diff --git a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml index 5ddce2df..ac5ced22 100644 --- a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml +++ b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml @@ -74,7 +74,7 @@ services: - MAX_PORT=65535 nginx: - image: openvidu/openvidu-proxy:3.0.0 + image: openvidu/openvidu-proxy:4.0.0-beta1 restart: on-failure network_mode: host volumes: @@ -91,3 +91,4 @@ services: - ALLOWED_ACCESS_TO_RESTAPI=${ALLOWED_ACCESS_TO_RESTAPI:-} - PROXY_MODE=CE - WITH_APP=true + - SUPPORT_DEPRECATED_API=${SUPPORT_DEPRECATED_API:-true} diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml index 7dadbac4..f5ed1e20 100644 --- a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml +++ b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml @@ -67,7 +67,7 @@ services: - MAX_PORT=65535 nginx: - image: openvidu/openvidu-proxy:4.0.0-dev1 + image: openvidu/openvidu-proxy:4.0.0-beta1 restart: on-failure network_mode: host volumes: @@ -84,6 +84,7 @@ services: - ALLOWED_ACCESS_TO_RESTAPI=${ALLOWED_ACCESS_TO_RESTAPI:-} - PROXY_MODE=PRO - WITH_APP=true + - SUPPORT_DEPRECATED_API=${SUPPORT_DEPRECATED_API:-true} elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0 diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf index cdff24fe..c54706dd 100644 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf @@ -46,56 +46,58 @@ server { # proxy_pass http://yourapp; # Openvidu call by default #} - # Openvidu Admin Panel + ################################# + # Common rules # + ################################# + # Dashboard rule location /dashboard { {rules_access_dashboard} deny all; proxy_pass http://openviduserver; } - - # Openvidu Server - location /layouts/custom { - rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - location /recordings { + # Websocket rule + location ~ /openvidu$ { proxy_pass http://openviduserver; } - location /api { + ################################# + # New API # + ################################# + location /openvidu/layouts { + rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; + } + + location /openvidu/recordings { + proxy_pass http://openviduserver; + } + + location /openvidu/api { {rules_acess_api} deny all; proxy_pass http://openviduserver; } - location ~ /openvidu$ { - proxy_pass http://openviduserver; - } - - location /info { + location /openvidu/info { {rules_access_dashboard} deny all; proxy_pass http://openviduserver; } - location /config { + location /openvidu/accept-certificate { + proxy_pass http://openviduserver; + } + + location /openvidu/cdr { {rules_acess_api} deny all; proxy_pass http://openviduserver; } - location /accept-certificate { - proxy_pass http://openviduserver; - } - - location /cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - # letsencrypt + ################################# + # LetsEncrypt # + ################################# location /.well-known/acme-challenge { root /var/www/certbot; try_files $uri $uri/ =404; diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf index 0fcd2142..185bd25c 100644 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf @@ -46,56 +46,58 @@ server { proxy_pass http://yourapp; # Openvidu call by default } - # Openvidu Admin Panel + ################################# + # Common rules # + ################################# + # Dashboard rule location /dashboard { {rules_access_dashboard} deny all; proxy_pass http://openviduserver; } - - # Openvidu Server - location /layouts/custom { - rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; - root /opt/openvidu; - } - location /recordings { + # Websocket rule + location ~ /openvidu$ { proxy_pass http://openviduserver; } - location /api { + ################################# + # New API # + ################################# + location /openvidu/layouts { + rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; + } + + location /openvidu/recordings { + proxy_pass http://openviduserver; + } + + location /openvidu/api { {rules_acess_api} deny all; proxy_pass http://openviduserver; } - location ~ /openvidu$ { - proxy_pass http://openviduserver; - } - - location /info { + location /openvidu/info { {rules_access_dashboard} deny all; proxy_pass http://openviduserver; } - location /config { + location /openvidu/accept-certificate { + proxy_pass http://openviduserver; + } + + location /openvidu/cdr { {rules_acess_api} deny all; proxy_pass http://openviduserver; } - location /accept-certificate { - proxy_pass http://openviduserver; - } - - location /cdr { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - # letsencrypt + ################################# + # LetsEncrypt # + ################################# location /.well-known/acme-challenge { root /var/www/certbot; try_files $uri $uri/ =404; diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf new file mode 100644 index 00000000..b7fa2188 --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf @@ -0,0 +1,146 @@ +# Your app +#upstream yourapp { +# server localhost:5442; +#} + +upstream openviduserver { + server localhost:5443; +} + +server { + listen {https_port} ssl; + server_name {domain_name}; + + ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 5m; + ssl_stapling on; + ssl_stapling_verify on; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + ssl_prefer_server_ciphers on; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto https; + proxy_headers_hash_bucket_size 512; + proxy_redirect off; + + # Websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Welcome + root /var/www/html; + + # Your app + #location / { + # proxy_pass http://yourapp; # Openvidu call by default + #} + + ################################# + # Common rules # + ################################# + # Dashboard rule + location /dashboard { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; + } + + # Websocket rule + location ~ /openvidu$ { + proxy_pass http://openviduserver; + } + + ################################# + # Deprecated API # + ################################# + # Openvidu Server + location /layouts/custom { + rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; + } + + location /recordings { + proxy_pass http://openviduserver; + } + + location /api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /info { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; + } + + location /config { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /accept-certificate { + proxy_pass http://openviduserver; + } + + location /cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + ################################# + # New API # + ################################# + location /openvidu/layouts { + rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; + } + + location /openvidu/recordings { + proxy_pass http://openviduserver; + } + + location /openvidu/api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /openvidu/info { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; + } + + location /openvidu/accept-certificate { + proxy_pass http://openviduserver; + } + + location /openvidu/cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + ################################# + # LetsEncrypt # + ################################# + location /.well-known/acme-challenge { + root /var/www/certbot; + try_files $uri $uri/ =404; + } +} diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app.conf new file mode 100644 index 00000000..14a7d1e3 --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app.conf @@ -0,0 +1,146 @@ +# Openvidu call +upstream yourapp { + server localhost:5442; +} + +upstream openviduserver { + server localhost:5443; +} + +server { + listen {https_port} ssl; + server_name {domain_name}; + + ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 5m; + ssl_stapling on; + ssl_stapling_verify on; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + ssl_prefer_server_ciphers on; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto https; + proxy_headers_hash_bucket_size 512; + proxy_redirect off; + + # Websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Welcome + #root /var/www/html; + + # Your app + location / { + proxy_pass http://yourapp; # Openvidu call by default + } + + ################################# + # Common rules # + ################################# + # Dashboard rule + location /dashboard { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; + } + + # Websocket rule + location ~ /openvidu$ { + proxy_pass http://openviduserver; + } + + ################################# + # Deprecated API # + ################################# + # Openvidu Server + location /layouts/custom { + rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; + } + + location /recordings { + proxy_pass http://openviduserver; + } + + location /api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /info { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; + } + + location /config { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /accept-certificate { + proxy_pass http://openviduserver; + } + + location /cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + ################################# + # New API # + ################################# + location /openvidu/layouts { + rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; + } + + location /openvidu/recordings { + proxy_pass http://openviduserver; + } + + location /openvidu/api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /openvidu/info { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; + } + + location /openvidu/accept-certificate { + proxy_pass http://openviduserver; + } + + location /openvidu/cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + ################################# + # LetsEncrypt # + ################################# + location /.well-known/acme-challenge { + root /var/www/certbot; + try_files $uri $uri/ =404; + } +} diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf index 9e5b254a..c4731c16 100644 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf @@ -2,6 +2,11 @@ add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; +# Openvidu call +#upstream yourapp { +# server localhost:5442; +#} + upstream kibana { server localhost:5601; } @@ -72,7 +77,14 @@ server { # Welcome root /var/www/html; - # Openvidu Admin Panel + # Your app + # location / { + # proxy_pass http://yourapp; # Openvidu call by default + #} + + ################################# + # Common rules # + ################################# location /dashboard { {rules_access_dashboard} deny all; @@ -86,6 +98,10 @@ server { proxy_pass http://openviduserver; } + location ~ /openvidu$ { + proxy_pass http://openviduserver; + } + location /kibana { {rules_access_dashboard} deny all; @@ -94,68 +110,58 @@ server { proxy_pass http://kibana/; } - # Openvidu Server - location /layouts/custom { - rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; + ################################# + # New API # + ################################# + # OpenVidu Server + location /openvidu/layouts { + rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; root /opt/openvidu; } - location /recordings { + location /openvidu/recordings { proxy_pass http://openviduserver; } - location /api { + location /openvidu/api { {rules_acess_api} deny all; proxy_pass http://openviduserver; } - location ~ /openvidu$ { - proxy_pass http://openviduserver; - } - - location /info { + location /openvidu/info { {rules_access_dashboard} deny all; proxy_pass http://openviduserver; } - location /config { + location /openvidu/accept-certificate { + proxy_pass http://openviduserver; + } + + location /openvidu/cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + # OpenVidu Server PRO + location /openvidu/elk { {rules_acess_api} deny all; proxy_pass http://openviduserver; } - location /accept-certificate { - proxy_pass http://openviduserver; - } - - location /cdr { + location /openvidu/inspector-api { {rules_acess_api} deny all; proxy_pass http://openviduserver; } - # Openvidu Server Pro - location /pro { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - location /api-login { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } + ################################# + # LetsEncrypt # + ################################# - location /elasticsearch { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - # letsencrypt location /.well-known/acme-challenge { root /var/www/certbot; try_files $uri $uri/ =404; diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf index b1ffd189..fbbc0018 100644 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf @@ -82,7 +82,9 @@ server { proxy_pass http://yourapp; # Openvidu call by default } - # Openvidu Admin Panel + ################################# + # Common rules # + ################################# location /dashboard { {rules_access_dashboard} deny all; @@ -96,6 +98,10 @@ server { proxy_pass http://openviduserver; } + location ~ /openvidu$ { + proxy_pass http://openviduserver; + } + location /kibana { {rules_access_dashboard} deny all; @@ -104,68 +110,58 @@ server { proxy_pass http://kibana/; } - # Openvidu Server - location /layouts/custom { - rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; + ################################# + # New API # + ################################# + # OpenVidu Server + location /openvidu/layouts { + rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; root /opt/openvidu; } - location /recordings { + location /openvidu/recordings { proxy_pass http://openviduserver; } - location /api { + location /openvidu/api { {rules_acess_api} deny all; proxy_pass http://openviduserver; } - location ~ /openvidu$ { - proxy_pass http://openviduserver; - } - - location /info { + location /openvidu/info { {rules_access_dashboard} deny all; proxy_pass http://openviduserver; } - location /config { + location /openvidu/accept-certificate { + proxy_pass http://openviduserver; + } + + location /openvidu/cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + # OpenVidu Server PRO + location /openvidu/elk { {rules_acess_api} deny all; proxy_pass http://openviduserver; } - location /accept-certificate { - proxy_pass http://openviduserver; - } - - location /cdr { + location /openvidu/inspector-api { {rules_acess_api} deny all; proxy_pass http://openviduserver; } - # Openvidu Server Pro - location /pro { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - location /api-login { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } + ################################# + # LetsEncrypt # + ################################# - location /elasticsearch { - {rules_acess_api} - deny all; - proxy_pass http://openviduserver; - } - - # letsencrypt location /.well-known/acme-challenge { root /var/www/certbot; try_files $uri $uri/ =404; diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default-app-without-demos.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default-app-without-demos.conf new file mode 100644 index 00000000..089de746 --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default-app-without-demos.conf @@ -0,0 +1,229 @@ +add_header X-Frame-Options SAMEORIGIN; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; + +# Openvidu call +#upstream yourapp { +# server localhost:5442; +#} + +upstream kibana { + server localhost:5601; +} + +upstream openviduserver { + server localhost:5443; +} + +server { + # Redirect to https + if ($host = {domain_name}) { + rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent; + } # managed by Certbot + + listen {http_port} default_server; + server_name {domain_name}; + + # letsencrypt + location /.well-known/acme-challenge { + root /var/www/certbot; + try_files $uri $uri/ =404; + } + + # Kibana panel + location /kibana { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + rewrite ^/kibana/(.*)$ /$1 break; + proxy_pass http://kibana/; + } +} + +server { + listen {https_port} ssl default deferred; + server_name {domain_name}; + + ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 5m; + ssl_stapling on; + ssl_stapling_verify on; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + ssl_prefer_server_ciphers on; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto https; + proxy_headers_hash_bucket_size 512; + proxy_redirect off; + + # Websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Welcome + root /var/www/html; + + # Your app + # location / { + # proxy_pass http://yourapp; # Openvidu call by default + #} + + ################################# + # Common rules # + ################################# + location /dashboard { + {rules_access_dashboard} + deny all; + rewrite ^/dashboard/(.*)$ /$1 break; + proxy_pass http://openviduserver/; + } + + location /inspector { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; + } + + location ~ /openvidu$ { + proxy_pass http://openviduserver; + } + + location /kibana { + {rules_access_dashboard} + deny all; + + rewrite ^/kibana/(.*)$ /$1 break; + proxy_pass http://kibana/; + } + + ################################# + # Deprecated API # + ################################# + # Openvidu Server + location /layouts/custom { + rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; + } + + location /recordings { + proxy_pass http://openviduserver; + } + + location /api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /info { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; + } + + location /config { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /accept-certificate { + proxy_pass http://openviduserver; + } + + location /cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + # Openvidu Server Pro + location /pro { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /api-login { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /elasticsearch { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + ################################# + # New API # + ################################# + # OpenVidu Server + location /openvidu/layouts { + rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; + } + + location /openvidu/recordings { + proxy_pass http://openviduserver; + } + + location /openvidu/api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /openvidu/info { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; + } + + location /openvidu/accept-certificate { + proxy_pass http://openviduserver; + } + + location /openvidu/cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + # OpenVidu Server PRO + location /openvidu/elk { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /openvidu/inspector-api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + + ################################# + # LetsEncrypt # + ################################# + + location /.well-known/acme-challenge { + root /var/www/certbot; + try_files $uri $uri/ =404; + } +} diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default.conf new file mode 100644 index 00000000..7718016a --- /dev/null +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default.conf @@ -0,0 +1,229 @@ +add_header X-Frame-Options SAMEORIGIN; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; + +# Openvidu call +upstream yourapp { + server localhost:5442; +} + +upstream kibana { + server localhost:5601; +} + +upstream openviduserver { + server localhost:5443; +} + +server { + # Redirect to https + if ($host = {domain_name}) { + rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent; + } # managed by Certbot + + listen {http_port} default_server; + server_name {domain_name}; + + # letsencrypt + location /.well-known/acme-challenge { + root /var/www/certbot; + try_files $uri $uri/ =404; + } + + # Kibana panel + location /kibana { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + rewrite ^/kibana/(.*)$ /$1 break; + proxy_pass http://kibana/; + } +} + +server { + listen {https_port} ssl default deferred; + server_name {domain_name}; + + ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 5m; + ssl_stapling on; + ssl_stapling_verify on; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + ssl_prefer_server_ciphers on; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto https; + proxy_headers_hash_bucket_size 512; + proxy_redirect off; + + # Websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Welcome + #root /var/www/html; + + # Your app + location / { + proxy_pass http://yourapp; # Openvidu call by default + } + + ################################# + # Common rules # + ################################# + location /dashboard { + {rules_access_dashboard} + deny all; + rewrite ^/dashboard/(.*)$ /$1 break; + proxy_pass http://openviduserver/; + } + + location /inspector { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; + } + + location ~ /openvidu$ { + proxy_pass http://openviduserver; + } + + location /kibana { + {rules_access_dashboard} + deny all; + + rewrite ^/kibana/(.*)$ /$1 break; + proxy_pass http://kibana/; + } + + ################################# + # Deprecated API # + ################################# + # Openvidu Server + location /layouts/custom { + rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; + } + + location /recordings { + proxy_pass http://openviduserver; + } + + location /api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /info { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; + } + + location /config { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /accept-certificate { + proxy_pass http://openviduserver; + } + + location /cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + # Openvidu Server Pro + location /pro { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /api-login { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /elasticsearch { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + ################################# + # New API # + ################################# + # OpenVidu Server + location /openvidu/layouts { + rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break; + root /opt/openvidu; + } + + location /openvidu/recordings { + proxy_pass http://openviduserver; + } + + location /openvidu/api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /openvidu/info { + {rules_access_dashboard} + deny all; + proxy_pass http://openviduserver; + } + + location /openvidu/accept-certificate { + proxy_pass http://openviduserver; + } + + location /openvidu/cdr { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + # OpenVidu Server PRO + location /openvidu/elk { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + location /openvidu/inspector-api { + {rules_acess_api} + deny all; + proxy_pass http://openviduserver; + } + + + ################################# + # LetsEncrypt # + ################################# + + location /.well-known/acme-challenge { + root /var/www/certbot; + try_files $uri $uri/ =404; + } +} diff --git a/openvidu-server/docker/openvidu-proxy/entrypoint.sh b/openvidu-server/docker/openvidu-proxy/entrypoint.sh index 98c8f2f0..37bd5f8f 100755 --- a/openvidu-server/docker/openvidu-proxy/entrypoint.sh +++ b/openvidu-server/docker/openvidu-proxy/entrypoint.sh @@ -36,6 +36,7 @@ CERTIFICATES_CONF="${CERTIFICATES_FOLDER}/certificates.conf" [ -z "${PROXY_HTTP_PORT}" ] && export PROXY_HTTP_PORT=80 [ -z "${PROXY_HTTPS_PORT}" ] && export PROXY_HTTPS_PORT=443 [ -z "${WITH_APP}" ] && export WITH_APP=true +[ -z "${SUPPORT_DEPRECATED_API}" ] && export SUPPORT_DEPRECATED_API=true [ -z "${PROXY_MODE}" ] && export PROXY_MODE=CE [ -z "${ALLOWED_ACCESS_TO_DASHBOARD}" ] && export ALLOWED_ACCESS_TO_DASHBOARD=all [ -z "${ALLOWED_ACCESS_TO_RESTAPI}" ] && export ALLOWED_ACCESS_TO_RESTAPI=all @@ -153,22 +154,29 @@ chmod -R 777 /etc/letsencrypt # Use certificates in folder '/default_nginx_conf' if [ "${PROXY_MODE}" == "CE" ]; then - if [ "${WITH_APP}" == "true" ]; then + if [ "${WITH_APP}" == "true" ] && [ "${SUPPORT_DEPRECATED_API}" == "true" ]; then + mv /default_nginx_conf/ce/support_deprecated_api/default-app.conf /default_nginx_conf/default-app.conf + elif [ "${WITH_APP}" == "true" ] && [ "${SUPPORT_DEPRECATED_API}" == "false" ]; then mv /default_nginx_conf/ce/default-app.conf /default_nginx_conf/default-app.conf - mv /default_nginx_conf/ce/default.conf /default_nginx_conf/default.conf - else + elif [ "${WITH_APP}" == "false" ] && [ "${SUPPORT_DEPRECATED_API}" == "true" ]; then + mv /default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf /default_nginx_conf/default-app.conf + elif [ "${WITH_APP}" == "false" ] && [ "${SUPPORT_DEPRECATED_API}" == "false" ]; then mv /default_nginx_conf/ce/default-app-without-demos.conf /default_nginx_conf/default-app.conf - mv /default_nginx_conf/ce/default.conf /default_nginx_conf/default.conf fi + mv /default_nginx_conf/ce/default.conf /default_nginx_conf/default.conf rm -rf /default_nginx_conf/ce rm -rf /default_nginx_conf/pro fi if [ "${PROXY_MODE}" == "PRO" ]; then - if [ "${WITH_APP}" == "true" ]; then + if [ "${WITH_APP}" == "true" ] && [ "${SUPPORT_DEPRECATED_API}" == "true" ]; then + mv /default_nginx_conf/pro/support_deprecated_api/default.conf /default_nginx_conf/default.conf + elif [ "${WITH_APP}" == "true" ] && [ "${SUPPORT_DEPRECATED_API}" == "false" ]; then mv /default_nginx_conf/pro/default.conf /default_nginx_conf/default.conf - else + elif [ "${WITH_APP}" == "false" ] && [ "${SUPPORT_DEPRECATED_API}" == "true" ]; then + mv /default_nginx_conf/pro/support_deprecated_api/default-app-without-demos.conf /default_nginx_conf/default.conf + elif [ "${WITH_APP}" == "false" ] && [ "${SUPPORT_DEPRECATED_API}" == "false" ]; then mv /default_nginx_conf/pro/default-app-without-demos.conf /default_nginx_conf/default.conf fi