From 61fbf9850bca08b53b50de19d803d1d92ddff6b1 Mon Sep 17 00:00:00 2001 From: cruizba Date: Fri, 11 Jul 2025 21:33:05 +0200 Subject: [PATCH] Add TCP port rules for WebRTC traffic on port 7881 and 50000-60000 across multiple deployment configurations --- .../singlenode/aws/cf-openvidu-singlenode.yaml | 16 ++++++++-------- .../azure/cf-openvidu-singlenode.bicep | 16 ---------------- .../azure/cf-openvidu-singlenode.json | 18 +----------------- .../pro/elastic/aws/cf-openvidu-elastic.yaml | 16 ++++++++++++++++ .../elastic/azure/cf-openvidu-elastic.bicep | 16 ++++++++++++++++ .../pro/elastic/azure/cf-openvidu-elastic.json | 18 +++++++++++++++++- .../pro/ha/aws/cf-openvidu-ha.yaml | 16 ++++++++++++++++ .../pro/ha/azure/cf-openvidu-ha.bicep | 16 ++++++++++++++++ .../pro/ha/azure/cf-openvidu-ha.json | 18 +++++++++++++++++- .../singlenode/aws/cf-openvidu-singlenode.yaml | 8 ++++++++ 10 files changed, 115 insertions(+), 43 deletions(-) diff --git a/openvidu-deployment/community/singlenode/aws/cf-openvidu-singlenode.yaml b/openvidu-deployment/community/singlenode/aws/cf-openvidu-singlenode.yaml index 46ea005a..5c6ebdcf 100644 --- a/openvidu-deployment/community/singlenode/aws/cf-openvidu-singlenode.yaml +++ b/openvidu-deployment/community/singlenode/aws/cf-openvidu-singlenode.yaml @@ -936,6 +936,14 @@ Resources: FromPort: 1935 ToPort: 1935 CidrIpv6: ::/0 + - IpProtocol: tcp + FromPort: 7881 + ToPort: 7881 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 7881 + ToPort: 7881 + CidrIpv6: ::/0 - IpProtocol: udp FromPort: 7885 ToPort: 7885 @@ -952,14 +960,6 @@ Resources: FromPort: 50000 ToPort: 60000 CidrIpv6: ::/0 - - IpProtocol: tcp - FromPort: 50000 - ToPort: 60000 - CidrIp: 0.0.0.0/0 - - IpProtocol: tcp - FromPort: 50000 - ToPort: 60000 - CidrIpv6: ::/0 Outputs: ServicesAndCredentials: diff --git a/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.bicep b/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.bicep index 836dede1..2275d3ae 100644 --- a/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.bicep +++ b/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.bicep @@ -1080,22 +1080,6 @@ resource webServerSecurityGroup 'Microsoft.Network/networkSecurityGroups@2023-11 direction: 'Inbound' } } - { - name: 'WebRTC_traffic_TCP' - properties: { - protocol: 'Tcp' - sourceAddressPrefix: '*' - sourcePortRange: '*' - destinationAddressPrefix: '*' - destinationPortRanges: [ - '50000' - '60000' - ] - access: 'Allow' - priority: 190 - direction: 'Inbound' - } - } ] } } diff --git a/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.json b/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.json index 4f1c79b1..86650a1c 100644 --- a/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.json +++ b/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "12381993962421618724" + "templateHash": "12302733880284242788" } }, "parameters": { @@ -595,22 +595,6 @@ "priority": 180, "direction": "Inbound" } - }, - { - "name": "WebRTC_traffic_TCP", - "properties": { - "protocol": "Tcp", - "sourceAddressPrefix": "*", - "sourcePortRange": "*", - "destinationAddressPrefix": "*", - "destinationPortRanges": [ - "50000", - "60000" - ], - "access": "Allow", - "priority": 190, - "direction": "Inbound" - } } ] } diff --git a/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml b/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml index a81d62c8..93efdf1a 100644 --- a/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml +++ b/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml @@ -1728,6 +1728,14 @@ Resources: FromPort: 443 ToPort: 443 CidrIpv6: ::/0 + - IpProtocol: tcp + FromPort: 7881 + ToPort: 7881 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 7881 + ToPort: 7881 + CidrIpv6: ::/0 - IpProtocol: udp FromPort: 7885 ToPort: 7885 @@ -1744,6 +1752,14 @@ Resources: FromPort: 50000 ToPort: 60000 CidrIpv6: ::/0 + - IpProtocol: tcp + FromPort: 50000 + ToPort: 60000 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 50000 + ToPort: 60000 + CidrIpv6: ::/0 OpenViduMasterNodeToMediaNodeRTMPIngress: Type: AWS::EC2::SecurityGroupIngress diff --git a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep index d02fac30..27746e25 100644 --- a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep +++ b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep @@ -1959,6 +1959,22 @@ resource openviduMediaNodeNSG 'Microsoft.Network/networkSecurityGroups@2023-11-0 direction: 'Inbound' } } + { + name: 'WebRTC_traffic_TCP' + properties: { + protocol: 'Tcp' + sourceAddressPrefix: '*' + sourcePortRange: '*' + destinationAddressPrefix: '*' + destinationPortRanges: [ + '50000' + '60000' + ] + access: 'Allow' + priority: 150 + direction: 'Inbound' + } + } ] } } diff --git a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json index 75f944e2..360e33df 100644 --- a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json +++ b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "6186739981001271048" + "templateHash": "3674868881840486374" } }, "parameters": { @@ -1292,6 +1292,22 @@ "priority": 140, "direction": "Inbound" } + }, + { + "name": "WebRTC_traffic_TCP", + "properties": { + "protocol": "Tcp", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "destinationAddressPrefix": "*", + "destinationPortRanges": [ + "50000", + "60000" + ], + "access": "Allow", + "priority": 150, + "direction": "Inbound" + } } ] } diff --git a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml index c73010be..6030cf0a 100644 --- a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml +++ b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml @@ -2087,6 +2087,14 @@ Resources: FromPort: 443 ToPort: 443 CidrIpv6: ::/0 + - IpProtocol: tcp + FromPort: 7881 + ToPort: 7881 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 7881 + ToPort: 7881 + CidrIpv6: ::/0 - IpProtocol: udp FromPort: 7885 ToPort: 7885 @@ -2103,6 +2111,14 @@ Resources: FromPort: 50000 ToPort: 60000 CidrIpv6: ::/0 + - IpProtocol: tcp + FromPort: 50000 + ToPort: 60000 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 50000 + ToPort: 60000 + CidrIpv6: ::/0 OpenViduLoadBalancerToMediaNodeRTMPIngressSG: Type: AWS::EC2::SecurityGroupIngress diff --git a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep index f9479644..32b46f66 100644 --- a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep +++ b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep @@ -2847,6 +2847,22 @@ resource openviduMediaNodeNSG 'Microsoft.Network/networkSecurityGroups@2023-11-0 direction: 'Inbound' } } + { + name: 'WebRTC_traffic_TCP' + properties: { + protocol: 'Tcp' + sourceAddressPrefix: '*' + sourcePortRange: '*' + destinationAddressPrefix: '*' + destinationPortRanges: [ + '50000' + '60000' + ] + access: 'Allow' + priority: 150 + direction: 'Inbound' + } + } ] } } diff --git a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json index 8768d303..17dd7a79 100644 --- a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json +++ b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "11388703170829775157" + "templateHash": "5237566819187308269" } }, "parameters": { @@ -2193,6 +2193,22 @@ "priority": 140, "direction": "Inbound" } + }, + { + "name": "WebRTC_traffic_TCP", + "properties": { + "protocol": "Tcp", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "destinationAddressPrefix": "*", + "destinationPortRanges": [ + "50000", + "60000" + ], + "access": "Allow", + "priority": 150, + "direction": "Inbound" + } } ] } diff --git a/openvidu-deployment/pro/singlenode/aws/cf-openvidu-singlenode.yaml b/openvidu-deployment/pro/singlenode/aws/cf-openvidu-singlenode.yaml index 52347233..bb10d7a6 100644 --- a/openvidu-deployment/pro/singlenode/aws/cf-openvidu-singlenode.yaml +++ b/openvidu-deployment/pro/singlenode/aws/cf-openvidu-singlenode.yaml @@ -974,6 +974,14 @@ Resources: FromPort: 7885 ToPort: 7885 CidrIpv6: ::/0 + - IpProtocol: tcp + FromPort: 7881 + ToPort: 7881 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 7881 + ToPort: 7881 + CidrIpv6: ::/0 - IpProtocol: udp FromPort: 50000 ToPort: 60000