ambiser
/
openvidu
mirror of https://github.com/OpenVidu/openvidu.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Deployment: External and secure Kibana and Elasticsearch in can be configured in OpenVidu Pro Node

pull/546/head
cruizba 2020-09-22 18:19:51 +02:00
parent 71c5409b05
commit df92cca9de
9 changed files with 44 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
openvidu-server/deployments/pro/aws/cfn-openvidu-server-pro-no-market.yaml.template
View File

@ -63,21 +63,20 @@ Parameters:
Type: Number Type: Number
Default: 1 Default: 1
# Kibana configuration # Elasticsearch configuration
ElasticsearchUser:
KibanaUser: Description: "Username for Elasticsearch and Kibana"
Description: "Username for Kibana Dashboard"
Type: String Type: String
AllowedPattern: ^((?!")(?! ).)+$ AllowedPattern: ^((?!")(?! ).)+$
ConstraintDescription: Kibana user is mandatory (no whitespaces or quotations allowed) ConstraintDescription: Elasticsearch user is mandatory (no whitespaces or quotations allowed)
Default: kibanaadmin Default: elasticadmin
KibanaPassword: ElasticsearchPassword:
Description: "Password for Kibana Dashboard" Description: "Password for Elasticsearch and Kibana"
Type: String Type: String
AllowedPattern: ^((?!")(?! ).)+$ AllowedPattern: ^((?!")(?! ).)+$
NoEcho: true NoEcho: true
ConstraintDescription: Kibana password is mandatory (no whitespaces or quotations allowed) ConstraintDescription: Elasticsearch password is mandatory (no whitespaces or quotations allowed)
# EC2 Instance configuration # EC2 Instance configuration
@ -216,8 +215,8 @@ Metadata:
- Label: - Label:
default: Kibana configuration default: Kibana configuration
Parameters: Parameters:
- KibanaUser - ElasticsearchUser
- KibanaPassword - ElasticsearchPassword
- Label: - Label:
default: EC2 Instance configuration default: EC2 Instance configuration
Parameters: Parameters:
@ -256,10 +255,10 @@ Metadata:
OpenViduSecret: OpenViduSecret:
default: "Openvidu Secret" default: "Openvidu Secret"
# Kibana configuration # Kibana configuration
KibanaUser: ElasticsearchUser:
default: "Kibana username" default: "Elasticsearch and Kibana username"
KibanaPassword: ElasticsearchPassword:
default: "Kibana password" default: "Elasticsearch and Kibana password"
# EC2 instance configuration # EC2 instance configuration
AwsInstanceTypeOV: AwsInstanceTypeOV:
default: "Instance type for Openvidu Server Pro Node" default: "Instance type for Openvidu Server Pro Node"
@ -383,9 +382,9 @@ Resources:
sed -i "s/CERTIFICATE_TYPE=selfsigned/CERTIFICATE_TYPE=${WhichCert}/" $WORKINGDIR/.env sed -i "s/CERTIFICATE_TYPE=selfsigned/CERTIFICATE_TYPE=${WhichCert}/" $WORKINGDIR/.env
sed -i "s/LETSENCRYPT_EMAIL=user@example.com/LETSENCRYPT_EMAIL=${LetsEncryptEmail}/" $WORKINGDIR/.env sed -i "s/LETSENCRYPT_EMAIL=user@example.com/LETSENCRYPT_EMAIL=${LetsEncryptEmail}/" $WORKINGDIR/.env
# Replace Kibana Conf # Replace Elastic Search Conf
sed -i "s/KIBANA_USER=kibanaadmin/KIBANA_USER=${KibanaUser}/" $WORKINGDIR/.env sed -i "s/ELASTICSEARCH_USERNAME=elasticadmin/ELASTICSEARCH_USERNAME=${ElasticsearchUser}/" $WORKINGDIR/.env
sed -i "s/KIBANA_PASSWORD=/KIBANA_PASSWORD=${KibanaPassword}/" $WORKINGDIR/.env sed -i "s/ELASTICSEARCH_PASSWORD=/ELASTICSEARCH_PASSWORD=${ElasticsearchPassword}/" $WORKINGDIR/.env
# Replace vars AWS # Replace vars AWS
sed -i "s/#AWS_DEFAULT_REGION=/AWS_DEFAULT_REGION=${AWS::Region}/" $WORKINGDIR/.env sed -i "s/#AWS_DEFAULT_REGION=/AWS_DEFAULT_REGION=${AWS::Region}/" $WORKINGDIR/.env

7
openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env
View File

@ -228,9 +228,10 @@ OPENVIDU_CDR_PATH=/opt/openvidu/cdr
# Kibana And ElasticSearch Configuration # Kibana And ElasticSearch Configuration
# -------------------------- # --------------------------
# Kibana dashboard configuration (Credentials) # Kibana And ElasticSeach Basic Auth configuration (Credentials)
KIBANA_USER=kibanaadmin # This credentials will aso be valid for Kibana dashboard
KIBANA_PASSWORD= ELASTICSEARCH_USERNAME=elasticadmin
ELASTICSEARCH_PASSWORD=
# Cloudformation configuration # Cloudformation configuration
# -------------------------- # --------------------------

4
openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/beats/filebeat.yml
View File

@ -16,7 +16,9 @@ processors:
output: output:
elasticsearch: elasticsearch:
hosts: ["elasticsearch:9200"] hosts: ["${OPENVIDU_PRO_ELASTICSEARCH_HOST}"]
username: ${ELASTICSEARCH_USERNAME}
password: ${ELASTICSEARCH_PASSWORD}
indices: indices:
- index: "filebeat-redis-%{+yyyy.MM.dd}" - index: "filebeat-redis-%{+yyyy.MM.dd}"
when.or: when.or:

19
openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml
View File

@ -42,9 +42,9 @@ services:
- COTURN_REDIS_IP=127.0.0.1 - COTURN_REDIS_IP=127.0.0.1
- COTURN_REDIS_PASSWORD=${OPENVIDU_SECRET} - COTURN_REDIS_PASSWORD=${OPENVIDU_SECRET}
- OPENVIDU_PRO_CLUSTER=true - OPENVIDU_PRO_CLUSTER=true
- OPENVIDU_PRO_KIBANA_HOST=http://127.0.0.1/kibana - OPENVIDU_PRO_KIBANA_HOST=${OPENVIDU_PRO_KIBANA_HOST:-http://127.0.0.1/kibana}
- OPENVIDU_PRO_ELASTICSEARCH_HOST=http://127.0.0.1:9200 - OPENVIDU_PRO_ELASTICSEARCH_HOST=${OPENVIDU_PRO_ELASTICSEARCH_HOST:-http://127.0.0.1:9200}
- WAIT_KIBANA_URL=http://127.0.0.1:5601/api/status - WAIT_KIBANA_URL=${OPENVIDU_PRO_KIBANA_HOST:-http://127.0.0.1/kibana}
- DOTENV_PATH=${PWD} - DOTENV_PATH=${PWD}
redis: redis:
@ -70,7 +70,6 @@ services:
image: openvidu/openvidu-proxy:3.0.0 image: openvidu/openvidu-proxy:3.0.0
restart: on-failure restart: on-failure
network_mode: host network_mode: host
entrypoint: ['/bin/sh', '-c', 'htpasswd -bc /etc/nginx/kibana.htpasswd "${KIBANA_USER}" "${KIBANA_PASSWORD}" && /usr/local/bin/entrypoint.sh']
volumes: volumes:
- ./certificates:/etc/letsencrypt - ./certificates:/etc/letsencrypt
- ./owncert:/owncert - ./owncert:/owncert
@ -89,8 +88,13 @@ services:
elasticsearch: elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0 image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0
restart: always restart: always
command:
- '/bin/bash'
- '-c'
- '/usr/share/elasticsearch/bin/elasticsearch-users useradd ${ELASTICSEARCH_USERNAME} -p ${ELASTICSEARCH_PASSWORD} -r superuser && /tini -- /usr/local/bin/docker-entrypoint.sh'
environment: environment:
- discovery.type=single-node - discovery.type=single-node
- xpack.security.enabled=true
ports: ports:
- 9200:9200 - 9200:9200
volumes: volumes:
@ -101,13 +105,20 @@ services:
restart: always restart: always
environment: environment:
- SERVER_BASEPATH="/kibana" - SERVER_BASEPATH="/kibana"
- ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME}
- ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD}
ports: ports:
- 5601:5601 - 5601:5601
filebeat: filebeat:
image: docker.elastic.co/beats/filebeat:7.8.0 image: docker.elastic.co/beats/filebeat:7.8.0
network_mode: host
restart: always restart: always
user: root user: root
environment:
- ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME}
- ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD}
- OPENVIDU_PRO_ELASTICSEARCH_HOST=${OPENVIDU_PRO_ELASTICSEARCH_HOST:-http://127.0.0.1:9200}
volumes: volumes:
- ./beats/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro - ./beats/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
- /var/lib/docker:/var/lib/docker:ro - /var/lib/docker:/var/lib/docker:ro

2
openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/install_openvidu_pro.sh
View File

@ -105,7 +105,7 @@ new_ov_installation() {
printf '\n 1. Go to openvidu folder:' printf '\n 1. Go to openvidu folder:'
printf '\n $ cd openvidu' printf '\n $ cd openvidu'
printf '\n' printf '\n'
printf '\n 2. Configure OPENVIDU_DOMAIN_OR_PUBLIC_IP, OPENVIDU_PRO_LICENSE, OPENVIDU_SECRET, and KIBANA_PASSWORD in .env file:' printf '\n 2. Configure OPENVIDU_DOMAIN_OR_PUBLIC_IP, OPENVIDU_PRO_LICENSE, OPENVIDU_SECRET, and ELASTICSEARCH_PASSWORD in .env file:'
printf '\n $ nano .env' printf '\n $ nano .env'
printf '\n' printf '\n'
printf '\n 3. Start OpenVidu' printf '\n 3. Start OpenVidu'

2
openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/openvidu
View File

@ -120,7 +120,7 @@ generate_report() {
printf '\n' printf '\n'
printf '\n' printf '\n'
cat < "${OV_FOLDER}/.env" | sed -r -e "s/OPENVIDU_SECRET=.+/OPENVIDU_SECRET=****/" -e "s/OPENVIDU_PRO_LICENSE=.+/OPENVIDU_PRO_LICENSE=****/" -e "s/KIBANA_PASSWORD=.+/KIBANA_PASSWORD=****/" cat < "${OV_FOLDER}/.env" | sed -r -e "s/OPENVIDU_SECRET=.+/OPENVIDU_SECRET=****/" -e "s/OPENVIDU_PRO_LICENSE=.+/OPENVIDU_PRO_LICENSE=****/" -e "s/ELASTICSEARCH_PASSWORD=.+/ELASTICSEARCH_PASSWORD=****/"
printf '\n' printf '\n'
printf '\n ========= docker-compose.yml ==========' printf '\n ========= docker-compose.yml =========='

2
openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf
View File

@ -89,8 +89,6 @@ server {
location /kibana { location /kibana {
{rules_access_dashboard} {rules_access_dashboard}
deny all; deny all;
auth_basic "Openvidu Monitoring";
auth_basic_user_file /etc/nginx/kibana.htpasswd;
rewrite ^/kibana/(.*)$ /$1 break; rewrite ^/kibana/(.*)$ /$1 break;
proxy_pass http://kibana/; proxy_pass http://kibana/;

2
openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf
View File

@ -99,8 +99,6 @@ server {
location /kibana { location /kibana {
{rules_access_dashboard} {rules_access_dashboard}
deny all; deny all;
auth_basic "Openvidu Monitoring";
auth_basic_user_file /etc/nginx/kibana.htpasswd;
rewrite ^/kibana/(.*)$ /$1 break; rewrite ^/kibana/(.*)$ /$1 break;
proxy_pass http://kibana/; proxy_pass http://kibana/;

13
openvidu-server/docker/openvidu-server-pro/entrypoint.sh
View File

@ -8,19 +8,12 @@ if [ ! -z "${WAIT_KIBANA_URL}" ]; then
printf "\n =======================================" printf "\n ======================================="
printf "\n" printf "\n"
while true until $(curl --insecure --output /dev/null --silent --head --fail ${WAIT_KIBANA_URL})
do do
HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" "${WAIT_KIBANA_URL}")
printf "\n Waiting for kibana in '%s' URL..." "${WAIT_KIBANA_URL}" printf "\n Waiting for kibana in '%s' URL..." "${WAIT_KIBANA_URL}"
if [ "$HTTP_STATUS" == "200" ]; then
printf "\n ==== Kibana is Ready ===="
break
fi
sleep 1 sleep 1
done done
printf "\n ==== Kibana is Ready ===="
fi fi
# Launch Openvidu Pro # Launch Openvidu Pro