ambiser
/
openvidu
mirror of https://github.com/OpenVidu/openvidu.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deployment: Update nginx for Enterprise HA on premises

pull/803/head
cruizba 2023-05-20 23:08:28 +02:00
parent 58c15b0e3c
commit 7b1f411db4
7 changed files with 204 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
openvidu-server/docker/openvidu-proxy/default_nginx_conf/enterprise-ha/default.conf Normal file
View File

@ -0,0 +1,103 @@
{xframe_options}
{enterprise_ha_nodes_upstream}
{app_upstream}
upstream minio {
server minio-s3:9001;
}
upstream kibana {
server kibana:5601;
}
upstream elasticsearch {
server elasticsearch:9200;
}
{redirect_www_ssl}
##################################
# Private Load balancer port #
##################################
server {
listen 5443;
location / {
{proxy_config}
proxy_pass http://openviduserver;
}
}
##################################
# Public Load balancer #
##################################
server {
# Redirect to https
if ($host = {domain_name}) {
rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
} # managed by Certbot
{redirect_www}
listen {http_port} default_server;
listen [::]:{http_port} default_server;
server_name {domain_name};
# letsencrypt
location /.well-known/acme-challenge {
root /var/www/certbot;
try_files $uri $uri/ =404;
}
# Kibana panel
location /kibana {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
rewrite ^/kibana/(.*)$ /$1 break;
proxy_pass http://kibana/;
}
{nginx_status}
}
server {
listen {https_port} ssl default deferred;
listen [::]:{https_port} ssl default deferred;
server_name {domain_name};
{ssl_config}
{proxy_config}
{app_config}
########################
# OpenVidu Locations #
########################
{common_api_pro}
{deprecated_api_pro}
{common_api_enterprise}
{new_api_pro}
#################################
# LetsEncrypt #
#################################
location /.well-known/acme-challenge {
root /var/www/certbot;
try_files $uri $uri/ =404;
}
{custom_locations}
}

2
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/ce/common_api_ce.conf
View File

@ -1,5 +1,5 @@
################################# #################################
# Common rules # # Common rules CE #
################################# #################################
# Dashboard rule # Dashboard rule
location /dashboard { location /dashboard {

4
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/enterprise-ha/app_upstream.conf Normal file
View File

@ -0,0 +1,4 @@
# Your App
upstream yourapp {
server app:5442;
}

33
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/enterprise-ha/common_api_enterprise.conf Normal file
View File

@ -0,0 +1,33 @@
#################################
# Common rules Enterprise #
#################################
location /minio/ {
{rules_access_dashboard}
deny all;
# To disable buffering
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
# To support websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
rewrite /minio(/|$)(.*) /$2 break;
proxy_pass http://minio;
proxy_redirect off;
}

2
openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/pro/common_api_pro.conf
View File

@ -1,5 +1,5 @@
################################# #################################
# Common rules # # Common rules PRO #
################################# #################################
location /dashboard { location /dashboard {
{rules_access_dashboard} {rules_access_dashboard}

82
openvidu-server/docker/openvidu-proxy/entrypoint.sh
View File

@ -1,5 +1,27 @@
#!/bin/bash #!/bin/bash
valid_ip_v4()
{
regex='^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(/[0-9]+)?$'
if [[ "$1" =~ $regex ]]; then
return "$?"
else
return "$?"
fi
}
valid_ip_v6()
{
regex='^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(/[0-9]+)?$'
if [[ "$1" =~ $regex ]]; then
return "$?"
else
return "$?"
fi
}
# Checks # Checks
if [ -z "${DOMAIN_OR_PUBLIC_IP}" ]; then if [ -z "${DOMAIN_OR_PUBLIC_IP}" ]; then
printf "\n =======¡ERROR!=======" printf "\n =======¡ERROR!======="
@ -192,6 +214,11 @@ if [ "${PROXY_MODE}" == "PRO" ]; then
cp /default_nginx_conf/pro/default.conf /default_nginx_conf/default.conf cp /default_nginx_conf/pro/default.conf /default_nginx_conf/default.conf
fi fi
if [[ "${PROXY_MODE}" == "ENTERPRISE_HA" ]]; then
[[ -f /default_nginx_conf/default.conf ]] && rm /default_nginx_conf/default.conf
cp /default_nginx_conf/enterprise-ha/default.conf /default_nginx_conf/default.conf
fi
# Create index.html # Create index.html
mkdir -p /var/www/html mkdir -p /var/www/html
cat> /var/www/html/index.html<<EOF cat> /var/www/html/index.html<<EOF
@ -227,9 +254,14 @@ sed -e '/{common_api_ce}/{r default_nginx_conf/global/ce/common_api_ce.conf' -e
sed -e '/{new_api_ce}/{r default_nginx_conf/global/ce/new_api_ce.conf' -e 'd}' -i /etc/nginx/conf.d/* sed -e '/{new_api_ce}/{r default_nginx_conf/global/ce/new_api_ce.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{common_api_pro}/{r default_nginx_conf/global/pro/common_api_pro.conf' -e 'd}' -i /etc/nginx/conf.d/* sed -e '/{common_api_pro}/{r default_nginx_conf/global/pro/common_api_pro.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{new_api_pro}/{r default_nginx_conf/global/pro/new_api_pro.conf' -e 'd}' -i /etc/nginx/conf.d/* sed -e '/{new_api_pro}/{r default_nginx_conf/global/pro/new_api_pro.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{common_api_enterprise}/{r default_nginx_conf/global/enterprise-ha/common_api_enterprise.conf' -e 'd}' -i /etc/nginx/conf.d/*
if [[ "${WITH_APP}" == "true" ]]; then if [[ "${WITH_APP}" == "true" ]]; then
sed -e '/{app_upstream}/{r default_nginx_conf/global/app_upstream.conf' -e 'd}' -i /etc/nginx/conf.d/* if [[ "${PROXY_MODE}" == "ENTERPRISE_HA" ]]; then
sed -e '/{app_upstream}/{r default_nginx_conf/global/enterprise-ha/app_upstream.conf' -e 'd}' -i /etc/nginx/conf.d/*
else
sed -e '/{app_upstream}/{r default_nginx_conf/global/app_upstream.conf' -e 'd}' -i /etc/nginx/conf.d/*
fi
sed -e '/{app_config}/{r default_nginx_conf/global/app_config.conf' -e 'd}' -i /etc/nginx/conf.d/* sed -e '/{app_config}/{r default_nginx_conf/global/app_config.conf' -e 'd}' -i /etc/nginx/conf.d/*
elif [[ "${WITH_APP}" == "false" ]]; then elif [[ "${WITH_APP}" == "false" ]]; then
sed -i '/{app_upstream}/d' /etc/nginx/conf.d/* sed -i '/{app_upstream}/d' /etc/nginx/conf.d/*
@ -256,7 +288,7 @@ if [[ "${REDIRECT_WWW}" == "true" ]]; then
sed -e '/{redirect_www}/{r default_nginx_conf/global/ce/redirect_www.conf' -e 'd}' -i /etc/nginx/conf.d/* sed -e '/{redirect_www}/{r default_nginx_conf/global/ce/redirect_www.conf' -e 'd}' -i /etc/nginx/conf.d/*
fi fi
if [ "${PROXY_MODE}" == "PRO" ]; then if [[ "${PROXY_MODE}" == "PRO" ]] || [[ "${PROXY_MODE}" == "ENTERPRISE_HA" ]]; then
sed -e '/{redirect_www}/{r default_nginx_conf/global/pro/redirect_www.conf' -e 'd}' -i /etc/nginx/conf.d/* sed -e '/{redirect_www}/{r default_nginx_conf/global/pro/redirect_www.conf' -e 'd}' -i /etc/nginx/conf.d/*
fi fi
elif [[ "${REDIRECT_WWW}" == "false" ]]; then elif [[ "${REDIRECT_WWW}" == "false" ]]; then
@ -264,6 +296,30 @@ elif [[ "${REDIRECT_WWW}" == "false" ]]; then
sed -i '/{redirect_www_ssl}/d' /etc/nginx/conf.d/* sed -i '/{redirect_www_ssl}/d' /etc/nginx/conf.d/*
fi fi
if [[ "${PROXY_MODE}" == "ENTERPRISE_HA" ]]; then
TEMP_FILE_UPSTREAM=$(mktemp)
# Create upstream nodes
UPSTREAM="upstream openviduserver {\n"
IFS=','
for IP in $OPENVIDU_ENTERPRISE_HA_NODE_IPS;
do
if valid_ip_v4 "$IP" || valid_ip_v6 "$IP"; then
UPSTREAM+=$" server $IP:4443 max_fails=2 fail_timeout=3s;\n"
else
printf "\n =======¡ERROR!======="
printf "\n The IP address %s defined in OPENVIDU_ENTERPRISE_HA_NODE_IPS is not valid" "$IP"
exit 1
fi
done
unset IFS
UPSTREAM+="}\n"
echo -e "$UPSTREAM" > "${TEMP_FILE_UPSTREAM}"
# Add upstream nodes to nginx config
sed -e '/{enterprise_ha_nodes_upstream}/{r '"${TEMP_FILE_UPSTREAM}"'' -e 'd}' -i /etc/nginx/conf.d/*
fi
# Process main configs # Process main configs
sed -e '/{ssl_config}/{r default_nginx_conf/global/ssl_config.conf' -e 'd}' -i /etc/nginx/conf.d/* sed -e '/{ssl_config}/{r default_nginx_conf/global/ssl_config.conf' -e 'd}' -i /etc/nginx/conf.d/*
sed -e '/{proxy_config}/{r default_nginx_conf/global/proxy_config.conf' -e 'd}' -i /etc/nginx/conf.d/* sed -e '/{proxy_config}/{r default_nginx_conf/global/proxy_config.conf' -e 'd}' -i /etc/nginx/conf.d/*
@ -316,28 +372,6 @@ printf "\n"
printf "\n Adding rules..." printf "\n Adding rules..."
valid_ip_v4()
{
regex='^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(/[0-9]+)?$'
if [[ "$1" =~ $regex ]]; then
return "$?"
else
return "$?"
fi
}
valid_ip_v6()
{
regex='^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(/[0-9]+)?$'
if [[ "$1" =~ $regex ]]; then
return "$?"
else
return "$?"
fi
}
LOCAL_NETWORKS=$(ip route list | grep -Eo '([0-9]*\.){3}[0-9]*/[0-9]*') LOCAL_NETWORKS=$(ip route list | grep -Eo '([0-9]*\.){3}[0-9]*/[0-9]*')
if [[ "${PUBLIC_IP}" == "auto-ipv4" ]]; then if [[ "${PUBLIC_IP}" == "auto-ipv4" ]]; then
PUBLIC_IP=$(/usr/local/bin/discover_my_public_ip.sh) PUBLIC_IP=$(/usr/local/bin/discover_my_public_ip.sh)