mirror of https://github.com/OpenVidu/openvidu.git
openvidu-server, deployment: Generate Coturn shared key instead of using OpenVidu Secret for better security. Remove unused COTURN_REDIS properties
parent
80ab17ff92
commit
ad54a3005d
|
@ -27,6 +27,7 @@ services:
|
||||||
network_mode: host
|
network_mode: host
|
||||||
entrypoint: ['/usr/local/bin/entrypoint.sh']
|
entrypoint: ['/usr/local/bin/entrypoint.sh']
|
||||||
volumes:
|
volumes:
|
||||||
|
- ./coturn:/run/secrets/coturn
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- ${OPENVIDU_RECORDING_PATH}:${OPENVIDU_RECORDING_PATH}
|
- ${OPENVIDU_RECORDING_PATH}:${OPENVIDU_RECORDING_PATH}
|
||||||
- ${OPENVIDU_RECORDING_CUSTOM_LAYOUT}:${OPENVIDU_RECORDING_CUSTOM_LAYOUT}
|
- ${OPENVIDU_RECORDING_CUSTOM_LAYOUT}:${OPENVIDU_RECORDING_CUSTOM_LAYOUT}
|
||||||
|
@ -37,8 +38,6 @@ services:
|
||||||
- SERVER_SSL_ENABLED=false
|
- SERVER_SSL_ENABLED=false
|
||||||
- SERVER_PORT=5443
|
- SERVER_PORT=5443
|
||||||
- KMS_URIS=["ws://localhost:8888/kurento"]
|
- KMS_URIS=["ws://localhost:8888/kurento"]
|
||||||
- COTURN_REDIS_IP=127.0.0.1
|
|
||||||
- COTURN_REDIS_PASSWORD=${OPENVIDU_SECRET}
|
|
||||||
- COTURN_IP=${COTURN_IP:-auto-ipv4}
|
- COTURN_IP=${COTURN_IP:-auto-ipv4}
|
||||||
- COTURN_PORT=${COTURN_PORT:-3478}
|
- COTURN_PORT=${COTURN_PORT:-3478}
|
||||||
logging:
|
logging:
|
||||||
|
@ -69,17 +68,20 @@ services:
|
||||||
image: openvidu/openvidu-coturn:7.0.0-dev1
|
image: openvidu/openvidu-coturn:7.0.0-dev1
|
||||||
restart: on-failure
|
restart: on-failure
|
||||||
network_mode: host
|
network_mode: host
|
||||||
|
env_file:
|
||||||
|
- .env
|
||||||
|
volumes:
|
||||||
|
- ./coturn:/run/secrets/coturn
|
||||||
command:
|
command:
|
||||||
- --log-file=stdout
|
- --log-file=stdout
|
||||||
- --listening-port=${COTURN_PORT:-3478}
|
- --listening-port=${COTURN_PORT:-3478}
|
||||||
- --fingerprint
|
- --fingerprint
|
||||||
- --lt-cred-mech
|
|
||||||
- --min-port=${COTURN_MIN_PORT:-57001}
|
- --min-port=${COTURN_MIN_PORT:-57001}
|
||||||
- --max-port=${COTURN_MAX_PORT:-65535}
|
- --max-port=${COTURN_MAX_PORT:-65535}
|
||||||
- --realm=openvidu
|
- --realm=openvidu
|
||||||
- --verbose
|
- --verbose
|
||||||
- --use-auth-secret
|
- --use-auth-secret
|
||||||
- --static-auth-secret=${OPENVIDU_SECRET}
|
- --static-auth-secret=$${COTURN_SHARED_SECRET_KEY}
|
||||||
logging:
|
logging:
|
||||||
options:
|
options:
|
||||||
max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}"
|
max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}"
|
||||||
|
|
|
@ -27,6 +27,7 @@ services:
|
||||||
network_mode: host
|
network_mode: host
|
||||||
entrypoint: ['/usr/local/bin/entrypoint.sh']
|
entrypoint: ['/usr/local/bin/entrypoint.sh']
|
||||||
volumes:
|
volumes:
|
||||||
|
- ./coturn:/run/secrets/coturn
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- ${OPENVIDU_RECORDING_PATH}:${OPENVIDU_RECORDING_PATH}
|
- ${OPENVIDU_RECORDING_PATH}:${OPENVIDU_RECORDING_PATH}
|
||||||
- ${OPENVIDU_RECORDING_CUSTOM_LAYOUT}:${OPENVIDU_RECORDING_CUSTOM_LAYOUT}
|
- ${OPENVIDU_RECORDING_CUSTOM_LAYOUT}:${OPENVIDU_RECORDING_CUSTOM_LAYOUT}
|
||||||
|
@ -42,8 +43,6 @@ services:
|
||||||
- OPENVIDU_WEBHOOK=false
|
- OPENVIDU_WEBHOOK=false
|
||||||
- OPENVIDU_WEBHOOK_ENDPOINT=http://127.0.0.1:7777/webhook
|
- OPENVIDU_WEBHOOK_ENDPOINT=http://127.0.0.1:7777/webhook
|
||||||
- MULTI_MASTER_REPLICATION_MANAGER_WEBHOOK=http://127.0.0.1:4443/openvidu/replication-manager-webhook?OPENVIDU_SECRET=${OPENVIDU_SECRET}
|
- MULTI_MASTER_REPLICATION_MANAGER_WEBHOOK=http://127.0.0.1:4443/openvidu/replication-manager-webhook?OPENVIDU_SECRET=${OPENVIDU_SECRET}
|
||||||
- COTURN_REDIS_IP=127.0.0.1
|
|
||||||
- COTURN_REDIS_PASSWORD=${OPENVIDU_SECRET}
|
|
||||||
- COTURN_IP=${COTURN_IP:-auto-ipv4}
|
- COTURN_IP=${COTURN_IP:-auto-ipv4}
|
||||||
- COTURN_PORT=${COTURN_PORT:-3478}
|
- COTURN_PORT=${COTURN_PORT:-3478}
|
||||||
- OPENVIDU_PRO_CLUSTER=true
|
- OPENVIDU_PRO_CLUSTER=true
|
||||||
|
@ -89,18 +88,19 @@ services:
|
||||||
network_mode: host
|
network_mode: host
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
|
volumes:
|
||||||
|
- ./coturn:/run/secrets/coturn
|
||||||
command:
|
command:
|
||||||
- --log-file=stdout
|
- --log-file=stdout
|
||||||
- --external-ip=$$(detect-external-ip)
|
- --external-ip=$$(detect-external-ip)
|
||||||
- --listening-port=${COTURN_PORT:-3478}
|
- --listening-port=${COTURN_PORT:-3478}
|
||||||
- --fingerprint
|
- --fingerprint
|
||||||
- --lt-cred-mech
|
|
||||||
- --min-port=${COTURN_MIN_PORT:-40000}
|
- --min-port=${COTURN_MIN_PORT:-40000}
|
||||||
- --max-port=${COTURN_MAX_PORT:-65535}
|
- --max-port=${COTURN_MAX_PORT:-65535}
|
||||||
- --realm=openvidu
|
- --realm=openvidu
|
||||||
- --verbose
|
- --verbose
|
||||||
- --use-auth-secret
|
- --use-auth-secret
|
||||||
- --static-auth-secret=${OPENVIDU_SECRET}
|
- --static-auth-secret=$${COTURN_SHARED_SECRET_KEY}
|
||||||
logging:
|
logging:
|
||||||
options:
|
options:
|
||||||
max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}"
|
max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}"
|
||||||
|
|
|
@ -27,6 +27,7 @@ services:
|
||||||
network_mode: host
|
network_mode: host
|
||||||
entrypoint: ['/usr/local/bin/entrypoint.sh']
|
entrypoint: ['/usr/local/bin/entrypoint.sh']
|
||||||
volumes:
|
volumes:
|
||||||
|
- ./coturn:/run/secrets/coturn
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- ${OPENVIDU_RECORDING_PATH}:${OPENVIDU_RECORDING_PATH}
|
- ${OPENVIDU_RECORDING_PATH}:${OPENVIDU_RECORDING_PATH}
|
||||||
- ${OPENVIDU_RECORDING_CUSTOM_LAYOUT}:${OPENVIDU_RECORDING_CUSTOM_LAYOUT}
|
- ${OPENVIDU_RECORDING_CUSTOM_LAYOUT}:${OPENVIDU_RECORDING_CUSTOM_LAYOUT}
|
||||||
|
@ -39,8 +40,6 @@ services:
|
||||||
- SERVER_SSL_ENABLED=false
|
- SERVER_SSL_ENABLED=false
|
||||||
- SERVER_PORT=5443
|
- SERVER_PORT=5443
|
||||||
- KMS_URIS=[]
|
- KMS_URIS=[]
|
||||||
- COTURN_REDIS_IP=127.0.0.1
|
|
||||||
- COTURN_REDIS_PASSWORD=${OPENVIDU_SECRET}
|
|
||||||
- COTURN_IP=${COTURN_IP:-auto-ipv4}
|
- COTURN_IP=${COTURN_IP:-auto-ipv4}
|
||||||
- COTURN_PORT=${COTURN_PORT:-3478}
|
- COTURN_PORT=${COTURN_PORT:-3478}
|
||||||
- OPENVIDU_PRO_CLUSTER=true
|
- OPENVIDU_PRO_CLUSTER=true
|
||||||
|
@ -58,18 +57,19 @@ services:
|
||||||
network_mode: host
|
network_mode: host
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
|
volumes:
|
||||||
|
- ./coturn:/run/secrets/coturn
|
||||||
command:
|
command:
|
||||||
- --log-file=stdout
|
- --log-file=stdout
|
||||||
- --external-ip=$$(detect-external-ip)
|
- --external-ip=$$(detect-external-ip)
|
||||||
- --listening-port=${COTURN_PORT:-3478}
|
- --listening-port=${COTURN_PORT:-3478}
|
||||||
- --fingerprint
|
- --fingerprint
|
||||||
- --lt-cred-mech
|
|
||||||
- --min-port=${COTURN_MIN_PORT:-40000}
|
- --min-port=${COTURN_MIN_PORT:-40000}
|
||||||
- --max-port=${COTURN_MAX_PORT:-65535}
|
- --max-port=${COTURN_MAX_PORT:-65535}
|
||||||
- --realm=openvidu
|
- --realm=openvidu
|
||||||
- --verbose
|
- --verbose
|
||||||
- --use-auth-secret
|
- --use-auth-secret
|
||||||
- --static-auth-secret=${OPENVIDU_SECRET}
|
- --static-auth-secret=$${COTURN_SHARED_SECRET_KEY}
|
||||||
logging:
|
logging:
|
||||||
options:
|
options:
|
||||||
max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}"
|
max-size: "${DOCKER_LOGS_MAX_SIZE:-100M}"
|
||||||
|
|
|
@ -1,5 +1,21 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Get automatically generated secret by OpenVidu Server if COTURN_SHARED_SECRET_KEY is not defined
|
||||||
|
if [ -z "${COTURN_SHARED_SECRET_KEY}" ]; then
|
||||||
|
# Check if random sahred key is generated and with value
|
||||||
|
if [ ! -f /run/secrets/coturn/shared-secret-key ]; then
|
||||||
|
echo "Error: shared-secret-key not found."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Read value
|
||||||
|
export "$(grep -v '#' /run/secrets/coturn/shared-secret-key | grep COTURN_SHARED_SECRET_KEY |
|
||||||
|
sed 's/\r$//' | awk '/=/ {print $1}')"
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Defined COTURN_SHARED_SECRET_KEY: ${COTURN_SHARED_SECRET_KEY}"
|
||||||
|
|
||||||
# If command starts with an option, prepend with turnserver binary.
|
# If command starts with an option, prepend with turnserver binary.
|
||||||
if [ "${1:0:1}" == '-' ]; then
|
if [ "${1:0:1}" == '-' ]; then
|
||||||
set -- turnserver "$@"
|
set -- turnserver "$@"
|
||||||
|
|
|
@ -11,13 +11,14 @@ RUN apt-get update && apt-get install -y \
|
||||||
ethtool \
|
ethtool \
|
||||||
dnsutils \
|
dnsutils \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
RUN mkdir -p /opt/openvidu /usr/local/bin/
|
RUN mkdir -p /opt/openvidu /usr/local/bin/
|
||||||
|
|
||||||
COPY openvidu-server.jar /opt/openvidu/openvidu-server.jar
|
COPY openvidu-server.jar /opt/openvidu/openvidu-server.jar
|
||||||
COPY ./entrypoint.sh /usr/local/bin
|
COPY ./entrypoint.sh /usr/local/bin
|
||||||
COPY ./discover_my_public_ip.sh /usr/local/bin
|
COPY ./discover_my_public_ip.sh /usr/local/bin
|
||||||
|
COPY ./coturn-shared-key.template /usr/local
|
||||||
|
|
||||||
RUN mkdir -p /opt/openvidu/recordings && \
|
RUN mkdir -p /opt/openvidu/recordings && \
|
||||||
chmod +x /usr/local/bin/entrypoint.sh && \
|
chmod +x /usr/local/bin/entrypoint.sh && \
|
||||||
chmod +x /usr/local/bin/discover_my_public_ip.sh
|
chmod +x /usr/local/bin/discover_my_public_ip.sh
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
|
#!/bin/bash
|
||||||
VERSION=$1
|
VERSION=$1
|
||||||
if [[ ! -z $VERSION ]]; then
|
if [[ ! -z $VERSION ]]; then
|
||||||
cp ../utils/discover_my_public_ip.sh ./discover_my_public_ip.sh
|
cp ../utils/discover_my_public_ip.sh ./discover_my_public_ip.sh
|
||||||
|
cp ../utils/coturn-shared-key.template ./coturn-shared-key.template
|
||||||
docker build --pull --no-cache --rm=true -t openvidu/openvidu-server-pro:$VERSION .
|
docker build --pull --no-cache --rm=true -t openvidu/openvidu-server-pro:$VERSION .
|
||||||
rm ./discover_my_public_ip.sh
|
rm ./discover_my_public_ip.sh
|
||||||
|
rm ./coturn-shared-key.template
|
||||||
else
|
else
|
||||||
echo "Error: You need to specify a version as first argument"
|
echo "Error: You need to specify a version as first argument"
|
||||||
fi
|
fi
|
|
@ -1,5 +1,19 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Generate Coturn shared secret key, if COTURN_SHARED_SECRET_KEY is not defined
|
||||||
|
if [[ -z "${COTURN_SHARED_SECRET_KEY}" ]]; then
|
||||||
|
# Check if random sahred key is generated and with value
|
||||||
|
if [[ ! -f /run/secrets/coturn/shared-secret-key ]]; then
|
||||||
|
RANDOM_COTURN_SECRET="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 35 ; echo '')"
|
||||||
|
sed "s|{{COTURN_SHARED_SECRET_KEY}}|${RANDOM_COTURN_SECRET}|g" \
|
||||||
|
/usr/local/coturn-shared-key.template > /run/secrets/coturn/shared-secret-key
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Read value
|
||||||
|
export "$(grep -v '#' /run/secrets/coturn/shared-secret-key | grep COTURN_SHARED_SECRET_KEY |
|
||||||
|
sed 's/\r$//' | awk '/=/ {print $1}')"
|
||||||
|
fi
|
||||||
|
|
||||||
# Wait for kibana
|
# Wait for kibana
|
||||||
if [ ! -z "${WAIT_KIBANA_URL}" ]; then
|
if [ ! -z "${WAIT_KIBANA_URL}" ]; then
|
||||||
printf "\n"
|
printf "\n"
|
||||||
|
|
|
@ -13,6 +13,7 @@ RUN apt-get update && apt-get install -y \
|
||||||
COPY openvidu-server.jar /
|
COPY openvidu-server.jar /
|
||||||
COPY ./entrypoint.sh /usr/local/bin
|
COPY ./entrypoint.sh /usr/local/bin
|
||||||
COPY ./discover_my_public_ip.sh /usr/local/bin
|
COPY ./discover_my_public_ip.sh /usr/local/bin
|
||||||
|
COPY ./coturn-shared-key.template /usr/local
|
||||||
RUN chmod +x /usr/local/bin/entrypoint.sh && \
|
RUN chmod +x /usr/local/bin/entrypoint.sh && \
|
||||||
chmod +x /usr/local/bin/discover_my_public_ip.sh
|
chmod +x /usr/local/bin/discover_my_public_ip.sh
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,15 @@
|
||||||
|
#!/bin/bash
|
||||||
VERSION=$1
|
VERSION=$1
|
||||||
if [[ ! -z $VERSION ]]; then
|
if [[ ! -z $VERSION ]]; then
|
||||||
cp ../../target/openvidu-server-*.jar ./openvidu-server.jar
|
cp ../../target/openvidu-server-*.jar ./openvidu-server.jar
|
||||||
cp ../utils/discover_my_public_ip.sh ./discover_my_public_ip.sh
|
cp ../utils/discover_my_public_ip.sh ./discover_my_public_ip.sh
|
||||||
|
cp ../utils/coturn-shared-key.template ./coturn-shared-key.template
|
||||||
|
|
||||||
docker build --pull --no-cache --rm=true -t openvidu/openvidu-server:$VERSION .
|
docker build --pull --no-cache --rm=true -t openvidu/openvidu-server:$VERSION .
|
||||||
|
|
||||||
rm ./openvidu-server.jar
|
rm ./openvidu-server.jar
|
||||||
rm ./discover_my_public_ip.sh
|
rm ./discover_my_public_ip.sh
|
||||||
else
|
rm ./coturn-shared-key.template
|
||||||
|
else
|
||||||
echo "Error: You need to specify a version as first argument"
|
echo "Error: You need to specify a version as first argument"
|
||||||
fi
|
fi
|
|
@ -6,6 +6,20 @@ printf "\n = LAUNCH OPENVIDU-SERVER ="
|
||||||
printf "\n ======================================="
|
printf "\n ======================================="
|
||||||
printf "\n"
|
printf "\n"
|
||||||
|
|
||||||
|
# Generate Coturn shared secret key, if COTURN_SHARED_SECRET_KEY is not defined
|
||||||
|
if [[ -z "${COTURN_SHARED_SECRET_KEY}" ]]; then
|
||||||
|
# Check if random sahred key is generated and with value
|
||||||
|
if [[ ! -f /run/secrets/coturn/shared-secret-key ]]; then
|
||||||
|
RANDOM_COTURN_SECRET="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 35 ; echo '')"
|
||||||
|
sed "s|{{COTURN_SHARED_SECRET_KEY}}|${RANDOM_COTURN_SECRET}|g" \
|
||||||
|
/usr/local/coturn-shared-key.template > /run/secrets/coturn/shared-secret-key
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Read value
|
||||||
|
export "$(grep -v '#' /run/secrets/coturn/shared-secret-key | grep COTURN_SHARED_SECRET_KEY |
|
||||||
|
sed 's/\r$//' | awk '/=/ {print $1}')"
|
||||||
|
fi
|
||||||
|
|
||||||
# Get coturn public ip
|
# Get coturn public ip
|
||||||
[[ -z "${COTURN_IP}" ]] && export COTURN_IP=auto-ipv4
|
[[ -z "${COTURN_IP}" ]] && export COTURN_IP=auto-ipv4
|
||||||
if [[ "${COTURN_IP}" == "auto-ipv4" ]]; then
|
if [[ "${COTURN_IP}" == "auto-ipv4" ]]; then
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
#
|
||||||
|
# This file was genereated automatically
|
||||||
|
#
|
||||||
|
# The value of COTURN_SHARED_SECRET_KEY is generated randomly and represents shared key
|
||||||
|
# by Coturn and OpenVidu Server to generate users for TURN server dinamically.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Read more about it:
|
||||||
|
# - https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
|
||||||
|
# - https://www.ietf.org/proceedings/87/slides/slides-87-behave-10.pdf
|
||||||
|
#
|
||||||
|
# If you want to change this value, you can change the value in this file or define COTURN_SHARED_SECRET_KEY
|
||||||
|
# at the .env file of OpenVidu Server deployment
|
||||||
|
#
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
COTURN_SHARED_SECRET_KEY={{COTURN_SHARED_SECRET_KEY}}
|
|
@ -163,7 +163,7 @@ public class OpenviduConfig {
|
||||||
|
|
||||||
private int coturnPort;
|
private int coturnPort;
|
||||||
|
|
||||||
private String coturnRedisIp;
|
private String coturnSharedSecretKey;
|
||||||
|
|
||||||
// If true, coturn relay ips will come with the private IP of the machine
|
// If true, coturn relay ips will come with the private IP of the machine
|
||||||
private boolean coturnInternalRelay;
|
private boolean coturnInternalRelay;
|
||||||
|
@ -188,12 +188,6 @@ public class OpenviduConfig {
|
||||||
|
|
||||||
private String openviduRecordingComposedUrl;
|
private String openviduRecordingComposedUrl;
|
||||||
|
|
||||||
private String coturnRedisDbname;
|
|
||||||
|
|
||||||
private String coturnRedisPassword;
|
|
||||||
|
|
||||||
private String coturnRedisConnectTimeout;
|
|
||||||
|
|
||||||
private String certificateType;
|
private String certificateType;
|
||||||
|
|
||||||
protected int openviduSessionsGarbageInterval;
|
protected int openviduSessionsGarbageInterval;
|
||||||
|
@ -228,14 +222,6 @@ public class OpenviduConfig {
|
||||||
|
|
||||||
// Plain config properties getters
|
// Plain config properties getters
|
||||||
|
|
||||||
public String getCoturnDatabaseDbname() {
|
|
||||||
return this.coturnRedisDbname;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getCoturnDatabasePassword() {
|
|
||||||
return this.coturnRedisPassword;
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean isCoturnUsingInternalRelay() {
|
public boolean isCoturnUsingInternalRelay() {
|
||||||
return this.coturnInternalRelay;
|
return this.coturnInternalRelay;
|
||||||
}
|
}
|
||||||
|
@ -356,6 +342,10 @@ public class OpenviduConfig {
|
||||||
return this.coturnPort;
|
return this.coturnPort;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getCoturnSharedSecretKey() {
|
||||||
|
return this.coturnSharedSecretKey;
|
||||||
|
}
|
||||||
|
|
||||||
public RecordingNotification getOpenViduRecordingNotification() {
|
public RecordingNotification getOpenViduRecordingNotification() {
|
||||||
return this.openviduRecordingNotification;
|
return this.openviduRecordingNotification;
|
||||||
}
|
}
|
||||||
|
@ -447,11 +437,6 @@ public class OpenviduConfig {
|
||||||
return secret.equals(this.getOpenViduSecret());
|
return secret.equals(this.getOpenViduSecret());
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getCoturnDatabaseString() {
|
|
||||||
return "\"ip=" + this.coturnRedisIp + " dbname=" + this.coturnRedisDbname + " password="
|
|
||||||
+ this.coturnRedisPassword + " connect_timeout=" + this.coturnRedisConnectTimeout + "\"";
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean openviduRecordingCustomLayoutChanged(String path) {
|
public boolean openviduRecordingCustomLayoutChanged(String path) {
|
||||||
return !"/opt/openvidu/custom-layout".equals(path);
|
return !"/opt/openvidu/custom-layout".equals(path);
|
||||||
}
|
}
|
||||||
|
@ -560,9 +545,8 @@ public class OpenviduConfig {
|
||||||
}
|
}
|
||||||
|
|
||||||
protected List<String> getNonUserProperties() {
|
protected List<String> getNonUserProperties() {
|
||||||
return Arrays.asList("server.port", "SERVER_PORT", "DOTENV_PATH", "COTURN_IP", "COTURN_PORT", "COTURN_REDIS_IP",
|
return Arrays.asList("server.port", "SERVER_PORT", "DOTENV_PATH", "COTURN_IP", "COTURN_PORT",
|
||||||
"COTURN_REDIS_DBNAME", "COTURN_REDIS_PASSWORD", "COTURN_REDIS_CONNECT_TIMEOUT", "COTURN_INTERNAL_RELAY",
|
"COTURN_INTERNAL_RELAY", "COTURN_SHARED_SECRET_KEY", "OPENVIDU_RECORDING_IMAGE", "OPENVIDU_RECORDING_ENABLE_GPU");
|
||||||
"OPENVIDU_RECORDING_IMAGE", "OPENVIDU_RECORDING_ENABLE_GPU");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected List<String> getNonPrintablePropertiesIfEmpty() {
|
protected List<String> getNonPrintablePropertiesIfEmpty() {
|
||||||
|
@ -582,12 +566,6 @@ public class OpenviduConfig {
|
||||||
checkDomainOrPublicIp();
|
checkDomainOrPublicIp();
|
||||||
populateSpringServerPort();
|
populateSpringServerPort();
|
||||||
|
|
||||||
coturnRedisDbname = getValue("COTURN_REDIS_DBNAME");
|
|
||||||
|
|
||||||
coturnRedisPassword = getValue("COTURN_REDIS_PASSWORD");
|
|
||||||
|
|
||||||
coturnRedisConnectTimeout = getValue("COTURN_REDIS_CONNECT_TIMEOUT");
|
|
||||||
|
|
||||||
// If true, coturn is using private IPs as relay IPs to enable relay connections
|
// If true, coturn is using private IPs as relay IPs to enable relay connections
|
||||||
// pass through internal network
|
// pass through internal network
|
||||||
coturnInternalRelay = asBoolean("COTURN_INTERNAL_RELAY");
|
coturnInternalRelay = asBoolean("COTURN_INTERNAL_RELAY");
|
||||||
|
@ -595,6 +573,15 @@ public class OpenviduConfig {
|
||||||
openviduSecret = asNonEmptyAlphanumericString("OPENVIDU_SECRET",
|
openviduSecret = asNonEmptyAlphanumericString("OPENVIDU_SECRET",
|
||||||
"Cannot be empty and must contain only alphanumeric characters [a-zA-Z0-9], hypens (\"-\") and underscores (\"_\")");
|
"Cannot be empty and must contain only alphanumeric characters [a-zA-Z0-9], hypens (\"-\") and underscores (\"_\")");
|
||||||
|
|
||||||
|
// Read coturn shared key
|
||||||
|
coturnSharedSecretKey = asOptionalString("COTURN_SHARED_SECRET_KEY");
|
||||||
|
if (coturnSharedSecretKey == null || coturnSharedSecretKey.isEmpty()) {
|
||||||
|
log.warn("COTURN_SHARED_SECRET_KEY is not defined. Using OPENVIDU_SECRET");
|
||||||
|
this.coturnSharedSecretKey = this.openviduSecret;
|
||||||
|
} else {
|
||||||
|
log.info("COTURN_SHARED_SECRET_KEY used to generate TURN users: {}", this.coturnSharedSecretKey);
|
||||||
|
}
|
||||||
|
|
||||||
openviduCdr = asBoolean("OPENVIDU_CDR");
|
openviduCdr = asBoolean("OPENVIDU_CDR");
|
||||||
openviduCdrPath = openviduCdr ? asWritableFileSystemPath("OPENVIDU_CDR_PATH")
|
openviduCdrPath = openviduCdr ? asWritableFileSystemPath("OPENVIDU_CDR_PATH")
|
||||||
: asFileSystemPath("OPENVIDU_CDR_PATH");
|
: asFileSystemPath("OPENVIDU_CDR_PATH");
|
||||||
|
@ -633,8 +620,6 @@ public class OpenviduConfig {
|
||||||
|
|
||||||
checkCoturnPort();
|
checkCoturnPort();
|
||||||
|
|
||||||
coturnRedisIp = asOptionalInetAddress("COTURN_REDIS_IP");
|
|
||||||
|
|
||||||
checkWebhook();
|
checkWebhook();
|
||||||
|
|
||||||
checkCertificateType();
|
checkCertificateType();
|
||||||
|
|
|
@ -37,7 +37,7 @@ public class CoturnCredentialsService {
|
||||||
public TurnCredentials createUser() {
|
public TurnCredentials createUser() {
|
||||||
IceServerProperties iceServerProperties = new IceServerProperties.Builder()
|
IceServerProperties iceServerProperties = new IceServerProperties.Builder()
|
||||||
.ignoreEmptyUrl(true)
|
.ignoreEmptyUrl(true)
|
||||||
.staticAuthSecret(openviduConfig.getOpenViduSecret())
|
.staticAuthSecret(openviduConfig.getCoturnSharedSecretKey())
|
||||||
.build();
|
.build();
|
||||||
return new TurnCredentials(iceServerProperties.getUsername(), iceServerProperties.getCredential());
|
return new TurnCredentials(iceServerProperties.getUsername(), iceServerProperties.getCredential());
|
||||||
}
|
}
|
||||||
|
|
|
@ -182,30 +182,6 @@
|
||||||
"type": "java.lang.String",
|
"type": "java.lang.String",
|
||||||
"description": "Coturn IP of a deployed coturn server"
|
"description": "Coturn IP of a deployed coturn server"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"name": "COTURN_REDIS_IP",
|
|
||||||
"type": "java.lang.String",
|
|
||||||
"description": "Redis IP where OpenVidu Server should connect to store TURN credentials",
|
|
||||||
"defaultValue": "127.0.0.1"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "COTURN_REDIS_DBNAME",
|
|
||||||
"type": "java.lang.String",
|
|
||||||
"description": "Redis database where to store TURN credentials",
|
|
||||||
"defaultValue": "0"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "COTURN_REDIS_PASSWORD",
|
|
||||||
"type": "java.lang.String",
|
|
||||||
"description": "Password to connect OpenVidu Server to Redis database to store TURN credentials",
|
|
||||||
"defaultValue": "turn"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "COTURN_REDIS_CONNECT_TIMEOUT",
|
|
||||||
"type": "java.lang.Integer",
|
|
||||||
"description": "Timeout in seconds when OpenVidu Server is connecting to Redis database to store TURN credentials",
|
|
||||||
"defaultValue": 30
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"name": "CERTIFICATE_TYPE",
|
"name": "CERTIFICATE_TYPE",
|
||||||
"type": "java.lang.String",
|
"type": "java.lang.String",
|
||||||
|
@ -221,6 +197,11 @@
|
||||||
"type": "java.lang.String",
|
"type": "java.lang.String",
|
||||||
"description": "If true, coturn is returning the private IP on relayed candidates. This can be useful to know which candidates must be sent when MEDIA_NODES_PUBLIC_IPS is defined"
|
"description": "If true, coturn is returning the private IP on relayed candidates. This can be useful to know which candidates must be sent when MEDIA_NODES_PUBLIC_IPS is defined"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "COTURN_SHARED_SECRET_KEY",
|
||||||
|
"type": "java.lang.String",
|
||||||
|
"description": "If defined, COTURN_SHARED_SECRET_KEY will be used to generate TURN valid users. The same secret should be configured at 'static-auth-secret' to be valid. If empty, OpenVidu Secret is used. (For security, in official deployments for CE/PRO/ENTERPRISE a random string is generated)"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "jsonRpcClientWebSocket.reconnectionDelay",
|
"name": "jsonRpcClientWebSocket.reconnectionDelay",
|
||||||
"type": "java.lang.Integer",
|
"type": "java.lang.Integer",
|
||||||
|
|
|
@ -48,10 +48,6 @@ OPENVIDU_STREAMS_ALLOW_TRANSCODING=false
|
||||||
OPENVIDU_SESSIONS_GARBAGE_INTERVAL=900
|
OPENVIDU_SESSIONS_GARBAGE_INTERVAL=900
|
||||||
OPENVIDU_SESSIONS_GARBAGE_THRESHOLD=3600
|
OPENVIDU_SESSIONS_GARBAGE_THRESHOLD=3600
|
||||||
|
|
||||||
COTURN_REDIS_IP=127.0.0.1
|
|
||||||
COTURN_REDIS_DBNAME=0
|
|
||||||
COTURN_REDIS_PASSWORD=turn
|
|
||||||
COTURN_REDIS_CONNECT_TIMEOUT=30
|
|
||||||
COTURN_INTERNAL_RELAY=false
|
COTURN_INTERNAL_RELAY=false
|
||||||
COTURN_PORT=3478
|
COTURN_PORT=3478
|
||||||
MEDIA_NODES_PUBLIC_IPS=[]
|
MEDIA_NODES_PUBLIC_IPS=[]
|
||||||
|
|
|
@ -41,8 +41,3 @@ OPENVIDU_STREAMS_ALLOW_TRANSCODING=false
|
||||||
|
|
||||||
OPENVIDU_SESSIONS_GARBAGE_INTERVAL=900
|
OPENVIDU_SESSIONS_GARBAGE_INTERVAL=900
|
||||||
OPENVIDU_SESSIONS_GARBAGE_THRESHOLD=3600
|
OPENVIDU_SESSIONS_GARBAGE_THRESHOLD=3600
|
||||||
|
|
||||||
COTURN_REDIS_IP=127.0.0.1
|
|
||||||
COTURN_REDIS_DBNAME=0
|
|
||||||
COTURN_REDIS_PASSWORD=turn
|
|
||||||
COTURN_REDIS_CONNECT_TIMEOUT=30
|
|
||||||
|
|
Loading…
Reference in New Issue