mirror of https://github.com/OpenVidu/openvidu.git
openvidu-deployment: add custom application ingress rules for media and master nodes
cruizba
parent
677862f5eb
commit
87b3ac3716
|
|
@ -2496,6 +2496,15 @@ Resources:
|
|||
ToPort: 9080
|
||||
SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId
|
||||
|
||||
OpenViduMediaNodeToMasterCustomAppIngress:
|
||||
Type: AWS::EC2::SecurityGroupIngress
|
||||
Properties:
|
||||
GroupId: !GetAtt OpenViduMasterNodeSG.GroupId
|
||||
IpProtocol: tcp
|
||||
FromPort: 6080
|
||||
ToPort: 6080
|
||||
SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId
|
||||
|
||||
OpenViduMediaNodeSG:
|
||||
Type: AWS::EC2::SecurityGroup
|
||||
Properties:
|
||||
|
|
|
|||
|
|
@ -1708,6 +1708,29 @@ resource mediaToMasterMeetWebhookIngress 'Microsoft.Network/networkSecurityGroup
|
|||
}
|
||||
}
|
||||
|
||||
resource mediaToMasterCustomAppWebhookIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = {
|
||||
parent: openviduMasterNodeNSG
|
||||
name: 'mediaNode_to_masterNode_CUSTOM_APP_WEBHOOK_INGRESS'
|
||||
properties: {
|
||||
protocol: 'Tcp'
|
||||
sourceApplicationSecurityGroups: [
|
||||
{
|
||||
id: openviduMediaNodeASG.id
|
||||
}
|
||||
]
|
||||
sourcePortRange: '*'
|
||||
destinationApplicationSecurityGroups: [
|
||||
{
|
||||
id: openviduMasterNodeASG.id
|
||||
}
|
||||
]
|
||||
destinationPortRange: '6080'
|
||||
access: 'Allow'
|
||||
priority: 220
|
||||
direction: 'Inbound'
|
||||
}
|
||||
}
|
||||
|
||||
resource openviduMediaNodeNSG 'Microsoft.Network/networkSecurityGroups@2023-11-01' = {
|
||||
name: '${stackName}-mediaNoderNSG'
|
||||
location: location
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"_generator": {
|
||||
"name": "bicep",
|
||||
"version": "0.37.4.10188",
|
||||
"templateHash": "12302305580505506749"
|
||||
"templateHash": "1666863838343867711"
|
||||
}
|
||||
},
|
||||
"parameters": {
|
||||
|
|
@ -1043,6 +1043,34 @@
|
|||
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
|
||||
"apiVersion": "2023-11-01",
|
||||
"name": "[format('{0}/{1}', format('{0}-masterNoderNSG', parameters('stackName')), 'mediaNode_to_masterNode_CUSTOM_APP_WEBHOOK_INGRESS')]",
|
||||
"properties": {
|
||||
"protocol": "Tcp",
|
||||
"sourceApplicationSecurityGroups": [
|
||||
{
|
||||
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
|
||||
}
|
||||
],
|
||||
"sourcePortRange": "*",
|
||||
"destinationApplicationSecurityGroups": [
|
||||
{
|
||||
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]"
|
||||
}
|
||||
],
|
||||
"destinationPortRange": "6080",
|
||||
"access": "Allow",
|
||||
"priority": 220,
|
||||
"direction": "Inbound"
|
||||
},
|
||||
"dependsOn": [
|
||||
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]",
|
||||
"[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNoderNSG', parameters('stackName')))]",
|
||||
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Network/networkSecurityGroups",
|
||||
"apiVersion": "2023-11-01",
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ resource "google_compute_firewall" "firewall_media_to_master" {
|
|||
|
||||
allow {
|
||||
protocol = "tcp"
|
||||
ports = ["7000", "9100", "20000", "3100", "9009", "4443", "9080"]
|
||||
ports = ["7000", "9100", "20000", "3100", "9009", "4443", "9080", "6080"]
|
||||
}
|
||||
|
||||
source_tags = [
|
||||
|
|
@ -155,19 +155,19 @@ resource "google_compute_instance" "openvidu_master_node" {
|
|||
|
||||
metadata = {
|
||||
# metadata values are accessible from the instance
|
||||
publicIpAddress = var.publicIpAddress == "" ? google_compute_address.public_ip_address[0].address : var.publicIpAddress
|
||||
region = var.region
|
||||
stackName = var.stackName
|
||||
certificateType = var.certificateType
|
||||
domainName = var.domainName
|
||||
ownPublicCertificate = var.ownPublicCertificate
|
||||
ownPrivateCertificate = var.ownPrivateCertificate
|
||||
openviduLicense = var.openviduLicense
|
||||
rtcEngine = var.rtcEngine
|
||||
initialMeetAdminPassword = var.initialMeetAdminPassword
|
||||
initialMeetApiKey = var.initialMeetApiKey
|
||||
additionalInstallFlags = var.additionalInstallFlags
|
||||
bucketName = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName
|
||||
publicIpAddress = var.publicIpAddress == "" ? google_compute_address.public_ip_address[0].address : var.publicIpAddress
|
||||
region = var.region
|
||||
stackName = var.stackName
|
||||
certificateType = var.certificateType
|
||||
domainName = var.domainName
|
||||
ownPublicCertificate = var.ownPublicCertificate
|
||||
ownPrivateCertificate = var.ownPrivateCertificate
|
||||
openviduLicense = var.openviduLicense
|
||||
rtcEngine = var.rtcEngine
|
||||
initialMeetAdminPassword = var.initialMeetAdminPassword
|
||||
initialMeetApiKey = var.initialMeetApiKey
|
||||
additionalInstallFlags = var.additionalInstallFlags
|
||||
bucketName = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName
|
||||
}
|
||||
|
||||
service_account {
|
||||
|
|
|
|||
|
|
@ -2918,6 +2918,15 @@ Resources:
|
|||
ToPort: 9080
|
||||
SourceSecurityGroupId: !Ref OpenViduMasterNodeSG
|
||||
|
||||
OpenViduMasterToMasterCustomAppIngress:
|
||||
Type: AWS::EC2::SecurityGroupIngress
|
||||
Properties:
|
||||
GroupId: !Ref OpenViduMasterNodeSG
|
||||
IpProtocol: tcp
|
||||
FromPort: 6080
|
||||
ToPort: 6080
|
||||
SourceSecurityGroupId: !Ref OpenViduMasterNodeSG
|
||||
|
||||
OpenViduMediaNodeToMasterMeetWebhookIngress:
|
||||
Type: AWS::EC2::SecurityGroupIngress
|
||||
Properties:
|
||||
|
|
@ -2927,6 +2936,15 @@ Resources:
|
|||
ToPort: 9080
|
||||
SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId
|
||||
|
||||
OpenViduMediaNodeToMasterCustomAppIngress:
|
||||
Type: AWS::EC2::SecurityGroupIngress
|
||||
Properties:
|
||||
GroupId: !GetAtt OpenViduMasterNodeSG.GroupId
|
||||
IpProtocol: tcp
|
||||
FromPort: 6080
|
||||
ToPort: 6080
|
||||
SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId
|
||||
|
||||
OpenViduMediaNodeSG:
|
||||
Type: AWS::EC2::SecurityGroup
|
||||
Properties:
|
||||
|
|
|
|||
|
|
@ -2591,6 +2591,29 @@ resource masterToMasterMeet 'Microsoft.Network/networkSecurityGroups/securityRul
|
|||
}
|
||||
}
|
||||
|
||||
resource masterToMasterCustomApp 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = {
|
||||
parent: openviduMasterNodeNSG
|
||||
name: 'masterNode_to_masterNode_CUSTOM_APP_INGRESS'
|
||||
properties: {
|
||||
protocol: 'Tcp'
|
||||
sourceApplicationSecurityGroups: [
|
||||
{
|
||||
id: openviduMasterNodeASG.id
|
||||
}
|
||||
]
|
||||
sourcePortRange: '*'
|
||||
destinationApplicationSecurityGroups: [
|
||||
{
|
||||
id: openviduMasterNodeASG.id
|
||||
}
|
||||
]
|
||||
destinationPortRange: '6080'
|
||||
access: 'Allow'
|
||||
priority: 310
|
||||
direction: 'Inbound'
|
||||
}
|
||||
}
|
||||
|
||||
resource mediaToMasterMeetWebhookIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = {
|
||||
parent: openviduMasterNodeNSG
|
||||
name: 'mediaNode_to_masterNode_MEET_WEBHOOK_INGRESS'
|
||||
|
|
@ -2614,6 +2637,29 @@ resource mediaToMasterMeetWebhookIngress 'Microsoft.Network/networkSecurityGroup
|
|||
}
|
||||
}
|
||||
|
||||
resource mediaToMasterCustomAppWebhookIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = {
|
||||
parent: openviduMasterNodeNSG
|
||||
name: 'mediaNode_to_masterNode_CUSTOM_APP_WEBHOOK_INGRESS'
|
||||
properties: {
|
||||
protocol: 'Tcp'
|
||||
sourceApplicationSecurityGroups: [
|
||||
{
|
||||
id: openviduMediaNodeASG.id
|
||||
}
|
||||
]
|
||||
sourcePortRange: '*'
|
||||
destinationApplicationSecurityGroups: [
|
||||
{
|
||||
id: openviduMasterNodeASG.id
|
||||
}
|
||||
]
|
||||
destinationPortRange: '6080'
|
||||
access: 'Allow'
|
||||
priority: 320
|
||||
direction: 'Inbound'
|
||||
}
|
||||
}
|
||||
|
||||
resource openviduMediaNodeNSG 'Microsoft.Network/networkSecurityGroups@2023-11-01' = {
|
||||
name: '${stackName}-mediaNodeNSG'
|
||||
location: location
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"_generator": {
|
||||
"name": "bicep",
|
||||
"version": "0.37.4.10188",
|
||||
"templateHash": "7126821326646588151"
|
||||
"templateHash": "7316395873017871617"
|
||||
}
|
||||
},
|
||||
"parameters": {
|
||||
|
|
@ -1891,6 +1891,33 @@
|
|||
"[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
|
||||
"apiVersion": "2023-11-01",
|
||||
"name": "[format('{0}/{1}', format('{0}-masterNodeNSG', parameters('stackName')), 'masterNode_to_masterNode_CUSTOM_APP_INGRESS')]",
|
||||
"properties": {
|
||||
"protocol": "Tcp",
|
||||
"sourceApplicationSecurityGroups": [
|
||||
{
|
||||
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]"
|
||||
}
|
||||
],
|
||||
"sourcePortRange": "*",
|
||||
"destinationApplicationSecurityGroups": [
|
||||
{
|
||||
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]"
|
||||
}
|
||||
],
|
||||
"destinationPortRange": "6080",
|
||||
"access": "Allow",
|
||||
"priority": 310,
|
||||
"direction": "Inbound"
|
||||
},
|
||||
"dependsOn": [
|
||||
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]",
|
||||
"[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
|
||||
"apiVersion": "2023-11-01",
|
||||
|
|
@ -1919,6 +1946,34 @@
|
|||
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
|
||||
"apiVersion": "2023-11-01",
|
||||
"name": "[format('{0}/{1}', format('{0}-masterNodeNSG', parameters('stackName')), 'mediaNode_to_masterNode_CUSTOM_APP_WEBHOOK_INGRESS')]",
|
||||
"properties": {
|
||||
"protocol": "Tcp",
|
||||
"sourceApplicationSecurityGroups": [
|
||||
{
|
||||
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
|
||||
}
|
||||
],
|
||||
"sourcePortRange": "*",
|
||||
"destinationApplicationSecurityGroups": [
|
||||
{
|
||||
"id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]"
|
||||
}
|
||||
],
|
||||
"destinationPortRange": "6080",
|
||||
"access": "Allow",
|
||||
"priority": 320,
|
||||
"direction": "Inbound"
|
||||
},
|
||||
"dependsOn": [
|
||||
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]",
|
||||
"[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]",
|
||||
"[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Network/networkSecurityGroups",
|
||||
"apiVersion": "2023-11-01",
|
||||
|
|
|
|||
|
|
@ -122,7 +122,8 @@ resource "google_compute_firewall" "master_to_master_internal" {
|
|||
"5000",
|
||||
"3000",
|
||||
"4443",
|
||||
"9080"
|
||||
"9080",
|
||||
"6080"
|
||||
]
|
||||
}
|
||||
|
||||
|
|
@ -145,7 +146,8 @@ resource "google_compute_firewall" "media_to_master_services" {
|
|||
"9009",
|
||||
"3100",
|
||||
"4443",
|
||||
"9080"
|
||||
"9080",
|
||||
"6080"
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue