openvidu-deployment: single-node: Remove letsencrypt email and clarify descriptions

2025-09-07 01:22:50 +02:00 · 2025-09-07 01:22:50 +02:00 · 5436087745
parent 88b8ac1e9e
commit 5436087745
3 changed files with 13 additions and 55 deletions
--- a/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.bicep
+++ b/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.bicep
@ -2,18 +2,16 @@
 param stackName string
@description('''
-[selfsigned] Not recommended for production use. If you don't have a FQDN, (DomainName parameter) you can use this option to generate a self-signed certificate.
+[selfsigned] Not recommended for production use. Just for testing purposes or development environments. You don't need a FQDN to use this option.
-[owncert] Valid for productions environments. If you have a FQDN, (DomainName parameter)
+[owncert] Valid for production environments. Use your own certificate. You need a FQDN to use this option.
-and an Elastic IP, you can use this option to use your own certificate.
+[letsencrypt] Valid for production environments. Can be used with or without a FQDN (if no FQDN is provided, a random sslip.io domain will be used).
 [letsencrypt] Valid for production environments. If you have a FQDN, (DomainName parameter)
 and an Elastic IP, you can use this option to generate a Let's Encrypt certificate.
 ''')
@allowed([
  'selfsigned'
  'owncert'
  'letsencrypt'
 ])
-param certificateType string = 'selfsigned'
+param certificateType string = 'letsencrypt'
@description('Previously created Public IP address for the OpenVidu Deployment. Blank will generate a public IP')
 param publicIpAddressObject object
@ -27,9 +25,6 @@ param ownPublicCertificate string = ''
@description('If certificate type is \'owncert\', this parameter will be used to specify the private certificate')
 param ownPrivateCertificate string = ''
@description('If certificate type is \'letsencrypt\', this email will be used for Let\'s Encrypt notifications')
 param letsEncryptEmail string = ''
@description('(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls')
 param turnDomainName string = ''
@ -259,7 +254,6 @@ var stringInterpolationParams = {
  fqdn: fqdn
  turnDomainName: turnDomainName
  certificateType: certificateType
  letsEncryptEmail: letsEncryptEmail
  ownPublicCertificate: ownPublicCertificate
  ownPrivateCertificate: ownPrivateCertificate
  turnOwnPublicCertificate: turnOwnPublicCertificate
@ -361,10 +355,8 @@ if [[ "${certificateType}" == "selfsigned" ]]; then
    "--certificate-type=selfsigned"
  )
 elif [[ "${certificateType}" == "letsencrypt" ]]; then
  LETSENCRYPT_EMAIL=$(/usr/local/bin/store_secret.sh save LETSENCRYPT-EMAIL "${letsEncryptEmail}")
  CERT_ARGS=(
    "--certificate-type=letsencrypt"
    "--letsencrypt-email=${letsEncryptEmail}"
  )
 else
  # Download owncert files
@ -457,11 +449,6 @@ if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then
    sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "${CONFIG_DIR}/openvidu.env"
 fi
 if [[ ${certificateType} == "letsencrypt" ]]; then
    export LETSENCRYPT_EMAIL=$(az keyvault secret show --vault-name ${keyVaultName} --name LETSENCRYPT-EMAIL --query value -o tsv)
    sed -i "s/LETSENCRYPT_EMAIL=.*/LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL/" "${CONFIG_DIR}/openvidu.env"
 fi
 # Get the rest of the values
 export REDIS_PASSWORD=$(az keyvault secret show --vault-name ${keyVaultName} --name REDIS-PASSWORD --query value -o tsv)
 export MONGO_ADMIN_USERNAME=$(az keyvault secret show --vault-name ${keyVaultName} --name MONGO-ADMIN-USERNAME --query value -o tsv)
--- a/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.json
+++ b/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.json
--- a/openvidu-deployment/community/singlenode/azure/createUiDefinition.json
+++ b/openvidu-deployment/community/singlenode/azure/createUiDefinition.json
@ -46,7 +46,7 @@
                            "type": "Microsoft.Common.DropDown",
                            "label": "Certificate Type",
                            "subLabel": "",
-                            "defaultValue": "selfsigned",
+                            "defaultValue": "letsencrypt",
                            "toolTip": "[[selfsigned] Not recommended for production use. If you don't have a FQDN, (DomainName parameter) you can use this option to generate a self-signed certificate.\n[owncert] Valid for productions environments. If you have a FQDN, (DomainName parameter)\nand an Elastic IP, you can use this option to use your own certificate.\n[letsencrypt] Valid for production environments. If you have a FQDN, (DomainName parameter)\nand an Elastic IP, you can use this option to generate a Let's Encrypt certificate.\n",
                            "constraints": {
                                "required": true,
@ -101,8 +101,8 @@
                                "validationMessage": "Please enter a valid domain name or leave it blank to generate",
                                "validations": [
                                    {
-                                        "isValid": "[if(or(equals(steps('parameters SSL').certificateType, 'letsencrypt'), equals(steps('parameters SSL').certificateType, 'owncert')), not(empty(steps('parameters SSL').domainName)), true)]",
+                                        "isValid": "[if(equals(steps('parameters SSL').certificateType, 'owncert'), not(empty(steps('parameters SSL').domainName)), true)]",
-                                        "message": "You need to fill this parameter because you've selected another certificate type that is not selfsigned."
+                                        "message": "You need to fill this parameter because you've selected owncert certificate type."
                                    }
                                ]
                            },
@ -150,27 +150,6 @@
                            },
                            "infoMessages": [],
                            "visible": true
                        },
                        {
                            "name": "letsEncryptEmail",
                            "type": "Microsoft.Common.TextBox",
                            "label": "Lets Encrypt Email",
                            "subLabel": "\nIf certificate type is 'letsencrypt', this email will be used for Let's Encrypt notifications",
                            "defaultValue": "",
                            "toolTip": "",
                            "constraints": {
                                "required": false,
                                "regex": "",
                                "validationMessage": "",
                                "validations": [
                                    {
                                        "isValid": "[if(equals(steps('parameters SSL').certificateType, 'letsencrypt'), not(empty(steps('parameters SSL').letsEncryptEmail)), true)]",
                                        "message": "You need to fill this parameter because you've selected letsencrypt certificate type."
                                    }
                                ]
                            },
                            "infoMessages": [],
                            "visible": true
                        }
                    ]
                },
@ -384,7 +363,6 @@
                "domainName": "[steps('parameters SSL').domainName]",
                "ownPublicCertificate": "[steps('parameters SSL').ownPublicCertificate]",
                "ownPrivateCertificate": "[steps('parameters SSL').ownPrivateCertificate]",
                "letsEncryptEmail": "[steps('parameters SSL').letsEncryptEmail]",
                "turnDomainName": "[steps('parameters TURN').turnDomainName]",
                "turnOwnPublicCertificate": "[steps('parameters TURN').turnOwnPublicCertificate]",
                "turnOwnPrivateCertificate": "[steps('parameters TURN').turnOwnPrivateCertificate]",