ambiser
/
openvidu
mirror of https://github.com/OpenVidu/openvidu.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

openvidu-deployment: General updates in nginx and public ip discovering: 

- Add option to redirect www to non-www (REDIRECT_WWW).
- Add endpoint to check nginx workers.
- Custom virtual hosts (Server blocks) can be added by the user to create custom rules in `/opt/openvidu/custom-nginx-vhost`.
- Parametrize `worker_connections` in nginx.conf (WORKER_CONNECTIONS)
- Improve `discover_my_public_ip.sh` to use dns servers instead of http servers
- Posibility to autodiscover ipv6 if available by using `PUBLIC_IP=auto-ipv6` in nginx, `TURN_PUBLIC_IP=auto-ipv6` in coturn and `COTURN_IP=auto-ipv6` in openvidu-server.
By default ipv4 is used.
pull/553/head
cruizba 2020-11-02 19:46:59 +01:00
parent 8b96a5f6ea
commit 6a73083e7b
42 changed files with 616 additions and 364 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openvidu-server/deployments/ce/docker-compose/.env
View File

@ -40,8 +40,14 @@ LETSENCRYPT_EMAIL=user@example.com
# HTTPS_PORT=443
# If true request to with www will be redirected to non-www requests
# Default value is false
# REDIRECT_WWW=false
# How many workers to configure in nginx proxy.
# The more workers, the more requests will be handled
# Default value is 10240
# WORKER_CONNECTIONS=10240
# Access restrictions
# In this section you will be able to restrict the IPs from which you can access to
# Openvidu API and the Administration Panel

12
openvidu-server/deployments/ce/docker-compose/docker-compose.yml
View File

@ -22,10 +22,10 @@ version: '3.1'
services:
openvidu-server:
image: openvidu/openvidu-server:2.16.0-dev1
image: openvidu/openvidu-server:2.16.0-dev2
restart: on-failure
network_mode: host
entrypoint: ['/bin/bash', '-c', 'export COTURN_IP=`/usr/local/bin/discover_my_public_ip.sh`; /usr/local/bin/entrypoint.sh']
entrypoint: ['/usr/local/bin/entrypoint.sh']
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${OPENVIDU_RECORDING_PATH}:${OPENVIDU_RECORDING_PATH}
@ -39,6 +39,7 @@ services:
- KMS_URIS=["ws://localhost:8888/kurento"]
- COTURN_REDIS_IP=127.0.0.1
- COTURN_REDIS_PASSWORD=${OPENVIDU_SECRET}
- COTURN_IP=${COTURN_IP:-auto-ipv4}
kms:
image: ${KMS_IMAGE:-kurento/kurento-media-server:6.14.0}
@ -62,7 +63,7 @@ services:
- REDIS_PASSWORD=${OPENVIDU_SECRET}
coturn:
image: openvidu/openvidu-coturn:2.0.0-dev2
image: openvidu/openvidu-coturn:2.0.0-dev3
restart: on-failure
network_mode: host
environment:
@ -74,12 +75,13 @@ services:
- MAX_PORT=65535
nginx:
image: openvidu/openvidu-proxy:4.0.0-dev4
image: openvidu/openvidu-proxy:4.0.0-dev5
restart: on-failure
network_mode: host
volumes:
- ./certificates:/etc/letsencrypt
- ./owncert:/owncert
- ./custom-nginx-vhosts:/etc/nginx/vhost.d/
- ${OPENVIDU_RECORDING_CUSTOM_LAYOUT}:/opt/openvidu/custom-layout
environment:
- DOMAIN_OR_PUBLIC_IP=${DOMAIN_OR_PUBLIC_IP}
@ -93,3 +95,5 @@ services:
- WITH_APP=true
- SUPPORT_DEPRECATED_API=${SUPPORT_DEPRECATED_API:-true}
- REDIRECT_WWW=${REDIRECT_WWW:-false}
- WORKER_CONNECTIONS=${WORKER_CONNECTIONS:-10240}
- PUBLIC_IP=${PUBLIC_IP:-auto-ipv4}

4
openvidu-server/deployments/ce/docker-compose/install_openvidu.sh
View File

@ -54,6 +54,10 @@ new_ov_installation() {
printf "\n => Creating folder 'owncert'..."
mkdir "${OPENVIDU_FOLDER}/owncert" || fatal_error "Error while creating the folder 'owncert'"
# Create vhost nginx folder
printf "\n => Creating folder 'custom-nginx-vhosts'..."
mkdir "${OPENVIDU_FOLDER}/custom-nginx-vhosts" || fatal_error "Error while creating the folder 'custom-nginx-vhosts'"
# Ready to use
printf '\n'
printf '\n'

6
openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env
View File

@ -43,8 +43,14 @@ LETSENCRYPT_EMAIL=user@example.com
# HTTPS_PORT=443
# If true request to with www will be redirected to non-www requests
# Default value is false
# REDIRECT_WWW=false
# How many workers to configure in nginx proxy.
# The more workers, the more requests will be handled
# Default value is 10240
# WORKER_CONNECTIONS=10240
# Access restrictions
# In this section you will be able to restrict the IPs from which you can access to
# Openvidu API and the Administration Panel

9
openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml
View File

@ -22,10 +22,10 @@ version: '3.1'
services:
openvidu-server:
image: openvidu/openvidu-server-pro:2.16.0-dev2
image: openvidu/openvidu-server-pro:2.16.0-dev4
restart: on-failure
network_mode: host
entrypoint: ['/bin/bash', '-c', 'export COTURN_IP=`/usr/local/bin/discover_my_public_ip.sh`; /usr/local/bin/entrypoint.sh']
entrypoint: ['/usr/local/bin/entrypoint.sh']
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${OPENVIDU_RECORDING_PATH}:${OPENVIDU_RECORDING_PATH}
@ -41,6 +41,7 @@ services:
- KMS_URIS=[]
- COTURN_REDIS_IP=127.0.0.1
- COTURN_REDIS_PASSWORD=${OPENVIDU_SECRET}
- COTURN_IP=${COTURN_IP:-auto-ipv4}
- OPENVIDU_PRO_CLUSTER=true
- OPENVIDU_PRO_KIBANA_HOST=${OPENVIDU_PRO_KIBANA_HOST:-http://127.0.0.1/kibana}
- OPENVIDU_PRO_ELASTICSEARCH_HOST=${OPENVIDU_PRO_ELASTICSEARCH_HOST:-http://127.0.0.1:9200}
@ -65,7 +66,7 @@ services:
- DB_PASSWORD=${OPENVIDU_SECRET}
- MIN_PORT=40000
- MAX_PORT=65535
- TURN_PUBLIC_IP=auto
- TURN_PUBLIC_IP=${TURN_PUBLIC_IP:-auto-ipv4}
nginx:
image: openvidu/openvidu-proxy:4.0.0-dev4
@ -74,6 +75,7 @@ services:
volumes:
- ./certificates:/etc/letsencrypt
- ./owncert:/owncert
- ./custom-nginx-vhosts:/etc/nginx/vhost.d/
- ${OPENVIDU_RECORDING_CUSTOM_LAYOUT}:/opt/openvidu/custom-layout
environment:
- DOMAIN_OR_PUBLIC_IP=${DOMAIN_OR_PUBLIC_IP}
@ -87,6 +89,7 @@ services:
- WITH_APP=true
- SUPPORT_DEPRECATED_API=${SUPPORT_DEPRECATED_API:-true}
- REDIRECT_WWW=${REDIRECT_WWW:-false}
- WORKER_CONNECTIONS=${WORKER_CONNECTIONS:-10240}
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0

4
openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/install_openvidu_pro.sh
View File

@ -95,6 +95,10 @@ new_ov_installation() {
printf "\n => Creating folder 'owncert'..."
mkdir "${OPENVIDU_FOLDER}/owncert" || fatal_error "Error while creating the folder 'owncert'"
# Create vhost nginx folder
printf "\n => Creating folder 'custom-nginx-vhosts'..."
mkdir "${OPENVIDU_FOLDER}/custom-nginx-vhosts" || fatal_error "Error while creating the folder 'custom-nginx-vhosts'"
# Ready to use
printf '\n'
printf '\n'

3
openvidu-server/docker/openvidu-coturn/entrypoint.sh
View File

@ -5,7 +5,8 @@ DEBUG=${DEBUG:-false}
[ "$DEBUG" == "true" ] && set -x
#Check parameters
[[ "${TURN_PUBLIC_IP}" == "auto" ]] && export TURN_PUBLIC_IP=$(/usr/local/bin/discover_my_public_ip.sh)
[[ "${TURN_PUBLIC_IP}" == "auto-ipv4" ]] && export TURN_PUBLIC_IP=$(/usr/local/bin/discover_my_public_ip.sh)
[[ "${TURN_PUBLIC_IP}" == "auto-ipv6" ]] && export TURN_PUBLIC_IP=$(/usr/local/bin/discover_my_public_ip.sh --ipv6)
echo "TURN public IP: ${TURN_PUBLIC_IP:-"empty"}"

10
openvidu-server/docker/openvidu-proxy/Dockerfile
View File

@ -5,7 +5,9 @@ RUN apk update && \
apk add bash \
certbot \
openssl \
apache2-utils && \
apache2-utils \
bind-tools \
perl pcre grep && \
rm -rf /var/cache/apk/*
# Default nginx conf
@ -14,9 +16,15 @@ COPY ./default_nginx_conf /default_nginx_conf
# Entrypoint and discover public ip scripts
COPY ./discover_my_public_ip.sh /usr/local/bin
# Copy nginx.conf
COPY ./nginx.conf /etc/nginx/nginx.conf
# Entrypoint
COPY ./entrypoint.sh /usr/local/bin
RUN mkdir -p /var/www/certbot && \
mkdir -p /etc/nginx/vhost.d/ && \
chmod +x /usr/local/bin/entrypoint.sh && \
chmod +x /usr/local/bin/discover_my_public_ip.sh

33
openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf
View File

@ -1,33 +0,0 @@
{app_upstream}
upstream openviduserver {
server localhost:5443;
}
server {
listen {https_port} ssl;
server_name {domain_name};
{ssl_config}
{proxy_config}
{app_config}
########################
# OpenVidu Locations #
########################
{common_api_ce}
{deprecated_api_ce}
{new_api_ce}
#################################
# LetsEncrypt #
#################################
location /.well-known/acme-challenge {
root /var/www/certbot;
try_files $uri $uri/ =404;
}
}

40
openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf
View File

@ -1,3 +1,9 @@
{app_upstream}
upstream openviduserver {
server localhost:5443;
}
server {
listen {http_port};
server_name {domain_name};
@ -11,4 +17,38 @@ server {
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
{nginx_status}
}
{redirect_www}
{redirect_www_ssl}
server {
listen {https_port} ssl;
server_name {domain_name};
{ssl_config}
{proxy_config}
{app_config}
########################
# OpenVidu Locations #
########################
{common_api_ce}
{deprecated_api_ce}
{new_api_ce}
#################################
# LetsEncrypt #
#################################
location /.well-known/acme-challenge {
root /var/www/certbot;
try_files $uri $uri/ =404;
}
}

4
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/app_config.conf Normal file
View File

@ -0,0 +1,4 @@
# Your App
location / {
proxy_pass http://yourapp; # Openvidu call by default
}

2
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/app_config_default.conf Normal file
View File

@ -0,0 +1,2 @@
# Welcome
root /var/www/html;

0
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/upstream-yourapp.conf → openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/app_upstream.conf
View File

14
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/ce/common_api_ce.conf Normal file
View File

@ -0,0 +1,14 @@
#################################
# Common rules #
#################################
# Dashboard rule
location /dashboard {
{rules_access_dashboard}
deny all;
proxy_pass http://openviduserver;
}
# Websocket rule
location ~ /openvidu$ {
proxy_pass http://openviduserver;
}

40
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/ce/deprecated_api_ce.conf Normal file
View File

@ -0,0 +1,40 @@
#################################
# Deprecated API #
#################################
# Openvidu Server
location /layouts/custom {
rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break;
root /opt/openvidu;
}
location /recordings {
proxy_pass http://openviduserver;
}
location /api {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /info {
{rules_access_dashboard}
deny all;
proxy_pass http://openviduserver;
}
location /config {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /accept-certificate {
proxy_pass http://openviduserver;
}
location /cdr {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}

33
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/ce/new_api_ce.conf Normal file
View File

@ -0,0 +1,33 @@
#################################
# New API #
#################################
location /openvidu/layouts {
rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
root /opt/openvidu;
}
location /openvidu/recordings {
proxy_pass http://openviduserver;
}
location /openvidu/api {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /openvidu/info {
{rules_access_dashboard}
deny all;
proxy_pass http://openviduserver;
}
location /openvidu/accept-certificate {
proxy_pass http://openviduserver;
}
location /openvidu/cdr {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}

14
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/ce/redirect_www.conf Normal file
View File

@ -0,0 +1,14 @@
server {
listen {http_port};
server_name www.{domain_name};
# Redirect to https
location / {
rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
}
# letsencrypt
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}

2
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/default-root.conf
View File

@ -1,2 +0,0 @@
# Welcome
root /var/www/html;

4
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/location-yourapp.conf
View File

@ -1,4 +0,0 @@
# Your App
location / {
proxy_pass http://yourapp; # Openvidu call by default
}

14
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-ce/common-api-ce.conf
View File

@ -1,14 +0,0 @@
#################################
# Common rules #
#################################
# Dashboard rule
location /dashboard {
{rules_access_dashboard}
deny all;
proxy_pass http://openviduserver;
}
# Websocket rule
location ~ /openvidu$ {
proxy_pass http://openviduserver;
}

40
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-ce/deprecated-api-ce.conf
View File

@ -1,40 +0,0 @@
#################################
# Deprecated API #
#################################
# Openvidu Server
location /layouts/custom {
rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break;
root /opt/openvidu;
}
location /recordings {
proxy_pass http://openviduserver;
}
location /api {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /info {
{rules_access_dashboard}
deny all;
proxy_pass http://openviduserver;
}
location /config {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /accept-certificate {
proxy_pass http://openviduserver;
}
location /cdr {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}

33
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-ce/new-api-ce.conf
View File

@ -1,33 +0,0 @@
#################################
# New API #
#################################
location /openvidu/layouts {
rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
root /opt/openvidu;
}
location /openvidu/recordings {
proxy_pass http://openviduserver;
}
location /openvidu/api {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /openvidu/info {
{rules_access_dashboard}
deny all;
proxy_pass http://openviduserver;
}
location /openvidu/accept-certificate {
proxy_pass http://openviduserver;
}
location /openvidu/cdr {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}

27
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-pro/common-api-pro.conf
View File

@ -1,27 +0,0 @@
#################################
# Common rules #
#################################
location /dashboard {
{rules_access_dashboard}
deny all;
rewrite ^/dashboard/(.*)$ /$1 break;
proxy_pass http://openviduserver/;
}
location /inspector {
{rules_access_dashboard}
deny all;
proxy_pass http://openviduserver;
}
location ~ /openvidu$ {
proxy_pass http://openviduserver;
}
location /kibana {
{rules_access_dashboard}
deny all;
rewrite ^/kibana/(.*)$ /$1 break;
proxy_pass http://kibana/;
}

59
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-pro/deprecated-api-pro.conf
View File

@ -1,59 +0,0 @@
#################################
# Deprecated API #
#################################
# Openvidu Server
location /layouts/custom {
rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break;
root /opt/openvidu;
}
location /recordings {
proxy_pass http://openviduserver;
}
location /api {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /info {
{rules_access_dashboard}
deny all;
proxy_pass http://openviduserver;
}
location /config {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /accept-certificate {
proxy_pass http://openviduserver;
}
location /cdr {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
# Openvidu Server Pro
location /pro {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /api-login {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /elasticsearch {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}

46
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/locations-pro/new-api-pro.conf
View File

@ -1,46 +0,0 @@
#################################
# New API #
#################################
# OpenVidu Server
location /openvidu/layouts {
rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
root /opt/openvidu;
}
location /openvidu/recordings {
proxy_pass http://openviduserver;
}
location /openvidu/api {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /openvidu/info {
{rules_access_dashboard}
deny all;
proxy_pass http://openviduserver;
}
location /openvidu/accept-certificate {
proxy_pass http://openviduserver;
}
location /openvidu/cdr {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
# OpenVidu Server PRO
location /openvidu/elk {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /openvidu/inspector-api {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}

5
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/nginx_status.conf Normal file
View File

@ -0,0 +1,5 @@
location /nginx_status {
stub_status;
allow 127.0.0.1; #only allow requests from localhost
deny all; #deny all other hosts
}

27
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/pro/common_api_pro.conf Normal file
View File

@ -0,0 +1,27 @@
#################################
# Common rules #
#################################
location /dashboard {
{rules_access_dashboard}
deny all;
rewrite ^/dashboard/(.*)$ /$1 break;
proxy_pass http://openviduserver/;
}
location /inspector {
{rules_access_dashboard}
deny all;
proxy_pass http://openviduserver;
}
location ~ /openvidu$ {
proxy_pass http://openviduserver;
}
location /kibana {
{rules_access_dashboard}
deny all;
rewrite ^/kibana/(.*)$ /$1 break;
proxy_pass http://kibana/;
}

59
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/pro/deprecated_api_pro.conf Normal file
View File

@ -0,0 +1,59 @@
#################################
# Deprecated API #
#################################
# Openvidu Server
location /layouts/custom {
rewrite ^/layouts/custom/(.*)$ /custom-layout/$1 break;
root /opt/openvidu;
}
location /recordings {
proxy_pass http://openviduserver;
}
location /api {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /info {
{rules_access_dashboard}
deny all;
proxy_pass http://openviduserver;
}
location /config {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /accept-certificate {
proxy_pass http://openviduserver;
}
location /cdr {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
# Openvidu Server Pro
location /pro {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /api-login {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /elasticsearch {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}

46
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/pro/new_api_pro.conf Normal file
View File

@ -0,0 +1,46 @@
#################################
# New API #
#################################
# OpenVidu Server
location /openvidu/layouts {
rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
root /opt/openvidu;
}
location /openvidu/recordings {
proxy_pass http://openviduserver;
}
location /openvidu/api {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /openvidu/info {
{rules_access_dashboard}
deny all;
proxy_pass http://openviduserver;
}
location /openvidu/accept-certificate {
proxy_pass http://openviduserver;
}
location /openvidu/cdr {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
# OpenVidu Server PRO
location /openvidu/elk {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}
location /openvidu/inspector-api {
{rules_acess_api}
deny all;
proxy_pass http://openviduserver;
}

3
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/pro/redirect_www.conf Normal file
View File

@ -0,0 +1,3 @@
if ($host = www.{domain_name}) {
rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
}

13
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/proxy.conf
View File

@ -1,13 +0,0 @@
# Proxy
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_headers_hash_bucket_size 512;
proxy_redirect off;
# Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

13
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/proxy_config.conf Normal file
View File

@ -0,0 +1,13 @@
# Proxy
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_headers_hash_bucket_size 512;
proxy_redirect off;
# Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

18
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/redirect_www_ssl.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 443 ssl;
server_name www.{domain_name};
{ssl_config}
{proxy_config}
# Redirect to non-www
location / {
rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
}
# letsencrypt
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}

14
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/ssl.conf
View File

@ -1,14 +0,0 @@
# SSL Config
ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;

14
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/ssl_config.conf Normal file
View File

@ -0,0 +1,14 @@
# SSL Config
ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;

6
openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf
View File

@ -12,11 +12,15 @@ upstream openviduserver {
server localhost:5443;
}
{redirect_www_ssl}
server {
# Redirect to https
if ($host = {domain_name}) {
rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
} # managed by Certbot
{redirect_www}
listen {http_port} default_server;
server_name {domain_name};
@ -38,6 +42,8 @@ server {
rewrite ^/kibana/(.*)$ /$1 break;
proxy_pass http://kibana/;
}
{nginx_status}
}
server {

110
openvidu-server/docker/openvidu-proxy/entrypoint.sh
View File

@ -38,7 +38,10 @@ CERTIFICATES_CONF="${CERTIFICATES_LIVE_FOLDER}/certificates.conf"
[ -z "${PROXY_HTTPS_PORT}" ] && export PROXY_HTTPS_PORT=443
[ -z "${WITH_APP}" ] && export WITH_APP=true
[ -z "${SUPPORT_DEPRECATED_API}" ] && export SUPPORT_DEPRECATED_API=true
[ -z "${REDIRECT_WWW}" ] && export REDIRECT_WWW=false
[ -z "${PROXY_MODE}" ] && export PROXY_MODE=CE
[ -z "${WORKER_CONNECTIONS}" ] && export WORKER_CONNECTIONS=10240
[ -z "${PUBLIC_IP}" ] && export PUBLIC_IP=auto-ipv4
[ -z "${ALLOWED_ACCESS_TO_DASHBOARD}" ] && export ALLOWED_ACCESS_TO_DASHBOARD=all
[ -z "${ALLOWED_ACCESS_TO_RESTAPI}" ] && export ALLOWED_ACCESS_TO_RESTAPI=all
@ -51,8 +54,10 @@ printf "\n"
printf "\n Config NGINX:"
printf "\n - Http Port: %s" "${PROXY_HTTP_PORT}"
printf "\n - Https Port: %s" "${PROXY_HTTPS_PORT}"
printf "\n - Worker Connections: %s" "${WORKER_CONNECTIONS}"
printf "\n - Allowed Access in Openvidu Dashboard: %s" "${ALLOWED_ACCESS_TO_DASHBOARD}"
printf "\n - Allowed Access in Openvidu API: %s" "${ALLOWED_ACCESS_TO_RESTAPI}"
printf "\n - Redirect www to non-www: %s" "${REDIRECT_WWW}"
printf "\n"
printf "\n Config Openvidu Application:"
printf "\n - Domain name: %s" "${DOMAIN_OR_PUBLIC_IP}"
@ -67,6 +72,9 @@ printf "\n = CONFIGURATION NGINX ="
printf "\n ======================================="
printf "\n"
# Override worker connections
sed -i "s/{worker_connections}/${WORKER_CONNECTIONS}/g" /etc/nginx/nginx.conf
printf "\n Configure %s domain..." "${DOMAIN_OR_PUBLIC_IP}"
OLD_DOMAIN_OR_PUBLIC_IP=$(head -n 1 "${CERTIFICATES_CONF}" | cut -f1 -d$'\t')
CERTIFICATED_OLD_CONFIG=$(head -n 1 "${CERTIFICATES_CONF}" | cut -f2 -d$'\t')
@ -74,9 +82,9 @@ CERTIFICATED_OLD_CONFIG=$(head -n 1 "${CERTIFICATES_CONF}" | cut -f2 -d$'\t')
printf "\n - New configuration: %s %s" "${CERTIFICATE_TYPE}" "${DOMAIN_OR_PUBLIC_IP}"
if [ -z "${CERTIFICATED_OLD_CONFIG}" ]; then
printf "\n - Old configuration: none"
printf "\n - Old configuration: none\n"
else
printf "\n - Old configuration: %s %s" "${CERTIFICATED_OLD_CONFIG}" "${OLD_DOMAIN_OR_PUBLIC_IP}"
printf "\n - Old configuration: %s %s\n" "${CERTIFICATED_OLD_CONFIG}" "${OLD_DOMAIN_OR_PUBLIC_IP}"
if [ "${CERTIFICATED_OLD_CONFIG}" != "${CERTIFICATE_TYPE}" ] || \
[ "${OLD_DOMAIN_OR_PUBLIC_IP}" != "${DOMAIN_OR_PUBLIC_IP}" ]; then
@ -161,34 +169,14 @@ chmod -R 777 /etc/letsencrypt
# Use certificates in folder '/default_nginx_conf'
if [ "${PROXY_MODE}" == "CE" ]; then
if [ "${WITH_APP}" == "true" ] && [ "${SUPPORT_DEPRECATED_API}" == "true" ]; then
mv /default_nginx_conf/ce/support_deprecated_api/default-app.conf /default_nginx_conf/default-app.conf
elif [ "${WITH_APP}" == "true" ] && [ "${SUPPORT_DEPRECATED_API}" == "false" ]; then
mv /default_nginx_conf/ce/default-app.conf /default_nginx_conf/default-app.conf
elif [ "${WITH_APP}" == "false" ] && [ "${SUPPORT_DEPRECATED_API}" == "true" ]; then
mv /default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf /default_nginx_conf/default-app.conf
elif [ "${WITH_APP}" == "false" ] && [ "${SUPPORT_DEPRECATED_API}" == "false" ]; then
mv /default_nginx_conf/ce/default-app-without-demos.conf /default_nginx_conf/default-app.conf
fi
mv /default_nginx_conf/ce/default.conf /default_nginx_conf/default.conf
rm -rf /default_nginx_conf/ce
rm -rf /default_nginx_conf/pro
# Remove previous configuration
[[ -f /default_nginx_conf/default.conf ]] && rm /default_nginx_conf/default.conf
cp /default_nginx_conf/ce/default.conf /default_nginx_conf/default.conf
fi
if [ "${PROXY_MODE}" == "PRO" ]; then
if [ "${WITH_APP}" == "true" ] && [ "${SUPPORT_DEPRECATED_API}" == "true" ]; then
mv /default_nginx_conf/pro/support_deprecated_api/default.conf /default_nginx_conf/default.conf
elif [ "${WITH_APP}" == "true" ] && [ "${SUPPORT_DEPRECATED_API}" == "false" ]; then
mv /default_nginx_conf/pro/default.conf /default_nginx_conf/default.conf
elif [ "${WITH_APP}" == "false" ] && [ "${SUPPORT_DEPRECATED_API}" == "true" ]; then
mv /default_nginx_conf/pro/support_deprecated_api/default-app-without-demos.conf /default_nginx_conf/default.conf
elif [ "${WITH_APP}" == "false" ] && [ "${SUPPORT_DEPRECATED_API}" == "false" ]; then
mv /default_nginx_conf/pro/default-app-without-demos.conf /default_nginx_conf/default.conf
fi
rm -rf /default_nginx_conf/ce
rm -rf /default_nginx_conf/pro
[[ -f /default_nginx_conf/default.conf ]] && rm /default_nginx_conf/default.conf
cp /default_nginx_conf/pro/default.conf /default_nginx_conf/default.conf
fi
# Create index.html
@ -199,7 +187,50 @@ EOF
# Load nginx conf files
rm /etc/nginx/conf.d/*
cp /default_nginx_conf/* /etc/nginx/conf.d
cp /default_nginx_conf/default* /etc/nginx/conf.d
# Replace config files
sed -e '/{ssl_config}/{r default_nginx_conf/global/ssl_config.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{proxy_config}/{r default_nginx_conf/global/proxy_config.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{nginx_status}/{r default_nginx_conf/global/nginx_status.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{common_api_ce}/{r default_nginx_conf/global/ce/common_api_ce.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{new_api_ce}/{r default_nginx_conf/global/ce/new_api_ce.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{common_api_pro}/{r default_nginx_conf/global/pro/common_api_pro.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{new_api_pro}/{r default_nginx_conf/global/pro/new_api_pro.conf' -e 'd}' -i /etc/nginx/conf.d/*
if [[ "${WITH_APP}" == "true" ]]; then
sed -e '/{app_upstream}/{r default_nginx_conf/global/app_upstream.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{app_config}/{r default_nginx_conf/global/app_config.conf' -e 'd}' -i /etc/nginx/conf.d/*
elif [[ "${WITH_APP}" == "false" ]]; then
sed -i '/{app_upstream}/d' /etc/nginx/conf.d/*
sed -e '/{app_config}/{r default_nginx_conf/global/app_config_default.conf' -e 'd}' -i /etc/nginx/conf.d/*
fi
if [[ "${SUPPORT_DEPRECATED_API}" == "true" ]]; then
sed -e '/{deprecated_api_ce}/{r default_nginx_conf/global/ce/deprecated_api_ce.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{deprecated_api_pro}/{r default_nginx_conf/global/pro/deprecated_api_pro.conf' -e 'd}' -i /etc/nginx/conf.d/*
elif [[ "${SUPPORT_DEPRECATED_API}" == "false" ]]; then
sed -i '/{deprecated_api_ce}/d' /etc/nginx/conf.d/*
sed -i '/{deprecated_api_pro}/d' /etc/nginx/conf.d/*
fi
if [[ "${REDIRECT_WWW}" == "true" ]]; then
sed -e '/{redirect_www_ssl}/{r default_nginx_conf/global/redirect_www_ssl.conf' -e 'd}' -i /etc/nginx/conf.d/*
if [[ "${PROXY_MODE}" == "CE" ]]; then
sed -e '/{redirect_www}/{r default_nginx_conf/global/ce/redirect_www.conf' -e 'd}' -i /etc/nginx/conf.d/*
fi
if [ "${PROXY_MODE}" == "PRO" ]; then
sed -e '/{redirect_www}/{r default_nginx_conf/global/pro/redirect_www.conf' -e 'd}' -i /etc/nginx/conf.d/*
fi
elif [[ "${REDIRECT_WWW}" == "false" ]]; then
sed -i '/{redirect_www}/d' /etc/nginx/conf.d/*
sed -i '/{redirect_www_ssl}/d' /etc/nginx/conf.d/*
fi
# Process main configs
sed -e '/{ssl_config}/{r default_nginx_conf/global/ssl_config.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{proxy_config}/{r default_nginx_conf/global/proxy_config.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -i "s/{domain_name}/${DOMAIN_OR_PUBLIC_IP}/g" /etc/nginx/conf.d/*
sed -i "s/{http_port}/${PROXY_HTTP_PORT}/g" /etc/nginx/conf.d/*
sed -i "s/{https_port}/${PROXY_HTTPS_PORT}/g" /etc/nginx/conf.d/*
@ -212,8 +243,6 @@ printf "\n ======================================="
printf "\n"
printf "\n Adding rules..."
LOCAL_NETWORKS=$(ip route list | grep -Eo '([0-9]*\.){3}[0-9]*/[0-9]*')
PUBLIC_IP=$(/usr/local/bin/discover_my_public_ip.sh)
valid_ip_v4()
{
@ -237,6 +266,23 @@ valid_ip_v6()
fi
}
LOCAL_NETWORKS=$(ip route list | grep -Eo '([0-9]*\.){3}[0-9]*/[0-9]*')
if [[ "${PUBLIC_IP}" == "auto-ipv4" ]]; then
PUBLIC_IP=$(/usr/local/bin/discover_my_public_ip.sh)
printf "\n - Public IPv4 for rules: %s" "$PUBLIC_IP"
elif [[ "${PUBLIC_IP}" == "auto-ipv6" ]]; then
PUBLIC_IP=$(/usr/local/bin/discover_my_public_ip.sh --ipv6)
printf "\n - Public IPv6 for rules: %s" "$PUBLIC_IP"
else
if valid_ip_v4 "$PUBLIC_IP"; then
printf "\n - Valid defined public IPv4: %s" "$PUBLIC_IP"
elif valid_ip_v6 "$PUBLIC_IP"; then
printf "\n - Valid defined public IPv6: %s" "$PUBLIC_IP"
else
printf "\n - Not valid defined IP Address: %s" "$PUBLIC_IP"
fi
fi
if [ "${ALLOWED_ACCESS_TO_DASHBOARD}" != "all" ]; then
IFS=','
for IP in $(echo "${ALLOWED_ACCESS_TO_DASHBOARD}" | tr -d '[:space:]')
@ -302,7 +348,7 @@ else
fi
if [ "${RULES_DASHBOARD}" != "allow all;" ]; then
if ! echo "${RULES_DASHBOARD}" | grep -q "$PUBLIC_IP" && valid_ip_v4 "$PUBLIC_IP" || valid_ip_v6 "$IP"; then
if ! echo "${RULES_DASHBOARD}" | grep -q "$PUBLIC_IP" && valid_ip_v4 "$PUBLIC_IP" || valid_ip_v6 "$PUBLIC_IP"; then
RULES_DASHBOARD="${RULES_DASHBOARD}{new_line}allow $PUBLIC_IP;"
fi
@ -320,7 +366,7 @@ if [ "${RULES_DASHBOARD}" != "allow all;" ]; then
fi
if [ "${RULES_RESTAPI}" != "allow all;" ]; then
if ! echo "${RULES_RESTAPI}" | grep -q "$PUBLIC_IP" && valid_ip_v4 "$PUBLIC_IP" || valid_ip_v6 "$IP"; then
if ! echo "${RULES_RESTAPI}" | grep -q "$PUBLIC_IP" && valid_ip_v4 "$PUBLIC_IP" || valid_ip_v6 "$PUBLIC_IP"; then
RULES_RESTAPI="${RULES_RESTAPI}{new_line}allow $PUBLIC_IP;"
fi

32
openvidu-server/docker/openvidu-proxy/nginx.conf Normal file
View File

@ -0,0 +1,32 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections {worker_connections};
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/vhost.d/*.conf;
}

0
openvidu-server/docker/openvidu-proxy/test.sh
View File

8
openvidu-server/docker/openvidu-server-pro/entrypoint.sh
View File

@ -23,6 +23,14 @@ printf "\n = LAUNCH OPENVIDU-SERVER ="
printf "\n ======================================="
printf "\n"
# Get coturn public ip
[[ -z ${COTURN_IP} ]] && export COTURN_IP=auto-ipv4
if [[ -z "${COTURN_IP}" == "auto-ipv4" ]]; then
COTURN_IP=$(/usr/local/bin/discover_my_public_ip.sh)
elif [[ -z "${COTURN_IP}" == "auto-ipv6" ]]; then
COTURN_IP=$(/usr/local/bin/discover_my_public_ip.sh --ipv6)
fi
if [ ! -z "${JAVA_OPTIONS}" ]; then
printf "\n Using java options: %s" "${JAVA_OPTIONS}"
fi

8
openvidu-server/docker/openvidu-server/entrypoint.sh
View File

@ -6,6 +6,14 @@ printf "\n = LAUNCH OPENVIDU-SERVER ="
printf "\n ======================================="
printf "\n"
# Get coturn public ip
[[ -z ${COTURN_IP} ]] && export COTURN_IP=auto-ipv4
if [[ -z "${COTURN_IP}" == "auto-ipv4" ]]; then
COTURN_IP=$(/usr/local/bin/discover_my_public_ip.sh)
elif [[ -z "${COTURN_IP}" == "auto-ipv6" ]]; then
COTURN_IP=$(/usr/local/bin/discover_my_public_ip.sh --ipv6)
fi
if [ ! -z "${JAVA_OPTIONS}" ]; then
printf "\n Using java options: %s" "${JAVA_OPTIONS}"
fi

145
openvidu-server/docker/utils/discover_my_public_ip.sh
View File

@ -1,47 +1,116 @@
#!/bin/bash
#!/usr/bin/env bash
# Check if a txt is a valid ip
function valid_ip()
{
local ip=$1
local stat=1
#/ Use DNS to find out about the external IP of the running system.
#/
#/ This script is useful when running from a machine that sits behind a NAT.
#/ Due to how NAT works, machines behind it belong to an internal or private
#/ subnet, with a different address space than the external or public side.
#/
#/ Typically it is possible to make an HTTP request to a number of providers
#/ that offer the external IP in their response body (eg: ifconfig.me). However,
#/ why do a slow and heavy HTTP request, when DNS exists and is much faster?
#/ Well established providers such as OpenDNS or Google offer special hostnames
#/ that, when resolved, will actually return the IP address of the caller.
#/
#/ https://unix.stackexchange.com/questions/22615/how-can-i-get-my-external-ip-address-in-a-shell-script/81699#81699
#/
#/
#/ Arguments
#/ ---------
#/
#/ --ipv4
#/
#/ Find the external IPv4 address.
#/ Optional. Default: Enabled.
#/
#/ --ipv6
#/
#/ Find the external IPv6 address.
#/ Optional. Default: Disabled.
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
OIFS=$IFS
IFS='.'
ip=($ip)
IFS=$OIFS
[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
&& ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
stat=$?
fi
return $stat
# Shell setup
# ===========
# Bash options for strict error checking.
set -o errexit -o errtrace -o pipefail -o nounset
# Trace all commands (to stderr).
#set -o xtrace
# Trap function for unhandled errors.
function on_error() {
echo "[getmyip] ERROR ($?)" >&2
exit 1
}
trap on_error ERR
# Services to get public ip
SERVICES=(
"curl --silent -sw :%{http_code} ipv4.icanhazip.com"
"curl --silent -sw :%{http_code} ifconfig.me"
"curl --silent -sw :%{http_code} -4 ifconfig.co"
"curl --silent -sw :%{http_code} ipecho.net/plain"
"curl --silent -sw :%{http_code} ipinfo.io/ip"
"curl --silent -sw :%{http_code} checkip.amazonaws.com"
"curl --silent -sw :%{http_code} v4.ident.me"
)
# Get public ip
for service in "${SERVICES[@]}"; do
RUN_COMMAND=$($service | tr -d '[:space:]')
IP=$(echo "$RUN_COMMAND" | cut -d':' -f1)
HTTP_CODE=$(echo "$RUN_COMMAND" | cut -d':' -f2)
if [ "$HTTP_CODE" == "200" ]; then
if valid_ip "$IP"; then
printf "%s" "$IP"
exit 0
fi
# Parse call arguments
# ====================
CFG_IPV4="true"
CFG_IPV6="false"
while [[ $# -gt 0 ]]; do
case "${1-}" in
--ipv4)
CFG_IPV4="true"
CFG_IPV6="false"
;;
--ipv6)
CFG_IPV4="false"
CFG_IPV6="true"
;;
*)
echo "Invalid argument: '${1-}'" >&2
exit 1
;;
esac
shift
done
# Obtain the external IP address
# ==============================
if [[ "$CFG_IPV4" == "true" ]]; then
COMMANDS=(
'dig @resolver1.opendns.com myip.opendns.com A -4 +short'
'dig @ns1.google.com o-o.myaddr.l.google.com TXT -4 +short | tr -d \"'
'dig @1.1.1.1 whoami.cloudflare TXT CH -4 +short | tr -d \"'
'dig @ns1-1.akamaitech.net whoami.akamai.net A -4 +short'
)
function is_valid_ip() {
# Check if the input looks like an IPv4 address.
# Doesn't check if the actual values are valid; assumes they are.
echo "$1" | grep --perl-regexp --quiet '^(\d{1,3}\.){3}\d{1,3}$'
}
elif [[ "$CFG_IPV6" == "true" ]]; then
COMMANDS=(
'dig @resolver1.opendns.com myip.opendns.com AAAA -6 +short'
'dig @ns1.google.com o-o.myaddr.l.google.com TXT -6 +short | tr -d \"'
'dig @2606:4700:4700::1111 whoami.cloudflare TXT CH -6 +short | tr -d \"'
)
function is_valid_ip() {
# Check if the input looks like an IPv6 address.
# It's almost impossible to check the IPv6 representation because it
# varies wildly, so just check that there are at least 2 colons.
[[ "$(echo "$1" | awk -F':' '{print NF-1}')" -ge 2 ]]
}
fi
for COMMAND in "${COMMANDS[@]}"; do
if IP="$(eval "$COMMAND")" && is_valid_ip "$IP"; then
echo "$IP"
exit 0
fi
done
printf "error"
exit 0
echo "[getmyip] All providers failed" >&2
exit 1