diff --git a/openvidu-server/docker/openvidu-docker-compose/.env b/openvidu-server/docker/openvidu-docker-compose/.env index 125b3d0b..0d0ba4bb 100644 --- a/openvidu-server/docker/openvidu-docker-compose/.env +++ b/openvidu-server/docker/openvidu-docker-compose/.env @@ -1,2 +1,18 @@ openvidu_public_ip=192.168.1.66 openvidu_secret=MY_SECRET + +# Certificate type +# You can choose: +# 1. Self Signed (selfsigned) The certificate will be generate within +# the instance (default) +# 2. Let's encrypt (letsencrypt) Free SSL certificate provider +# 3. Your own certificate (owncert) If you own a SSL certificate, use this one. +# You need to provide your certificate files (nginx.key and nginx.crt) and +# put then in roles/nginx/files folder. +whichcert=selfsigned + +# Your custom domain name i.e. openvidu.example.com +domain_name=openvidu.example.com + +# Let's Encrypt email to receive notifications +letsencrypt_email=openvidu@example.com \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-docker-compose/default.conf b/openvidu-server/docker/openvidu-docker-compose/default.conf new file mode 100644 index 00000000..13c5317c --- /dev/null +++ b/openvidu-server/docker/openvidu-docker-compose/default.conf @@ -0,0 +1,11 @@ +server { + listen 80; + server_name {domain_name}; + location / { + return 301 https://$host$request_uri; + } + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } +} \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-docker-compose/docker-compose.yml b/openvidu-server/docker/openvidu-docker-compose/docker-compose.yml index 61beada2..e7d04d8d 100644 --- a/openvidu-server/docker/openvidu-docker-compose/docker-compose.yml +++ b/openvidu-server/docker/openvidu-docker-compose/docker-compose.yml @@ -2,29 +2,36 @@ version: '3.1' services: openvidu-ce: - image: openvidu/openvidu-server - entrypoint: ["java", "-jar", "-Dserver.ssl.enabled=false", "-Dopenvidu.publicurl=https://${openvidu_public_ip}:4443", "-Dserver.port=5443", "/openvidu-server.jar"] - network_mode: host + image: openvidu/openvidu-server:2.12.0 + entrypoint: ["java", "-jar", "-Dopenvidu.recording=true", "-Dopenvidu.recording.path=/opt/recordings", "-Dserver.ssl.enabled=false", "-Dopenvidu.publicurl=https://${openvidu_public_ip}:4443", "-Dserver.port=5443", "/openvidu-server.jar"] + ports: + - "5443:5443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ov-recordings:/opt/recordings environment: - openvidu.secret=${openvidu_secret} - kms.uris="[\"ws://${openvidu_public_ip}:8888/kurento\"]" + - coturn.ip=${openvidu_public_ip} + - coturn.redis.ip=${openvidu_public_ip} kms: - image: kurento/kurento-media-server + image: kurento/kurento-media-server:6.13.0 network_mode: host environment: - KMS_EXTERNAL_ADDRESS=${openvidu_public_ip} redis-db: - image: redis - network_mode: host + image: redis:5.0.7 + ports: + - "6379:6379" openvidu-coturn: image: openvidu-coturn network_mode: host environment: - - REDIS_IP=${openvidu_public_ip} - - TURN_PUBLIC_IP=${openvidu_public_ip} + - REDIS_IP=localhost + - TURN_PUBLIC_IP=localhost - TURN_LISTEN_PORT=3478 - DB_NAME=0 - DB_PASSWORD=turn @@ -32,18 +39,26 @@ services: - MAX_PORT=65535 proxy: - image: nginx + image: openvidu-nginx network_mode: host volumes: - - ./kms.conf:/etc/nginx/conf.d/kms.conf + - ./default.conf:/etc/nginx/conf.d/default.conf + - ./openvidu.conf:/etc/nginx/conf.d/openvidu.conf - ./openvidu-call.conf:/etc/nginx/conf.d/openvidu-call.conf - - ./openvidu.cert:/etc/ssl/openvidu/openvidu.cert - - ./openvidu.key:/etc/ssl/openvidu/openvidu.key - command: /bin/bash -c "rm /etc/nginx/conf.d/default.conf | true && exec nginx -g 'daemon off;'" openvidu-call: image: openvidu-call - network_mode: host + ports: + - "5442:80" environment: - OPENVIDU_URL=https://${openvidu_public_ip}:4443 - OPENVIDU_SECRET=${openvidu_secret} + +volumes: + letsencrypt: + certbot: + ov-recordings: + driver_opts: + type: none + device: /opt/recordings # Recording host PATH + o: bind diff --git a/openvidu-server/docker/openvidu-docker-compose/kms.conf b/openvidu-server/docker/openvidu-docker-compose/kms.conf deleted file mode 100644 index 3656fe3a..00000000 --- a/openvidu-server/docker/openvidu-docker-compose/kms.conf +++ /dev/null @@ -1,26 +0,0 @@ -server { - listen 4443 ssl; - # server_name example.name.es; - - ssl on; - ssl_certificate /etc/ssl/openvidu/openvidu.cert; - ssl_certificate_key /etc/ssl/openvidu/openvidu.key; - ssl_trusted_certificate /etc/ssl/openvidu/openvidu.cert; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Proto https; - proxy_headers_hash_bucket_size 512; - proxy_redirect off; - - # Websockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - location / { - proxy_pass http://localhost:5443; - } -} diff --git a/openvidu-server/docker/openvidu-docker-compose/openvidu-call.conf b/openvidu-server/docker/openvidu-docker-compose/openvidu-call.conf index b3d50160..c384349a 100644 --- a/openvidu-server/docker/openvidu-docker-compose/openvidu-call.conf +++ b/openvidu-server/docker/openvidu-docker-compose/openvidu-call.conf @@ -1,11 +1,11 @@ server { listen 443 ssl; - # server_name example.name.es; + server_name {domain_name}; ssl on; - ssl_certificate /etc/ssl/openvidu/openvidu.cert; - ssl_certificate_key /etc/ssl/openvidu/openvidu.key; - ssl_trusted_certificate /etc/ssl/openvidu/openvidu.cert; + ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; ssl_session_cache shared:SSL:50m; ssl_session_timeout 5m; @@ -26,6 +26,6 @@ server { proxy_redirect off; location / { - proxy_pass http://localhost:80; + proxy_pass http://localhost:5442; } } \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-docker-compose/openvidu.cert b/openvidu-server/docker/openvidu-docker-compose/openvidu.cert deleted file mode 100644 index a4faae86..00000000 --- a/openvidu-server/docker/openvidu-docker-compose/openvidu.cert +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFSzCCAzOgAwIBAgIUa5psw4OOasTgTEtsaH8+RWA8M/4wDQYJKoZIhvcNAQEL -BQAwNTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAoM -CG9wZW52aWR1MB4XDTIwMDMyNDA5NTAzM1oXDTIxMDMyNDA5NTAzM1owNTELMAkG -A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAoMCG9wZW52aWR1 -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvvJsgJ9wOHc6sqEuNCkw -z2C1Ei7LeQOH2wkbkcmekKk7Kku/e+8RB+1ZN1Tam4IFa8N/O4qsqQzL8FysQwx1 -L//p/Z6GRj7+8HM04FURRm26POGkCMvfYYGdWdRuBq/G8cQbZGN01db+9OvMtNi0 -xNe63+xATNHuaX0CoarPxm0PXLbRkMqYjiIJtijr91NXxtgJ//taghocNKBzzfP7 -9h6IYgbSrefLA4hxE2A412TKYBGxGW7Wiwp+Zybx11YCc8F+Jnz5TKH7aBEnQWL2 -H6hofoFL/34WuAQlbb//FHZZ4Dkbix2H5eQAy98EgLo21K+gN0MiRnTjmn5uht6p -/CF0r/fkIC58SKm6I5lDvIDb+zQt2pVA0YlnciEvTbPemTHpo61mNYxac1D6Mg6s -gWhvSuHGm1p235YnB7Nf3J2kJvhfTJ+A8OWet4bRoMzs7IXCn43GO/mkBXtkPfNr -x1eBYWmPlL30I2hNyr7XzBVW3s58yV8Fczvkn6Uvp9r3aTOD35FiDl/TFDXW+Z4v -HlArDUXpzDZtGfCtp/vwaFgGDuOcTM3M4J28vIvI6nwxAamHWXp5ce8f+wJ5LJKg -WgDcBaSIRqutniPYn0XxjaG+uFAwP4oaxLtoKBdjXcsu2PJeNgK6GquB/MJPg6f9 -u/Mqm/L9G6jnSYBA1ZAP4S8CAwEAAaNTMFEwHQYDVR0OBBYEFEPU4OAluVbs0Jcs -oNx7LAWKsMpLMB8GA1UdIwQYMBaAFEPU4OAluVbs0JcsoNx7LAWKsMpLMA8GA1Ud -EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADIMf3+wOLTgnJOhn4RBtGQm -ykxUi7dx0iFH+4Bnz2LsX+Ok4PG2VcnyNPQvndJVvf2b2nU8cVO7NhtxDxrdr1Qz -MvDset/Alt9GPlppVgIZTno/g58/ia5u+JK066x5mGpgFH0D+33Boq/sQ1VCDXLX -XTgZH/vBltEAxk0/exhbf6RnHsO4MDvh68Lj5LGHpMBZauuSqqx/0qCwwHNPf2y4 -JbVUoZRlHhvdY9E8yMDHdCnJp4YSrSflcoCs4k+HO8CPkAdNg9jfIUibZh0e2LRu -G/pV8KhH1+vKVt0KjBvHHszglNq7ze4EExLvdegIj4OUKcQ7owLT6LDXwW0EZqPH -NiDTrB/RY/nRJ54jeLx1Ngxav+yBYUUbxq01pz9oUv9KZ7gXpB0GvjeDWfPLsevW -wth345WG73hxCrBpd2pq5eKyFG1dDzvQvQI498EVvXg7nWA9EghZszBPqdwwb6M1 -obeOJO7DNpsr/nicxGVYYE0MqqpQlfhRSSKLtla7xq6ynl43RXMt3qYkq9h4Dhxi -UofGWmLMaNIcjB8NeqoBFLv8uvtJbukagqttEiejRpKFYR5MhLu1LzHyt420IDoA -1HoyGCHlWjjiGWUSgbJ33BBazPiz8POLqUJMA83DONf28CRpg6RXKna2xocNMp5E -gA8xtH0C9OuQlb8fKcjw ------END CERTIFICATE----- diff --git a/openvidu-server/docker/openvidu-docker-compose/openvidu.conf b/openvidu-server/docker/openvidu-docker-compose/openvidu.conf new file mode 100755 index 00000000..d6439865 --- /dev/null +++ b/openvidu-server/docker/openvidu-docker-compose/openvidu.conf @@ -0,0 +1,31 @@ +server { + listen 443 ssl; + server_name {domain_name}; + + ssl on; + ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; + + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 5m; + ssl_stapling on; + ssl_stapling_verify on; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + ssl_prefer_server_ciphers on; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto https; + proxy_headers_hash_bucket_size 512; + proxy_redirect off; + + location / { + proxy_pass http://localhost:5442; + } +} diff --git a/openvidu-server/docker/openvidu-docker-compose/openvidu.key b/openvidu-server/docker/openvidu-docker-compose/openvidu.key deleted file mode 100644 index 5ec7a988..00000000 --- a/openvidu-server/docker/openvidu-docker-compose/openvidu.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC+8myAn3A4dzqy -oS40KTDPYLUSLst5A4fbCRuRyZ6QqTsqS7977xEH7Vk3VNqbggVrw387iqypDMvw -XKxDDHUv/+n9noZGPv7wczTgVRFGbbo84aQIy99hgZ1Z1G4Gr8bxxBtkY3TV1v70 -68y02LTE17rf7EBM0e5pfQKhqs/GbQ9cttGQypiOIgm2KOv3U1fG2An/+1qCGhw0 -oHPN8/v2HohiBtKt58sDiHETYDjXZMpgEbEZbtaLCn5nJvHXVgJzwX4mfPlMofto -ESdBYvYfqGh+gUv/fha4BCVtv/8UdlngORuLHYfl5ADL3wSAujbUr6A3QyJGdOOa -fm6G3qn8IXSv9+QgLnxIqbojmUO8gNv7NC3alUDRiWdyIS9Ns96ZMemjrWY1jFpz -UPoyDqyBaG9K4cabWnbflicHs1/cnaQm+F9Mn4Dw5Z63htGgzOzshcKfjcY7+aQF -e2Q982vHV4FhaY+UvfQjaE3KvtfMFVbeznzJXwVzO+SfpS+n2vdpM4PfkWIOX9MU -Ndb5ni8eUCsNRenMNm0Z8K2n+/BoWAYO45xMzczgnby8i8jqfDEBqYdZenlx7x/7 -AnkskqBaANwFpIhGq62eI9ifRfGNob64UDA/ihrEu2goF2Ndyy7Y8l42Aroaq4H8 -wk+Dp/278yqb8v0bqOdJgEDVkA/hLwIDAQABAoICAQCbXcu1WIXKHBFxuT5MCNwD -UO/kTJkY7SuEqMN6+y9/C4PtpVa388zKw3AdWnjJoaDhj1+eRfa5UoU6HV247JEJ -rlRpHaypyaZMZaE3i2AUC0JHOV3sHl6zCvDKX9PqsunQXD3hkB9Hw7kN9jNJTy6/ -H72ZZ7TmDMbNpH8YplCLZr/iM4sPIhnBRKbcRi3Bv1mjnLN+SrnZNH+QvqGbiZOR -LkTQZjbUc883H7TKDDgT4pncU2jjhdEhrzcsnX6YNQ6nu1/21ydOGFrk0Vg8ltYm -6jOkA3af+6tmrVD7HQbjUm1MyYrExhGGl9+iAuO6DkqBAin97S0dYQy073zlVpW9 -/mTVZFI3E4kg2VdTj6lf0NEQVhUxSNTmAAMNlfd03Yqf3MmDaSHVPPCVdauMwa/D -OozzJZycD6StCjtfQ8URh6+LTNHkEFzA8n7C1QIDOzAVpAN6xCGFsFpC6Pz0Fubh -WC6F0c+NmZhIZO6DhzYSJzPxeGEkbGJXa13Jg8OaG5RmS7RRjxN3rMqnWMjRw+cl -Dh5PA803tXTGWZrs1OZqbbBPtC20pTY6yETlxjPek1pNX0E2MSVonkoqNZGRPT4i -LF5b5W6s9VSlcrAq7nvh98BU3Pwlbi7QKoCiNY52Da5JTQD09d3mdqBplmffzeqh -ScnzkKlq67pstTdRNP9G0QKCAQEA4fx5Kp94NhvLFJdUBSEKtUv0+P8dp3yQlBkK -5PPPtF9gKsF6y/4ciingok++4TWpgoqG7/RfXDF2p5yFQ6koDj927hc0E4H0sjcT -5uFBh4Gy1kDYW3+6mdEJpmPqu2GS6wG7JBoAHC7tmEL4Z/96YWBPxXHVcvEKjuYH -Pq0XoMzZyjmJi24/RHF9qY8PUOXO5z8Z6N9jk7+95/opa2gC7cCaPLO0UX36xOJ9 -QicvLjJehOv0vQ1/xkmyFMAtbKpuR3m/dhSWSwefigFSMpbGwoSMr6WVbU3x/TPW -8i1KQlZ7uBfSL7ZTqrb8PmEy79ZUroUeHTNZEk1JyL4zqjIdWQKCAQEA2E6d2WRY -DuHA8wETkl1GmSo2zyw5tu1Awcx7hLMTKr1hhTLiNJ8lZ7n5LBrFYTRIBxNWxJ+S -16e4nrFoWTJSvIZZv+52LfIGxVblujbWH1QDuEl07r8mKlvCuJsBPy3Azpt+bGpk -k2DWD4har8keRDS8HOGfxakTHQdUFUalVdIo57mLTNIoLcfpHS0l/uogPIXJBTIG -4R0JFbW5gk/RVxzeRVw0DyAV8/f81wer/ndOMiM0YB2/ZdiVAKhqcip7clSJtbXW -LblVQLxzyl/eRwNhnWWpwq3isIcqNxTKLubH6c7wFrEMm00IuvWu9sDs899n9b8u -ZyASeGULGZx5xwKCAQBRHbLQXdVkdq16gqciAC47zTvtdIVMbSXoQuTqManIcMOw -FSrith/AaC+9kypM5FooBVlSIEFqckbI+yHKm5lJI/aol6OVrPwMTEDUit5eqWts -BHKkxUBRnfr8wriq8ecue7yUxNBtTVrzYHaRvd5LvapkkOuxClxj1qWbFb55dY5n -TCfW6IfFJYeZqUQyIYsW7kt6j1TK3/RmpCDh8L+8X3n9d/OtnK66pSGY8T+6MVJE -G/4JLiNDJYjKcgDcFIDpHwZeeB1KaT4W50p95ikKAVIOaj0ssuG9pTHuU9tn3Gsk -NUi435VAndYE/hauiBx1WErq6Fd8fkmRyNP6r2phAoIBAQCwCLLvk3kSi2jymoKq -D9z/k1pNmglSNJ0J2vb+1JmZo8v0kaeD+ayAUNpWqWbOp7SihXuMwuzHMsjN5UUt -qgWpRZFO4Ksu0xPtj72foTb7Ae2REb7m+Yr+1/SNNiB6oSqTOfpWEvPM+PbcZzSe -cIeALIaW3oufWeyjKC6mrfqp8EG368lQ+IsYTuQJCZAtd65KcvpYjxEILRASqfTR -91E/ms/NFK+NS6hyBvSurqCrk76AkSPzwOHd6bfBdE5EoQwbzG7SAazPQ0/9QiDd -ps2Hb1oGtRDFzat5zFZvwyyTpN83CWFcpjPDQ5sCRCVizTlJcxvw4+jIplJBxsGU -00JLAoIBAQC0fze47Vf5oc19B8u7taFmCJYOwZMTKVDObSmTcKZ8m8Dymp8eM7vt -yaqf9wvIyjUMUHjSZHSONQATb2st0/0YweKzlBHhFkY6tW882ce5aGBNi11zzgL2 -KFcV6Sj8/SmRp9fvWdqVAoRa2em5Q2DX6sOyxRKuoC4gFH5CdJXcWM/UEzjM0nmG -WcdItaEzNgd4hkdIZysinJBb1I89Lr/6g3bD60vkx0N3E9gSfWIHhAqdrcaS3rVH -j8mNaiCQMV1zMwZgniU77AFWFoBDX14LG2DUIbo2PO91LJVx8EZ/YOAI79iuCCmH -pvKVbFdUERY36zzq38p2cAXo8Z/e2Eji ------END PRIVATE KEY----- diff --git a/openvidu-server/docker/openvidu-nginx/Dockerfile b/openvidu-server/docker/openvidu-nginx/Dockerfile new file mode 100644 index 00000000..6336c66b --- /dev/null +++ b/openvidu-server/docker/openvidu-nginx/Dockerfile @@ -0,0 +1,17 @@ +FROM nginx:1.17.9 + +# Install certbot +RUN apt update && \ + apt install -y python python-dev libffi6 libffi-dev libssl-dev curl build-essential procps && \ + curl -L 'https://bootstrap.pypa.io/get-pip.py' | python && \ + pip install -U cffi certbot && \ + apt remove --purge -y python-dev build-essential libffi-dev libssl-dev curl && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Entrypoint +COPY ./entrypoint.sh /usr/local/bin +RUN chmod +x /usr/local/bin/entrypoint.sh + +CMD /usr/local/bin/entrypoint.sh \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-nginx/entrypoint.sh b/openvidu-server/docker/openvidu-nginx/entrypoint.sh new file mode 100644 index 00000000..c765f943 --- /dev/null +++ b/openvidu-server/docker/openvidu-nginx/entrypoint.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +if [[ ! -z "${whichcert}" && ! -z "${domain_name}" && ! -z "${letsencrypt_email}" ]]; then + sed -i "s/{domain_name}/${domain_name}/" /etc/nginx/conf.d/*.conf +else + domain_name="openvidu" + mkdir -p /etc/letsencrypt/live/openvidu + + openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \ + -subj "/C=/ST=/L=/O=/CN=openvidu" \ + -keyout /etc/letsencrypt/live/openvidu/privkey.pem \ + -out /etc/letsencrypt/live/openvidu/fullchain.pem +fi + +CONFIG_FILES=/etc/nginx/conf.d/* +for file in ${CONFIG_FILES} +do + echo "$( cat ${file} | sed "s/{domain_name}/${domain_name}/")" > ${file} +done + +tail -f /var/log/nginx/*.log