openvidu-deployment: single-node-pro - azure - Allow empty domains withj sslip

2025-09-07 19:56:14 +02:00 · 2025-09-07 19:56:14 +02:00 · 5cf8a32190
parent a2098d1e85
commit 5cf8a32190
3 changed files with 133 additions and 90 deletions
--- a/openvidu-deployment/pro/singlenode/azure/cf-openvidu-singlenode.bicep
+++ b/openvidu-deployment/pro/singlenode/azure/cf-openvidu-singlenode.bicep
@ -2,18 +2,16 @@
 param stackName string

@description('''
-[selfsigned] Not recommended for production use. If you don't have a FQDN, (DomainName parameter) you can use this option to generate a self-signed certificate.
-[owncert] Valid for productions environments. If you have a FQDN, (DomainName parameter)
-and an Elastic IP, you can use this option to use your own certificate.
-[letsencrypt] Valid for production environments. If you have a FQDN, (DomainName parameter)
-and an Elastic IP, you can use this option to generate a Let's Encrypt certificate.
+[selfsigned] Not recommended for production use. Just for testing purposes or development environments. You don't need a FQDN to use this option.
+[owncert] Valid for production environments. Use your own certificate. You need a FQDN to use this option.
+[letsencrypt] Valid for production environments. Can be used with or without a FQDN (if no FQDN is provided, a random sslip.io domain will be used).
 ''')
@allowed([
  'selfsigned'
  'owncert'
  'letsencrypt'
 ])
-param certificateType string = 'selfsigned'
+param certificateType string = 'letsencrypt'

@description('Previously created Public IP address for the OpenVidu Deployment. Blank will generate a public IP')
 param publicIpAddressObject object
@ -27,9 +25,6 @@ param ownPublicCertificate string = ''
@description('If certificate type is \'owncert\', this parameter will be used to specify the private certificate')
 param ownPrivateCertificate string = ''

-@description('If certificate type is \'letsencrypt\', this email will be used for Let\'s Encrypt notifications')
-param letsEncryptEmail string = ''
-
@description('(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls')
 param turnDomainName string = ''

@ -191,7 +186,7 @@ var networkSettings = {
 }

 var openviduVMSettings = {
-  vmName: '${stackName}-VM-CE'
+  vmName: '${stackName}-VM-Pro'
  osDiskType: 'StandardSSD_LRS'
  ubuntuOSVersion: {
    publisher: 'Canonical'
@ -212,7 +207,6 @@ var openviduVMSettings = {
  }
 }

-var fqdn = isEmptyIp ? publicIP_OV.properties.dnsSettings.fqdn : domainName
 //KeyVault for secrets
 var keyVaultName = '${stackName}-keyvault'

@ -267,10 +261,8 @@ resource openviduSharedInfo 'Microsoft.KeyVault/vaults@2023-07-01' = {
 //Parms for not string interpolation support for multiline
 var stringInterpolationParams = {
  domainName: domainName
-  fqdn: fqdn
  turnDomainName: turnDomainName
  certificateType: certificateType
-  letsEncryptEmail: letsEncryptEmail
  ownPublicCertificate: ownPublicCertificate
  ownPrivateCertificate: ownPrivateCertificate
  turnOwnPublicCertificate: turnOwnPublicCertificate
@ -295,8 +287,18 @@ apt-get update && apt-get install -y \
 # Configure Domain
 if [[ "${domainName}" == '' ]]; then
  [ ! -d "/usr/share/openvidu" ] && mkdir -p /usr/share/openvidu
-  DOMAIN=${fqdn}
-  echo ${fqdn} > /usr/share/openvidu/old-host-name
+  # Get public IP using the get_public_ip.sh script
+  PUBLIC_IP=$(/usr/local/bin/get_public_ip.sh 2>/dev/null)
+  if [[ $? -ne 0 || -z "${PUBLIC_IP}" ]]; then
+    echo "Could not determine public IP."
+    exit 1
+  fi
+
+  RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8)
+  DOMAIN="openvidu-$RANDOM_DOMAIN_STRING-$(echo "$PUBLIC_IP" | tr '.' '-').sslip.io"
+  TURN_DOMAIN_NAME_SSLIP_IO="turn-$RANDOM_DOMAIN_STRING-$(echo "$PUBLIC_IP" | tr '.' '-').sslip.io"
+  echo $RANDOM_DOMAIN_STRING > /usr/share/openvidu/random-domain-string
+  echo $PUBLIC_IP > /usr/share/openvidu/public-ip
 else
  DOMAIN=${domainName}
 fi
@ -369,6 +371,11 @@ if [[ "${turnDomainName}" != '' ]]; then
  COMMON_ARGS+=(
    "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME"
  )
+elif [[ "${TURN_DOMAIN_NAME_SSLIP_IO}" != '' ]]; then
+  LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT-TURN-DOMAIN-NAME "${TURN_DOMAIN_NAME_SSLIP_IO}")
+  COMMON_ARGS+=(
+    "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME"
+  )
 fi

 # Certificate arguments
@ -377,10 +384,8 @@ if [[ "${certificateType}" == "selfsigned" ]]; then
    "--certificate-type=selfsigned"
  )
 elif [[ "${certificateType}" == "letsencrypt" ]]; then
-  LETSENCRYPT_EMAIL=$(/usr/local/bin/store_secret.sh save LETSENCRYPT-EMAIL "${letsEncryptEmail}")
  CERT_ARGS=(
    "--certificate-type=letsencrypt"
-    "--letsencrypt-email=${letsEncryptEmail}"
  )
 else
  # Download owncert files
@ -432,12 +437,16 @@ az login --identity --allow-no-subscriptions > /dev/null

 # Generate URLs
 DOMAIN=$(az keyvault secret show --vault-name ${keyVaultName} --name DOMAIN-NAME --query value -o tsv)
+OPENVIDU_URL="https://${DOMAIN}/"
+LIVEKIT_URL="wss://${DOMAIN}/"
 DASHBOARD_URL="https://${DOMAIN}/dashboard/"
 GRAFANA_URL="https://${DOMAIN}/grafana/"
 MINIO_URL="https://${DOMAIN}/minio-console/"

 # Update shared secret
 az keyvault secret set --vault-name ${keyVaultName} --name DOMAIN-NAME --value $DOMAIN
+az keyvault secret set --vault-name ${keyVaultName} --name OPENVIDU-URL --value $OPENVIDU_URL
+az keyvault secret set --vault-name ${keyVaultName} --name LIVEKIT-URL --value $LIVEKIT_URL
 az keyvault secret set --vault-name ${keyVaultName} --name DASHBOARD-URL --value $DASHBOARD_URL
 az keyvault secret set --vault-name ${keyVaultName} --name GRAFANA-URL --value $GRAFANA_URL
 az keyvault secret set --vault-name ${keyVaultName} --name MINIO-URL --value $MINIO_URL
@ -461,6 +470,14 @@ CONFIG_DIR="${INSTALL_DIR}/config"

 # Replace DOMAIN_NAME
 export DOMAIN=$(az keyvault secret show --vault-name ${keyVaultName} --name DOMAIN-NAME --query value -o tsv)
+if [[ $DOMAIN == *"sslip.io"* ]] || [[ -z $DOMAIN ]]; then
+  PUBLIC_IP=$(/usr/local/bin/get_public_ip.sh 2>/dev/null || echo "")
+
+  if [[ -n "$PUBLIC_IP" ]] && [[ -f "/usr/share/openvidu/random-domain-string" ]]; then
+    RANDOM_DOMAIN_STRING=$(cat /usr/share/openvidu/random-domain-string)
+    DOMAIN="openvidu-$RANDOM_DOMAIN_STRING-$(echo "$PUBLIC_IP" | tr '.' '-').sslip.io"
+  fi
+fi
 if [[ -n "$DOMAIN" ]]; then
    sed -i "s/DOMAIN_NAME=.*/DOMAIN_NAME=$DOMAIN/" "${CONFIG_DIR}/openvidu.env"
 else
@ -469,15 +486,18 @@ fi

 # Replace LIVEKIT_TURN_DOMAIN_NAME
 export LIVEKIT_TURN_DOMAIN_NAME=$(az keyvault secret show --vault-name ${keyVaultName} --name LIVEKIT-TURN-DOMAIN-NAME --query value -o tsv)
+if [[ $LIVEKIT_TURN_DOMAIN_NAME == *"sslip.io"* ]] || [[ -z $LIVEKIT_TURN_DOMAIN_NAME ]]; then
+  PUBLIC_IP=$(/usr/local/bin/get_public_ip.sh 2>/dev/null || echo "")
+
+  if [[ -n "$PUBLIC_IP" ]] && [[ -f "/usr/share/openvidu/random-domain-string" ]]; then
+    RANDOM_DOMAIN_STRING=$(cat /usr/share/openvidu/random-domain-string)
+    LIVEKIT_TURN_DOMAIN_NAME="turn-$RANDOM_DOMAIN_STRING-$(echo "$PUBLIC_IP" | tr '.' '-').sslip.io"
+  fi
+fi
 if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then
    sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "${CONFIG_DIR}/openvidu.env"
 fi

-if [[ ${certificateType} == "letsencrypt" ]]; then
-    export LETSENCRYPT_EMAIL=$(az keyvault secret show --vault-name ${keyVaultName} --name LETSENCRYPT-EMAIL --query value -o tsv)
-    sed -i "s/LETSENCRYPT_EMAIL=.*/LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL/" "${CONFIG_DIR}/openvidu.env"
-fi
-
 # Get the rest of the values
 export REDIS_PASSWORD=$(az keyvault secret show --vault-name ${keyVaultName} --name REDIS-PASSWORD --query value -o tsv)
 export OPENVIDU_RTC_ENGINE=$(az keyvault secret show --vault-name ${keyVaultName} --name OPENVIDU-RTC-ENGINE --query value -o tsv)
@ -521,12 +541,16 @@ sed -i "s/ENABLED_MODULES=.*/ENABLED_MODULES=$ENABLED_MODULES/" "${CONFIG_DIR}/o


 # Update URLs in secret
+OPENVIDU_URL="https://${DOMAIN}/"
+LIVEKIT_URL="wss://${DOMAIN}/"
 DASHBOARD_URL="https://${DOMAIN}/dashboard/"
 GRAFANA_URL="https://${DOMAIN}/grafana/"
 MINIO_URL="https://${DOMAIN}/minio-console/"

 # Update shared secret
 az keyvault secret set --vault-name ${keyVaultName} --name DOMAIN-NAME --value $DOMAIN
+az keyvault secret set --vault-name ${keyVaultName} --name OPENVIDU-URL --value $OPENVIDU_URL
+az keyvault secret set --vault-name ${keyVaultName} --name LIVEKIT-URL --value $LIVEKIT_URL
 az keyvault secret set --vault-name ${keyVaultName} --name DASHBOARD-URL --value $DASHBOARD_URL
 az keyvault secret set --vault-name ${keyVaultName} --name GRAFANA-URL --value $GRAFANA_URL
 az keyvault secret set --vault-name ${keyVaultName} --name MINIO-URL --value $MINIO_URL
@ -666,6 +690,32 @@ else
 fi
 '''

+var get_public_ip = '''
+#!/bin/bash
+
+# List of services to check public IP
+services=(
+    "https://checkip.amazonaws.com"
+    "https://ifconfig.me/ip"
+    "https://ipinfo.io/ip"
+    "https://api.ipify.org"
+    "https://icanhazip.com"
+)
+
+for service in "${services[@]}"; do
+    ip=$(curl -s --max-time 5 "$service")
+    if [[ -n "$ip" && "$ip" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+        echo "$ip"
+        exit 0
+    else
+        echo "Failed to get IP from $service" >&2
+    fi
+done
+
+echo "Could not retrieve public IP from any service." >&2
+exit 1
+'''
+
 var check_app_ready = '''
 #!/bin/bash
 while true; do
@ -758,6 +808,7 @@ var base64update_config_from_secret = base64(update_config_from_secretScript)
 var base64update_secret_from_config = base64(update_secret_from_configScript)
 var base64get_value_from_config = base64(get_value_from_configScript)
 var base64store_secret = base64(store_secretScript)
+var base64get_public_ip = base64(get_public_ip)
 var base64check_app_ready = base64(check_app_ready)
 var base64restart = base64(restart)
 var base64config_blobStorage = base64(config_blobStorageScript)
@ -769,6 +820,7 @@ var userDataParams = {
  base64update_secret_from_config: base64update_secret_from_config
  base64get_value_from_config: base64get_value_from_config
  base64store_secret: base64store_secret
+  base64get_public_ip: base64get_public_ip
  base64check_app_ready: base64check_app_ready
  base64restart: base64restart
  base64config_blobStorage: base64config_blobStorage
@ -801,6 +853,10 @@ chmod +x /usr/local/bin/get_value_from_config.sh
 echo ${base64store_secret} | base64 -d > /usr/local/bin/store_secret.sh
 chmod +x /usr/local/bin/store_secret.sh

+# get_public_ip.sh
+echo ${base64get_public_ip} | base64 -d > /usr/local/bin/get_public_ip.sh
+chmod +x /usr/local/bin/get_public_ip.sh
+
 echo ${base64check_app_ready} | base64 -d > /usr/local/bin/check_app_ready.sh
 chmod +x /usr/local/bin/check_app_ready.sh

@ -892,9 +948,16 @@ resource roleAssignmentOpenViduServer 'Microsoft.Authorization/roleAssignments@2
 }
 /*------------------------------------------- NETWORK -------------------------------------------*/

-//Create publicIPAddress if convinient
-resource publicIP_OV 'Microsoft.Network/publicIPAddresses@2023-11-01' = if (isEmptyIp == true) {
-  name: '${stackName}-publicIP'
+var ipExists = publicIpAddressObject.newOrExistingOrNone == 'existing'
+
+resource publicIP_OV_ifExisting 'Microsoft.Network/publicIPAddresses@2023-11-01' existing = if (ipExists == true) {
+  name: publicIpAddressObject.name
+}
+
+var ipNew = publicIpAddressObject.newOrExistingOrNone == 'new'
+
+resource publicIP_OV_ifNew 'Microsoft.Network/publicIPAddresses@2023-11-01' = if (ipNew == true) {
+  name: publicIpAddressObject.name
  location: location
  sku: {
    name: 'Standard'
@ -905,23 +968,10 @@ resource publicIP_OV 'Microsoft.Network/publicIPAddresses@2023-11-01' = if (isEm
    publicIPAllocationMethod: 'Static'
    dnsSettings: {
      domainNameLabel: isEmptyDomain ? toLower('${stackName}') : null
-      fqdn: isEmptyDomain ? null : domainName
    }
  }
 }

-var ipExists = publicIpAddressObject.newOrExistingOrNone == 'existing'
-
-resource publicIP_OV_ifExisting 'Microsoft.Network/publicIPAddresses@2023-11-01' existing = if (ipExists == true) {
-  name: publicIpAddressObject.name
-}
-
-var ipNew = publicIpAddressObject.newOrExistingOrNone == 'new'
-
-resource publicIP_OV_ifNew 'Microsoft.Network/publicIPAddresses@2023-11-01' existing = if (ipNew == true) {
-  name: publicIpAddressObject.name
-}
-
 // Create the virtual network
 resource vnet_OV 'Microsoft.Network/virtualNetworks@2023-11-01' = {
  name: networkSettings.vNetName
@ -960,8 +1010,8 @@ resource netInterface_OV 'Microsoft.Network/networkInterfaces@2023-11-01' = {
          subnet: {
            id: resourceId('Microsoft.Network/virtualNetworks/subnets', vnet_OV.name, networkSettings.subnetName)
          }
-          publicIPAddress: {
-            id: isEmptyIp ? publicIP_OV.id : ipNew ? publicIP_OV_ifNew.id : publicIP_OV_ifExisting.id
+          publicIPAddress: isEmptyIp ? null : {
+            id: ipNew ? publicIP_OV_ifNew.id : publicIP_OV_ifExisting.id
          }
        }
      }
--- a/openvidu-deployment/pro/singlenode/azure/cf-openvidu-singlenode.json
+++ b/openvidu-deployment/pro/singlenode/azure/cf-openvidu-singlenode.json
--- a/openvidu-deployment/pro/singlenode/azure/createUiDefinition.json
+++ b/openvidu-deployment/pro/singlenode/azure/createUiDefinition.json
@ -46,7 +46,7 @@
                            "type": "Microsoft.Common.DropDown",
                            "label": "Certificate Type",
                            "subLabel": "",
-                            "defaultValue": "selfsigned",
+                            "defaultValue": "letsencrypt",
                            "toolTip": "[[selfsigned] Not recommended for production use. If you don't have a FQDN, (DomainName parameter) you can use this option to generate a self-signed certificate.\n[owncert] Valid for productions environments. If you have a FQDN, (DomainName parameter)\nand an Elastic IP, you can use this option to use your own certificate.\n[letsencrypt] Valid for production environments. If you have a FQDN, (DomainName parameter)\nand an Elastic IP, you can use this option to generate a Let's Encrypt certificate.\n",
                            "constraints": {
                                "required": true,
@ -82,7 +82,7 @@
                                "publicIpAddressName": "defaultName"
                            },
                            "options": {
-                                "hideNone": false,
+                                "hideNone": true,
                                "hideDomainNameLabel": true,
                                "hideExisting": false
                            },
@ -101,8 +101,8 @@
                                "validationMessage": "Please enter a valid domain name or leave it blank to generate",
                                "validations": [
                                    {
-                                        "isValid": "[if(or(equals(steps('parameters SSL').certificateType, 'letsencrypt'), equals(steps('parameters SSL').certificateType, 'owncert')), not(empty(steps('parameters SSL').domainName)), true)]",
-                                        "message": "You need to fill this parameter because you've selected another certificate type that is not selfsigned."
+                                        "isValid": "[if(equals(steps('parameters SSL').certificateType, 'owncert'), not(empty(steps('parameters SSL').domainName)), true)]",
+                                        "message": "You need to fill this parameter because you've selected owncert certificate type."
                                    }
                                ]
                            },
@ -150,27 +150,6 @@
                            },
                            "infoMessages": [],
                            "visible": true
-                        },
-                        {
-                            "name": "letsEncryptEmail",
-                            "type": "Microsoft.Common.TextBox",
-                            "label": "Lets Encrypt Email",
-                            "subLabel": "\nIf certificate type is 'letsencrypt', this email will be used for Let's Encrypt notifications",
-                            "defaultValue": "",
-                            "toolTip": "",
-                            "constraints": {
-                                "required": false,
-                                "regex": "",
-                                "validationMessage": "",
-                                "validations": [
-                                    {
-                                        "isValid": "[if(equals(steps('parameters SSL').certificateType, 'letsencrypt'), not(empty(steps('parameters SSL').letsEncryptEmail)), true)]",
-                                        "message": "You need to fill this parameter because you've selected letsencrypt certificate type."
-                                    }
-                                ]
-                            },
-                            "infoMessages": [],
-                            "visible": true
                        }
                    ]
                },