diff --git a/openvidu-deployment/community/singlenode/aws/cf-openvidu-singlenode.yaml b/openvidu-deployment/community/singlenode/aws/cf-openvidu-singlenode.yaml index d279b5bee..2fb83cbc6 100644 --- a/openvidu-deployment/community/singlenode/aws/cf-openvidu-singlenode.yaml +++ b/openvidu-deployment/community/singlenode/aws/cf-openvidu-singlenode.yaml @@ -60,21 +60,6 @@ Parameters: AllowedPattern: '^[A-Za-z0-9, =_.\-]*$' # Allows letters, numbers, comma, space, underscore, dot, equals, and hyphen ConstraintDescription: Must be a comma-separated list of flags (for example, --flag=value, --bool-flag). - TurnDomainName: - Description: '(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls' - Type: String - Default: '' - - TurnOwnPublicCertificate: - Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - Type: String - Default: '' - - TurnOwnPrivateCertificate: - Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - Type: String - Default: '' - # EC2 Instance configuration InstanceType: Description: "Specifies the EC2 instance type for your OpenVidu instance" @@ -456,12 +441,6 @@ Metadata: default: "(Optional) Additional Installer Flags" Parameters: - AdditionalInstallFlags - - Label: - default: (Optional) TURN server configuration with TLS - Parameters: - - TurnDomainName - - TurnOwnPublicCertificate - - TurnOwnPrivateCertificate Conditions: PublicElasticIPPresent: !Not [ !Equals [!Ref PublicElasticIP, ""] ] @@ -515,7 +494,6 @@ Resources: "GRAFANA_URL": "none", "MINIO_URL": "none", "DOMAIN_NAME": "none", - "LIVEKIT_TURN_DOMAIN_NAME": "none", "REDIS_PASSWORD": "none", "MONGO_ADMIN_USERNAME": "none", "MONGO_ADMIN_PASSWORD": "none", @@ -644,7 +622,6 @@ Resources: PublicHostname=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-hostname) RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8) DOMAIN=openvidu-$RANDOM_DOMAIN_STRING-$(echo "$PublicHostname" | cut -d'.' -f1 | sed 's/^ec2-//').sslip.io - TURN_DOMAIN_NAME_SSLIP_IO="turn-$RANDOM_DOMAIN_STRING-$(echo "$PublicHostname" | cut -d'.' -f1 | sed 's/^ec2-//').sslip.io" else DOMAIN=${DomainName} fi @@ -717,18 +694,6 @@ Resources: done fi - if [[ "${!TURN_DOMAIN_NAME_SSLIP_IO}" != '' ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${!TURN_DOMAIN_NAME_SSLIP_IO}") - COMMON_ARGS+=( - "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME" - ) - elif [[ "${TurnDomainName}" != '' ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${TurnDomainName}") - COMMON_ARGS+=( - "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME" - ) - fi - # Certificate arguments if [[ "${CertificateType}" == "selfsigned" ]]; then CERT_ARGS=( @@ -748,18 +713,6 @@ Resources: "--owncert-public-key=$OWN_CERT_CRT" "--owncert-private-key=$OWN_CERT_KEY" ) - - # Turn with TLS and own certificate - if [[ "${TurnDomainName}" != '' ]]; then - # Use base64 encoded certificates directly - OWN_CERT_CRT_TURN=${TurnOwnPublicCertificate} - OWN_CERT_KEY_TURN=${TurnOwnPrivateCertificate} - - CERT_ARGS+=( - "--turn-owncert-private-key=$OWN_CERT_KEY_TURN" - "--turn-owncert-public-key=$OWN_CERT_CRT_TURN" - ) - fi fi # Construct the final command with all arguments @@ -856,12 +809,6 @@ Resources: exit 1 fi - # Replace LIVEKIT_TURN_DOMAIN_NAME - export LIVEKIT_TURN_DOMAIN_NAME=$(echo $SHARED_SECRET | jq -r .LIVEKIT_TURN_DOMAIN_NAME) - if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then - sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "${!CONFIG_DIR}/openvidu.env" - fi - # Replace rest of the values sed -i "s/REDIS_PASSWORD=.*/REDIS_PASSWORD=$(echo $SHARED_SECRET | jq -r .REDIS_PASSWORD)/" "${!CONFIG_DIR}/openvidu.env" sed -i "s/MONGO_ADMIN_USERNAME=.*/MONGO_ADMIN_USERNAME=$(echo $SHARED_SECRET | jq -r .MONGO_ADMIN_USERNAME)/" "${!CONFIG_DIR}/openvidu.env" @@ -918,7 +865,6 @@ Resources: # Update shared secret SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"REDIS_PASSWORD": "'"$(/usr/local/bin/get_value_from_config.sh REDIS_PASSWORD "${!CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"DOMAIN_NAME": "'"$(/usr/local/bin/get_value_from_config.sh DOMAIN_NAME "${!CONFIG_DIR}/openvidu.env")"'"}')" - SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"LIVEKIT_TURN_DOMAIN_NAME": "'"$(/usr/local/bin/get_value_from_config.sh LIVEKIT_TURN_DOMAIN_NAME "${!CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"MONGO_ADMIN_USERNAME": "'"$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_USERNAME "${!CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"MONGO_ADMIN_PASSWORD": "'"$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_PASSWORD "${!CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"MONGO_REPLICA_SET_KEY": "'"$(/usr/local/bin/get_value_from_config.sh MONGO_REPLICA_SET_KEY "${!CONFIG_DIR}/openvidu.env")"'"}')" diff --git a/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml b/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml index 40eb13c34..cb9addfa6 100644 --- a/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml +++ b/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml @@ -60,21 +60,6 @@ Parameters: AllowedPattern: '^[A-Za-z0-9, =_.\-]*$' # Allows letters, numbers, comma, space, underscore, dot, equals, and hyphen ConstraintDescription: Must be a comma-separated list of flags (for example, --flag=value, --bool-flag). - TurnDomainName: - Description: '(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls' - Type: String - Default: '' - - TurnOwnPublicCertificate: - Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - Type: String - Default: '' - - TurnOwnPrivateCertificate: - Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - Type: String - Default: '' - OpenViduLicense: Description: "Visit https://openvidu.io/account" Type: String @@ -861,13 +846,6 @@ Metadata: default: "(Optional) Additional Installer Flags" Parameters: - AdditionalInstallFlags - - Label: - default: (Optional) TURN server configuration with TLS - Parameters: - - TurnDomainName - - TurnOwnPublicCertificate - - TurnOwnPrivateCertificate - Conditions: PublicElasticIPPresent: !Not [ !Equals [!Ref PublicElasticIP, ""] ] PublicElasticIPAbsent: !Equals [!Ref PublicElasticIP, ""] @@ -931,7 +909,6 @@ Resources: "GRAFANA_URL": "none", "MINIO_URL": "none", "DOMAIN_NAME": "none", - "LIVEKIT_TURN_DOMAIN_NAME": "none", "OPENVIDU_PRO_LICENSE": "none", "OPENVIDU_RTC_ENGINE": "none", "REDIS_PASSWORD": "none", @@ -1163,7 +1140,6 @@ Resources: PublicHostname=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-hostname) RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8) DOMAIN=openvidu-$RANDOM_DOMAIN_STRING-$(echo "$PublicHostname" | cut -d'.' -f1 | sed 's/^ec2-//').sslip.io - TURN_DOMAIN_NAME_SSLIP_IO="turn-$RANDOM_DOMAIN_STRING-$(echo "$PublicHostname" | cut -d'.' -f1 | sed 's/^ec2-//').sslip.io" else DOMAIN=${DomainName} fi @@ -1190,7 +1166,7 @@ Resources: break fi - RETRY_COUNT=RETRY_COUNT+1 + RETRY_COUNT=$((RETRY_COUNT+1)) if [[ $RETRY_COUNT -ge $MAX_RETRIES ]]; then exit 1 fi @@ -1271,19 +1247,6 @@ Resources: done fi - # Turn with TLS - if [[ "${!TURN_DOMAIN_NAME_SSLIP_IO}" != '' ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${!TURN_DOMAIN_NAME_SSLIP_IO}") - COMMON_ARGS+=( - "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME" - ) - elif [[ "${TurnDomainName}" != '' ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${TurnDomainName}") - COMMON_ARGS+=( - "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME" - ) - fi - # Certificate arguments if [[ "${CertificateType}" == "selfsigned" ]]; then CERT_ARGS=( @@ -1303,18 +1266,6 @@ Resources: "--owncert-public-key=$OWN_CERT_CRT" "--owncert-private-key=$OWN_CERT_KEY" ) - - # Turn with TLS and own certificate - if [[ "${TurnDomainName}" != '' ]]; then - # Use base64 encoded certificates directly - OWN_CERT_CRT_TURN=${TurnOwnPublicCertificate} - OWN_CERT_KEY_TURN=${TurnOwnPrivateCertificate} - - CERT_ARGS+=( - "--turn-owncert-private-key=$OWN_CERT_KEY_TURN" - "--turn-owncert-public-key=$OWN_CERT_CRT_TURN" - ) - fi fi # Construct the final command with all arguments @@ -1412,12 +1363,6 @@ Resources: exit 1 fi - # Replace LIVEKIT_TURN_DOMAIN_NAME - export LIVEKIT_TURN_DOMAIN_NAME=$(echo $SHARED_SECRET | jq -r .LIVEKIT_TURN_DOMAIN_NAME) - if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then - sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "${!CLUSTER_CONFIG_DIR}/openvidu.env" - fi - # Replace rest of the values sed -i "s/REDIS_PASSWORD=.*/REDIS_PASSWORD=$(echo $SHARED_SECRET | jq -r .REDIS_PASSWORD)/" "${!MASTER_NODE_CONFIG_DIR}/master_node.env" sed -i "s/OPENVIDU_RTC_ENGINE=.*/OPENVIDU_RTC_ENGINE=$(echo $SHARED_SECRET | jq -r .OPENVIDU_RTC_ENGINE)/" "${!CLUSTER_CONFIG_DIR}/openvidu.env" @@ -1478,7 +1423,6 @@ Resources: # Update shared secret SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"REDIS_PASSWORD": "'"$(/usr/local/bin/get_value_from_config.sh REDIS_PASSWORD "${!MASTER_NODE_CONFIG_DIR}/master_node.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"DOMAIN_NAME": "'"$(/usr/local/bin/get_value_from_config.sh DOMAIN_NAME "${!CLUSTER_CONFIG_DIR}/openvidu.env")"'"}')" - SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"LIVEKIT_TURN_DOMAIN_NAME": "'"$(/usr/local/bin/get_value_from_config.sh LIVEKIT_TURN_DOMAIN_NAME "${!CLUSTER_CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"OPENVIDU_RTC_ENGINE": "'"$(/usr/local/bin/get_value_from_config.sh OPENVIDU_RTC_ENGINE "${!CLUSTER_CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"OPENVIDU_PRO_LICENSE": "'"$(/usr/local/bin/get_value_from_config.sh OPENVIDU_PRO_LICENSE "${!CLUSTER_CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"MONGO_ADMIN_USERNAME": "'"$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_USERNAME "${!CLUSTER_CONFIG_DIR}/openvidu.env")"'"}')" @@ -1731,7 +1675,7 @@ Resources: if [[ "$SHARED_SECRET" != "none" ]]; then break fi - RETRY_COUNT=RETRY_COUNT+1 + RETRY_COUNT=$((RETRY_COUNT+1)) if [[ $RETRY_COUNT -ge $MAX_RETRIES ]]; then exit 1 fi diff --git a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml index bef0aebcf..86e06433a 100644 --- a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml +++ b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml @@ -14,16 +14,6 @@ Parameters: AllowedPattern: '.+' ConstraintDescription: The Load Balancer domain name must be defined - TurnDomainName: - Description: '(Optional) Domain name for the TURN server with TLS.' - Type: String - Default: '' - - TurnCertificateARN: - Description: '(Optional) Amazon certificate arn resource to load into the TURN LoadBalancer' - Type: String - Default: '' - OpenViduLicense: Description: "Visit https://openvidu.io/account" Type: String @@ -848,14 +838,8 @@ Metadata: default: "(Optional) Additional Installer Flags" Parameters: - AdditionalInstallFlags - - Label: - default: (Optional) TURN server configuration with TLS - Parameters: - - TurnDomainName - - TurnCertificateARN Conditions: - TurnTLSIsEnabled: !Or [!Not [!Equals [!Ref TurnDomainName, ""]], !Not [!Equals [!Ref TurnCertificateARN, ""]]] CreateRecordingsBucket: !Equals [!Ref S3AppDataBucketName, ""] CreateClusterDataBucket: !Equals [!Ref S3ClusterDataBucketName, ""] IsMasterGraviton: !Or @@ -880,22 +864,6 @@ Conditions: - !Equals [ !Select [ 0, !Split ['.', !Ref MediaNodeInstanceType ]], 'm7g'] - !Equals [ !Select [ 0, !Split ['.', !Ref MediaNodeInstanceType ]], 'm7gd'] - !Equals [ !Select [ 0, !Split ['.', !Ref MediaNodeInstanceType ]], 'm8g'] - # --- - # Experimental TURN TLS with main domain - ExperimentalTurnTLSWithMainDomain: - Fn::Not: - - Fn::Equals: - - !Ref AdditionalInstallFlags - - !Select [0, !Split ["--experimental-turn-tls-with-main-domain", !Ref AdditionalInstallFlags]] - NotExperimentalTurnTLSWithMainDomain: - Fn::Or: - - Fn::Equals: - - !Ref AdditionalInstallFlags - - !Select [0, !Split ["--experimental-turn-tls-with-main-domain", !Ref AdditionalInstallFlags]] - - Fn::Equals: - - !Ref AdditionalInstallFlags - - "" - # --- Mappings: ArmImage: @@ -933,7 +901,6 @@ Resources: "GRAFANA_URL": "none", "MINIO_URL": "none", "DOMAIN_NAME": "none", - "LIVEKIT_TURN_DOMAIN_NAME": "none", "OPENVIDU_PRO_LICENSE": "none", "OPENVIDU_RTC_ENGINE": "none", "REDIS_PASSWORD": "none", @@ -1324,9 +1291,6 @@ Resources: # If the private IP is the same as the first master node, generate the secrets if [[ $MASTER_NODE_NUM -eq 1 ]] && [[ "$ALL_SECRETS_GENERATED" == "false" ]]; then DOMAIN="$(/usr/local/bin/store_secret.sh save DOMAIN_NAME "${DomainName}")" - if [[ -n "${TurnDomainName}" ]]; then - LIVEKIT_TURN_DOMAIN_NAME="$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${TurnDomainName}")" - fi OPENVIDU_PRO_LICENSE="$(/usr/local/bin/store_secret.sh save OPENVIDU_PRO_LICENSE "${OpenViduLicense}")" OPENVIDU_RTC_ENGINE="$(/usr/local/bin/store_secret.sh save OPENVIDU_RTC_ENGINE "${RTCEngine}")" # Store version so media nodes can use it to install the same version @@ -1411,7 +1375,6 @@ Resources: MASTER_NODE_PRIVATE_IP_LIST="$MASTER_NODE_1_PRIVATE_IP,$MASTER_NODE_2_PRIVATE_IP,$MASTER_NODE_3_PRIVATE_IP,$MASTER_NODE_4_PRIVATE_IP" DOMAIN=$(echo "$SHARED_SECRET" | jq -r '.DOMAIN_NAME') - LIVEKIT_TURN_DOMAIN_NAME=$(echo "$SHARED_SECRET" | jq -r '.LIVEKIT_TURN_DOMAIN_NAME') OPENVIDU_PRO_LICENSE=$(echo "$SHARED_SECRET" | jq -r '.OPENVIDU_PRO_LICENSE') OPENVIDU_RTC_ENGINE=$(echo "$SHARED_SECRET" | jq -r '.OPENVIDU_RTC_ENGINE') REDIS_PASSWORD=$(echo "$SHARED_SECRET" | jq -r '.REDIS_PASSWORD') @@ -1480,10 +1443,6 @@ Resources: done fi - if [[ "${!LIVEKIT_TURN_DOMAIN_NAME}" != "none" ]]; then - COMMON_ARGS+=("--turn-domain-name='${!LIVEKIT_TURN_DOMAIN_NAME}'") - fi - # Construct the final command FINAL_COMMAND="$INSTALL_COMMAND $(printf "%s " "${!COMMON_ARGS[@]}")" @@ -1584,12 +1543,6 @@ Resources: exit 1 fi - # Replace LIVEKIT_TURN_DOMAIN_NAME - export LIVEKIT_TURN_DOMAIN_NAME=$(echo $SHARED_SECRET | jq -r .LIVEKIT_TURN_DOMAIN_NAME) - if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then - sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "${!CLUSTER_CONFIG_DIR}/openvidu.env" - fi - # Replace rest of the values sed -i "s/REDIS_PASSWORD=.*/REDIS_PASSWORD=$(echo $SHARED_SECRET | jq -r .REDIS_PASSWORD)/" "${!MASTER_NODE_CONFIG_DIR}/master_node.env" sed -i "s/OPENVIDU_RTC_ENGINE=.*/OPENVIDU_RTC_ENGINE=$(echo $SHARED_SECRET | jq -r .OPENVIDU_RTC_ENGINE)/" "${!CLUSTER_CONFIG_DIR}/openvidu.env" @@ -1649,7 +1602,6 @@ Resources: # Update shared secret SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"REDIS_PASSWORD": "'"$(/usr/local/bin/get_value_from_config.sh REDIS_PASSWORD "${!MASTER_NODE_CONFIG_DIR}/master_node.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"DOMAIN_NAME": "'"$(/usr/local/bin/get_value_from_config.sh DOMAIN_NAME "${!CLUSTER_CONFIG_DIR}/openvidu.env")"'"}')" - SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"LIVEKIT_TURN_DOMAIN_NAME": "'"$(/usr/local/bin/get_value_from_config.sh LIVEKIT_TURN_DOMAIN_NAME "${!CLUSTER_CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"OPENVIDU_RTC_ENGINE": "'"$(/usr/local/bin/get_value_from_config.sh OPENVIDU_RTC_ENGINE "${!CLUSTER_CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"OPENVIDU_PRO_LICENSE": "'"$(/usr/local/bin/get_value_from_config.sh OPENVIDU_PRO_LICENSE "${!CLUSTER_CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"MONGO_ADMIN_USERNAME": "'"$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_USERNAME "${!CLUSTER_CONFIG_DIR}/openvidu.env")"'"}')" @@ -2235,11 +2187,7 @@ Resources: LaunchTemplateId: !Ref OpenViduMediaNodeLaunchTemplate Version: !GetAtt OpenViduMediaNodeLaunchTemplate.DefaultVersionNumber TargetGroupARNs: - Fn::If: - - TurnTLSIsEnabled - - - !Ref OpenViduMediaNodeRTMPTG - - !Ref OpenViduMediaNodeTurnTLSTG - - - !Ref OpenViduMediaNodeRTMPTG + - !Ref OpenViduMediaNodeRTMPTG MinSize: !Ref MinNumberOfMediaNodes MaxSize: !Ref MaxNumberOfMediaNodes DesiredCapacity: !Ref InitialNumberOfMediaNodes @@ -2700,27 +2648,6 @@ Resources: ToPort: 9092 SourceSecurityGroupId: !Ref OpenViduLoadBalancerSG - OpenViduLoadBalancerTurnTLSToMediaNodeIngressSG: - Type: AWS::EC2::SecurityGroupIngress - Condition: TurnTLSIsEnabled - Properties: - GroupId: !Ref OpenViduMediaNodeSG - IpProtocol: tcp - FromPort: 5349 - ToPort: 5349 - SourceSecurityGroupId: !Ref OpenViduTurnTLSLoadBalancerSG - - OpenViduLoadBalancerTurnTLSToMediaNodeHealthCheckSG: - Type: AWS::EC2::SecurityGroupIngress - Condition: TurnTLSIsEnabled - Properties: - GroupId: !Ref OpenViduMediaNodeSG - IpProtocol: tcp - FromPort: 7880 - ToPort: 7880 - SourceSecurityGroupId: !Ref OpenViduTurnTLSLoadBalancerSG - - OpenViduMasterToMediaNodeServerIngressSG: Type: AWS::EC2::SecurityGroupIngress Properties: @@ -2739,11 +2666,8 @@ Resources: ToPort: 8080 SourceSecurityGroupId: !Ref OpenViduMasterNodeSG - # --- - # Experimental TURN TLS with main domain OpenViduTurnTLSMasterNodeToMediaNodeIngressSG: Type: AWS::EC2::SecurityGroupIngress - Condition: ExperimentalTurnTLSWithMainDomain Properties: GroupId: !Ref OpenViduMediaNodeSG IpProtocol: tcp @@ -2753,14 +2677,12 @@ Resources: OpenViduTurnTLSLoadBalancerToMediaNodeIngressSG: Type: AWS::EC2::SecurityGroupIngress - Condition: ExperimentalTurnTLSWithMainDomain Properties: GroupId: !Ref OpenViduMasterNodeSG IpProtocol: tcp FromPort: 443 ToPort: 443 SourceSecurityGroupId: !Ref OpenViduLoadBalancerSG - # --- OpenViduLoadBalancerSG: Type: AWS::EC2::SecurityGroup @@ -2794,23 +2716,6 @@ Resources: ToPort: 1935 CidrIpv6: ::/0 - OpenViduTurnTLSLoadBalancerSG: - Type: AWS::EC2::SecurityGroup - Condition: TurnTLSIsEnabled - Properties: - GroupDescription: Security group for the Load Balancer for TURN with TLS - GroupName: !Sub openvidu-ha-turn-tls-lb-sg-${AWS::Region}-${AWS::StackName} - VpcId: !Ref OpenViduVPC - SecurityGroupIngress: - - IpProtocol: tcp - FromPort: 443 - ToPort: 443 - CidrIp: 0.0.0.0/0 - - IpProtocol: tcp - FromPort: 443 - ToPort: 443 - CidrIpv6: ::/0 - LoadBalancer: Type: AWS::ElasticLoadBalancingV2::LoadBalancer DependsOn: @@ -2831,54 +2736,8 @@ Resources: - Key: Name Value: !Sub ${AWS::StackName} - OpenVidu HA - Load Balancer - TurnTLSLoadBalancer: - Type: AWS::ElasticLoadBalancingV2::LoadBalancer - Condition: TurnTLSIsEnabled - Properties: - Name: - Fn::Join: - # Generate a not too long and unique load balancer name - # Getting a unique identifier from the stack id - - '' - - - OpenViduHA-TurnTLS- - - !Select [4, !Split ['-', !Select [2, !Split ['/', !Ref AWS::StackId]]]] - Subnets: !Ref OpenViduMediaNodeSubnets - SecurityGroups: - - !Ref OpenViduTurnTLSLoadBalancerSG - Type: network - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} - OpenVidu HA - TURN with TLS Load Balancer - - OpenViduMasterNodeHTTPListener: - Type: 'AWS::ElasticLoadBalancingV2::Listener' - Condition: NotExperimentalTurnTLSWithMainDomain - Properties: - DefaultActions: - - Type: forward - TargetGroupArn: !Ref OpenViduMasterNodeHTTPTG - LoadBalancerArn: !Ref LoadBalancer - Port: 80 - Protocol: TCP - - OpenViduMasterNodeListener: - Type: 'AWS::ElasticLoadBalancingV2::Listener' - Condition: NotExperimentalTurnTLSWithMainDomain - Properties: - DefaultActions: - - Type: forward - TargetGroupArn: !Ref OpenViduMasterNodeTG - LoadBalancerArn: !Ref LoadBalancer - Port: 443 - Protocol: TLS - Certificates: - - CertificateArn: !Ref OpenViduCertificateARN - - # --- - # Experimental TURN TLS with main domain OpenViduMasterNodeWithTurnTLSHTTPListener: Type: 'AWS::ElasticLoadBalancingV2::Listener' - Condition: ExperimentalTurnTLSWithMainDomain Properties: DefaultActions: - Type: forward @@ -2889,7 +2748,6 @@ Resources: OpenViduMasterNodeWithTurnTLSListener: Type: 'AWS::ElasticLoadBalancingV2::Listener' - Condition: ExperimentalTurnTLSWithMainDomain Properties: DefaultActions: - Type: forward @@ -2899,7 +2757,6 @@ Resources: Protocol: TLS Certificates: - CertificateArn: !Ref OpenViduCertificateARN - # --- OpenViduRTMPMediaNodeListener: Type: 'AWS::ElasticLoadBalancingV2::Listener' @@ -2913,22 +2770,8 @@ Resources: Certificates: - CertificateArn: !Ref OpenViduCertificateARN - OpenViduTurnTLSMediaNodeListener: - Type: 'AWS::ElasticLoadBalancingV2::Listener' - Condition: TurnTLSIsEnabled - Properties: - DefaultActions: - - Type: forward - TargetGroupArn: !Ref OpenViduMediaNodeTurnTLSTG - LoadBalancerArn: !Ref TurnTLSLoadBalancer - Port: 443 - Protocol: TLS - Certificates: - - CertificateArn: !Ref TurnCertificateARN - OpenViduMasterNodeHTTPTG: Type: AWS::ElasticLoadBalancingV2::TargetGroup - Condition: NotExperimentalTurnTLSWithMainDomain Properties: Name: Fn::Join: @@ -2962,47 +2805,8 @@ Resources: - Key: Name Value: !Sub ${AWS::StackName} - OpenVidu HA - Master HTTP Target Group - OpenViduMasterNodeTG: - Type: AWS::ElasticLoadBalancingV2::TargetGroup - Condition: NotExperimentalTurnTLSWithMainDomain - Properties: - Name: - Fn::Join: - # Generate a not too long and unique target id - # Getting a unique identifier from the stack id - - '' - - - OpenVidu- - - !Select [4, !Split ['-', !Select [2, !Split ['/', !Ref AWS::StackId]]]] - TargetType: instance - Targets: - - Id: !Ref OpenViduMasterNode1 - - Id: !Ref OpenViduMasterNode2 - - Id: !Ref OpenViduMasterNode3 - - Id: !Ref OpenViduMasterNode4 - VpcId: !Ref OpenViduVPC - Port: 7880 - Protocol: TCP - Matcher: - HttpCode: '200' - HealthCheckIntervalSeconds: 10 - HealthCheckPath: /health/caddy - HealthCheckProtocol: HTTP - HealthCheckPort: '7880' - HealthCheckTimeoutSeconds: 5 - HealthyThresholdCount: 3 - UnhealthyThresholdCount: 4 - TargetGroupAttributes: - - Key: deregistration_delay.timeout_seconds - Value: 60 - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} - OpenVidu HA - Master Target Group - - # --- - # Experimental TURN TLS with main domain OpenViduMasterNodeWithTurnTLSTG: Type: AWS::ElasticLoadBalancingV2::TargetGroup - Condition: ExperimentalTurnTLSWithMainDomain Properties: Name: Fn::Join: @@ -3035,7 +2839,6 @@ Resources: Tags: - Key: Name Value: !Sub ${AWS::StackName} - OpenVidu HA - TURN TLS Master Target Group - # --- OpenViduMediaNodeRTMPTG: Type: AWS::ElasticLoadBalancingV2::TargetGroup @@ -3067,33 +2870,6 @@ Resources: - Key: Name Value: !Sub ${AWS::StackName} - OpenVidu HA - RTMP Target Group - OpenViduMediaNodeTurnTLSTG: - Type: AWS::ElasticLoadBalancingV2::TargetGroup - Condition: TurnTLSIsEnabled - Properties: - Name: - Fn::Join: - # Generate a not too long and unique target id - # Getting a unique identifier from the stack id - - '' - - - OVTurnTLS- - - !Select [4, !Split ['-', !Select [2, !Split ['/', !Ref AWS::StackId]]]] - VpcId: !Ref OpenViduVPC - Port: 5349 - Protocol: TCP - Matcher: - HttpCode: '200' - HealthCheckIntervalSeconds: 10 - HealthCheckPath: / - HealthCheckProtocol: HTTP - HealthCheckPort: '7880' - HealthCheckTimeoutSeconds: 5 - HealthyThresholdCount: 3 - UnhealthyThresholdCount: 4 - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} - OpenVidu HA - TURN TLS Target Group - Outputs: ServicesAndCredentials: Description: Services and credentials diff --git a/openvidu-deployment/pro/singlenode/aws/cf-openvidu-singlenode.yaml b/openvidu-deployment/pro/singlenode/aws/cf-openvidu-singlenode.yaml index 347db9e98..8b432d446 100644 --- a/openvidu-deployment/pro/singlenode/aws/cf-openvidu-singlenode.yaml +++ b/openvidu-deployment/pro/singlenode/aws/cf-openvidu-singlenode.yaml @@ -60,20 +60,6 @@ Parameters: AllowedPattern: '^[A-Za-z0-9, =_.\-]*$' # Allows letters, numbers, comma, space, underscore, dot, equals, and hyphen ConstraintDescription: Must be a comma-separated list of flags (for example, --flag=value, --bool-flag). - TurnDomainName: - Description: '(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls' - Type: String - Default: '' - - TurnOwnPublicCertificate: - Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - Type: String - Default: '' - - TurnOwnPrivateCertificate: - Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." - Type: String - Default: '' OpenViduLicense: Description: "Visit https://openvidu.io/account" @@ -476,12 +462,6 @@ Metadata: default: "(Optional) Additional Installer Flags" Parameters: - AdditionalInstallFlags - - Label: - default: (Optional) TURN server configuration with TLS - Parameters: - - TurnDomainName - - TurnOwnPublicCertificate - - TurnOwnPrivateCertificate Conditions: PublicElasticIPPresent: !Not [ !Equals [!Ref PublicElasticIP, ""] ] @@ -534,7 +514,6 @@ Resources: "GRAFANA_URL": "none", "MINIO_URL": "none", "DOMAIN_NAME": "none", - "LIVEKIT_TURN_DOMAIN_NAME": "none", "OPENVIDU_PRO_LICENSE": "none", "OPENVIDU_RTC_ENGINE": "none", "REDIS_PASSWORD": "none", @@ -665,7 +644,6 @@ Resources: PublicHostname=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-hostname) RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8) DOMAIN=openvidu-$RANDOM_DOMAIN_STRING-$(echo "$PublicHostname" | cut -d'.' -f1 | sed 's/^ec2-//').sslip.io - TURN_DOMAIN_NAME_SSLIP_IO="turn-$RANDOM_DOMAIN_STRING-$(echo "$PublicHostname" | cut -d'.' -f1 | sed 's/^ec2-//').sslip.io" else DOMAIN=${DomainName} fi @@ -743,18 +721,6 @@ Resources: done fi - if [[ "${!TURN_DOMAIN_NAME_SSLIP_IO}" != '' ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${!TURN_DOMAIN_NAME_SSLIP_IO}") - COMMON_ARGS+=( - "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME" - ) - elif [[ "${TurnDomainName}" != '' ]]; then - LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${TurnDomainName}") - COMMON_ARGS+=( - "--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME" - ) - fi - # Certificate arguments if [[ "${CertificateType}" == "selfsigned" ]]; then CERT_ARGS=( @@ -774,18 +740,6 @@ Resources: "--owncert-public-key=$OWN_CERT_CRT" "--owncert-private-key=$OWN_CERT_KEY" ) - - # Turn with TLS and own certificate - if [[ "${TurnDomainName}" != '' ]]; then - # Use base64 encoded certificates directly - OWN_CERT_CRT_TURN=${TurnOwnPublicCertificate} - OWN_CERT_KEY_TURN=${TurnOwnPrivateCertificate} - - CERT_ARGS+=( - "--turn-owncert-private-key=$OWN_CERT_KEY_TURN" - "--turn-owncert-public-key=$OWN_CERT_CRT_TURN" - ) - fi fi # Construct the final command with all arguments @@ -882,12 +836,6 @@ Resources: exit 1 fi - # Replace LIVEKIT_TURN_DOMAIN_NAME - export LIVEKIT_TURN_DOMAIN_NAME=$(echo $SHARED_SECRET | jq -r .LIVEKIT_TURN_DOMAIN_NAME) - if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then - sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "${!CONFIG_DIR}/openvidu.env" - fi - # Replace rest of the values sed -i "s/REDIS_PASSWORD=.*/REDIS_PASSWORD=$(echo $SHARED_SECRET | jq -r .REDIS_PASSWORD)/" "${!CONFIG_DIR}/openvidu.env" sed -i "s/OPENVIDU_PRO_LICENSE=.*/OPENVIDU_PRO_LICENSE=$(echo $SHARED_SECRET | jq -r .OPENVIDU_PRO_LICENSE)/" "${!CONFIG_DIR}/openvidu.env" @@ -948,7 +896,6 @@ Resources: SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"OPENVIDU_PRO_LICENSE": "'"$(/usr/local/bin/get_value_from_config.sh OPENVIDU_PRO_LICENSE "${!CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"OPENVIDU_RTC_ENGINE": "'"$(/usr/local/bin/get_value_from_config.sh OPENVIDU_RTC_ENGINE "${!CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"DOMAIN_NAME": "'"$(/usr/local/bin/get_value_from_config.sh DOMAIN_NAME "${!CONFIG_DIR}/openvidu.env")"'"}')" - SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"LIVEKIT_TURN_DOMAIN_NAME": "'"$(/usr/local/bin/get_value_from_config.sh LIVEKIT_TURN_DOMAIN_NAME "${!CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"MONGO_ADMIN_USERNAME": "'"$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_USERNAME "${!CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"MONGO_ADMIN_PASSWORD": "'"$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_PASSWORD "${!CONFIG_DIR}/openvidu.env")"'"}')" SHARED_SECRET="$(echo "$SHARED_SECRET" | jq '. + {"MONGO_REPLICA_SET_KEY": "'"$(/usr/local/bin/get_value_from_config.sh MONGO_REPLICA_SET_KEY "${!CONFIG_DIR}/openvidu.env")"'"}')"