diff --git a/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml b/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml index 413d91583..d53e0eb69 100644 --- a/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml +++ b/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml @@ -2496,6 +2496,15 @@ Resources: ToPort: 9080 SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId + OpenViduMediaNodeToMasterCustomAppIngress: + Type: AWS::EC2::SecurityGroupIngress + Properties: + GroupId: !GetAtt OpenViduMasterNodeSG.GroupId + IpProtocol: tcp + FromPort: 6080 + ToPort: 6080 + SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId + OpenViduMediaNodeSG: Type: AWS::EC2::SecurityGroup Properties: diff --git a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep index 21c7af5e3..4cf655dcd 100644 --- a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep +++ b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep @@ -1708,6 +1708,29 @@ resource mediaToMasterMeetWebhookIngress 'Microsoft.Network/networkSecurityGroup } } +resource mediaToMasterCustomAppWebhookIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = { + parent: openviduMasterNodeNSG + name: 'mediaNode_to_masterNode_CUSTOM_APP_WEBHOOK_INGRESS' + properties: { + protocol: 'Tcp' + sourceApplicationSecurityGroups: [ + { + id: openviduMediaNodeASG.id + } + ] + sourcePortRange: '*' + destinationApplicationSecurityGroups: [ + { + id: openviduMasterNodeASG.id + } + ] + destinationPortRange: '6080' + access: 'Allow' + priority: 220 + direction: 'Inbound' + } +} + resource openviduMediaNodeNSG 'Microsoft.Network/networkSecurityGroups@2023-11-01' = { name: '${stackName}-mediaNoderNSG' location: location diff --git a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json index 4c4b865e3..6b083dcd0 100644 --- a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json +++ b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.37.4.10188", - "templateHash": "12302305580505506749" + "templateHash": "1666863838343867711" } }, "parameters": { @@ -1043,6 +1043,34 @@ "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]" ] }, + { + "type": "Microsoft.Network/networkSecurityGroups/securityRules", + "apiVersion": "2023-11-01", + "name": "[format('{0}/{1}', format('{0}-masterNoderNSG', parameters('stackName')), 'mediaNode_to_masterNode_CUSTOM_APP_WEBHOOK_INGRESS')]", + "properties": { + "protocol": "Tcp", + "sourceApplicationSecurityGroups": [ + { + "id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]" + } + ], + "sourcePortRange": "*", + "destinationApplicationSecurityGroups": [ + { + "id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]" + } + ], + "destinationPortRange": "6080", + "access": "Allow", + "priority": 220, + "direction": "Inbound" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNoderNSG', parameters('stackName')))]", + "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]" + ] + }, { "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2023-11-01", diff --git a/openvidu-deployment/pro/elastic/gcp/tf-gpc-openvidu-elastic.tf b/openvidu-deployment/pro/elastic/gcp/tf-gpc-openvidu-elastic.tf index 6768a945e..fd2fd91a1 100644 --- a/openvidu-deployment/pro/elastic/gcp/tf-gpc-openvidu-elastic.tf +++ b/openvidu-deployment/pro/elastic/gcp/tf-gpc-openvidu-elastic.tf @@ -87,7 +87,7 @@ resource "google_compute_firewall" "firewall_media_to_master" { allow { protocol = "tcp" - ports = ["7000", "9100", "20000", "3100", "9009", "4443", "9080"] + ports = ["7000", "9100", "20000", "3100", "9009", "4443", "9080", "6080"] } source_tags = [ @@ -155,19 +155,19 @@ resource "google_compute_instance" "openvidu_master_node" { metadata = { # metadata values are accessible from the instance - publicIpAddress = var.publicIpAddress == "" ? google_compute_address.public_ip_address[0].address : var.publicIpAddress - region = var.region - stackName = var.stackName - certificateType = var.certificateType - domainName = var.domainName - ownPublicCertificate = var.ownPublicCertificate - ownPrivateCertificate = var.ownPrivateCertificate - openviduLicense = var.openviduLicense - rtcEngine = var.rtcEngine - initialMeetAdminPassword = var.initialMeetAdminPassword - initialMeetApiKey = var.initialMeetApiKey - additionalInstallFlags = var.additionalInstallFlags - bucketName = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName + publicIpAddress = var.publicIpAddress == "" ? google_compute_address.public_ip_address[0].address : var.publicIpAddress + region = var.region + stackName = var.stackName + certificateType = var.certificateType + domainName = var.domainName + ownPublicCertificate = var.ownPublicCertificate + ownPrivateCertificate = var.ownPrivateCertificate + openviduLicense = var.openviduLicense + rtcEngine = var.rtcEngine + initialMeetAdminPassword = var.initialMeetAdminPassword + initialMeetApiKey = var.initialMeetApiKey + additionalInstallFlags = var.additionalInstallFlags + bucketName = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName } service_account { diff --git a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml index 9762488e6..29c52a7f1 100644 --- a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml +++ b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml @@ -2918,6 +2918,15 @@ Resources: ToPort: 9080 SourceSecurityGroupId: !Ref OpenViduMasterNodeSG + OpenViduMasterToMasterCustomAppIngress: + Type: AWS::EC2::SecurityGroupIngress + Properties: + GroupId: !Ref OpenViduMasterNodeSG + IpProtocol: tcp + FromPort: 6080 + ToPort: 6080 + SourceSecurityGroupId: !Ref OpenViduMasterNodeSG + OpenViduMediaNodeToMasterMeetWebhookIngress: Type: AWS::EC2::SecurityGroupIngress Properties: @@ -2927,6 +2936,15 @@ Resources: ToPort: 9080 SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId + OpenViduMediaNodeToMasterCustomAppIngress: + Type: AWS::EC2::SecurityGroupIngress + Properties: + GroupId: !GetAtt OpenViduMasterNodeSG.GroupId + IpProtocol: tcp + FromPort: 6080 + ToPort: 6080 + SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId + OpenViduMediaNodeSG: Type: AWS::EC2::SecurityGroup Properties: diff --git a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep index ddd5ac211..945848eff 100644 --- a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep +++ b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep @@ -2591,6 +2591,29 @@ resource masterToMasterMeet 'Microsoft.Network/networkSecurityGroups/securityRul } } +resource masterToMasterCustomApp 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = { + parent: openviduMasterNodeNSG + name: 'masterNode_to_masterNode_CUSTOM_APP_INGRESS' + properties: { + protocol: 'Tcp' + sourceApplicationSecurityGroups: [ + { + id: openviduMasterNodeASG.id + } + ] + sourcePortRange: '*' + destinationApplicationSecurityGroups: [ + { + id: openviduMasterNodeASG.id + } + ] + destinationPortRange: '6080' + access: 'Allow' + priority: 310 + direction: 'Inbound' + } +} + resource mediaToMasterMeetWebhookIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = { parent: openviduMasterNodeNSG name: 'mediaNode_to_masterNode_MEET_WEBHOOK_INGRESS' @@ -2614,6 +2637,29 @@ resource mediaToMasterMeetWebhookIngress 'Microsoft.Network/networkSecurityGroup } } +resource mediaToMasterCustomAppWebhookIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = { + parent: openviduMasterNodeNSG + name: 'mediaNode_to_masterNode_CUSTOM_APP_WEBHOOK_INGRESS' + properties: { + protocol: 'Tcp' + sourceApplicationSecurityGroups: [ + { + id: openviduMediaNodeASG.id + } + ] + sourcePortRange: '*' + destinationApplicationSecurityGroups: [ + { + id: openviduMasterNodeASG.id + } + ] + destinationPortRange: '6080' + access: 'Allow' + priority: 320 + direction: 'Inbound' + } +} + resource openviduMediaNodeNSG 'Microsoft.Network/networkSecurityGroups@2023-11-01' = { name: '${stackName}-mediaNodeNSG' location: location diff --git a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json index b9576345a..09a3a77ac 100644 --- a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json +++ b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.37.4.10188", - "templateHash": "7126821326646588151" + "templateHash": "7316395873017871617" } }, "parameters": { @@ -1891,6 +1891,33 @@ "[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]" ] }, + { + "type": "Microsoft.Network/networkSecurityGroups/securityRules", + "apiVersion": "2023-11-01", + "name": "[format('{0}/{1}', format('{0}-masterNodeNSG', parameters('stackName')), 'masterNode_to_masterNode_CUSTOM_APP_INGRESS')]", + "properties": { + "protocol": "Tcp", + "sourceApplicationSecurityGroups": [ + { + "id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]" + } + ], + "sourcePortRange": "*", + "destinationApplicationSecurityGroups": [ + { + "id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]" + } + ], + "destinationPortRange": "6080", + "access": "Allow", + "priority": 310, + "direction": "Inbound" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]" + ] + }, { "type": "Microsoft.Network/networkSecurityGroups/securityRules", "apiVersion": "2023-11-01", @@ -1919,6 +1946,34 @@ "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]" ] }, + { + "type": "Microsoft.Network/networkSecurityGroups/securityRules", + "apiVersion": "2023-11-01", + "name": "[format('{0}/{1}', format('{0}-masterNodeNSG', parameters('stackName')), 'mediaNode_to_masterNode_CUSTOM_APP_WEBHOOK_INGRESS')]", + "properties": { + "protocol": "Tcp", + "sourceApplicationSecurityGroups": [ + { + "id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]" + } + ], + "sourcePortRange": "*", + "destinationApplicationSecurityGroups": [ + { + "id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]" + } + ], + "destinationPortRange": "6080", + "access": "Allow", + "priority": 320, + "direction": "Inbound" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]", + "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]" + ] + }, { "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2023-11-01", diff --git a/openvidu-deployment/pro/ha/gcp/tf-gpc-openvidu-ha.tf b/openvidu-deployment/pro/ha/gcp/tf-gpc-openvidu-ha.tf index bff77aab1..2469d3bc6 100644 --- a/openvidu-deployment/pro/ha/gcp/tf-gpc-openvidu-ha.tf +++ b/openvidu-deployment/pro/ha/gcp/tf-gpc-openvidu-ha.tf @@ -122,7 +122,8 @@ resource "google_compute_firewall" "master_to_master_internal" { "5000", "3000", "4443", - "9080" + "9080", + "6080" ] } @@ -145,7 +146,8 @@ resource "google_compute_firewall" "media_to_master_services" { "9009", "3100", "4443", - "9080" + "9080", + "6080" ] }