From 5e31998776cfe6744c8b48ea42918d25fec104a6 Mon Sep 17 00:00:00 2001 From: cruizba Date: Wed, 28 Jan 2026 21:36:27 +0100 Subject: [PATCH] openvidu-deployment: gcp - Use main domain for TURN - Remove TURN server configuration parameters and related logic from deployment templates --- .../gcp/tf-gpc-openvidu-singlenode.tf | 38 +----------------- .../community/singlenode/gcp/variables.tf | 18 --------- .../elastic/gcp/tf-gpc-openvidu-elastic.tf | 38 +----------------- .../pro/elastic/gcp/variables.tf | 18 --------- .../pro/ha/gcp/tf-gpc-openvidu-ha.tf | 39 +------------------ openvidu-deployment/pro/ha/gcp/variables.tf | 18 --------- .../gcp/tf-gpc-openvidu-singlenode.tf | 38 +----------------- .../pro/singlenode/gcp/variables.tf | 18 --------- 8 files changed, 4 insertions(+), 221 deletions(-) diff --git a/openvidu-deployment/community/singlenode/gcp/tf-gpc-openvidu-singlenode.tf b/openvidu-deployment/community/singlenode/gcp/tf-gpc-openvidu-singlenode.tf index 074634e89..50dfc1ca2 100644 --- a/openvidu-deployment/community/singlenode/gcp/tf-gpc-openvidu-singlenode.tf +++ b/openvidu-deployment/community/singlenode/gcp/tf-gpc-openvidu-singlenode.tf @@ -14,7 +14,7 @@ resource "google_secret_manager_secret" "openvidu_shared_info" { for_each = toset([ "OPENVIDU_URL", "MEET_INITIAL_ADMIN_USER", "MEET_INITIAL_ADMIN_PASSWORD", "MEET_INITIAL_API_KEY", "LIVEKIT_URL", "LIVEKIT_API_KEY", "LIVEKIT_API_SECRET", - "DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME", "LIVEKIT_TURN_DOMAIN_NAME", + "DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME", "REDIS_PASSWORD", "MONGO_ADMIN_USERNAME", "MONGO_ADMIN_PASSWORD", "MONGO_REPLICA_SET_KEY", "MINIO_ACCESS_KEY", "MINIO_SECRET_KEY", "DASHBOARD_ADMIN_USERNAME", "DASHBOARD_ADMIN_PASSWORD", "GRAFANA_ADMIN_USERNAME", "GRAFANA_ADMIN_PASSWORD", "ENABLED_MODULES" @@ -125,9 +125,6 @@ resource "google_compute_instance" "openvidu_server" { ownPublicCertificate = var.ownPublicCertificate ownPrivateCertificate = var.ownPrivateCertificate additionalInstallFlags = var.additionalInstallFlags - turnDomainName = var.turnDomainName - turnOwnPublicCertificate = var.turnOwnPublicCertificate - turnOwnPrivateCertificate = var.turnOwnPrivateCertificate bucketName = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName } @@ -183,7 +180,6 @@ if [[ "${var.domainName}" == "" ]]; then EXTERNAL_IP=$(get_meta "instance/network-interfaces/0/access-configs/0/external-ip") RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8) DOMAIN=openvidu-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io - TURN_DOMAIN_NAME_SSLIP_IO=turn-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io else DOMAIN="${var.domainName}" fi @@ -255,19 +251,6 @@ if [[ "${var.additionalInstallFlags}" != "" ]]; then done fi -# Turn with TLS -if [[ "$TURN_DOMAIN_NAME_SSLIP_IO" != "" ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "$TURN_DOMAIN_NAME_SSLIP_IO") - COMMON_ARGS+=( - "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME" - ) -elif [[ "${var.turnDomainName}" != '' ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${var.turnDomainName}") - COMMON_ARGS+=( - "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME" - ) -fi - # Certificate arguments if [[ "${var.certificateType}" == "selfsigned" ]]; then CERT_ARGS=( @@ -286,17 +269,6 @@ else "--owncert-public-key=$OWN_CERT_CRT" "--owncert-private-key=$OWN_CERT_KEY" ) - - # Turn with TLS and own certificate - if [[ "${var.turnDomainName}" != '' ]]; then - # Use base64 encoded certificates directly - OWN_CERT_CRT_TURN=${var.turnOwnPublicCertificate} - OWN_CERT_KEY_TURN=${var.turnOwnPrivateCertificate} - CERT_ARGS+=( - "--turn-owncert-private-key=$OWN_CERT_KEY_TURN" - "--turn-owncert-public-key=$OWN_CERT_CRT_TURN" - ) - fi fi # Final command @@ -395,12 +367,6 @@ else exit 1 fi -# Replace LIVEKIT_TURN_DOMAIN_NAME -export LIVEKIT_TURN_DOMAIN_NAME=$(gcloud secrets versions access latest --secret=LIVEKIT_TURN_DOMAIN_NAME) -if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then - sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "$${CONFIG_DIR}/openvidu.env" -fi - # Get the rest of the values export REDIS_PASSWORD=$(gcloud secrets versions access latest --secret=REDIS_PASSWORD) export MONGO_ADMIN_USERNAME=$(gcloud secrets versions access latest --secret=MONGO_ADMIN_USERNAME) @@ -471,7 +437,6 @@ CONFIG_DIR="$${INSTALL_DIR}/config" # Get current values of the config REDIS_PASSWORD="$(/usr/local/bin/get_value_from_config.sh REDIS_PASSWORD "$${CONFIG_DIR}/openvidu.env")" DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh DOMAIN_NAME "$${CONFIG_DIR}/openvidu.env")" -LIVEKIT_TURN_DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_TURN_DOMAIN_NAME "$${CONFIG_DIR}/openvidu.env")" MONGO_ADMIN_USERNAME="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_USERNAME "$${CONFIG_DIR}/openvidu.env")" MONGO_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_PASSWORD "$${CONFIG_DIR}/openvidu.env")" MONGO_REPLICA_SET_KEY="$(/usr/local/bin/get_value_from_config.sh MONGO_REPLICA_SET_KEY "$${CONFIG_DIR}/openvidu.env")" @@ -493,7 +458,6 @@ ENABLED_MODULES="$(/usr/local/bin/get_value_from_config.sh ENABLED_MODULES "$${C # Update shared secret echo -n "$REDIS_PASSWORD" | gcloud secrets versions add REDIS_PASSWORD --data-file=- echo -n "$DOMAIN_NAME" | gcloud secrets versions add DOMAIN_NAME --data-file=- -echo -n "$LIVEKIT_TURN_DOMAIN_NAME" | gcloud secrets versions add LIVEKIT_TURN_DOMAIN_NAME --data-file=- echo -n "$MONGO_ADMIN_USERNAME" | gcloud secrets versions add MONGO_ADMIN_USERNAME --data-file=- echo -n "$MONGO_ADMIN_PASSWORD" | gcloud secrets versions add MONGO_ADMIN_PASSWORD --data-file=- echo -n "$MONGO_REPLICA_SET_KEY" | gcloud secrets versions add MONGO_REPLICA_SET_KEY --data-file=- diff --git a/openvidu-deployment/community/singlenode/gcp/variables.tf b/openvidu-deployment/community/singlenode/gcp/variables.tf index 577f541d7..0930003a8 100644 --- a/openvidu-deployment/community/singlenode/gcp/variables.tf +++ b/openvidu-deployment/community/singlenode/gcp/variables.tf @@ -106,21 +106,3 @@ variable "additionalInstallFlags" { error_message = "Must be a comma-separated list of flags (for example, --flag=value, --bool-flag)." } } - -variable "turnDomainName" { - description = "(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls" - type = string - default = "" -} - -variable "turnOwnPublicCertificate" { - description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - type = string - default = "" -} - -variable "turnOwnPrivateCertificate" { - description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - type = string - default = "" -} diff --git a/openvidu-deployment/pro/elastic/gcp/tf-gpc-openvidu-elastic.tf b/openvidu-deployment/pro/elastic/gcp/tf-gpc-openvidu-elastic.tf index 619ebcb77..c1edc093e 100644 --- a/openvidu-deployment/pro/elastic/gcp/tf-gpc-openvidu-elastic.tf +++ b/openvidu-deployment/pro/elastic/gcp/tf-gpc-openvidu-elastic.tf @@ -16,7 +16,7 @@ resource "google_secret_manager_secret" "openvidu_shared_info" { for_each = toset([ "OPENVIDU_URL", "MEET_INITIAL_ADMIN_USER", "MEET_INITIAL_ADMIN_PASSWORD", "MEET_INITIAL_API_KEY", "LIVEKIT_URL", "LIVEKIT_API_KEY", "LIVEKIT_API_SECRET", - "DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME", "LIVEKIT_TURN_DOMAIN_NAME", + "DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME", "OPENVIDU_PRO_LICENSE", "OPENVIDU_RTC_ENGINE", "REDIS_PASSWORD", "MONGO_ADMIN_USERNAME", "MONGO_ADMIN_PASSWORD", "MONGO_REPLICA_SET_KEY", "MINIO_ACCESS_KEY", "MINIO_SECRET_KEY", "DASHBOARD_ADMIN_USERNAME", "DASHBOARD_ADMIN_PASSWORD", "GRAFANA_ADMIN_USERNAME", @@ -167,9 +167,6 @@ resource "google_compute_instance" "openvidu_master_node" { initialMeetAdminPassword = var.initialMeetAdminPassword initialMeetApiKey = var.initialMeetApiKey additionalInstallFlags = var.additionalInstallFlags - turnDomainName = var.turnDomainName - turnOwnPublicCertificate = var.turnOwnPublicCertificate - turnOwnPrivateCertificate = var.turnOwnPrivateCertificate bucketName = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName } @@ -652,7 +649,6 @@ if [[ "${var.domainName}" == "" ]]; then EXTERNAL_IP=$(get_meta "instance/network-interfaces/0/access-configs/0/external-ip") RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8) DOMAIN=openvidu-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io - TURN_DOMAIN_NAME_SSLIP_IO=turn-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io else DOMAIN="${var.domainName}" fi @@ -738,19 +734,6 @@ if [[ "${var.additionalInstallFlags}" != "" ]]; then done fi -# Turn with TLS -if [[ "$TURN_DOMAIN_NAME_SSLIP_IO" != "" ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "$TURN_DOMAIN_NAME_SSLIP_IO") - COMMON_ARGS+=( - "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME" - ) -elif [[ "${var.turnDomainName}" != '' ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${var.turnDomainName}") - COMMON_ARGS+=( - "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME" - ) -fi - # Certificate arguments if [[ "${var.certificateType}" == "selfsigned" ]]; then CERT_ARGS=( @@ -769,17 +752,6 @@ else "--owncert-public-key=$OWN_CERT_CRT" "--owncert-private-key=$OWN_CERT_KEY" ) - - # Turn with TLS and own certificate - if [[ "${var.turnDomainName}" != '' ]]; then - # Use base64 encoded certificates directly - OWN_CERT_CRT_TURN=${var.turnOwnPublicCertificate} - OWN_CERT_KEY_TURN=${var.turnOwnPrivateCertificate} - CERT_ARGS+=( - "--turn-owncert-private-key=$OWN_CERT_KEY_TURN" - "--turn-owncert-public-key=$OWN_CERT_CRT_TURN" - ) - fi fi # Final command @@ -879,12 +851,6 @@ else exit 1 fi -# Replace LIVEKIT_TURN_DOMAIN_NAME -export LIVEKIT_TURN_DOMAIN_NAME=$(gcloud secrets versions access latest --secret=LIVEKIT_TURN_DOMAIN_NAME) -if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then - sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "$${CLUSTER_CONFIG_DIR}/openvidu.env" -fi - # Get the rest of the values export REDIS_PASSWORD=$(gcloud secrets versions access latest --secret=REDIS_PASSWORD) export OPENVIDU_RTC_ENGINE=$(gcloud secrets versions access latest --secret=OPENVIDU_RTC_ENGINE) @@ -960,7 +926,6 @@ MASTER_NODE_CONFIG_DIR="$${INSTALL_DIR}/config/node" # Get current values of the config REDIS_PASSWORD="$(/usr/local/bin/get_value_from_config.sh REDIS_PASSWORD "$${MASTER_NODE_CONFIG_DIR}/master_node.env")" DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh DOMAIN_NAME "$${CLUSTER_CONFIG_DIR}/openvidu.env")" -LIVEKIT_TURN_DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_TURN_DOMAIN_NAME "$${CLUSTER_CONFIG_DIR}/openvidu.env")" OPENVIDU_RTC_ENGINE="$(/usr/local/bin/get_value_from_config.sh OPENVIDU_RTC_ENGINE "$${CLUSTER_CONFIG_DIR}/openvidu.env")" OPENVIDU_PRO_LICENSE="$(/usr/local/bin/get_value_from_config.sh OPENVIDU_PRO_LICENSE "$${CLUSTER_CONFIG_DIR}/openvidu.env")" MONGO_ADMIN_USERNAME="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_USERNAME "$${CLUSTER_CONFIG_DIR}/openvidu.env")" @@ -984,7 +949,6 @@ ENABLED_MODULES="$(/usr/local/bin/get_value_from_config.sh ENABLED_MODULES "$${C # Update shared secret echo -n "$REDIS_PASSWORD" | gcloud secrets versions add REDIS_PASSWORD --data-file=- echo -n "$DOMAIN_NAME" | gcloud secrets versions add DOMAIN_NAME --data-file=- -echo -n "$LIVEKIT_TURN_DOMAIN_NAME" | gcloud secrets versions add LIVEKIT_TURN_DOMAIN_NAME --data-file=- echo -n "$OPENVIDU_RTC_ENGINE" | gcloud secrets versions add OPENVIDU_RTC_ENGINE --data-file=- echo -n "$OPENVIDU_PRO_LICENSE" | gcloud secrets versions add OPENVIDU_PRO_LICENSE --data-file=- echo -n "$MONGO_ADMIN_USERNAME" | gcloud secrets versions add MONGO_ADMIN_USERNAME --data-file=- diff --git a/openvidu-deployment/pro/elastic/gcp/variables.tf b/openvidu-deployment/pro/elastic/gcp/variables.tf index d23e6bf8c..64d66b7be 100644 --- a/openvidu-deployment/pro/elastic/gcp/variables.tf +++ b/openvidu-deployment/pro/elastic/gcp/variables.tf @@ -152,21 +152,3 @@ variable "additionalInstallFlags" { error_message = "Must be a comma-separated list of flags (for example, --flag=value, --bool-flag)." } } - -variable "turnDomainName" { - description = "(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls" - type = string - default = "" -} - -variable "turnOwnPublicCertificate" { - description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - type = string - default = "" -} - -variable "turnOwnPrivateCertificate" { - description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - type = string - default = "" -} diff --git a/openvidu-deployment/pro/ha/gcp/tf-gpc-openvidu-ha.tf b/openvidu-deployment/pro/ha/gcp/tf-gpc-openvidu-ha.tf index 5ebe9d6fb..f6f8f08cc 100644 --- a/openvidu-deployment/pro/ha/gcp/tf-gpc-openvidu-ha.tf +++ b/openvidu-deployment/pro/ha/gcp/tf-gpc-openvidu-ha.tf @@ -16,7 +16,7 @@ resource "google_secret_manager_secret" "openvidu_shared_info" { for_each = toset([ "OPENVIDU_URL", "MEET_INITIAL_ADMIN_USER", "MEET_INITIAL_ADMIN_PASSWORD", "MEET_INITIAL_API_KEY", "LIVEKIT_URL", "LIVEKIT_API_KEY", "LIVEKIT_API_SECRET", - "DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME", "LIVEKIT_TURN_DOMAIN_NAME", + "DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME", "OPENVIDU_PRO_LICENSE", "OPENVIDU_RTC_ENGINE", "REDIS_PASSWORD", "MONGO_ADMIN_USERNAME", "MONGO_ADMIN_PASSWORD", "MONGO_REPLICA_SET_KEY", "MINIO_ACCESS_KEY", "MINIO_SECRET_KEY", "DASHBOARD_ADMIN_USERNAME", "DASHBOARD_ADMIN_PASSWORD", "GRAFANA_ADMIN_USERNAME", @@ -314,9 +314,6 @@ resource "google_compute_instance" "openvidu_master_node_1" { certificateType = var.certificateType ownPublicCertificate = var.ownPublicCertificate ownPrivateCertificate = var.ownPrivateCertificate - turnDomainName = var.turnDomainName - turnOwnPublicCertificate = var.turnOwnPublicCertificate - turnOwnPrivateCertificate = var.turnOwnPrivateCertificate openviduLicense = var.openviduLicense rtcEngine = var.rtcEngine initialMeetAdminPassword = var.initialMeetAdminPassword @@ -367,9 +364,6 @@ resource "google_compute_instance" "openvidu_master_node_2" { certificateType = var.certificateType ownPublicCertificate = var.ownPublicCertificate ownPrivateCertificate = var.ownPrivateCertificate - turnDomainName = var.turnDomainName - turnOwnPublicCertificate = var.turnOwnPublicCertificate - turnOwnPrivateCertificate = var.turnOwnPrivateCertificate openviduLicense = var.openviduLicense rtcEngine = var.rtcEngine initialMeetAdminPassword = var.initialMeetAdminPassword @@ -422,9 +416,6 @@ resource "google_compute_instance" "openvidu_master_node_3" { certificateType = var.certificateType ownPublicCertificate = var.ownPublicCertificate ownPrivateCertificate = var.ownPrivateCertificate - turnDomainName = var.turnDomainName - turnOwnPublicCertificate = var.turnOwnPublicCertificate - turnOwnPrivateCertificate = var.turnOwnPrivateCertificate openviduLicense = var.openviduLicense rtcEngine = var.rtcEngine initialMeetAdminPassword = var.initialMeetAdminPassword @@ -477,9 +468,6 @@ resource "google_compute_instance" "openvidu_master_node_4" { certificateType = var.certificateType ownPublicCertificate = var.ownPublicCertificate ownPrivateCertificate = var.ownPrivateCertificate - turnDomainName = var.turnDomainName - turnOwnPublicCertificate = var.turnOwnPublicCertificate - turnOwnPrivateCertificate = var.turnOwnPrivateCertificate openviduLicense = var.openviduLicense rtcEngine = var.rtcEngine initialMeetAdminPassword = var.initialMeetAdminPassword @@ -995,7 +983,6 @@ if [[ $MASTER_NODE_NUM -eq 1 ]] && [[ "$ALL_SECRETS_GENERATED" == "false" ]]; th EXTERNAL_IP=$(gcloud compute addresses describe "${lower("${var.stackName}-nlb-ip")}" --region ${var.region} --format="get(address)") RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8) DOMAIN="openvidu-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io" - TURN_DOMAIN_NAME_SSLIP_IO="turn-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io" else DOMAIN="${var.domainName}" fi @@ -1013,13 +1000,6 @@ if [[ $MASTER_NODE_NUM -eq 1 ]] && [[ "$ALL_SECRETS_GENERATED" == "false" ]]; th MEET_INITIAL_API_KEY="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_API_KEY "${var.initialMeetApiKey}")" fi - # Configure TURN server domain name - if [[ -n "${var.turnDomainName}" ]]; then - LIVEKIT_TURN_DOMAIN_NAME="$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${var.turnDomainName}")" - elif [[ "$${TURN_DOMAIN_NAME_SSLIP_IO}" != '' ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "$${TURN_DOMAIN_NAME_SSLIP_IO}") - fi - # Store usernames and generate random passwords OPENVIDU_PRO_LICENSE="$(/usr/local/bin/store_secret.sh save OPENVIDU_PRO_LICENSE "${var.openviduLicense}")" OPENVIDU_RTC_ENGINE="$(/usr/local/bin/store_secret.sh save OPENVIDU_RTC_ENGINE "${var.rtcEngine}")" @@ -1065,7 +1045,6 @@ MASTER_NODE_4_PRIVATE_IP=$(gcloud secrets versions access latest --secret=MASTER MASTER_NODE_PRIVATE_IP_LIST="$MASTER_NODE_1_PRIVATE_IP,$MASTER_NODE_2_PRIVATE_IP,$MASTER_NODE_3_PRIVATE_IP,$MASTER_NODE_4_PRIVATE_IP" DOMAIN=$(gcloud secrets versions access latest --secret=DOMAIN_NAME) -LIVEKIT_TURN_DOMAIN_NAME=$(gcloud secrets versions access latest --secret=LIVEKIT_TURN_DOMAIN_NAME) OPENVIDU_PRO_LICENSE=$(gcloud secrets versions access latest --secret=OPENVIDU_PRO_LICENSE) OPENVIDU_RTC_ENGINE=$(gcloud secrets versions access latest --secret=OPENVIDU_RTC_ENGINE) REDIS_PASSWORD=$(gcloud secrets versions access latest --secret=REDIS_PASSWORD) @@ -1132,10 +1111,6 @@ if [[ "${var.additionalInstallFlags}" != "" ]]; then done fi -if [[ "$LIVEKIT_TURN_DOMAIN_NAME" != "" ]]; then - COMMON_ARGS+=("--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME") -fi - # Certificate arguments if [[ "${var.certificateType}" == "selfsigned" ]]; then CERT_ARGS=( @@ -1155,18 +1130,6 @@ else "--owncert-public-key=$OWN_CERT_CRT" "--owncert-private-key=$OWN_CERT_KEY" ) - - # Turn with TLS and own certificate - if [[ "${var.turnDomainName}" != '' ]]; then - # Use base64 encoded certificates directly - OWN_CERT_CRT_TURN=${var.turnOwnPublicCertificate} - OWN_CERT_KEY_TURN=${var.turnOwnPrivateCertificate} - - CERT_ARGS+=( - "--turn-owncert-private-key=$OWN_CERT_KEY_TURN" - "--turn-owncert-public-key=$OWN_CERT_CRT_TURN" - ) - fi fi # Construct the final command diff --git a/openvidu-deployment/pro/ha/gcp/variables.tf b/openvidu-deployment/pro/ha/gcp/variables.tf index 83aa67896..2ab77e534 100644 --- a/openvidu-deployment/pro/ha/gcp/variables.tf +++ b/openvidu-deployment/pro/ha/gcp/variables.tf @@ -168,21 +168,3 @@ variable "additionalInstallFlags" { error_message = "Must be a comma-separated list of flags (for example, --flag=value, --bool-flag)." } } - -variable "turnDomainName" { - description = "(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls" - type = string - default = "" -} - -variable "turnOwnPublicCertificate" { - description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - type = string - default = "" -} - -variable "turnOwnPrivateCertificate" { - description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - type = string - default = "" -} diff --git a/openvidu-deployment/pro/singlenode/gcp/tf-gpc-openvidu-singlenode.tf b/openvidu-deployment/pro/singlenode/gcp/tf-gpc-openvidu-singlenode.tf index 1a46e315c..d9c19a346 100644 --- a/openvidu-deployment/pro/singlenode/gcp/tf-gpc-openvidu-singlenode.tf +++ b/openvidu-deployment/pro/singlenode/gcp/tf-gpc-openvidu-singlenode.tf @@ -13,7 +13,7 @@ resource "google_secret_manager_secret" "openvidu_shared_info" { for_each = toset([ "OPENVIDU_URL", "MEET_INITIAL_ADMIN_USER", "MEET_INITIAL_ADMIN_PASSWORD", "MEET_INITIAL_API_KEY", "LIVEKIT_URL", "LIVEKIT_API_KEY", "LIVEKIT_API_SECRET", - "DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME", "LIVEKIT_TURN_DOMAIN_NAME", + "DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME", "OPENVIDU_PRO_LICENSE", "OPENVIDU_RTC_ENGINE", "REDIS_PASSWORD", "MONGO_ADMIN_USERNAME", "MONGO_ADMIN_PASSWORD", "MONGO_REPLICA_SET_KEY", "MINIO_ACCESS_KEY", "MINIO_SECRET_KEY", "DASHBOARD_ADMIN_USERNAME", "DASHBOARD_ADMIN_PASSWORD", "GRAFANA_ADMIN_USERNAME", @@ -117,9 +117,6 @@ resource "google_compute_instance" "openvidu_server" { ownPublicCertificate = var.ownPublicCertificate ownPrivateCertificate = var.ownPrivateCertificate additionalInstallFlags = var.additionalInstallFlags - turnDomainName = var.turnDomainName - turnOwnPublicCertificate = var.turnOwnPublicCertificate - turnOwnPrivateCertificate = var.turnOwnPrivateCertificate bucketName = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName } @@ -178,7 +175,6 @@ if [[ "${var.domainName}" == "" ]]; then EXTERNAL_IP=$(get_meta "instance/network-interfaces/0/access-configs/0/external-ip") RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8) DOMAIN=openvidu-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io - TURN_DOMAIN_NAME_SSLIP_IO=turn-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io else DOMAIN="${var.domainName}" fi @@ -254,19 +250,6 @@ if [[ "${var.additionalInstallFlags}" != "" ]]; then done fi -# Turn with TLS -if [[ "$TURN_DOMAIN_NAME_SSLIP_IO" != "" ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "$TURN_DOMAIN_NAME_SSLIP_IO") - COMMON_ARGS+=( - "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME" - ) -elif [[ "${var.turnDomainName}" != '' ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${var.turnDomainName}") - COMMON_ARGS+=( - "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME" - ) -fi - # Certificate arguments if [[ "${var.certificateType}" == "selfsigned" ]]; then CERT_ARGS=( @@ -285,17 +268,6 @@ else "--owncert-public-key=$OWN_CERT_CRT" "--owncert-private-key=$OWN_CERT_KEY" ) - - # Turn with TLS and own certificate - if [[ "${var.turnDomainName}" != '' ]]; then - # Use base64 encoded certificates directly - OWN_CERT_CRT_TURN=${var.turnOwnPublicCertificate} - OWN_CERT_KEY_TURN=${var.turnOwnPrivateCertificate} - CERT_ARGS+=( - "--turn-owncert-private-key=$OWN_CERT_KEY_TURN" - "--turn-owncert-public-key=$OWN_CERT_CRT_TURN" - ) - fi fi # Final command @@ -394,12 +366,6 @@ else exit 1 fi -# Replace LIVEKIT_TURN_DOMAIN_NAME -export LIVEKIT_TURN_DOMAIN_NAME=$(gcloud secrets versions access latest --secret=LIVEKIT_TURN_DOMAIN_NAME) -if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then - sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "$${CONFIG_DIR}/openvidu.env" -fi - # Get the rest of the values export REDIS_PASSWORD=$(gcloud secrets versions access latest --secret=REDIS_PASSWORD) export OPENVIDU_PRO_LICENSE=$(gcloud secrets versions access latest --secret=OPENVIDU_PRO_LICENSE) @@ -476,7 +442,6 @@ REDIS_PASSWORD="$(/usr/local/bin/get_value_from_config.sh REDIS_PASSWORD "$${CON OPENVIDU_PRO_LICENSE="$(/usr/local/bin/get_value_from_config.sh OPENVIDU_PRO_LICENSE "$${CONFIG_DIR}/openvidu.env")" OPENVIDU_RTC_ENGINE="$(/usr/local/bin/get_value_from_config.sh OPENVIDU_RTC_ENGINE "$${CONFIG_DIR}/openvidu.env")" DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh DOMAIN_NAME "$${CONFIG_DIR}/openvidu.env")" -LIVEKIT_TURN_DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_TURN_DOMAIN_NAME "$${CONFIG_DIR}/openvidu.env")" MONGO_ADMIN_USERNAME="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_USERNAME "$${CONFIG_DIR}/openvidu.env")" MONGO_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_PASSWORD "$${CONFIG_DIR}/openvidu.env")" MONGO_REPLICA_SET_KEY="$(/usr/local/bin/get_value_from_config.sh MONGO_REPLICA_SET_KEY "$${CONFIG_DIR}/openvidu.env")" @@ -500,7 +465,6 @@ echo -n "$REDIS_PASSWORD" | gcloud secrets versions add REDIS_PASSWORD --data-fi echo -n "$OPENVIDU_PRO_LICENSE" | gcloud secrets versions add OPENVIDU_PRO_LICENSE --data-file=- echo -n "$OPENVIDU_RTC_ENGINE" | gcloud secrets versions add OPENVIDU_RTC_ENGINE --data-file=- echo -n "$DOMAIN_NAME" | gcloud secrets versions add DOMAIN_NAME --data-file=- -echo -n "$LIVEKIT_TURN_DOMAIN_NAME" | gcloud secrets versions add LIVEKIT_TURN_DOMAIN_NAME --data-file=- echo -n "$MONGO_ADMIN_USERNAME" | gcloud secrets versions add MONGO_ADMIN_USERNAME --data-file=- echo -n "$MONGO_ADMIN_PASSWORD" | gcloud secrets versions add MONGO_ADMIN_PASSWORD --data-file=- echo -n "$MONGO_REPLICA_SET_KEY" | gcloud secrets versions add MONGO_REPLICA_SET_KEY --data-file=- diff --git a/openvidu-deployment/pro/singlenode/gcp/variables.tf b/openvidu-deployment/pro/singlenode/gcp/variables.tf index 4bf810726..2b65a6817 100644 --- a/openvidu-deployment/pro/singlenode/gcp/variables.tf +++ b/openvidu-deployment/pro/singlenode/gcp/variables.tf @@ -122,21 +122,3 @@ variable "additionalInstallFlags" { error_message = "Must be a comma-separated list of flags (for example, --flag=value, --bool-flag)." } } - -variable "turnDomainName" { - description = "(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls" - type = string - default = "" -} - -variable "turnOwnPublicCertificate" { - description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - type = string - default = "" -} - -variable "turnOwnPrivateCertificate" { - description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - type = string - default = "" -}