ambiser
/
openvidu
mirror of https://github.com/OpenVidu/openvidu.git
9
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

openvidu-deployment: add custom application ingress rules for media and master nodes

master
cruizba 2026-03-13 17:46:29 +01:00
parent 677862f5eb
commit 87b3ac3716
8 changed files with 199 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml
View File

@ -2496,6 +2496,15 @@ Resources:
ToPort: 9080 ToPort: 9080
SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId
OpenViduMediaNodeToMasterCustomAppIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !GetAtt OpenViduMasterNodeSG.GroupId
IpProtocol: tcp
FromPort: 6080
ToPort: 6080
SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId
OpenViduMediaNodeSG: OpenViduMediaNodeSG:
Type: AWS::EC2::SecurityGroup Type: AWS::EC2::SecurityGroup
Properties: Properties:

23
openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep
View File

@ -1708,6 +1708,29 @@ resource mediaToMasterMeetWebhookIngress 'Microsoft.Network/networkSecurityGroup
} }
} }
resource mediaToMasterCustomAppWebhookIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = {
parent: openviduMasterNodeNSG
name: 'mediaNode_to_masterNode_CUSTOM_APP_WEBHOOK_INGRESS'
properties: {
protocol: 'Tcp'
sourceApplicationSecurityGroups: [
{
id: openviduMediaNodeASG.id
}
]
sourcePortRange: '*'
destinationApplicationSecurityGroups: [
{
id: openviduMasterNodeASG.id
}
]
destinationPortRange: '6080'
access: 'Allow'
priority: 220
direction: 'Inbound'
}
}
resource openviduMediaNodeNSG 'Microsoft.Network/networkSecurityGroups@2023-11-01' = { resource openviduMediaNodeNSG 'Microsoft.Network/networkSecurityGroups@2023-11-01' = {
name: '${stackName}-mediaNoderNSG' name: '${stackName}-mediaNoderNSG'
location: location location: location

30
openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json
View File

@ -5,7 +5,7 @@
"_generator": { "_generator": {
"name": "bicep", "name": "bicep",
"version": "0.37.4.10188", "version": "0.37.4.10188",
"templateHash": "12302305580505506749" "templateHash": "1666863838343867711"
} }
}, },
"parameters": { "parameters": {
@ -1043,6 +1043,34 @@
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]" "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
] ]
}, },
{
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"apiVersion": "2023-11-01",
"name": "[format('{0}/{1}', format('{0}-masterNoderNSG', parameters('stackName')), 'mediaNode_to_masterNode_CUSTOM_APP_WEBHOOK_INGRESS')]",
"properties": {
"protocol": "Tcp",
"sourceApplicationSecurityGroups": [
{
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
}
],
"sourcePortRange": "*",
"destinationApplicationSecurityGroups": [
{
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]"
}
],
"destinationPortRange": "6080",
"access": "Allow",
"priority": 220,
"direction": "Inbound"
},
"dependsOn": [
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNoderNSG', parameters('stackName')))]",
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
]
},
{ {
"type": "Microsoft.Network/networkSecurityGroups", "type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2023-11-01", "apiVersion": "2023-11-01",

2
openvidu-deployment/pro/elastic/gcp/tf-gpc-openvidu-elastic.tf
View File

@ -87,7 +87,7 @@ resource "google_compute_firewall" "firewall_media_to_master" {
allow { allow {
protocol = "tcp" protocol = "tcp"
ports = ["7000", "9100", "20000", "3100", "9009", "4443", "9080"] ports = ["7000", "9100", "20000", "3100", "9009", "4443", "9080", "6080"]
} }
source_tags = [ source_tags = [

18
openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml
View File

@ -2918,6 +2918,15 @@ Resources:
ToPort: 9080 ToPort: 9080
SourceSecurityGroupId: !Ref OpenViduMasterNodeSG SourceSecurityGroupId: !Ref OpenViduMasterNodeSG
OpenViduMasterToMasterCustomAppIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref OpenViduMasterNodeSG
IpProtocol: tcp
FromPort: 6080
ToPort: 6080
SourceSecurityGroupId: !Ref OpenViduMasterNodeSG
OpenViduMediaNodeToMasterMeetWebhookIngress: OpenViduMediaNodeToMasterMeetWebhookIngress:
Type: AWS::EC2::SecurityGroupIngress Type: AWS::EC2::SecurityGroupIngress
Properties: Properties:
@ -2927,6 +2936,15 @@ Resources:
ToPort: 9080 ToPort: 9080
SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId
OpenViduMediaNodeToMasterCustomAppIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !GetAtt OpenViduMasterNodeSG.GroupId
IpProtocol: tcp
FromPort: 6080
ToPort: 6080
SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId
OpenViduMediaNodeSG: OpenViduMediaNodeSG:
Type: AWS::EC2::SecurityGroup Type: AWS::EC2::SecurityGroup
Properties: Properties:

46
openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep
View File

@ -2591,6 +2591,29 @@ resource masterToMasterMeet 'Microsoft.Network/networkSecurityGroups/securityRul
} }
} }
resource masterToMasterCustomApp 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = {
parent: openviduMasterNodeNSG
name: 'masterNode_to_masterNode_CUSTOM_APP_INGRESS'
properties: {
protocol: 'Tcp'
sourceApplicationSecurityGroups: [
{
id: openviduMasterNodeASG.id
}
]
sourcePortRange: '*'
destinationApplicationSecurityGroups: [
{
id: openviduMasterNodeASG.id
}
]
destinationPortRange: '6080'
access: 'Allow'
priority: 310
direction: 'Inbound'
}
}
resource mediaToMasterMeetWebhookIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = { resource mediaToMasterMeetWebhookIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = {
parent: openviduMasterNodeNSG parent: openviduMasterNodeNSG
name: 'mediaNode_to_masterNode_MEET_WEBHOOK_INGRESS' name: 'mediaNode_to_masterNode_MEET_WEBHOOK_INGRESS'
@ -2614,6 +2637,29 @@ resource mediaToMasterMeetWebhookIngress 'Microsoft.Network/networkSecurityGroup
} }
} }
resource mediaToMasterCustomAppWebhookIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = {
parent: openviduMasterNodeNSG
name: 'mediaNode_to_masterNode_CUSTOM_APP_WEBHOOK_INGRESS'
properties: {
protocol: 'Tcp'
sourceApplicationSecurityGroups: [
{
id: openviduMediaNodeASG.id
}
]
sourcePortRange: '*'
destinationApplicationSecurityGroups: [
{
id: openviduMasterNodeASG.id
}
]
destinationPortRange: '6080'
access: 'Allow'
priority: 320
direction: 'Inbound'
}
}
resource openviduMediaNodeNSG 'Microsoft.Network/networkSecurityGroups@2023-11-01' = { resource openviduMediaNodeNSG 'Microsoft.Network/networkSecurityGroups@2023-11-01' = {
name: '${stackName}-mediaNodeNSG' name: '${stackName}-mediaNodeNSG'
location: location location: location

57
openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json
View File

@ -5,7 +5,7 @@
"_generator": { "_generator": {
"name": "bicep", "name": "bicep",
"version": "0.37.4.10188", "version": "0.37.4.10188",
"templateHash": "7126821326646588151" "templateHash": "7316395873017871617"
} }
}, },
"parameters": { "parameters": {
@ -1891,6 +1891,33 @@
"[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]" "[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]"
] ]
}, },
{
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"apiVersion": "2023-11-01",
"name": "[format('{0}/{1}', format('{0}-masterNodeNSG', parameters('stackName')), 'masterNode_to_masterNode_CUSTOM_APP_INGRESS')]",
"properties": {
"protocol": "Tcp",
"sourceApplicationSecurityGroups": [
{
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]"
}
],
"sourcePortRange": "*",
"destinationApplicationSecurityGroups": [
{
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]"
}
],
"destinationPortRange": "6080",
"access": "Allow",
"priority": 310,
"direction": "Inbound"
},
"dependsOn": [
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]"
]
},
{ {
"type": "Microsoft.Network/networkSecurityGroups/securityRules", "type": "Microsoft.Network/networkSecurityGroups/securityRules",
"apiVersion": "2023-11-01", "apiVersion": "2023-11-01",
@ -1919,6 +1946,34 @@
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]" "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
] ]
}, },
{
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"apiVersion": "2023-11-01",
"name": "[format('{0}/{1}', format('{0}-masterNodeNSG', parameters('stackName')), 'mediaNode_to_masterNode_CUSTOM_APP_WEBHOOK_INGRESS')]",
"properties": {
"protocol": "Tcp",
"sourceApplicationSecurityGroups": [
{
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
}
],
"sourcePortRange": "*",
"destinationApplicationSecurityGroups": [
{
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]"
}
],
"destinationPortRange": "6080",
"access": "Allow",
"priority": 320,
"direction": "Inbound"
},
"dependsOn": [
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]",
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
]
},
{ {
"type": "Microsoft.Network/networkSecurityGroups", "type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2023-11-01", "apiVersion": "2023-11-01",

6
openvidu-deployment/pro/ha/gcp/tf-gpc-openvidu-ha.tf
View File

@ -122,7 +122,8 @@ resource "google_compute_firewall" "master_to_master_internal" {
"5000", "5000",
"3000", "3000",
"4443", "4443",
"9080" "9080",
"6080"
] ]
} }
@ -145,7 +146,8 @@ resource "google_compute_firewall" "media_to_master_services" {
"9009", "9009",
"3100", "3100",
"4443", "4443",
"9080" "9080",
"6080"
] ]
} }