diff --git a/openvidu-server/deployments/pro/aws/cfn-openvidu-server-pro-no-market.yaml.template b/openvidu-server/deployments/pro/aws/cfn-openvidu-server-pro-no-market.yaml.template index 6d60034f..be09fbd3 100644 --- a/openvidu-server/deployments/pro/aws/cfn-openvidu-server-pro-no-market.yaml.template +++ b/openvidu-server/deployments/pro/aws/cfn-openvidu-server-pro-no-market.yaml.template @@ -63,21 +63,20 @@ Parameters: Type: Number Default: 1 - # Kibana configuration - - KibanaUser: - Description: "Username for Kibana Dashboard" + # Elasticsearch configuration + ElasticsearchUser: + Description: "Username for Elasticsearch and Kibana" Type: String AllowedPattern: ^((?!")(?! ).)+$ - ConstraintDescription: Kibana user is mandatory (no whitespaces or quotations allowed) - Default: kibanaadmin + ConstraintDescription: Elasticsearch user is mandatory (no whitespaces or quotations allowed) + Default: elasticadmin - KibanaPassword: - Description: "Password for Kibana Dashboard" + ElasticsearchPassword: + Description: "Password for Elasticsearch and Kibana" Type: String AllowedPattern: ^((?!")(?! ).)+$ NoEcho: true - ConstraintDescription: Kibana password is mandatory (no whitespaces or quotations allowed) + ConstraintDescription: Elasticsearch password is mandatory (no whitespaces or quotations allowed) # EC2 Instance configuration @@ -216,8 +215,8 @@ Metadata: - Label: default: Kibana configuration Parameters: - - KibanaUser - - KibanaPassword + - ElasticsearchUser + - ElasticsearchPassword - Label: default: EC2 Instance configuration Parameters: @@ -256,10 +255,10 @@ Metadata: OpenViduSecret: default: "Openvidu Secret" # Kibana configuration - KibanaUser: - default: "Kibana username" - KibanaPassword: - default: "Kibana password" + ElasticsearchUser: + default: "Elasticsearch and Kibana username" + ElasticsearchPassword: + default: "Elasticsearch and Kibana password" # EC2 instance configuration AwsInstanceTypeOV: default: "Instance type for Openvidu Server Pro Node" @@ -383,9 +382,9 @@ Resources: sed -i "s/CERTIFICATE_TYPE=selfsigned/CERTIFICATE_TYPE=${WhichCert}/" $WORKINGDIR/.env sed -i "s/LETSENCRYPT_EMAIL=user@example.com/LETSENCRYPT_EMAIL=${LetsEncryptEmail}/" $WORKINGDIR/.env - # Replace Kibana Conf - sed -i "s/KIBANA_USER=kibanaadmin/KIBANA_USER=${KibanaUser}/" $WORKINGDIR/.env - sed -i "s/KIBANA_PASSWORD=/KIBANA_PASSWORD=${KibanaPassword}/" $WORKINGDIR/.env + # Replace Elastic Search Conf + sed -i "s/ELASTICSEARCH_USERNAME=elasticadmin/ELASTICSEARCH_USERNAME=${ElasticsearchUser}/" $WORKINGDIR/.env + sed -i "s/ELASTICSEARCH_PASSWORD=/ELASTICSEARCH_PASSWORD=${ElasticsearchPassword}/" $WORKINGDIR/.env # Replace vars AWS sed -i "s/#AWS_DEFAULT_REGION=/AWS_DEFAULT_REGION=${AWS::Region}/" $WORKINGDIR/.env diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env index 056cf286..567116e1 100644 --- a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env +++ b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env @@ -228,9 +228,10 @@ OPENVIDU_CDR_PATH=/opt/openvidu/cdr # Kibana And ElasticSearch Configuration # -------------------------- -# Kibana dashboard configuration (Credentials) -KIBANA_USER=kibanaadmin -KIBANA_PASSWORD= +# Kibana And ElasticSeach Basic Auth configuration (Credentials) +# This credentials will aso be valid for Kibana dashboard +ELASTICSEARCH_USERNAME=elasticadmin +ELASTICSEARCH_PASSWORD= # Cloudformation configuration # -------------------------- diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/beats/filebeat.yml b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/beats/filebeat.yml index c84977e8..3581884d 100644 --- a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/beats/filebeat.yml +++ b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/beats/filebeat.yml @@ -16,7 +16,9 @@ processors: output: elasticsearch: - hosts: ["elasticsearch:9200"] + hosts: ["${OPENVIDU_PRO_ELASTICSEARCH_HOST}"] + username: ${ELASTICSEARCH_USERNAME} + password: ${ELASTICSEARCH_PASSWORD} indices: - index: "filebeat-redis-%{+yyyy.MM.dd}" when.or: diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml index 5cd67732..8a1ed5af 100644 --- a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml +++ b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml @@ -42,9 +42,9 @@ services: - COTURN_REDIS_IP=127.0.0.1 - COTURN_REDIS_PASSWORD=${OPENVIDU_SECRET} - OPENVIDU_PRO_CLUSTER=true - - OPENVIDU_PRO_KIBANA_HOST=http://127.0.0.1/kibana - - OPENVIDU_PRO_ELASTICSEARCH_HOST=http://127.0.0.1:9200 - - WAIT_KIBANA_URL=http://127.0.0.1:5601/api/status + - OPENVIDU_PRO_KIBANA_HOST=${OPENVIDU_PRO_KIBANA_HOST:-http://127.0.0.1/kibana} + - OPENVIDU_PRO_ELASTICSEARCH_HOST=${OPENVIDU_PRO_ELASTICSEARCH_HOST:-http://127.0.0.1:9200} + - WAIT_KIBANA_URL=${OPENVIDU_PRO_KIBANA_HOST:-http://127.0.0.1/kibana} - DOTENV_PATH=${PWD} redis: @@ -70,7 +70,6 @@ services: image: openvidu/openvidu-proxy:3.0.0 restart: on-failure network_mode: host - entrypoint: ['/bin/sh', '-c', 'htpasswd -bc /etc/nginx/kibana.htpasswd "${KIBANA_USER}" "${KIBANA_PASSWORD}" && /usr/local/bin/entrypoint.sh'] volumes: - ./certificates:/etc/letsencrypt - ./owncert:/owncert @@ -89,8 +88,13 @@ services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0 restart: always + command: + - '/bin/bash' + - '-c' + - '/usr/share/elasticsearch/bin/elasticsearch-users useradd ${ELASTICSEARCH_USERNAME} -p ${ELASTICSEARCH_PASSWORD} -r superuser && /tini -- /usr/local/bin/docker-entrypoint.sh' environment: - discovery.type=single-node + - xpack.security.enabled=true ports: - 9200:9200 volumes: @@ -101,13 +105,20 @@ services: restart: always environment: - SERVER_BASEPATH="/kibana" + - ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME} + - ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD} ports: - 5601:5601 filebeat: image: docker.elastic.co/beats/filebeat:7.8.0 + network_mode: host restart: always user: root + environment: + - ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME} + - ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD} + - OPENVIDU_PRO_ELASTICSEARCH_HOST=${OPENVIDU_PRO_ELASTICSEARCH_HOST:-http://127.0.0.1:9200} volumes: - ./beats/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro - /var/lib/docker:/var/lib/docker:ro diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/install_openvidu_pro.sh b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/install_openvidu_pro.sh index 5dd1ca1f..0a4f48d9 100755 --- a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/install_openvidu_pro.sh +++ b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/install_openvidu_pro.sh @@ -105,7 +105,7 @@ new_ov_installation() { printf '\n 1. Go to openvidu folder:' printf '\n $ cd openvidu' printf '\n' - printf '\n 2. Configure OPENVIDU_DOMAIN_OR_PUBLIC_IP, OPENVIDU_PRO_LICENSE, OPENVIDU_SECRET, and KIBANA_PASSWORD in .env file:' + printf '\n 2. Configure OPENVIDU_DOMAIN_OR_PUBLIC_IP, OPENVIDU_PRO_LICENSE, OPENVIDU_SECRET, and ELASTICSEARCH_PASSWORD in .env file:' printf '\n $ nano .env' printf '\n' printf '\n 3. Start OpenVidu' diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/openvidu b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/openvidu index 9f948e61..c1991b79 100755 --- a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/openvidu +++ b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/openvidu @@ -120,7 +120,7 @@ generate_report() { printf '\n' printf '\n' - cat < "${OV_FOLDER}/.env" | sed -r -e "s/OPENVIDU_SECRET=.+/OPENVIDU_SECRET=****/" -e "s/OPENVIDU_PRO_LICENSE=.+/OPENVIDU_PRO_LICENSE=****/" -e "s/KIBANA_PASSWORD=.+/KIBANA_PASSWORD=****/" + cat < "${OV_FOLDER}/.env" | sed -r -e "s/OPENVIDU_SECRET=.+/OPENVIDU_SECRET=****/" -e "s/OPENVIDU_PRO_LICENSE=.+/OPENVIDU_PRO_LICENSE=****/" -e "s/ELASTICSEARCH_PASSWORD=.+/ELASTICSEARCH_PASSWORD=****/" printf '\n' printf '\n ========= docker-compose.yml ==========' diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf index 1473ac20..9e5b254a 100644 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf @@ -89,8 +89,6 @@ server { location /kibana { {rules_access_dashboard} deny all; - auth_basic "Openvidu Monitoring"; - auth_basic_user_file /etc/nginx/kibana.htpasswd; rewrite ^/kibana/(.*)$ /$1 break; proxy_pass http://kibana/; diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf index d5ada4eb..b1ffd189 100644 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf @@ -99,8 +99,6 @@ server { location /kibana { {rules_access_dashboard} deny all; - auth_basic "Openvidu Monitoring"; - auth_basic_user_file /etc/nginx/kibana.htpasswd; rewrite ^/kibana/(.*)$ /$1 break; proxy_pass http://kibana/; diff --git a/openvidu-server/docker/openvidu-server-pro/entrypoint.sh b/openvidu-server/docker/openvidu-server-pro/entrypoint.sh index b7b8ed9e..468e4812 100755 --- a/openvidu-server/docker/openvidu-server-pro/entrypoint.sh +++ b/openvidu-server/docker/openvidu-server-pro/entrypoint.sh @@ -8,19 +8,12 @@ if [ ! -z "${WAIT_KIBANA_URL}" ]; then printf "\n =======================================" printf "\n" - while true - do - HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" "${WAIT_KIBANA_URL}") - + until $(curl --insecure --output /dev/null --silent --head --fail ${WAIT_KIBANA_URL}) + do printf "\n Waiting for kibana in '%s' URL..." "${WAIT_KIBANA_URL}" - - if [ "$HTTP_STATUS" == "200" ]; then - printf "\n ==== Kibana is Ready ====" - break - fi - sleep 1 done + printf "\n ==== Kibana is Ready ====" fi # Launch Openvidu Pro