket rule +location ~ /openvidu$ { + proxy_pass http://openviduserver; +} \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-ce/deprecated-api-ce.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-ce/deprecated-api-ce.conf new file mode 100644 index 00000000..f8406500 --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-ce/deprecated-api-ce.conf @@ -0,0 +1,40 @@ +################################# +# Deprecated API # +################################# +# Openvidu Server +location /layouts/custom { + rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; +} + +location /recordings { + proxy_pass http://openviduserver; +} + +location /api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} + +location /info { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; +} + +location /config { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} + +location /accept-certificate { + proxy_pass http://openviduserver; +} + +location /cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-ce/new-api-ce.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-ce/new-api-ce.conf new file mode 100644 index 00000000..992eb7db --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-ce/new-api-ce.conf @@ -0,0 +1,33 @@ +################################# +# New API # +################################# +location /openvidu/layouts { + rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; +} + +location /openvidu/recordings { + proxy_pass http://openviduserver; +} + +location /openvidu/api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} + +location /openvidu/info { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; +} + +location /openvidu/accept-certificate { + proxy_pass http://openviduserver; +} + +location /openvidu/cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-pro/common-api-pro.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-pro/common-api-pro.conf new file mode 100644 index 00000000..ea22f7de --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-pro/common-api-pro.conf @@ -0,0 +1,27 @@ +################################# +# Common rules # +################################# +location /dashboard { + {rules_access_dashboard} + deny all; + rewrite ^/dashboard/(.*)$ /$1 break; + proxy_pass http://openviduserver/; +} + +location /inspector { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; +} + +location ~ /openvidu$ { + proxy_pass http://openviduserver; +} + +location /kibana { + {rules_access_dashboard} + deny all; + + rewrite ^/kibana/(.*)$ /$1 break; + proxy_pass http://kibana/; +} \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-pro/deprecated-api-pro.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-pro/deprecated-api-pro.conf new file mode 100644 index 00000000..95fe3481 --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-pro/deprecated-api-pro.conf @@ -0,0 +1,59 @@ +################################# +# Deprecated API # +################################# +# Openvidu Server +location /layouts/custom { + rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; +} + +location /recordings { + proxy_pass http://openviduserver; +} + +location /api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} + +location /info { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; +} + +location /config { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} + +location /accept-certificate { + proxy_pass http://openviduserver; +} + +location /cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} + +# Openvidu Server Pro +location /pro { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} + +location /api-login { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} + +location /elasticsearch { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-pro/new-api-pro.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-pro/new-api-pro.conf new file mode 100644 index 00000000..ef33eba1 --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-pro/new-api-pro.conf @@ -0,0 +1,46 @@ +################################# +# New API # +################################# +# OpenVidu Server +location /openvidu/layouts { + rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; +} + +location /openvidu/recordings { + proxy_pass http://openviduserver; +} + +location /openvidu/api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} + +location /openvidu/info { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; +} + +location /openvidu/accept-certificate { + proxy_pass http://openviduserver; +} + +location /openvidu/cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} +# OpenVidu Server PRO +location /openvidu/elk { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} + +location /openvidu/inspector-api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; +} \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/proxy.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/proxy.conf new file mode 100644 index 00000000..197cdab3 --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/proxy.conf @@ -0,0 +1,13 @@ +# Proxy +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Forwarded-Proto https; +proxy_headers_hash_bucket_size 512; +proxy_redirect off; + +# Websockets +proxy_http_version 1.1; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection "upgrade"; \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/ssl.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/ssl.conf new file mode 100644 index 00000000..38395628 --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/ssl.conf @@ -0,0 +1,14 @@ +# SSL Config +ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; +ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; +ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + +ssl_session_cache shared:SSL:50m; +ssl_session_timeout 5m; +ssl_stapling on; +ssl_stapling_verify on; + +ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; +ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + +ssl_prefer_server_ciphers on; \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/upstream-yourapp.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/upstream-yourapp.conf new file mode 100644 index 00000000..f4048ec8 --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/upstream-yourapp.conf @@ -0,0 +1,4 @@ +# Your App +upstream yourapp { + server localhost:5442; +} \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf deleted file mode 100644 index 9bae1de9..00000000 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf +++ /dev/null @@ -1,169 +0,0 @@ -add_header X-Frame-Options SAMEORIGIN; -add_header X-Content-Type-Options nosniff; -add_header X-XSS-Protection "1; mode=block"; - -# Openvidu call -#upstream yourapp { -# server localhost:5442; -#} - -upstream kibana { - server localhost:5601; -} - -upstream openviduserver { - server localhost:5443; -} - -server { - # Redirect to https - if ($host = {domain_name}) { - rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent; - } # managed by Certbot - - listen {http_port} default_server; - server_name {domain_name}; - - # letsencrypt - location /.well-known/acme-challenge { - root /var/www/certbot; - try_files $uri $uri/ =404; - } - - # Kibana panel - location /kibana { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - rewrite ^/kibana/(.*)$ /$1 break; - proxy_pass http://kibana/; - } -} - -server { - listen {https_port} ssl default deferred; - server_name {domain_name}; - - ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 5m; - ssl_stapling on; - ssl_stapling_verify on; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - - ssl_prefer_server_ciphers on; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Proto https; - proxy_headers_hash_bucket_size 512; - proxy_redirect off; - - # Websockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Welcome - root /var/www/html; - - # Your app - # location / { - # proxy_pass http://yourapp; # Openvidu call by default - #} - - ################################# - # Common rules # - ################################# - location /dashboard { - {rules_access_dashboard} - deny all; - rewrite ^/dashboard/(.*)$ /$1 break; - proxy_pass http://openviduserver/; - } - - location /inspector { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location ~ /openvidu$ { - proxy_pass http://openviduserver; - } - - location /kibana { - {rules_access_dashboard} - deny all; - - rewrite ^/kibana/(.*)$ /$1 break; - proxy_pass http://kibana/; - } - - ################################# - # New API # - ################################# - # OpenVidu Server - location /openvidu/layouts { - rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - - location /openvidu/recordings { - proxy_pass http://openviduserver; - } - - location /openvidu/api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/info { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/accept-certificate { - proxy_pass http://openviduserver; - } - - location /openvidu/cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - # OpenVidu Server PRO - location /openvidu/elk { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/inspector-api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - - ################################# - # LetsEncrypt # - ################################# - - location /.well-known/acme-challenge { - root /var/www/certbot; - try_files $uri $uri/ =404; - } -} diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf index 4c6a4df8..510d59e6 100644 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf @@ -2,10 +2,7 @@ add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; -# Openvidu call -upstream yourapp { - server localhost:5442; -} +{app_upstream} upstream kibana { server localhost:5601; @@ -47,116 +44,20 @@ server { listen {https_port} ssl default deferred; server_name {domain_name}; - ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + {ssl_config} - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 5m; - ssl_stapling on; - ssl_stapling_verify on; + {proxy_config} - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + {app_config} - ssl_prefer_server_ciphers on; + ######################## + # OpenVidu Locations # + ######################## + {common_api_pro} - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Proto https; - proxy_headers_hash_bucket_size 512; - proxy_redirect off; - - # Websockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Welcome - #root /var/www/html; - - # Your app - location / { - proxy_pass http://yourapp; # Openvidu call by default - } - - ################################# - # Common rules # - ################################# - location /dashboard { - {rules_access_dashboard} - deny all; - rewrite ^/dashboard/(.*)$ /$1 break; - proxy_pass http://openviduserver/; - } - - location /inspector { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location ~ /openvidu$ { - proxy_pass http://openviduserver; - } - - location /kibana { - {rules_access_dashboard} - deny all; - - rewrite ^/kibana/(.*)$ /$1 break; - proxy_pass http://kibana/; - } - - ################################# - # New API # - ################################# - # OpenVidu Server - location /openvidu/layouts { - rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - - location /openvidu/recordings { - proxy_pass http://openviduserver; - } - - location /openvidu/api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/info { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/accept-certificate { - proxy_pass http://openviduserver; - } - - location /openvidu/cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - # OpenVidu Server PRO - location /openvidu/elk { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/inspector-api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } + {deprecated_api_pro} + {new_api_pro} ################################# # LetsEncrypt # diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default-app-without-demos.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default-app-without-demos.conf deleted file mode 100644 index e74c8782..00000000 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default-app-without-demos.conf +++ /dev/null @@ -1,229 +0,0 @@ -add_header X-Frame-Options SAMEORIGIN; -add_header X-Content-Type-Options nosniff; -add_header X-XSS-Protection "1; mode=block"; - -# Openvidu call -#upstream yourapp { -# server localhost:5442; -#} - -upstream kibana { - server localhost:5601; -} - -upstream openviduserver { - server localhost:5443; -} - -server { - # Redirect to https - if ($host = {domain_name}) { - rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent; - } # managed by Certbot - - listen {http_port} default_server; - server_name {domain_name}; - - # letsencrypt - location /.well-known/acme-challenge { - root /var/www/certbot; - try_files $uri $uri/ =404; - } - - # Kibana panel - location /kibana { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - rewrite ^/kibana/(.*)$ /$1 break; - proxy_pass http://kibana/; - } -} - -server { - listen {https_port} ssl default deferred; - server_name {domain_name}; - - ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 5m; - ssl_stapling on; - ssl_stapling_verify on; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - - ssl_prefer_server_ciphers on; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Proto https; - proxy_headers_hash_bucket_size 512; - proxy_redirect off; - - # Websockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Welcome - root /var/www/html; - - # Your app - # location / { - # proxy_pass http://yourapp; # Openvidu call by default - #} - - ################################# - # Common rules # - ################################# - location /dashboard { - {rules_access_dashboard} - deny all; - rewrite ^/dashboard/(.*)$ /$1 break; - proxy_pass http://openviduserver/; - } - - location /inspector { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location ~ /openvidu$ { - proxy_pass http://openviduserver; - } - - location /kibana { - {rules_access_dashboard} - deny all; - - rewrite ^/kibana/(.*)$ /$1 break; - proxy_pass http://kibana/; - } - - ################################# - # Deprecated API # - ################################# - # Openvidu Server - location /layouts/custom { - rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - - location /recordings { - proxy_pass http://openviduserver; - } - - location /api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /info { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location /config { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /accept-certificate { - proxy_pass http://openviduserver; - } - - location /cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - # Openvidu Server Pro - location /pro { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /api-login { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /elasticsearch { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - ################################# - # New API # - ################################# - # OpenVidu Server - location /openvidu/layouts { - rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - - location /openvidu/recordings { - proxy_pass http://openviduserver; - } - - location /openvidu/api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/info { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/accept-certificate { - proxy_pass http://openviduserver; - } - - location /openvidu/cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - # OpenVidu Server PRO - location /openvidu/elk { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/inspector-api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - - ################################# - # LetsEncrypt # - ################################# - - location /.well-known/acme-challenge { - root /var/www/certbot; - try_files $uri $uri/ =404; - } -} diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default.conf deleted file mode 100644 index a84514c7..00000000 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default.conf +++ /dev/null @@ -1,229 +0,0 @@ -add_header X-Frame-Options SAMEORIGIN; -add_header X-Content-Type-Options nosniff; -add_header X-XSS-Protection "1; mode=block"; - -# Openvidu call -upstream yourapp { - server localhost:5442; -} - -upstream kibana { - server localhost:5601; -} - -upstream openviduserver { - server localhost:5443; -} - -server { - # Redirect to https - if ($host = {domain_name}) { - rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent; - } # managed by Certbot - - listen {http_port} default_server; - server_name {domain_name}; - - # letsencrypt - location /.well-known/acme-challenge { - root /var/www/certbot; - try_files $uri $uri/ =404; - } - - # Kibana panel - location /kibana { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - rewrite ^/kibana/(.*)$ /$1 break; - proxy_pass http://kibana/; - } -} - -server { - listen {https_port} ssl default deferred; - server_name {domain_name}; - - ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; - - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 5m; - ssl_stapling on; - ssl_stapling_verify on; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - - ssl_prefer_server_ciphers on; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Proto https; - proxy_headers_hash_bucket_size 512; - proxy_redirect off; - - # Websockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Welcome - #root /var/www/html; - - # Your app - location / { - proxy_pass http://yourapp; # Openvidu call by default - } - - ################################# - # Common rules # - ################################# - location /dashboard { - {rules_access_dashboard} - deny all; - rewrite ^/dashboard/(.*)$ /$1 break; - proxy_pass http://openviduserver/; - } - - location /inspector { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location ~ /openvidu$ { - proxy_pass http://openviduserver; - } - - location /kibana { - {rules_access_dashboard} - deny all; - - rewrite ^/kibana/(.*)$ /$1 break; - proxy_pass http://kibana/; - } - - ################################# - # Deprecated API # - ################################# - # Openvidu Server - location /layouts/custom { - rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - - location /recordings { - proxy_pass http://openviduserver; - } - - location /api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /info { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location /config { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /accept-certificate { - proxy_pass http://openviduserver; - } - - location /cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - # Openvidu Server Pro - location /pro { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /api-login { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /elasticsearch { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - ################################# - # New API # - ################################# - # OpenVidu Server - location /openvidu/layouts { - rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - - location /openvidu/recordings { - proxy_pass http://openviduserver; - } - - location /openvidu/api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/info { - {rules_access_dashboard} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/accept-certificate { - proxy_pass http://openviduserver; - } - - location /openvidu/cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - # OpenVidu Server PRO - location /openvidu/elk { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - location /openvidu/inspector-api { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - - ################################# - # LetsEncrypt # - ################################# - - location /.well-known/acme-challenge { - root /var/www/certbot; - try_files $uri $uri/ =404; - } -} diff --git a/openvidu-server/docker/openvidu-proxy/entrypoint.sh b/openvidu-server/docker/openvidu-proxy/entrypoint.sh index 8df13142..e975e800 100755 --- a/openvidu-server/docker/openvidu-proxy/entrypoint.sh +++ b/openvidu-server/docker/openvidu-proxy/entrypoint.sh @@ -148,7 +148,8 @@ case ${CERTIFICATE_TYPE} in certbot certonly -n --webroot -w /var/www/certbot \ -m "${LETSENCRYPT_EMAIL}" \ - --agree-tos -d "${DOMAIN_OR_PUBLIC_IP}" + --agree-tos -d "${DOMAIN_OR_PUBLIC_IP}" \ + `if [[ "${REDIRECT_WWW}" == "true" ]]; then echo "-d www.${DOMAIN_OR_PUBLIC_IP}" ; fi` else printf "\n - LetsEncrypt certificate already exists, using them..." fi diff --git a/openvidu-server/docker/openvidu-proxy/test.sh b/openvidu-server/docker/openvidu-proxy/test.sh new file mode 100644 index 00000000..e69de29b