diff --git a/openvidu-java-client/src/main/java/io/openvidu/java/client/IceServerProperties.java b/openvidu-java-client/src/main/java/io/openvidu/java/client/IceServerProperties.java index b3e9c1c2..c044a336 100644 --- a/openvidu-java-client/src/main/java/io/openvidu/java/client/IceServerProperties.java +++ b/openvidu-java-client/src/main/java/io/openvidu/java/client/IceServerProperties.java @@ -26,7 +26,6 @@ import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import java.net.Inet6Address; import java.net.UnknownHostException; -import java.nio.charset.StandardCharsets; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; @@ -95,6 +94,7 @@ public class IceServerProperties { private String username; private String credential; private String staticAuthSecret; + private boolean ignoreEmptyUrl = false; /** * Set the url for the ICE Server you want to use. @@ -141,6 +141,11 @@ public class IceServerProperties { return this; } + public IceServerProperties.Builder ignoreEmptyUrl(boolean ignore) { + this.ignoreEmptyUrl = true; + return this; + } + public IceServerProperties.Builder clone() { return new Builder().url(this.url) .username(this.username) @@ -158,6 +163,18 @@ public class IceServerProperties { * */ public IceServerProperties build() throws IllegalArgumentException { + if (this.ignoreEmptyUrl) { + if (this.staticAuthSecret != null && this.username == null && this.credential == null) { + try { + this.generateTURNCredentials(); + return new IceServerProperties(this.url, this.username, this.credential); + } catch (NoSuchAlgorithmException | InvalidKeyException e) { + throw new IllegalArgumentException("Error while generating credentials: " + e.getMessage()); + } + } else { + throw new IllegalArgumentException("ignoreEmptyUrl=true can only be used with staticAuthSecret defined"); + } + } if (this.url == null) { throw new IllegalArgumentException("External turn url cannot be null"); } diff --git a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml index cfd9c8ca..5519ae4a 100644 --- a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml +++ b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml @@ -65,24 +65,10 @@ services: options: max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" - redis: - image: openvidu/openvidu-redis:4.0.0 - restart: always - network_mode: host - environment: - - REDIS_PASSWORD=${OPENVIDU_SECRET} - logging: - options: - max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" - coturn: image: openvidu/openvidu-coturn:6.0.0 restart: on-failure network_mode: host - environment: - - REDIS_IP=127.0.0.1 - - DB_NAME=0 - - DB_PASSWORD=${OPENVIDU_SECRET} command: - --log-file=stdout - --listening-port=${COTURN_PORT:-3478} @@ -92,6 +78,8 @@ services: - --max-port=${COTURN_MAX_PORT:-65535} - --realm=openvidu - --verbose + - --use-auth-secret + - --static-auth-secret=${OPENVIDU_SECRET} logging: options: max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" diff --git a/openvidu-server/deployments/enterprise/master-node/beats/filebeat.yml b/openvidu-server/deployments/enterprise/master-node/beats/filebeat.yml index ceabb4c7..cfff921d 100644 --- a/openvidu-server/deployments/enterprise/master-node/beats/filebeat.yml +++ b/openvidu-server/deployments/enterprise/master-node/beats/filebeat.yml @@ -37,10 +37,6 @@ output: elasticsearch: hosts: ["${OPENVIDU_PRO_ELASTICSEARCH_HOST}"] indices: - - index: "filebeat-redis-%{+yyyy.MM.dd}" - when.or: - - contains: - container.image.name: openvidu/openvidu-redis - index: "filebeat-replication-manager-%{+yyyy.MM.dd}" when.or: - contains: diff --git a/openvidu-server/deployments/enterprise/master-node/docker-compose.yml b/openvidu-server/deployments/enterprise/master-node/docker-compose.yml index efbd78a3..47dd2964 100644 --- a/openvidu-server/deployments/enterprise/master-node/docker-compose.yml +++ b/openvidu-server/deployments/enterprise/master-node/docker-compose.yml @@ -83,26 +83,12 @@ services: options: max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" - redis: - image: openvidu/openvidu-redis:4.0.0 - restart: always - network_mode: host - environment: - - REDIS_PASSWORD=${OPENVIDU_SECRET} - logging: - options: - max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" - coturn: image: openvidu/openvidu-coturn:6.0.0 restart: on-failure network_mode: host env_file: - .env - environment: - - REDIS_IP=127.0.0.1 - - DB_NAME=0 - - DB_PASSWORD=${OPENVIDU_SECRET} command: - --log-file=stdout - --external-ip=$$(detect-external-ip) @@ -113,6 +99,8 @@ services: - --max-port=${COTURN_MAX_PORT:-65535} - --realm=openvidu - --verbose + - --use-auth-secret + - --static-auth-secret=${OPENVIDU_SECRET} logging: options: max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/beats/filebeat.yml b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/beats/filebeat.yml index 1f0fb0a6..436de846 100644 --- a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/beats/filebeat.yml +++ b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/beats/filebeat.yml @@ -37,10 +37,6 @@ output: elasticsearch: hosts: ["${OPENVIDU_PRO_ELASTICSEARCH_HOST}"] indices: - - index: "filebeat-redis-%{+yyyy.MM.dd}" - when.or: - - contains: - container.image.name: openvidu/openvidu-redis - index: "filebeat-nginx-%{+yyyy.MM.dd}" when.or: - contains: diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml index d5796977..a366c304 100644 --- a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml +++ b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml @@ -52,27 +52,12 @@ services: options: max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" - redis: - image: openvidu/openvidu-redis:4.0.0 - restart: always - network_mode: host - environment: - - REDIS_PASSWORD=${OPENVIDU_SECRET} - - REDIS_BINDING=127.0.0.1 - logging: - options: - max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" - coturn: image: openvidu/openvidu-coturn:6.0.0 restart: on-failure network_mode: host env_file: - .env - environment: - - REDIS_IP=127.0.0.1 - - DB_NAME=0 - - DB_PASSWORD=${OPENVIDU_SECRET} command: - --log-file=stdout - --external-ip=$$(detect-external-ip) @@ -83,6 +68,8 @@ services: - --max-port=${COTURN_MAX_PORT:-65535} - --realm=openvidu - --verbose + - --use-auth-secret + - --static-auth-secret=${OPENVIDU_SECRET} logging: options: max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}" diff --git a/openvidu-server/docker/openvidu-coturn/docker-entrypoint.sh b/openvidu-server/docker/openvidu-coturn/docker-entrypoint.sh index 244e526d..60142afe 100644 --- a/openvidu-server/docker/openvidu-coturn/docker-entrypoint.sh +++ b/openvidu-server/docker/openvidu-coturn/docker-entrypoint.sh @@ -1,7 +1,4 @@ #!/bin/sh -if [ ! -z "${REDIS_IP}" ] && [ ! -z "${DB_NAME}" ] && [ ! -z "${DB_PASSWORD}" ]; then - echo "redis-userdb=\"ip=${REDIS_IP} dbname=${DB_NAME} password=${DB_PASSWORD} connect_timeout=30\"" > turnserver.conf -fi # If command starts with an option, prepend with turnserver binary. if [ "${1:0:1}" == '-' ]; then diff --git a/openvidu-server/docker/openvidu-redis/Dockerfile b/openvidu-server/docker/openvidu-redis/Dockerfile deleted file mode 100644 index 695f7763..00000000 --- a/openvidu-server/docker/openvidu-redis/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM redis:6.2.6-alpine - -COPY ./entrypoint.sh /usr/local/bin - -RUN chmod +x /usr/local/bin/entrypoint.sh - -CMD /usr/local/bin/entrypoint.sh diff --git a/openvidu-server/docker/openvidu-redis/create_image.sh b/openvidu-server/docker/openvidu-redis/create_image.sh deleted file mode 100755 index 24019417..00000000 --- a/openvidu-server/docker/openvidu-redis/create_image.sh +++ /dev/null @@ -1,6 +0,0 @@ -VERSION=$1 -if [[ ! -z $VERSION ]]; then - docker build --pull --no-cache --rm=true -t openvidu/openvidu-redis:$VERSION . -else - echo "Error: You need to specify a version as first argument" -fi diff --git a/openvidu-server/docker/openvidu-redis/entrypoint.sh b/openvidu-server/docker/openvidu-redis/entrypoint.sh deleted file mode 100644 index 2cb1dc5e..00000000 --- a/openvidu-server/docker/openvidu-redis/entrypoint.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh - -if [ -f /proc/net/if_inet6 ]; then - [ -z "${REDIS_BINDING}" ] && REDIS_BINDING="127.0.0.1 ::1" -else - [ -z "${REDIS_BINDING}" ] && REDIS_BINDING="127.0.0.1" -fi - -printf "\n" -printf "\n =======================================" -printf "\n = REDIS CONF =" -printf "\n =======================================" -printf "\n" - -printf "\n REDIS_BINDING: %s" "${REDIS_BINDING}" -printf "\n REDIS_PASSWORD: %s" "${REDIS_PASSWORD}" - -mkdir -p /usr/local/etc/redis -cat>/usr/local/etc/redis/redis.conf< LOG_LIMIT) { - CommandExecutor.execCommand(10000, "/bin/sh", "-c", "rm " + this.logPath + "turn_*.log"); - log.info("Garbage collector cleaning turn log files at path " + this.logPath); - this.logCounter.set(0); - } - } - -} diff --git a/openvidu-server/src/main/java/io/openvidu/server/coturn/CoturnCredentialsService.java b/openvidu-server/src/main/java/io/openvidu/server/coturn/CoturnCredentialsService.java index a55d10b5..1086d30d 100644 --- a/openvidu-server/src/main/java/io/openvidu/server/coturn/CoturnCredentialsService.java +++ b/openvidu-server/src/main/java/io/openvidu/server/coturn/CoturnCredentialsService.java @@ -1,48 +1,28 @@ -/* - * (C) Copyright 2017-2022 OpenVidu (https://openvidu.io) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - package io.openvidu.server.coturn; -import javax.annotation.PostConstruct; - +import io.openvidu.java.client.IceServerProperties; +import io.openvidu.server.config.OpenviduConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import io.openvidu.server.config.OpenviduConfig; +/** + * This class implements the proposed standard https://datatracker.ietf.org/doc/html/draft-uberti-rtcweb-turn-rest-00 + * for obtaining access to TURN services via ephemeral (i.e. time-limited) credentials. + */ +public class CoturnCredentialsService { -public abstract class CoturnCredentialsService { + protected static final Logger log = LoggerFactory.getLogger(CoturnCredentialsService.class); - protected static final Logger log = LoggerFactory.getLogger(CoturnCredentialsService.class); + @Autowired + protected OpenviduConfig openviduConfig; - @Autowired - protected OpenviduConfig openviduConfig; - - protected String coturnDatabaseString; - protected String trimmedCoturnDatabaseString; - - public abstract TurnCredentials createUser() throws Exception; - - public abstract boolean deleteUser(String user); - - @PostConstruct - protected void initDatabse() { - this.coturnDatabaseString = this.openviduConfig.getCoturnDatabaseString(); - this.trimmedCoturnDatabaseString = this.coturnDatabaseString.replaceAll("^\"|\"$", ""); - } + public TurnCredentials createUser() { + IceServerProperties iceServerProperties = new IceServerProperties.Builder() + .ignoreEmptyUrl(true) + .staticAuthSecret(openviduConfig.getOpenViduSecret()) + .build(); + return new TurnCredentials(iceServerProperties.getUsername(), iceServerProperties.getCredential()); + } } diff --git a/openvidu-server/src/main/java/io/openvidu/server/coturn/CoturnCredentialsServiceFactory.java b/openvidu-server/src/main/java/io/openvidu/server/coturn/CoturnCredentialsServiceFactory.java deleted file mode 100644 index 52e605d1..00000000 --- a/openvidu-server/src/main/java/io/openvidu/server/coturn/CoturnCredentialsServiceFactory.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * (C) Copyright 2017-2022 OpenVidu (https://openvidu.io) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package io.openvidu.server.coturn; - -public class CoturnCredentialsServiceFactory { - - public CoturnCredentialsService getCoturnCredentialsService(String springProfile) { - if (!"docker".equals(springProfile)) { - return new BashCoturnCredentialsService(); - } else { - // TODO: return other options - return new BashCoturnCredentialsService(); - } - } - -} diff --git a/openvidu-server/src/main/java/io/openvidu/server/coturn/DockerCoturnCredentialsService.java b/openvidu-server/src/main/java/io/openvidu/server/coturn/DockerCoturnCredentialsService.java deleted file mode 100644 index f5c019eb..00000000 --- a/openvidu-server/src/main/java/io/openvidu/server/coturn/DockerCoturnCredentialsService.java +++ /dev/null @@ -1,17 +0,0 @@ -package io.openvidu.server.coturn; - -public class DockerCoturnCredentialsService extends CoturnCredentialsService { - - @Override - public TurnCredentials createUser() { - // TODO Auto-generated method stub - return null; - } - - @Override - public boolean deleteUser(String user) { - // TODO Auto-generated method stub - return false; - } - -} diff --git a/openvidu-server/src/main/java/io/openvidu/server/kurento/core/KurentoSessionManager.java b/openvidu-server/src/main/java/io/openvidu/server/kurento/core/KurentoSessionManager.java index ced02d24..499a99dc 100644 --- a/openvidu-server/src/main/java/io/openvidu/server/kurento/core/KurentoSessionManager.java +++ b/openvidu-server/src/main/java/io/openvidu/server/kurento/core/KurentoSessionManager.java @@ -227,11 +227,6 @@ public class KurentoSessionManager extends SessionManager { Participant p = sessionidParticipantpublicidParticipant.get(sessionId) .remove(participant.getParticipantPublicId()); - if (p != null && p.getToken() != null && p.getToken().getTurnCredentials() != null - && this.openviduConfig.isTurnadminAvailable()) { - this.coturnCredentialsService.deleteUser(p.getToken().getTurnCredentials().getUsername()); - } - // TODO: why is this necessary?? if (p != null && insecureUsers.containsKey(p.getParticipantPrivateId())) { boolean stillParticipant = false; diff --git a/openvidu-server/src/main/java/io/openvidu/server/kurento/endpoint/MediaEndpoint.java b/openvidu-server/src/main/java/io/openvidu/server/kurento/endpoint/MediaEndpoint.java index 196febef..e2801363 100644 --- a/openvidu-server/src/main/java/io/openvidu/server/kurento/endpoint/MediaEndpoint.java +++ b/openvidu-server/src/main/java/io/openvidu/server/kurento/endpoint/MediaEndpoint.java @@ -300,8 +300,7 @@ public abstract class MediaEndpoint { public void onSuccess(WebRtcEndpoint result) throws Exception { webEndpoint = result; - if (openviduConfig.getCoturnIp() != null && !openviduConfig.getCoturnIp().isEmpty() - && openviduConfig.isTurnadminAvailable()) { + if (openviduConfig.getCoturnIp() != null && !openviduConfig.getCoturnIp().isEmpty()) { webEndpoint.setStunServerAddress(openviduConfig.getCoturnIp()); webEndpoint.setStunServerPort(openviduConfig.getCoturnPort()); } diff --git a/openvidu-test-e2e/jenkins/commonFunctions.groovy b/openvidu-test-e2e/jenkins/commonFunctions.groovy index 1241d281..8a50f4ba 100644 --- a/openvidu-test-e2e/jenkins/commonFunctions.groovy +++ b/openvidu-test-e2e/jenkins/commonFunctions.groovy @@ -122,7 +122,7 @@ def removeStrandedContainers(removeTestingContainers) { "budtmo/docker-android" "openvidu/mediasoup-controller:" "openvidu/openvidu-server-pro:" - "openvidu/openvidu-redis:" + "redis:" "openvidu/openvidu-coturn:" "openvidu/openvidu-proxy:" "openvidu/replication-manager:"