deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs.

2020-10-14 14:34:21 +02:00 · 2020-10-14 14:34:21 +02:00 · 4eded98ad9
parent 1c72a1ce4e
commit 4eded98ad9
11 changed files with 896 additions and 130 deletions
--- a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml
+++ b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml
@ -74,7 +74,7 @@ services:
            - MAX_PORT=65535
    nginx:
-        image: openvidu/openvidu-proxy:3.0.0
+        image: openvidu/openvidu-proxy:4.0.0-beta1
        restart: on-failure
        network_mode: host
        volumes:
@ -91,3 +91,4 @@ services:
            - ALLOWED_ACCESS_TO_RESTAPI=${ALLOWED_ACCESS_TO_RESTAPI:-}
            - PROXY_MODE=CE
            - WITH_APP=true
            - SUPPORT_DEPRECATED_API=${SUPPORT_DEPRECATED_API:-true}
--- a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml
+++ b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml
@ -67,7 +67,7 @@ services:
            - MAX_PORT=65535
    nginx:
-        image: openvidu/openvidu-proxy:4.0.0-dev1
+        image: openvidu/openvidu-proxy:4.0.0-beta1
        restart: on-failure
        network_mode: host
        volumes:
@ -84,6 +84,7 @@ services:
            - ALLOWED_ACCESS_TO_RESTAPI=${ALLOWED_ACCESS_TO_RESTAPI:-}
            - PROXY_MODE=PRO
            - WITH_APP=true
            - SUPPORT_DEPRECATED_API=${SUPPORT_DEPRECATED_API:-true}
    elasticsearch:
        image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf
@ -46,56 +46,58 @@ server {
    #    proxy_pass http://yourapp; # Openvidu call by default
    #}
-    # Openvidu Admin Panel
+    #################################
    # Common rules                  #
    #################################
    # Dashboard rule
    location /dashboard {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
-    # Openvidu Server
+    # Websocket rule
-    location /layouts/custom {
+    location ~ /openvidu$ {
        rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
    location /recordings {
        proxy_pass http://openviduserver;
    }
-    location /api {
+    #################################
    # New API                       #
    #################################
    location /openvidu/layouts {
        rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
    location /openvidu/recordings {
        proxy_pass http://openviduserver;
    }
    location /openvidu/api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location ~ /openvidu$ {
+    location /openvidu/info {
        proxy_pass http://openviduserver;
    }
    location /info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location /config {
+    location /openvidu/accept-certificate {
        proxy_pass http://openviduserver;
    }
    location /openvidu/cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location /accept-certificate {
+    #################################
-        proxy_pass http://openviduserver;
+    # LetsEncrypt                   #
-    }
+    #################################
    location /cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # letsencrypt
    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf
@ -46,56 +46,58 @@ server {
        proxy_pass http://yourapp; # Openvidu call by default
    }
-    # Openvidu Admin Panel
+    #################################
    # Common rules                  #
    #################################
    # Dashboard rule
    location /dashboard {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
-    # Openvidu Server
+    # Websocket rule
-    location /layouts/custom {
+    location ~ /openvidu$ {
        rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
    location /recordings {
        proxy_pass http://openviduserver;
    }
-    location /api {
+    #################################
    # New API                       #
    #################################
    location /openvidu/layouts {
        rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
    location /openvidu/recordings {
        proxy_pass http://openviduserver;
    }
    location /openvidu/api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location ~ /openvidu$ {
+    location /openvidu/info {
        proxy_pass http://openviduserver;
    }
    location /info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location /config {
+    location /openvidu/accept-certificate {
        proxy_pass http://openviduserver;
    }
    location /openvidu/cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location /accept-certificate {
+    #################################
-        proxy_pass http://openviduserver;
+    # LetsEncrypt                   #
-    }
+    #################################
    location /cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # letsencrypt
    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf
@ -0,0 +1,146 @@
 # Your app
 #upstream yourapp {
 #    server localhost:5442;
 #}
 upstream openviduserver {
    server localhost:5443;
 }
 server {
    listen {https_port} ssl;
    server_name {domain_name};
    ssl_certificate         /etc/letsencrypt/live/{domain_name}/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/{domain_name}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 5m;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Proto https;
    proxy_headers_hash_bucket_size 512;
    proxy_redirect off;
    # Websockets
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    # Welcome
    root /var/www/html;
    # Your app
    #location / {
    #    proxy_pass http://yourapp; # Openvidu call by default
    #}
    #################################
    # Common rules                  #
    #################################
    # Dashboard rule
    location /dashboard {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
    # Websocket rule
    location ~ /openvidu$ {
        proxy_pass http://openviduserver;
    }
    #################################
    # Deprecated API                #
    #################################
    # Openvidu Server
    location /layouts/custom {
        rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
    location /recordings {
        proxy_pass http://openviduserver;
    }
    location /api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /config {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /accept-certificate {
        proxy_pass http://openviduserver;
    }
    location /cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    #################################
    # New API                       #
    #################################
    location /openvidu/layouts {
        rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
    location /openvidu/recordings {
        proxy_pass http://openviduserver;
    }
    location /openvidu/api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /openvidu/info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /openvidu/accept-certificate {
        proxy_pass http://openviduserver;
    }
    location /openvidu/cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    #################################
    # LetsEncrypt                   #
    #################################
    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
    }
 }
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app.conf
@ -0,0 +1,146 @@
 # Openvidu call
 upstream yourapp {
    server localhost:5442;
 }
 upstream openviduserver {
    server localhost:5443;
 }
 server {
    listen {https_port} ssl;
    server_name {domain_name};
    ssl_certificate         /etc/letsencrypt/live/{domain_name}/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/{domain_name}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 5m;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Proto https;
    proxy_headers_hash_bucket_size 512;
    proxy_redirect off;
    # Websockets
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    # Welcome
    #root /var/www/html;
    # Your app
    location / {
        proxy_pass http://yourapp; # Openvidu call by default
    }
    #################################
    # Common rules                  #
    #################################
    # Dashboard rule
    location /dashboard {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
    # Websocket rule
    location ~ /openvidu$ {
        proxy_pass http://openviduserver;
    }
    #################################
    # Deprecated API                #
    #################################
    # Openvidu Server
    location /layouts/custom {
        rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
    location /recordings {
        proxy_pass http://openviduserver;
    }
    location /api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /config {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /accept-certificate {
        proxy_pass http://openviduserver;
    }
    location /cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    #################################
    # New API                       #
    #################################
    location /openvidu/layouts {
        rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
    location /openvidu/recordings {
        proxy_pass http://openviduserver;
    }
    location /openvidu/api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /openvidu/info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /openvidu/accept-certificate {
        proxy_pass http://openviduserver;
    }
    location /openvidu/cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    #################################
    # LetsEncrypt                   #
    #################################
    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
    }
 }
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf
@ -2,6 +2,11 @@ add_header X-Frame-Options SAMEORIGIN;
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";
 # Openvidu call
 #upstream yourapp {
 #    server localhost:5442;
 #}
 upstream kibana {
    server localhost:5601;
 }
@ -72,7 +77,14 @@ server {
    # Welcome
    root /var/www/html;
-    # Openvidu Admin Panel
+    # Your app
    # location / {
    #    proxy_pass http://yourapp; # Openvidu call by default
    #}
    #################################
    # Common rules                  #
    #################################
    location /dashboard {
        {rules_access_dashboard}
        deny all;
@ -86,6 +98,10 @@ server {
        proxy_pass http://openviduserver;
    }
    location ~ /openvidu$ {
        proxy_pass http://openviduserver;
    }
    location /kibana {
        {rules_access_dashboard}
        deny all;
@ -94,68 +110,58 @@ server {
        proxy_pass http://kibana/;
    }
-    # Openvidu Server
+    #################################
-    location /layouts/custom {
+    # New API                       #
-        rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break;
+    #################################
    # OpenVidu Server
    location /openvidu/layouts {
        rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
-    location /recordings {
+    location /openvidu/recordings {
        proxy_pass http://openviduserver;
    }
-    location /api {
+    location /openvidu/api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location ~ /openvidu$ {
+    location /openvidu/info {
        proxy_pass http://openviduserver;
    }
    location /info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location /config {
+    location /openvidu/accept-certificate {
        proxy_pass http://openviduserver;
    }
    location /openvidu/cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # OpenVidu Server PRO
    location /openvidu/elk {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location /accept-certificate {
+    location /openvidu/inspector-api {
        proxy_pass http://openviduserver;
    }
    location /cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # Openvidu Server Pro
    location /pro {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location /api-login {
+    #################################
-        {rules_acess_api}
+    # LetsEncrypt                   #
-        deny all;
+    #################################
        proxy_pass http://openviduserver;
    }
    location /elasticsearch {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # letsencrypt
    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf
@ -82,7 +82,9 @@ server {
        proxy_pass http://yourapp; # Openvidu call by default
    }
-    # Openvidu Admin Panel
+    #################################
    # Common rules                  #
    #################################
    location /dashboard {
        {rules_access_dashboard}
        deny all;
@ -96,6 +98,10 @@ server {
        proxy_pass http://openviduserver;
    }
    location ~ /openvidu$ {
        proxy_pass http://openviduserver;
    }
    location /kibana {
        {rules_access_dashboard}
        deny all;
@ -104,68 +110,58 @@ server {
        proxy_pass http://kibana/;
    }
-    # Openvidu Server
+    #################################
-    location /layouts/custom {
+    # New API                       #
-        rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break;
+    #################################
    # OpenVidu Server
    location /openvidu/layouts {
        rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
-    location /recordings {
+    location /openvidu/recordings {
        proxy_pass http://openviduserver;
    }
-    location /api {
+    location /openvidu/api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location ~ /openvidu$ {
+    location /openvidu/info {
        proxy_pass http://openviduserver;
    }
    location /info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location /config {
+    location /openvidu/accept-certificate {
        proxy_pass http://openviduserver;
    }
    location /openvidu/cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # OpenVidu Server PRO
    location /openvidu/elk {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location /accept-certificate {
+    location /openvidu/inspector-api {
        proxy_pass http://openviduserver;
    }
    location /cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # Openvidu Server Pro
    location /pro {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
-    location /api-login {
+    #################################
-        {rules_acess_api}
+    # LetsEncrypt                   #
-        deny all;
+    #################################
        proxy_pass http://openviduserver;
    }
    location /elasticsearch {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # letsencrypt
    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default-app-without-demos.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default-app-without-demos.conf
@ -0,0 +1,229 @@
 add_header X-Frame-Options SAMEORIGIN;
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";
 # Openvidu call
 #upstream yourapp {
 #    server localhost:5442;
 #}
 upstream kibana {
    server localhost:5601;
 }
 upstream openviduserver {
    server localhost:5443;
 }
 server {
    # Redirect to https
    if ($host = {domain_name}) {
        rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
    } # managed by Certbot
    listen {http_port} default_server;
    server_name {domain_name};
    # letsencrypt
    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
    }
    # Kibana panel
    location /kibana {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        rewrite ^/kibana/(.*)$ /$1 break;
        proxy_pass http://kibana/;
    }
 }
 server {
    listen {https_port} ssl default deferred;
    server_name {domain_name};
    ssl_certificate         /etc/letsencrypt/live/{domain_name}/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/{domain_name}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 5m;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Proto https;
    proxy_headers_hash_bucket_size 512;
    proxy_redirect off;
    # Websockets
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    # Welcome
    root /var/www/html;
    # Your app
    # location / {
    #    proxy_pass http://yourapp; # Openvidu call by default
    #}
    #################################
    # Common rules                  #
    #################################
    location /dashboard {
        {rules_access_dashboard}
        deny all;
        rewrite ^/dashboard/(.*)$ /$1 break;
        proxy_pass http://openviduserver/;
    }
    location /inspector {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
    location ~ /openvidu$ {
        proxy_pass http://openviduserver;
    }
    location /kibana {
        {rules_access_dashboard}
        deny all;
        rewrite ^/kibana/(.*)$ /$1 break;
        proxy_pass http://kibana/;
    }
    #################################
    # Deprecated API                #
    #################################
    # Openvidu Server
    location /layouts/custom {
        rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
    location /recordings {
        proxy_pass http://openviduserver;
    }
    location /api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /config {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /accept-certificate {
        proxy_pass http://openviduserver;
    }
    location /cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # Openvidu Server Pro
    location /pro {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /api-login {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /elasticsearch {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    #################################
    # New API                       #
    #################################
    # OpenVidu Server
    location /openvidu/layouts {
        rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
    location /openvidu/recordings {
        proxy_pass http://openviduserver;
    }
    location /openvidu/api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /openvidu/info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /openvidu/accept-certificate {
        proxy_pass http://openviduserver;
    }
    location /openvidu/cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # OpenVidu Server PRO
    location /openvidu/elk {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /openvidu/inspector-api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    #################################
    # LetsEncrypt                   #
    #################################
    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
    }
 }
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/support_deprecated_api/default.conf
@ -0,0 +1,229 @@
 add_header X-Frame-Options SAMEORIGIN;
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";
 # Openvidu call
 upstream yourapp {
    server localhost:5442;
 }
 upstream kibana {
    server localhost:5601;
 }
 upstream openviduserver {
    server localhost:5443;
 }
 server {
    # Redirect to https
    if ($host = {domain_name}) {
        rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
    } # managed by Certbot
    listen {http_port} default_server;
    server_name {domain_name};
    # letsencrypt
    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
    }
    # Kibana panel
    location /kibana {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        rewrite ^/kibana/(.*)$ /$1 break;
        proxy_pass http://kibana/;
    }
 }
 server {
    listen {https_port} ssl default deferred;
    server_name {domain_name};
    ssl_certificate         /etc/letsencrypt/live/{domain_name}/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/{domain_name}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 5m;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Proto https;
    proxy_headers_hash_bucket_size 512;
    proxy_redirect off;
    # Websockets
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    # Welcome
    #root /var/www/html;
    # Your app
    location / {
        proxy_pass http://yourapp; # Openvidu call by default
    }
    #################################
    # Common rules                  #
    #################################
    location /dashboard {
        {rules_access_dashboard}
        deny all;
        rewrite ^/dashboard/(.*)$ /$1 break;
        proxy_pass http://openviduserver/;
    }
    location /inspector {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
    location ~ /openvidu$ {
        proxy_pass http://openviduserver;
    }
    location /kibana {
        {rules_access_dashboard}
        deny all;
        rewrite ^/kibana/(.*)$ /$1 break;
        proxy_pass http://kibana/;
    }
    #################################
    # Deprecated API                #
    #################################
    # Openvidu Server
    location /layouts/custom {
        rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
    location /recordings {
        proxy_pass http://openviduserver;
    }
    location /api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /config {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /accept-certificate {
        proxy_pass http://openviduserver;
    }
    location /cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # Openvidu Server Pro
    location /pro {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /api-login {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /elasticsearch {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    #################################
    # New API                       #
    #################################
    # OpenVidu Server
    location /openvidu/layouts {
        rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }
    location /openvidu/recordings {
        proxy_pass http://openviduserver;
    }
    location /openvidu/api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /openvidu/info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /openvidu/accept-certificate {
        proxy_pass http://openviduserver;
    }
    location /openvidu/cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # OpenVidu Server PRO
    location /openvidu/elk {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    location /openvidu/inspector-api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    #################################
    # LetsEncrypt                   #
    #################################
    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
    }
 }
--- a/openvidu-server/docker/openvidu-proxy/entrypoint.sh
+++ b/openvidu-server/docker/openvidu-proxy/entrypoint.sh
@ -36,6 +36,7 @@ CERTIFICATES_CONF="${CERTIFICATES_FOLDER}/certificates.conf"
 [ -z "${PROXY_HTTP_PORT}" ] && export PROXY_HTTP_PORT=80
 [ -z "${PROXY_HTTPS_PORT}" ] && export PROXY_HTTPS_PORT=443
 [ -z "${WITH_APP}" ] && export WITH_APP=true
 [ -z "${SUPPORT_DEPRECATED_API}" ] && export SUPPORT_DEPRECATED_API=true
 [ -z "${PROXY_MODE}" ] && export PROXY_MODE=CE
 [ -z "${ALLOWED_ACCESS_TO_DASHBOARD}" ] && export ALLOWED_ACCESS_TO_DASHBOARD=all
 [ -z "${ALLOWED_ACCESS_TO_RESTAPI}" ] && export ALLOWED_ACCESS_TO_RESTAPI=all
@ -153,22 +154,29 @@ chmod -R 777 /etc/letsencrypt
 # Use certificates in folder '/default_nginx_conf'
 if [ "${PROXY_MODE}" == "CE" ]; then
-  if [ "${WITH_APP}" == "true" ]; then
+  if [ "${WITH_APP}" == "true" ] && [ "${SUPPORT_DEPRECATED_API}" == "true" ]; then
    mv /default_nginx_conf/ce/support_deprecated_api/default-app.conf /default_nginx_conf/default-app.conf
  elif [ "${WITH_APP}" == "true" ] && [ "${SUPPORT_DEPRECATED_API}" == "false" ]; then
    mv /default_nginx_conf/ce/default-app.conf /default_nginx_conf/default-app.conf
-    mv /default_nginx_conf/ce/default.conf /default_nginx_conf/default.conf
+  elif [ "${WITH_APP}" == "false" ] && [ "${SUPPORT_DEPRECATED_API}" == "true" ]; then
-  else
+    mv /default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf /default_nginx_conf/default-app.conf
  elif [ "${WITH_APP}" == "false" ] && [ "${SUPPORT_DEPRECATED_API}" == "false" ]; then
    mv /default_nginx_conf/ce/default-app-without-demos.conf /default_nginx_conf/default-app.conf
    mv /default_nginx_conf/ce/default.conf /default_nginx_conf/default.conf
  fi
  mv /default_nginx_conf/ce/default.conf /default_nginx_conf/default.conf
  rm -rf /default_nginx_conf/ce
  rm -rf /default_nginx_conf/pro
 fi
 if [ "${PROXY_MODE}" == "PRO" ]; then
-  if [ "${WITH_APP}" == "true" ]; then
+  if [ "${WITH_APP}" == "true" ] && [ "${SUPPORT_DEPRECATED_API}" == "true" ]; then
    mv /default_nginx_conf/pro/support_deprecated_api/default.conf /default_nginx_conf/default.conf
  elif [ "${WITH_APP}" == "true" ] && [ "${SUPPORT_DEPRECATED_API}" == "false" ]; then
    mv /default_nginx_conf/pro/default.conf /default_nginx_conf/default.conf
-  else
+  elif [ "${WITH_APP}" == "false" ] && [ "${SUPPORT_DEPRECATED_API}" == "true" ]; then
    mv /default_nginx_conf/pro/support_deprecated_api/default-app-without-demos.conf /default_nginx_conf/default.conf
  elif [ "${WITH_APP}" == "false" ] && [ "${SUPPORT_DEPRECATED_API}" == "false" ]; then
    mv /default_nginx_conf/pro/default-app-without-demos.conf /default_nginx_conf/default.conf
  fi