diff --git a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml index 1bc277e8..82fa1372 100644 --- a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml +++ b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml @@ -75,17 +75,22 @@ services: max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" coturn: - image: openvidu/openvidu-coturn:3.0.0 + image: openvidu/openvidu-coturn:4.0.0-dev1 restart: on-failure network_mode: host - environment: + environment: - REDIS_IP=127.0.0.1 - - TURN_LISTEN_PORT=3478 - DB_NAME=0 - DB_PASSWORD=${OPENVIDU_SECRET} - - MIN_PORT=57001 - - MAX_PORT=65535 - - ENABLE_COTURN_LOGS=true + command: + - --log-file=stdout + - --listening-port=3478 + - --fingerprint + - --lt-cred-mech + - --min-port=57001 + - --max-port=65535 + - --realm=openvidu + - --verbose logging: options: max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" diff --git a/openvidu-server/deployments/pro/docker-compose/aws-asg-openvidu-server-pro/docker-compose.yml b/openvidu-server/deployments/pro/docker-compose/aws-asg-openvidu-server-pro/docker-compose.yml index d5d118ad..6f533daa 100644 --- a/openvidu-server/deployments/pro/docker-compose/aws-asg-openvidu-server-pro/docker-compose.yml +++ b/openvidu-server/deployments/pro/docker-compose/aws-asg-openvidu-server-pro/docker-compose.yml @@ -85,18 +85,23 @@ services: max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" coturn: - image: openvidu/openvidu-coturn:3.0.0 + image: openvidu/openvidu-coturn:4.0.0-dev1 restart: on-failure network_mode: host - environment: + environment: - REDIS_IP=127.0.0.1 - - TURN_LISTEN_PORT=3478 - DB_NAME=0 - DB_PASSWORD=${OPENVIDU_SECRET} - - MIN_PORT=40000 - - MAX_PORT=65535 - - TURN_PUBLIC_IP=${TURN_PUBLIC_IP:-auto-ipv4} - - ENABLE_COTURN_LOGS=true + command: + - --log-file=stdout + - --external-ip=$$(detect-external-ip) + - --listening-port=3478 + - --fingerprint + - --lt-cred-mech + - --min-port=40000 + - --max-port=65535 + - --realm=openvidu + - --verbose logging: options: max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml index 202faa7e..35218598 100644 --- a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml +++ b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml @@ -62,18 +62,23 @@ services: max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" coturn: - image: openvidu/openvidu-coturn:3.0.0 + image: openvidu/openvidu-coturn:4.0.0-dev1 restart: on-failure network_mode: host - environment: + environment: - REDIS_IP=127.0.0.1 - - TURN_LISTEN_PORT=3478 - DB_NAME=0 - DB_PASSWORD=${OPENVIDU_SECRET} - - MIN_PORT=40000 - - MAX_PORT=65535 - - TURN_PUBLIC_IP=${TURN_PUBLIC_IP:-auto-ipv4} - - ENABLE_COTURN_LOGS=true + command: + - --log-file=stdout + - --external-ip=$$(detect-external-ip) + - --listening-port=3478 + - --fingerprint + - --lt-cred-mech + - --min-port=40000 + - --max-port=65535 + - --realm=openvidu + - --verbose logging: options: max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" diff --git a/openvidu-server/docker/openvidu-coturn/Dockerfile b/openvidu-server/docker/openvidu-coturn/Dockerfile index bcaf1acd..878c412d 100644 --- a/openvidu-server/docker/openvidu-coturn/Dockerfile +++ b/openvidu-server/docker/openvidu-coturn/Dockerfile @@ -1,14 +1,17 @@ -FROM ubuntu:16.04 +FROM coturn/coturn:4.5.2-alpine -RUN apt-get update \ - && apt-get install -y coturn curl dnsutils +USER root -COPY ./configuration-files.sh /tmp/ -COPY ./entrypoint.sh /usr/local/bin -COPY ./discover_my_public_ip.sh /usr/local/bin +RUN apk add --no-cache bind-tools -RUN chmod +x /tmp/configuration-files.sh \ - && chmod +x /usr/local/bin/entrypoint.sh \ - && chmod +x /usr/local/bin/discover_my_public_ip.sh +# Override detect-external-ip.sh script +COPY ./detect-external-ip.sh /usr/local/bin/detect-external-ip.sh +COPY ./docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh -ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ] \ No newline at end of file +RUN chmod +x /usr/local/bin/detect-external-ip.sh /usr/local/bin/docker-entrypoint.sh && \ + chown -R nobody:nogroup /var/lib/coturn/ && \ + touch /turnserver.conf && chown nobody:nogroup /turnserver.conf + +USER nobody:nogroup +ENTRYPOINT ["docker-entrypoint.sh"] +CMD ["--log-file=stdout", "--external-ip=$(detect-external-ip)"] \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-coturn/README.md b/openvidu-server/docker/openvidu-coturn/README.md index 4b1ea95e..16673585 100644 --- a/openvidu-server/docker/openvidu-coturn/README.md +++ b/openvidu-server/docker/openvidu-coturn/README.md @@ -1,42 +1,4 @@ -# Coturn OpenVidu +# OpenVidu Coturn -This is a docker image to launch a coturn server. Environment variables can be defined to modify the files `/etc/default/coturn` and `cat>/etc/turnserver.conf`. - -## Environment variables - -### Turn configuration -- TURN_PUBLIC_IP: Public ip where coturn will be placed. If this environment variable is not setted, it will get the ip returned by `curl ifconfig.co`. -- TURN_LISTEN_PORT: Port where turn will be listening. - -### Turn credentials -- REDIS_IP: Redis where credentials are stored -- DB_NAME: Name of the database in redis -- DB_PASSWORD: Password of the redis database - -# Execution example - -Actual version of OpenVidu need to be located in the same node because tokens sends the url for turn/stun connections with the host url. - -## Execute turn locally next to the redis database - -You need to have a redis database running: - -``` -docker run --rm --name some-redis -d -p 6379:6379 redis -``` - -Get the ip of the container and after that, run coturn, you can use url as ip too, in this example I am running coturn with nip.io: - -``` -docker run -it -e REDIS_IP=172.17.0.2 -e DB_NAME=0 -e DB_PASSWORD=turn -e MIN_PORT=40000 -e MAX_PORT=65535 -e TURN_PUBLIC_IP=auto -e TURN_LISTEN_PORT=3478 --network=host openvidu/openvidu-coturn -``` - -## Execute turn locally with fixed username and password -``` -docker run -it -e TURN_PUBLIC_IP=auto -e TURN_USERNAME_PASSWORD=: -e MIN_PORT=40000 -e MAX_PORT=65535 -e TURN_LISTEN_PORT=3478 --network=host openvidu/openvidu-coturn -``` - - -# Kubernetes - -TODO +This is a minor modification from the official [coturn/coturn](https://hub.docker.com/r/coturn/coturn) image. +It just replace the `detect-external-ip.sh` with a custom one to use DNS to resolve getting the public IP. diff --git a/openvidu-server/docker/openvidu-coturn/configuration-files.sh b/openvidu-server/docker/openvidu-coturn/configuration-files.sh deleted file mode 100644 index 4a88e4fb..00000000 --- a/openvidu-server/docker/openvidu-coturn/configuration-files.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -# Enable turn -cat>/etc/default/coturn</etc/turnserver.conf<> /etc/turnserver.conf -fi - -if [[ ! -z "${REDIS_IP}" ]] && [[ ! -z "${DB_NAME}" ]] && [[ ! -z "${DB_PASSWORD}" ]]; then - echo "redis-userdb=\"ip=${REDIS_IP} dbname=${DB_NAME} password=${DB_PASSWORD} connect_timeout=30\"" >> /etc/turnserver.conf -fi - -if [[ ! -z "${TURN_USERNAME_PASSWORD}" ]]; then - echo "user=${TURN_USERNAME_PASSWORD}" >> /etc/turnserver.conf -fi \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-coturn/create_image.sh b/openvidu-server/docker/openvidu-coturn/create_image.sh index e1f3a180..b52c524f 100755 --- a/openvidu-server/docker/openvidu-coturn/create_image.sh +++ b/openvidu-server/docker/openvidu-coturn/create_image.sh @@ -1,10 +1,8 @@ +#!/bin/bash + VERSION=$1 if [[ ! -z $VERSION ]]; then - cp ../utils/discover_my_public_ip.sh ./discover_my_public_ip.sh - docker build --rm -t openvidu/openvidu-coturn:$VERSION . - - rm ./discover_my_public_ip.sh else echo "Error: You need to specify a version as first argument" -fi +fi \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-coturn/detect-external-ip.sh b/openvidu-server/docker/openvidu-coturn/detect-external-ip.sh new file mode 100644 index 00000000..ce1feec7 --- /dev/null +++ b/openvidu-server/docker/openvidu-coturn/detect-external-ip.sh @@ -0,0 +1,115 @@ +#!/usr/bin/env sh +# shellcheck shell=dash + +#/ Use DNS to find out about the external IP of the running system. +#/ +#/ This script is useful when running from a machine that sits behind a NAT. +#/ Due to how NAT works, machines behind it belong to an internal or private +#/ subnet, with a different address space than the external or public side. +#/ +#/ Typically it is possible to make an HTTP request to a number of providers +#/ that offer the external IP in their response body (eg: ifconfig.me). However, +#/ why do a slow and heavy HTTP request, when DNS exists and is much faster? +#/ Well established providers such as OpenDNS or Google offer special hostnames +#/ that, when resolved, will actually return the IP address of the caller. +#/ +#/ https://unix.stackexchange.com/questions/22615/how-can-i-get-my-external-ip-address-in-a-shell-script/81699#81699 +#/ +#/ +#/ Arguments +#/ --------- +#/ +#/ --ipv4 +#/ +#/ Find the external IPv4 address. +#/ Optional. Default: Enabled. +#/ +#/ --ipv6 +#/ +#/ Find the external IPv6 address. +#/ Optional. Default: Disabled. + + + +# Shell setup +# =========== + +# Shell options for strict error checking. +for OPTION in errexit errtrace pipefail nounset; do + set -o | grep -wq "$OPTION" && set -o "$OPTION" +done + +# Trace all commands (to stderr). +#set -o xtrace + + + +# Shortcut: REAL_EXTERNAL_IP +# ========================== + +if [ -n "${REAL_EXTERNAL_IP:-}" ]; then + echo "$REAL_EXTERNAL_IP" + exit 0 +fi + + + +# Parse call arguments +# ==================== + +CFG_IPV4="true" + +while [ $# -gt 0 ]; do + case "${1-}" in + --ipv4) CFG_IPV4="true" ;; + --ipv6) CFG_IPV4="false" ;; + *) + echo "Invalid argument: '${1-}'" >&2 + exit 1 + ;; + esac + shift +done + + + +# Discover the external IP address +# ================================ + +if [ "$CFG_IPV4" = "true" ]; then + COMMANDS='dig @resolver1.opendns.com myip.opendns.com A -4 +short + dig @ns1.google.com o-o.myaddr.l.google.com TXT -4 +short | tr -d \" + dig @1.1.1.1 whoami.cloudflare TXT CH -4 +short | tr -d \" + dig @ns1-1.akamaitech.net whoami.akamai.net A -4 +short' + + is_valid_ip() { + # Check if the input looks like an IPv4 address. + # Doesn't check if the actual values are valid; assumes they are. + echo "$1" | grep -Eq '^([0-9]{1,3}\.){3}[0-9]{1,3}$' + } +else + COMMANDS='dig @resolver1.opendns.com myip.opendns.com AAAA -6 +short + dig @ns1.google.com o-o.myaddr.l.google.com TXT -6 +short | tr -d \" + dig @2606:4700:4700::1111 whoami.cloudflare TXT CH -6 +short | tr -d \"' + + is_valid_ip() { + # Check if the input looks like an IPv6 address. + # It's almost impossible to check the IPv6 representation because it + # varies wildly, so just check that there are at least 2 colons. + [ "$(echo "$1" | awk -F':' '{print NF-1}')" -ge 2 ] + } +fi + +echo "$COMMANDS" | while read -r COMMAND; do + if IP="$(eval "$COMMAND")" && is_valid_ip "$IP"; then + echo "$IP" + exit 100 # Exits the pipe subshell. + fi +done + +if [ $? -eq 100 ]; then + exit 0 +else + echo "[$0] All providers failed" >&2 + exit 1 +fi \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-coturn/docker-entrypoint.sh b/openvidu-server/docker/openvidu-coturn/docker-entrypoint.sh new file mode 100644 index 00000000..b8c87b79 --- /dev/null +++ b/openvidu-server/docker/openvidu-coturn/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +if [ ! -z "${REDIS_IP}" ] && [ ! -z "${DB_NAME}" ] && [ ! -z "${DB_PASSWORD}" ]; then + echo "redis-userdb=\"ip=${REDIS_IP} dbname=${DB_NAME} password=${DB_PASSWORD} connect_timeout=30\"" >> turnserver.conf +fi + +# If command starts with an option, prepend with turnserver binary. +if [ "${1:0:1}" == '-' ]; then + set -- turnserver "$@" +fi + +exec $(eval "echo $@") \ No newline at end of file diff --git a/openvidu-server/docker/openvidu-coturn/entrypoint.sh b/openvidu-server/docker/openvidu-coturn/entrypoint.sh deleted file mode 100644 index 25863902..00000000 --- a/openvidu-server/docker/openvidu-coturn/entrypoint.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -# Set debug mode -DEBUG=${DEBUG:-false} -[ "$DEBUG" == "true" ] && set -x - -#Check parameters -[[ "${TURN_PUBLIC_IP}" == "auto-ipv4" ]] && export TURN_PUBLIC_IP=$(/usr/local/bin/discover_my_public_ip.sh) -[[ "${TURN_PUBLIC_IP}" == "auto-ipv6" ]] && export TURN_PUBLIC_IP=$(/usr/local/bin/discover_my_public_ip.sh --ipv6) -[[ -z "${ENABLE_COTURN_LOGS}" ]] && export ENABLE_COTURN_LOGS=true - -echo "TURN public IP: ${TURN_PUBLIC_IP:-"empty"}" - -[[ ! -z "${TURN_LISTEN_PORT}" ]] && echo "TURN listening port: ${TURN_LISTEN_PORT}" || - { echo "TURN_LISTEN_PORT environment variable is not defined"; exit 1; } - -[[ ! -z "${MIN_PORT}" ]] && echo "Defined min port coturn: ${MIN_PORT}" || echo "Min port coturn: 40000" - -[[ ! -z "${MAX_PORT}" ]] && echo "Defined max port coturn: ${MAX_PORT}" || echo "Max port coturn: 65535" - -# Load configuration files of coturn -source /tmp/configuration-files.sh - -# Remove temp file with configuration parameters -rm /tmp/configuration-files.sh - -if [[ "${ENABLE_COTURN_LOGS}" == "true" ]]; then - /usr/bin/turnserver -c /etc/turnserver.conf -v --log-file /dev/null -else - /usr/bin/turnserver -c /etc/turnserver.conf -v --log-file /dev/null --no-stdout-log -fi