From cb266952b73abbaa08693422c86e6783c75fe424 Mon Sep 17 00:00:00 2001 From: cruizba Date: Tue, 23 Dec 2025 19:35:00 +0100 Subject: [PATCH] openvidu-deployment: AWS - Use base64 for owned certificates instead of http URLs --- .../aws/cf-openvidu-singlenode.yaml | 30 +++++++------------ .../pro/elastic/aws/cf-openvidu-elastic.yaml | 30 +++++++------------ .../aws/cf-openvidu-singlenode.yaml | 30 +++++++------------ 3 files changed, 30 insertions(+), 60 deletions(-) diff --git a/openvidu-deployment/community/singlenode/aws/cf-openvidu-singlenode.yaml b/openvidu-deployment/community/singlenode/aws/cf-openvidu-singlenode.yaml index 7011ec61d..9ea7c7bfd 100644 --- a/openvidu-deployment/community/singlenode/aws/cf-openvidu-singlenode.yaml +++ b/openvidu-deployment/community/singlenode/aws/cf-openvidu-singlenode.yaml @@ -28,11 +28,11 @@ Parameters: ConstraintDescription: The domain name does not have a valid domain name format OwnPublicCertificate: - Description: "If certificate type is 'owncert', this parameter will be used to specify the public certificate" + Description: "If certificate type is 'owncert', this parameter will be used to specify the public certificate in base64 format" Type: String OwnPrivateCertificate: - Description: "If certificate type is 'owncert', this parameter will be used to specify the private certificate" + Description: "If certificate type is 'owncert', this parameter will be used to specify the private certificate in base64 format" Type: String InitialMeetAdminPassword: @@ -66,12 +66,12 @@ Parameters: Default: '' TurnOwnPublicCertificate: - Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified." + Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." Type: String Default: '' TurnOwnPrivateCertificate: - Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified." + Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." Type: String Default: '' @@ -739,14 +739,9 @@ Resources: "--certificate-type=letsencrypt" ) else - # Download owncert files - mkdir -p /tmp/owncert - wget -O /tmp/owncert/fullchain.pem ${OwnPublicCertificate} - wget -O /tmp/owncert/privkey.pem ${OwnPrivateCertificate} - - # Convert to base64 - OWN_CERT_CRT=$(base64 -w 0 /tmp/owncert/fullchain.pem) - OWN_CERT_KEY=$(base64 -w 0 /tmp/owncert/privkey.pem) + # Use base64 encoded certificates directly + OWN_CERT_CRT=${OwnPublicCertificate} + OWN_CERT_KEY=${OwnPrivateCertificate} CERT_ARGS=( "--certificate-type=owncert" @@ -756,14 +751,9 @@ Resources: # Turn with TLS and own certificate if [[ "${TurnDomainName}" != '' ]]; then - # Download owncert files - mkdir -p /tmp/owncert-turn - wget -O /tmp/owncert-turn/fullchain.pem ${TurnOwnPublicCertificate} - wget -O /tmp/owncert-turn/privkey.pem ${TurnOwnPrivateCertificate} - - # Convert to base64 - OWN_CERT_CRT_TURN=$(base64 -w 0 /tmp/owncert-turn/fullchain.pem) - OWN_CERT_KEY_TURN=$(base64 -w 0 /tmp/owncert-turn/privkey.pem) + # Use base64 encoded certificates directly + OWN_CERT_CRT_TURN=${TurnOwnPublicCertificate} + OWN_CERT_KEY_TURN=${TurnOwnPrivateCertificate} CERT_ARGS+=( "--turn-owncert-private-key=$OWN_CERT_KEY_TURN" diff --git a/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml b/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml index 072e2d175..0fde1f169 100644 --- a/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml +++ b/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml @@ -28,11 +28,11 @@ Parameters: ConstraintDescription: The domain name does not have a valid domain name format OwnPublicCertificate: - Description: "If certificate type is 'owncert', this parameter will be used to specify the public certificate" + Description: "If certificate type is 'owncert', this parameter will be used to specify the public certificate in base64 format" Type: String OwnPrivateCertificate: - Description: "If certificate type is 'owncert', this parameter will be used to specify the private certificate" + Description: "If certificate type is 'owncert', this parameter will be used to specify the private certificate in base64 format" Type: String InitialMeetAdminPassword: @@ -66,12 +66,12 @@ Parameters: Default: '' TurnOwnPublicCertificate: - Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified." + Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." Type: String Default: '' TurnOwnPrivateCertificate: - Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified." + Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." Type: String Default: '' @@ -1294,14 +1294,9 @@ Resources: "--certificate-type=letsencrypt" ) else - # Download owncert files - mkdir -p /tmp/owncert - wget -O /tmp/owncert/fullchain.pem ${OwnPublicCertificate} - wget -O /tmp/owncert/privkey.pem ${OwnPrivateCertificate} - - # Convert to base64 - OWN_CERT_CRT=$(base64 -w 0 /tmp/owncert/fullchain.pem) - OWN_CERT_KEY=$(base64 -w 0 /tmp/owncert/privkey.pem) + # Use base64 encoded certificates directly + OWN_CERT_CRT=${OwnPublicCertificate} + OWN_CERT_KEY=${OwnPrivateCertificate} CERT_ARGS=( "--certificate-type=owncert" @@ -1311,14 +1306,9 @@ Resources: # Turn with TLS and own certificate if [[ "${TurnDomainName}" != '' ]]; then - # Download owncert files - mkdir -p /tmp/owncert-turn - wget -O /tmp/owncert-turn/fullchain.pem ${TurnOwnPublicCertificate} - wget -O /tmp/owncert-turn/privkey.pem ${TurnOwnPrivateCertificate} - - # Convert to base64 - OWN_CERT_CRT_TURN=$(base64 -w 0 /tmp/owncert-turn/fullchain.pem) - OWN_CERT_KEY_TURN=$(base64 -w 0 /tmp/owncert-turn/privkey.pem) + # Use base64 encoded certificates directly + OWN_CERT_CRT_TURN=${TurnOwnPublicCertificate} + OWN_CERT_KEY_TURN=${TurnOwnPrivateCertificate} CERT_ARGS+=( "--turn-owncert-private-key=$OWN_CERT_KEY_TURN" diff --git a/openvidu-deployment/pro/singlenode/aws/cf-openvidu-singlenode.yaml b/openvidu-deployment/pro/singlenode/aws/cf-openvidu-singlenode.yaml index dc47d0818..c8bdf72df 100644 --- a/openvidu-deployment/pro/singlenode/aws/cf-openvidu-singlenode.yaml +++ b/openvidu-deployment/pro/singlenode/aws/cf-openvidu-singlenode.yaml @@ -28,11 +28,11 @@ Parameters: ConstraintDescription: The domain name does not have a valid domain name format OwnPublicCertificate: - Description: "If certificate type is 'owncert', this parameter will be used to specify the public certificate" + Description: "If certificate type is 'owncert', this parameter will be used to specify the public certificate in base64 format" Type: String OwnPrivateCertificate: - Description: "If certificate type is 'owncert', this parameter will be used to specify the private certificate" + Description: "If certificate type is 'owncert', this parameter will be used to specify the private certificate in base64 format" Type: String InitialMeetAdminPassword: @@ -66,12 +66,12 @@ Parameters: Default: '' TurnOwnPublicCertificate: - Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified." + Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." Type: String Default: '' TurnOwnPrivateCertificate: - Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified." + Description: "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format." Type: String Default: '' @@ -765,14 +765,9 @@ Resources: "--certificate-type=letsencrypt" ) else - # Download owncert files - mkdir -p /tmp/owncert - wget -O /tmp/owncert/fullchain.pem ${OwnPublicCertificate} - wget -O /tmp/owncert/privkey.pem ${OwnPrivateCertificate} - - # Convert to base64 - OWN_CERT_CRT=$(base64 -w 0 /tmp/owncert/fullchain.pem) - OWN_CERT_KEY=$(base64 -w 0 /tmp/owncert/privkey.pem) + # Use base64 encoded certificates directly + OWN_CERT_CRT=${OwnPublicCertificate} + OWN_CERT_KEY=${OwnPrivateCertificate} CERT_ARGS=( "--certificate-type=owncert" @@ -782,14 +777,9 @@ Resources: # Turn with TLS and own certificate if [[ "${TurnDomainName}" != '' ]]; then - # Download owncert files - mkdir -p /tmp/owncert-turn - wget -O /tmp/owncert-turn/fullchain.pem ${TurnOwnPublicCertificate} - wget -O /tmp/owncert-turn/privkey.pem ${TurnOwnPrivateCertificate} - - # Convert to base64 - OWN_CERT_CRT_TURN=$(base64 -w 0 /tmp/owncert-turn/fullchain.pem) - OWN_CERT_KEY_TURN=$(base64 -w 0 /tmp/owncert-turn/privkey.pem) + # Use base64 encoded certificates directly + OWN_CERT_CRT_TURN=${TurnOwnPublicCertificate} + OWN_CERT_KEY_TURN=${TurnOwnPrivateCertificate} CERT_ARGS+=( "--turn-owncert-private-key=$OWN_CERT_KEY_TURN"