ambiser
/
openvidu
mirror of https://github.com/OpenVidu/openvidu.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add openvidu-nginx image

pull/431/head
OscarSotoSanchez 2020-03-24 17:18:37 +01:00
parent 5202501e0d
commit 6931c08867
10 changed files with 130 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
openvidu-server/docker/openvidu-docker-compose/.env
View File

@ -1,2 +1,18 @@
openvidu_public_ip=192.168.1.66 openvidu_public_ip=192.168.1.66
openvidu_secret=MY_SECRET openvidu_secret=MY_SECRET
# Certificate type
# You can choose:
# 1. Self Signed (selfsigned) The certificate will be generate within
# the instance (default)
# 2. Let's encrypt (letsencrypt) Free SSL certificate provider
# 3. Your own certificate (owncert) If you own a SSL certificate, use this one.
# You need to provide your certificate files (nginx.key and nginx.crt) and
# put then in roles/nginx/files folder.
whichcert=selfsigned
# Your custom domain name i.e. openvidu.example.com
domain_name=openvidu.example.com
# Let's Encrypt email to receive notifications
letsencrypt_email=openvidu@example.com

11
openvidu-server/docker/openvidu-docker-compose/default.conf Normal file
View File

@ -0,0 +1,11 @@
server {
listen 80;
server_name {domain_name};
location / {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}

43
openvidu-server/docker/openvidu-docker-compose/docker-compose.yml
View File

@ -2,29 +2,36 @@ version: '3.1'
services: services:
openvidu-ce: openvidu-ce:
image: openvidu/openvidu-server image: openvidu/openvidu-server:2.12.0
entrypoint: ["java", "-jar", "-Dserver.ssl.enabled=false", "-Dopenvidu.publicurl=https://${openvidu_public_ip}:4443", "-Dserver.port=5443", "/openvidu-server.jar"] entrypoint: ["java", "-jar", "-Dopenvidu.recording=true", "-Dopenvidu.recording.path=/opt/recordings", "-Dserver.ssl.enabled=false", "-Dopenvidu.publicurl=https://${openvidu_public_ip}:4443", "-Dserver.port=5443", "/openvidu-server.jar"]
network_mode: host ports:
- "5443:5443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ov-recordings:/opt/recordings
environment: environment:
- openvidu.secret=${openvidu_secret} - openvidu.secret=${openvidu_secret}
- kms.uris="[\"ws://${openvidu_public_ip}:8888/kurento\"]" - kms.uris="[\"ws://${openvidu_public_ip}:8888/kurento\"]"
- coturn.ip=${openvidu_public_ip}
- coturn.redis.ip=${openvidu_public_ip}
kms: kms:
image: kurento/kurento-media-server image: kurento/kurento-media-server:6.13.0
network_mode: host network_mode: host
environment: environment:
- KMS_EXTERNAL_ADDRESS=${openvidu_public_ip} - KMS_EXTERNAL_ADDRESS=${openvidu_public_ip}
redis-db: redis-db:
image: redis image: redis:5.0.7
network_mode: host ports:
- "6379:6379"
openvidu-coturn: openvidu-coturn:
image: openvidu-coturn image: openvidu-coturn
network_mode: host network_mode: host
environment: environment:
- REDIS_IP=${openvidu_public_ip} - REDIS_IP=localhost
- TURN_PUBLIC_IP=${openvidu_public_ip} - TURN_PUBLIC_IP=localhost
- TURN_LISTEN_PORT=3478 - TURN_LISTEN_PORT=3478
- DB_NAME=0 - DB_NAME=0
- DB_PASSWORD=turn - DB_PASSWORD=turn
@ -32,18 +39,26 @@ services:
- MAX_PORT=65535 - MAX_PORT=65535
proxy: proxy:
image: nginx image: openvidu-nginx
network_mode: host network_mode: host
volumes: volumes:
- ./kms.conf:/etc/nginx/conf.d/kms.conf - ./default.conf:/etc/nginx/conf.d/default.conf
- ./openvidu.conf:/etc/nginx/conf.d/openvidu.conf
- ./openvidu-call.conf:/etc/nginx/conf.d/openvidu-call.conf - ./openvidu-call.conf:/etc/nginx/conf.d/openvidu-call.conf
- ./openvidu.cert:/etc/ssl/openvidu/openvidu.cert
- ./openvidu.key:/etc/ssl/openvidu/openvidu.key
command: /bin/bash -c "rm /etc/nginx/conf.d/default.conf | true && exec nginx -g 'daemon off;'"
openvidu-call: openvidu-call:
image: openvidu-call image: openvidu-call
network_mode: host ports:
- "5442:80"
environment: environment:
- OPENVIDU_URL=https://${openvidu_public_ip}:4443 - OPENVIDU_URL=https://${openvidu_public_ip}:4443
- OPENVIDU_SECRET=${openvidu_secret} - OPENVIDU_SECRET=${openvidu_secret}
volumes:
letsencrypt:
certbot:
ov-recordings:
driver_opts:
type: none
device: /opt/recordings # Recording host PATH
o: bind

26
openvidu-server/docker/openvidu-docker-compose/kms.conf
View File

@ -1,26 +0,0 @@
server {
listen 4443 ssl;
# server_name example.name.es;
ssl on;
ssl_certificate /etc/ssl/openvidu/openvidu.cert;
ssl_certificate_key /etc/ssl/openvidu/openvidu.key;
ssl_trusted_certificate /etc/ssl/openvidu/openvidu.cert;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_headers_hash_bucket_size 512;
proxy_redirect off;
# Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
location / {
proxy_pass http://localhost:5443;
}
}

10
openvidu-server/docker/openvidu-docker-compose/openvidu-call.conf
View File

@ -1,11 +1,11 @@
server { server {
listen 443 ssl; listen 443 ssl;
# server_name example.name.es; server_name {domain_name};
ssl on; ssl on;
ssl_certificate /etc/ssl/openvidu/openvidu.cert; ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
ssl_certificate_key /etc/ssl/openvidu/openvidu.key; ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem;
ssl_trusted_certificate /etc/ssl/openvidu/openvidu.cert; ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m; ssl_session_timeout 5m;
@ -26,6 +26,6 @@ server {
proxy_redirect off; proxy_redirect off;
location / { location / {
proxy_pass http://localhost:80; proxy_pass http://localhost:5442;
} }
} }

31
openvidu-server/docker/openvidu-docker-compose/openvidu.cert
View File

@ -1,31 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIFSzCCAzOgAwIBAgIUa5psw4OOasTgTEtsaH8+RWA8M/4wDQYJKoZIhvcNAQEL
BQAwNTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAoM
CG9wZW52aWR1MB4XDTIwMDMyNDA5NTAzM1oXDTIxMDMyNDA5NTAzM1owNTELMAkG
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAoMCG9wZW52aWR1
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvvJsgJ9wOHc6sqEuNCkw
z2C1Ei7LeQOH2wkbkcmekKk7Kku/e+8RB+1ZN1Tam4IFa8N/O4qsqQzL8FysQwx1
L//p/Z6GRj7+8HM04FURRm26POGkCMvfYYGdWdRuBq/G8cQbZGN01db+9OvMtNi0
xNe63+xATNHuaX0CoarPxm0PXLbRkMqYjiIJtijr91NXxtgJ//taghocNKBzzfP7
9h6IYgbSrefLA4hxE2A412TKYBGxGW7Wiwp+Zybx11YCc8F+Jnz5TKH7aBEnQWL2
H6hofoFL/34WuAQlbb//FHZZ4Dkbix2H5eQAy98EgLo21K+gN0MiRnTjmn5uht6p
/CF0r/fkIC58SKm6I5lDvIDb+zQt2pVA0YlnciEvTbPemTHpo61mNYxac1D6Mg6s
gWhvSuHGm1p235YnB7Nf3J2kJvhfTJ+A8OWet4bRoMzs7IXCn43GO/mkBXtkPfNr
x1eBYWmPlL30I2hNyr7XzBVW3s58yV8Fczvkn6Uvp9r3aTOD35FiDl/TFDXW+Z4v
HlArDUXpzDZtGfCtp/vwaFgGDuOcTM3M4J28vIvI6nwxAamHWXp5ce8f+wJ5LJKg
WgDcBaSIRqutniPYn0XxjaG+uFAwP4oaxLtoKBdjXcsu2PJeNgK6GquB/MJPg6f9
u/Mqm/L9G6jnSYBA1ZAP4S8CAwEAAaNTMFEwHQYDVR0OBBYEFEPU4OAluVbs0Jcs
oNx7LAWKsMpLMB8GA1UdIwQYMBaAFEPU4OAluVbs0JcsoNx7LAWKsMpLMA8GA1Ud
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADIMf3+wOLTgnJOhn4RBtGQm
ykxUi7dx0iFH+4Bnz2LsX+Ok4PG2VcnyNPQvndJVvf2b2nU8cVO7NhtxDxrdr1Qz
MvDset/Alt9GPlppVgIZTno/g58/ia5u+JK066x5mGpgFH0D+33Boq/sQ1VCDXLX
XTgZH/vBltEAxk0/exhbf6RnHsO4MDvh68Lj5LGHpMBZauuSqqx/0qCwwHNPf2y4
JbVUoZRlHhvdY9E8yMDHdCnJp4YSrSflcoCs4k+HO8CPkAdNg9jfIUibZh0e2LRu
G/pV8KhH1+vKVt0KjBvHHszglNq7ze4EExLvdegIj4OUKcQ7owLT6LDXwW0EZqPH
NiDTrB/RY/nRJ54jeLx1Ngxav+yBYUUbxq01pz9oUv9KZ7gXpB0GvjeDWfPLsevW
wth345WG73hxCrBpd2pq5eKyFG1dDzvQvQI498EVvXg7nWA9EghZszBPqdwwb6M1
obeOJO7DNpsr/nicxGVYYE0MqqpQlfhRSSKLtla7xq6ynl43RXMt3qYkq9h4Dhxi
UofGWmLMaNIcjB8NeqoBFLv8uvtJbukagqttEiejRpKFYR5MhLu1LzHyt420IDoA
1HoyGCHlWjjiGWUSgbJ33BBazPiz8POLqUJMA83DONf28CRpg6RXKna2xocNMp5E
gA8xtH0C9OuQlb8fKcjw
-----END CERTIFICATE-----

31
openvidu-server/docker/openvidu-docker-compose/openvidu.conf Executable file
View File

@ -0,0 +1,31 @@
server {
listen 443 ssl;
server_name {domain_name};
ssl on;
ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_headers_hash_bucket_size 512;
proxy_redirect off;
location / {
proxy_pass http://localhost:5442;
}
}

52
openvidu-server/docker/openvidu-docker-compose/openvidu.key
View File

@ -1,52 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC+8myAn3A4dzqy
oS40KTDPYLUSLst5A4fbCRuRyZ6QqTsqS7977xEH7Vk3VNqbggVrw387iqypDMvw
XKxDDHUv/+n9noZGPv7wczTgVRFGbbo84aQIy99hgZ1Z1G4Gr8bxxBtkY3TV1v70
68y02LTE17rf7EBM0e5pfQKhqs/GbQ9cttGQypiOIgm2KOv3U1fG2An/+1qCGhw0
oHPN8/v2HohiBtKt58sDiHETYDjXZMpgEbEZbtaLCn5nJvHXVgJzwX4mfPlMofto
ESdBYvYfqGh+gUv/fha4BCVtv/8UdlngORuLHYfl5ADL3wSAujbUr6A3QyJGdOOa
fm6G3qn8IXSv9+QgLnxIqbojmUO8gNv7NC3alUDRiWdyIS9Ns96ZMemjrWY1jFpz
UPoyDqyBaG9K4cabWnbflicHs1/cnaQm+F9Mn4Dw5Z63htGgzOzshcKfjcY7+aQF
e2Q982vHV4FhaY+UvfQjaE3KvtfMFVbeznzJXwVzO+SfpS+n2vdpM4PfkWIOX9MU
Ndb5ni8eUCsNRenMNm0Z8K2n+/BoWAYO45xMzczgnby8i8jqfDEBqYdZenlx7x/7
AnkskqBaANwFpIhGq62eI9ifRfGNob64UDA/ihrEu2goF2Ndyy7Y8l42Aroaq4H8
wk+Dp/278yqb8v0bqOdJgEDVkA/hLwIDAQABAoICAQCbXcu1WIXKHBFxuT5MCNwD
UO/kTJkY7SuEqMN6+y9/C4PtpVa388zKw3AdWnjJoaDhj1+eRfa5UoU6HV247JEJ
rlRpHaypyaZMZaE3i2AUC0JHOV3sHl6zCvDKX9PqsunQXD3hkB9Hw7kN9jNJTy6/
H72ZZ7TmDMbNpH8YplCLZr/iM4sPIhnBRKbcRi3Bv1mjnLN+SrnZNH+QvqGbiZOR
LkTQZjbUc883H7TKDDgT4pncU2jjhdEhrzcsnX6YNQ6nu1/21ydOGFrk0Vg8ltYm
6jOkA3af+6tmrVD7HQbjUm1MyYrExhGGl9+iAuO6DkqBAin97S0dYQy073zlVpW9
/mTVZFI3E4kg2VdTj6lf0NEQVhUxSNTmAAMNlfd03Yqf3MmDaSHVPPCVdauMwa/D
OozzJZycD6StCjtfQ8URh6+LTNHkEFzA8n7C1QIDOzAVpAN6xCGFsFpC6Pz0Fubh
WC6F0c+NmZhIZO6DhzYSJzPxeGEkbGJXa13Jg8OaG5RmS7RRjxN3rMqnWMjRw+cl
Dh5PA803tXTGWZrs1OZqbbBPtC20pTY6yETlxjPek1pNX0E2MSVonkoqNZGRPT4i
LF5b5W6s9VSlcrAq7nvh98BU3Pwlbi7QKoCiNY52Da5JTQD09d3mdqBplmffzeqh
ScnzkKlq67pstTdRNP9G0QKCAQEA4fx5Kp94NhvLFJdUBSEKtUv0+P8dp3yQlBkK
5PPPtF9gKsF6y/4ciingok++4TWpgoqG7/RfXDF2p5yFQ6koDj927hc0E4H0sjcT
5uFBh4Gy1kDYW3+6mdEJpmPqu2GS6wG7JBoAHC7tmEL4Z/96YWBPxXHVcvEKjuYH
Pq0XoMzZyjmJi24/RHF9qY8PUOXO5z8Z6N9jk7+95/opa2gC7cCaPLO0UX36xOJ9
QicvLjJehOv0vQ1/xkmyFMAtbKpuR3m/dhSWSwefigFSMpbGwoSMr6WVbU3x/TPW
8i1KQlZ7uBfSL7ZTqrb8PmEy79ZUroUeHTNZEk1JyL4zqjIdWQKCAQEA2E6d2WRY
DuHA8wETkl1GmSo2zyw5tu1Awcx7hLMTKr1hhTLiNJ8lZ7n5LBrFYTRIBxNWxJ+S
16e4nrFoWTJSvIZZv+52LfIGxVblujbWH1QDuEl07r8mKlvCuJsBPy3Azpt+bGpk
k2DWD4har8keRDS8HOGfxakTHQdUFUalVdIo57mLTNIoLcfpHS0l/uogPIXJBTIG
4R0JFbW5gk/RVxzeRVw0DyAV8/f81wer/ndOMiM0YB2/ZdiVAKhqcip7clSJtbXW
LblVQLxzyl/eRwNhnWWpwq3isIcqNxTKLubH6c7wFrEMm00IuvWu9sDs899n9b8u
ZyASeGULGZx5xwKCAQBRHbLQXdVkdq16gqciAC47zTvtdIVMbSXoQuTqManIcMOw
FSrith/AaC+9kypM5FooBVlSIEFqckbI+yHKm5lJI/aol6OVrPwMTEDUit5eqWts
BHKkxUBRnfr8wriq8ecue7yUxNBtTVrzYHaRvd5LvapkkOuxClxj1qWbFb55dY5n
TCfW6IfFJYeZqUQyIYsW7kt6j1TK3/RmpCDh8L+8X3n9d/OtnK66pSGY8T+6MVJE
G/4JLiNDJYjKcgDcFIDpHwZeeB1KaT4W50p95ikKAVIOaj0ssuG9pTHuU9tn3Gsk
NUi435VAndYE/hauiBx1WErq6Fd8fkmRyNP6r2phAoIBAQCwCLLvk3kSi2jymoKq
D9z/k1pNmglSNJ0J2vb+1JmZo8v0kaeD+ayAUNpWqWbOp7SihXuMwuzHMsjN5UUt
qgWpRZFO4Ksu0xPtj72foTb7Ae2REb7m+Yr+1/SNNiB6oSqTOfpWEvPM+PbcZzSe
cIeALIaW3oufWeyjKC6mrfqp8EG368lQ+IsYTuQJCZAtd65KcvpYjxEILRASqfTR
91E/ms/NFK+NS6hyBvSurqCrk76AkSPzwOHd6bfBdE5EoQwbzG7SAazPQ0/9QiDd
ps2Hb1oGtRDFzat5zFZvwyyTpN83CWFcpjPDQ5sCRCVizTlJcxvw4+jIplJBxsGU
00JLAoIBAQC0fze47Vf5oc19B8u7taFmCJYOwZMTKVDObSmTcKZ8m8Dymp8eM7vt
yaqf9wvIyjUMUHjSZHSONQATb2st0/0YweKzlBHhFkY6tW882ce5aGBNi11zzgL2
KFcV6Sj8/SmRp9fvWdqVAoRa2em5Q2DX6sOyxRKuoC4gFH5CdJXcWM/UEzjM0nmG
WcdItaEzNgd4hkdIZysinJBb1I89Lr/6g3bD60vkx0N3E9gSfWIHhAqdrcaS3rVH
j8mNaiCQMV1zMwZgniU77AFWFoBDX14LG2DUIbo2PO91LJVx8EZ/YOAI79iuCCmH
pvKVbFdUERY36zzq38p2cAXo8Z/e2Eji
-----END PRIVATE KEY-----

17
openvidu-server/docker/openvidu-nginx/Dockerfile Normal file
View File

@ -0,0 +1,17 @@
FROM nginx:1.17.9
# Install certbot
RUN apt update && \
apt install -y python python-dev libffi6 libffi-dev libssl-dev curl build-essential procps && \
curl -L 'https://bootstrap.pypa.io/get-pip.py' | python && \
pip install -U cffi certbot && \
apt remove --purge -y python-dev build-essential libffi-dev libssl-dev curl && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Entrypoint
COPY ./entrypoint.sh /usr/local/bin
RUN chmod +x /usr/local/bin/entrypoint.sh
CMD /usr/local/bin/entrypoint.sh

21
openvidu-server/docker/openvidu-nginx/entrypoint.sh Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
if [[ ! -z "${whichcert}" && ! -z "${domain_name}" && ! -z "${letsencrypt_email}" ]]; then
sed -i "s/{domain_name}/${domain_name}/" /etc/nginx/conf.d/*.conf
else
domain_name="openvidu"
mkdir -p /etc/letsencrypt/live/openvidu
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=/ST=/L=/O=/CN=openvidu" \
-keyout /etc/letsencrypt/live/openvidu/privkey.pem \
-out /etc/letsencrypt/live/openvidu/fullchain.pem
fi
CONFIG_FILES=/etc/nginx/conf.d/*
for file in ${CONFIG_FILES}
do
echo "$( cat ${file} | sed "s/{domain_name}/${domain_name}/")" > ${file}
done
tail -f /var/log/nginx/*.log