mirror of https://github.com/OpenVidu/openvidu.git
openvidu proxy updated
parent
7234c30c09
commit
dfda7b2a86
|
@ -67,7 +67,7 @@ services:
|
||||||
- MAX_PORT=65535
|
- MAX_PORT=65535
|
||||||
|
|
||||||
nginx:
|
nginx:
|
||||||
image: openvidu/openvidu-proxy:2.0.0-beta2
|
image: openvidu/openvidu-proxy:2.0.0-beta3
|
||||||
restart: on-failure
|
restart: on-failure
|
||||||
network_mode: host
|
network_mode: host
|
||||||
volumes:
|
volumes:
|
||||||
|
@ -83,4 +83,4 @@ services:
|
||||||
- ALLOWED_ACCESS_TO_DASHBOARD=${ALLOWED_ACCESS_TO_DASHBOARD:-}
|
- ALLOWED_ACCESS_TO_DASHBOARD=${ALLOWED_ACCESS_TO_DASHBOARD:-}
|
||||||
- ALLOWED_ACCESS_TO_RESTAPI=${ALLOWED_ACCESS_TO_RESTAPI:-}
|
- ALLOWED_ACCESS_TO_RESTAPI=${ALLOWED_ACCESS_TO_RESTAPI:-}
|
||||||
- PROXY_MODE=CE
|
- PROXY_MODE=CE
|
||||||
- WITH_DEMOS=true
|
- WITH_APP=true
|
||||||
|
|
|
@ -1,12 +1,11 @@
|
||||||
FROM nginx:1.18.0-alpine
|
FROM nginx:1.18.0-alpine
|
||||||
|
|
||||||
# Install required software
|
# Install required software
|
||||||
RUN apk update && \
|
RUN apk update && \
|
||||||
apk add bash && \
|
apk add bash \
|
||||||
apk add certbot && \
|
certbot \
|
||||||
apk add openssl && \
|
openssl \
|
||||||
apk add apache2-utils && \
|
apache2-utils && \
|
||||||
apk add ipcalc && \
|
|
||||||
rm -rf /var/cache/apk/*
|
rm -rf /var/cache/apk/*
|
||||||
|
|
||||||
# Default nginx conf
|
# Default nginx conf
|
||||||
|
|
|
@ -1,5 +1,32 @@
|
||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Checks
|
||||||
|
if [ -z "${DOMAIN_OR_PUBLIC_IP}" ]; then
|
||||||
|
printf "\n =======¡ERROR!======="
|
||||||
|
printf "\n Variable 'DOMAIN_OR_PUBLIC_IP' it's necessary\n"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${CERTIFICATE_TYPE}" ]; then
|
||||||
|
printf "\n =======¡ERROR!======="
|
||||||
|
printf "\n Variable 'CERTIFICATE_TYPE' it's necessary\n"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "${CERTIFICATE_TYPE}" == "letsencrypt" && \
|
||||||
|
"${LETSENCRYPT_EMAIL}" == "user@example.com" || \
|
||||||
|
-z "${LETSENCRYPT_EMAIL}" ]]; then
|
||||||
|
printf "\n =======¡ERROR!======="
|
||||||
|
printf "\n If your use LetsEncrypt mode it's necessary a correct email in 'LETSENCRYPT_EMAIL' variable\n"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Global variables
|
||||||
|
CERTIFICATES_FOLDER=/etc/letsencrypt/live
|
||||||
|
CERTIFICATES_CONF="${CERTIFICATES_FOLDER}/certificates.conf"
|
||||||
|
|
||||||
|
[ ! -d "${CERTIFICATES_FOLDER}" ] && mkdir -p "${CERTIFICATES_FOLDER}"
|
||||||
|
[ ! -f "${CERTIFICATES_CONF}" ] && touch "${CERTIFICATES_CONF}"
|
||||||
[ -z "${PROXY_HTTP_PORT}" ] && export PROXY_HTTP_PORT=80
|
[ -z "${PROXY_HTTP_PORT}" ] && export PROXY_HTTP_PORT=80
|
||||||
[ -z "${PROXY_HTTPS_PORT}" ] && export PROXY_HTTPS_PORT=443
|
[ -z "${PROXY_HTTPS_PORT}" ] && export PROXY_HTTPS_PORT=443
|
||||||
[ -z "${ALLOWED_ACCESS_TO_DASHBOARD}" ] && export ALLOWED_ACCESS_TO_DASHBOARD=all
|
[ -z "${ALLOWED_ACCESS_TO_DASHBOARD}" ] && export ALLOWED_ACCESS_TO_DASHBOARD=all
|
||||||
|
@ -9,64 +36,95 @@
|
||||||
nginx -g "daemon on;"
|
nginx -g "daemon on;"
|
||||||
|
|
||||||
# Show input enviroment variables
|
# Show input enviroment variables
|
||||||
echo "Http Port: ${PROXY_HTTP_PORT}"
|
printf "\n ======================================="
|
||||||
echo "Https Port: ${PROXY_HTTPS_PORT}"
|
printf "\n = INPUT VARIABLES ="
|
||||||
echo "Allowed Dashboard: ${ALLOWED_ACCESS_TO_DASHBOARD}"
|
printf "\n ======================================="
|
||||||
echo "Allowed API: ${ALLOWED_ACCESS_TO_RESTAPI}"
|
printf "\n"
|
||||||
echo "Domain name: ${DOMAIN_OR_PUBLIC_IP}"
|
|
||||||
echo "Certificated: ${CERTIFICATE_TYPE}"
|
printf "\n Config NGINX:"
|
||||||
echo "Letsencrypt Email: ${LETSENCRYPT_EMAIL}"
|
printf "\n - Http Port: %s" "${PROXY_HTTP_PORT}"
|
||||||
echo "Proxy mode: ${PROXY_MODE:-CE}"
|
printf "\n - Https Port: %s" "${PROXY_HTTPS_PORT}"
|
||||||
echo "Demos mode: ${WITH_DEMOS:-true}"
|
printf "\n - Allowed Access in Openvidu Dashboard: %s" "${ALLOWED_ACCESS_TO_DASHBOARD}"
|
||||||
|
printf "\n - Allowed Access in Openvidu API: %s" "${ALLOWED_ACCESS_TO_RESTAPI}"
|
||||||
|
printf "\n"
|
||||||
|
printf "\n Config Openvidu Application:"
|
||||||
|
printf "\n - Domain name: %s" "${DOMAIN_OR_PUBLIC_IP}"
|
||||||
|
printf "\n - Certificated: %s" "${CERTIFICATE_TYPE}"
|
||||||
|
printf "\n - Letsencrypt Email: %s" "${LETSENCRYPT_EMAIL}"
|
||||||
|
printf "\n - Openvidu Application: %s" "${WITH_APP:-true}"
|
||||||
|
printf "\n - Openvidu Application Type: %s" "${PROXY_MODE:-CE}"
|
||||||
|
|
||||||
|
printf "\n"
|
||||||
|
printf "\n ======================================="
|
||||||
|
printf "\n = CONFIGURATION NGINX ="
|
||||||
|
printf "\n ======================================="
|
||||||
|
printf "\n"
|
||||||
|
|
||||||
|
printf "\n Configure %s domain..." "${DOMAIN_OR_PUBLIC_IP}"
|
||||||
|
CERTIFICATED_OLD_CONFIG=$(grep "${DOMAIN_OR_PUBLIC_IP}" "${CERTIFICATES_CONF}" | cut -f2 -d$'\t')
|
||||||
|
|
||||||
|
printf "\n - New configuration: %s" "${CERTIFICATE_TYPE}"
|
||||||
|
|
||||||
|
if [ -z "${CERTIFICATED_OLD_CONFIG}" ]; then
|
||||||
|
printf "\n - Old configuration: none"
|
||||||
|
|
||||||
|
rm -rf "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}" | true
|
||||||
|
else
|
||||||
|
printf "\n - Old configuration: %s" "${CERTIFICATED_OLD_CONFIG}"
|
||||||
|
|
||||||
|
if [ "${CERTIFICATED_OLD_CONFIG}" != "${CERTIFICATE_TYPE}" ]; then
|
||||||
|
printf "\n - Restarting configuration... Removing old certificated..."
|
||||||
|
|
||||||
|
rm -rf "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create certificate folder if don't exist and save actual conf
|
||||||
|
[ ! -d "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}" ] && mkdir -p "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}"
|
||||||
|
sed -i "/${DOMAIN_OR_PUBLIC_IP}/d" "${CERTIFICATES_CONF}"
|
||||||
|
echo -e "${DOMAIN_OR_PUBLIC_IP}\t${CERTIFICATE_TYPE}" >> "${CERTIFICATES_CONF}"
|
||||||
|
|
||||||
case ${CERTIFICATE_TYPE} in
|
case ${CERTIFICATE_TYPE} in
|
||||||
|
|
||||||
"selfsigned")
|
"selfsigned")
|
||||||
echo "===Mode selfsigned==="
|
if [[ ! -f "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}/privkey.pem" && \
|
||||||
|
! -f "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem" ]]; then
|
||||||
if [[ ! -f "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem" && ! -f "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem" ]]; then
|
printf "\n - Generating selfsigned certificate...\n"
|
||||||
echo "Generating certificated..."
|
|
||||||
|
|
||||||
rm -rf /etc/letsencrypt/live/*
|
|
||||||
mkdir -p "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}"
|
|
||||||
|
|
||||||
openssl req -new -nodes -x509 \
|
openssl req -new -nodes -x509 \
|
||||||
-subj "/CN=${DOMAIN_OR_PUBLIC_IP}" -days 365 \
|
-subj "/CN=${DOMAIN_OR_PUBLIC_IP}" -days 365 \
|
||||||
-keyout "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem" \
|
-keyout "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}/privkey.pem" \
|
||||||
-out "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem" -extensions v3_ca
|
-out "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem" \
|
||||||
|
-extensions v3_ca
|
||||||
else
|
else
|
||||||
echo "The certificate already exists, using them..."
|
printf "\n - Selfsigned certificate already exists, using them..."
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"owncert")
|
"owncert")
|
||||||
echo "===Mode owncert==="
|
if [[ ! -f "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}/privkey.pem" && \
|
||||||
|
! -f "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem" ]]; then
|
||||||
if [[ ! -f "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem" && ! -f "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem" ]]; then
|
printf "\n - Copying owmcert certificate..."
|
||||||
echo "Using owmcert..."
|
|
||||||
|
|
||||||
rm -rf /etc/letsencrypt/live/*
|
|
||||||
mkdir -p "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}"
|
|
||||||
cp /owncert/certificate.key "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem"
|
|
||||||
cp /owncert/certificate.cert "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem"
|
|
||||||
|
|
||||||
|
cp /owncert/certificate.key "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}/privkey.pem"
|
||||||
|
cp /owncert/certificate.cert "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem"
|
||||||
else
|
else
|
||||||
echo "The certificate already exists, using them..."
|
printf "\n - Owmcert certificate already exists, using them..."
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"letsencrypt")
|
"letsencrypt")
|
||||||
echo "===Mode letsencrypt==="
|
echo "0 12 * * * certbot renew >> /var/log/nginx/cron-letsencrypt.log" | crontab - # Auto renew cert
|
||||||
|
|
||||||
# Auto renew cert
|
if [[ ! -f "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}/privkey.pem" && \
|
||||||
echo "0 12 * * * certbot renew >> /var/log/nginx/cron-letsencrypt.log" | crontab -
|
! -f "${CERTIFICATES_FOLDER:?}/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem" ]]; then
|
||||||
|
printf "\n - Requesting LetsEncrypt certificate..."
|
||||||
|
|
||||||
if [[ ! -f "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem" && ! -f "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem" ]]; then
|
certbot certonly -n --webroot -w /var/www/certbot \
|
||||||
echo "Requesting certificate..."
|
-m "${LETSENCRYPT_EMAIL}" \
|
||||||
|
--agree-tos -d "${DOMAIN_OR_PUBLIC_IP}"
|
||||||
certbot certonly -n --webroot -w /var/www/certbot -m "${LETSENCRYPT_EMAIL}" --agree-tos -d "${DOMAIN_OR_PUBLIC_IP}"
|
|
||||||
else
|
else
|
||||||
echo "The certificate already exists, using them..."
|
printf "\n - LetsEncrypt certificate already exists, using them..."
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
@ -76,7 +134,7 @@ chmod -R 777 /etc/letsencrypt
|
||||||
|
|
||||||
# Use certificates in folder '/default_nginx_conf'
|
# Use certificates in folder '/default_nginx_conf'
|
||||||
if [ "${PROXY_MODE}" == "CE" ]; then
|
if [ "${PROXY_MODE}" == "CE" ]; then
|
||||||
if [ "${WITH_DEMOS}" == "true" ]; then
|
if [ "${WITH_APP}" == "true" ]; then
|
||||||
mv /default_nginx_conf/ce/default-app.conf /default_nginx_conf/default-app.conf
|
mv /default_nginx_conf/ce/default-app.conf /default_nginx_conf/default-app.conf
|
||||||
mv /default_nginx_conf/ce/default.conf /default_nginx_conf/default.conf
|
mv /default_nginx_conf/ce/default.conf /default_nginx_conf/default.conf
|
||||||
else
|
else
|
||||||
|
@ -89,7 +147,7 @@ if [ "${PROXY_MODE}" == "CE" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "${PROXY_MODE}" == "PRO" ]; then
|
if [ "${PROXY_MODE}" == "PRO" ]; then
|
||||||
if [ "${WITH_DEMOS}" == "true" ]; then
|
if [ "${WITH_APP}" == "true" ]; then
|
||||||
mv /default_nginx_conf/pro/default.conf /default_nginx_conf/default.conf
|
mv /default_nginx_conf/pro/default.conf /default_nginx_conf/default.conf
|
||||||
else
|
else
|
||||||
mv /default_nginx_conf/pro/default-app-without-demos.conf /default_nginx_conf/default.conf
|
mv /default_nginx_conf/pro/default-app-without-demos.conf /default_nginx_conf/default.conf
|
||||||
|
@ -113,42 +171,70 @@ sed -i "s/{http_port}/${PROXY_HTTP_PORT}/g" /etc/nginx/conf.d/*
|
||||||
sed -i "s/{https_port}/${PROXY_HTTPS_PORT}/g" /etc/nginx/conf.d/*
|
sed -i "s/{https_port}/${PROXY_HTTPS_PORT}/g" /etc/nginx/conf.d/*
|
||||||
|
|
||||||
# NGINX access
|
# NGINX access
|
||||||
|
printf "\n"
|
||||||
|
printf "\n ======================================="
|
||||||
|
printf "\n = ALLOWED ACCESS ="
|
||||||
|
printf "\n ======================================="
|
||||||
|
printf "\n"
|
||||||
|
|
||||||
|
printf "\n Adding rules..."
|
||||||
LOCAL_NETWORKS=$(ip route list | grep -Eo '([0-9]*\.){3}[0-9]*/[0-9]*')
|
LOCAL_NETWORKS=$(ip route list | grep -Eo '([0-9]*\.){3}[0-9]*/[0-9]*')
|
||||||
PUBLIC_IP=$(/usr/local/bin/discover_my_public_ip.sh)
|
PUBLIC_IP=$(/usr/local/bin/discover_my_public_ip.sh)
|
||||||
|
|
||||||
valid_ip_v4()
|
valid_ip_v4()
|
||||||
{
|
{
|
||||||
if ipcalc "$1" \
|
regex='^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(/[0-9]+)?$'
|
||||||
| awk 'BEGIN{FS=":"; is_invalid=0} /^INVALID/ {is_invalid=1} END {exit is_invalid}'
|
|
||||||
then
|
if [[ "$1" =~ $regex ]]; then
|
||||||
return "$?"
|
return "$?"
|
||||||
else
|
else
|
||||||
return "$?"
|
return "$?"
|
||||||
fi
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
valid_ip_v6()
|
||||||
|
{
|
||||||
|
regex='^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(/[0-9]+)?$'
|
||||||
|
|
||||||
|
if [[ "$1" =~ $regex ]]; then
|
||||||
|
return "$?"
|
||||||
|
else
|
||||||
|
return "$?"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
if [ "${ALLOWED_ACCESS_TO_DASHBOARD}" != "all" ]; then
|
if [ "${ALLOWED_ACCESS_TO_DASHBOARD}" != "all" ]; then
|
||||||
IFS=','
|
IFS=','
|
||||||
for IP in $(echo "${ALLOWED_ACCESS_TO_DASHBOARD}" | tr -d '[:space:]')
|
for IP in $(echo "${ALLOWED_ACCESS_TO_DASHBOARD}" | tr -d '[:space:]')
|
||||||
do
|
do
|
||||||
if valid_ip_v4 "$IP"; then
|
if valid_ip_v4 "$IP" || valid_ip_v6 "$IP"; then
|
||||||
if [ -z "${RULES_DASHBOARD}" ]; then
|
if [ -z "${RULES_DASHBOARD}" ]; then
|
||||||
RULES_DASHBOARD="allow $IP;"
|
RULES_DASHBOARD="allow $IP;"
|
||||||
|
|
||||||
|
printf "\n - Allowing IP/RANGE %s in Dashboard..." "$IP"
|
||||||
else
|
else
|
||||||
if ! echo "${RULES_DASHBOARD}" | grep -q "$IP"; then
|
if ! echo "${RULES_DASHBOARD}" | grep -q "$IP"; then
|
||||||
RULES_DASHBOARD="${RULES_DASHBOARD}{new_line}allow $IP;"
|
RULES_DASHBOARD="${RULES_DASHBOARD}{new_line}allow $IP;"
|
||||||
|
|
||||||
|
printf "\n - Allowing IP/RANGE %s in Dashboard..." "$IP"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "${RULES_RESTAPI}" ]; then
|
if [ -z "${RULES_RESTAPI}" ]; then
|
||||||
RULES_RESTAPI="allow $IP;"
|
RULES_RESTAPI="allow $IP;"
|
||||||
|
|
||||||
|
printf "\n - Allowing IP/RANGE %s in Rest-API..." "$IP"
|
||||||
else
|
else
|
||||||
if ! echo "${RULES_RESTAPI}" | grep -q "$IP"; then
|
if ! echo "${RULES_RESTAPI}" | grep -q "$IP"; then
|
||||||
RULES_RESTAPI="${RULES_RESTAPI}{new_line}allow $IP;"
|
RULES_RESTAPI="${RULES_RESTAPI}{new_line}allow $IP;"
|
||||||
|
|
||||||
|
printf "\n - Allowing IP/RANGE %s in Rest-API..." "$IP"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "Ip or range $IP is not valid"
|
printf "\n =======¡ERROR!======="
|
||||||
|
printf "\n - IP or RANGE %s is not valid\n" "$IP"
|
||||||
|
exit 0
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
|
@ -159,16 +245,22 @@ if [ "${ALLOWED_ACCESS_TO_RESTAPI}" != "all" ]; then
|
||||||
IFS=','
|
IFS=','
|
||||||
for IP in $(echo "${ALLOWED_ACCESS_TO_RESTAPI}" | tr -d '[:space:]')
|
for IP in $(echo "${ALLOWED_ACCESS_TO_RESTAPI}" | tr -d '[:space:]')
|
||||||
do
|
do
|
||||||
if valid_ip_v4 "$IP"; then
|
if valid_ip_v4 "$IP" || valid_ip_v6 "$IP"; then
|
||||||
if [ -z "${RULES_RESTAPI}" ]; then
|
if [ -z "${RULES_RESTAPI}" ]; then
|
||||||
RULES_RESTAPI="allow $IP;"
|
RULES_RESTAPI="allow $IP;"
|
||||||
|
|
||||||
|
printf "\n - Allowing IP/RANGE %s in Rest-API..." "$IP"
|
||||||
else
|
else
|
||||||
if ! echo "${RULES_RESTAPI}" | grep -q "$IP"; then
|
if ! echo "${RULES_RESTAPI}" | grep -q "$IP"; then
|
||||||
RULES_RESTAPI="${RULES_RESTAPI}{new_line}allow $IP;"
|
RULES_RESTAPI="${RULES_RESTAPI}{new_line}allow $IP;"
|
||||||
|
|
||||||
|
printf "\n - Allowing IP/RANGE %s in Rest-API..." "$IP"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "Ip or range $IP is not valid"
|
printf "\n =======¡ERROR!======="
|
||||||
|
printf "\n - IP or RANGE %s is not valid\n" "$IP"
|
||||||
|
exit 0
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
|
@ -176,7 +268,7 @@ else
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "${RULES_DASHBOARD}" != "allow all;" ]; then
|
if [ "${RULES_DASHBOARD}" != "allow all;" ]; then
|
||||||
if ! echo "${RULES_DASHBOARD}" | grep -q "$PUBLIC_IP" && valid_ip_v4 "$PUBLIC_IP"; then
|
if ! echo "${RULES_DASHBOARD}" | grep -q "$PUBLIC_IP" && valid_ip_v4 "$PUBLIC_IP" || valid_ip_v6 "$IP"; then
|
||||||
RULES_DASHBOARD="${RULES_DASHBOARD}{new_line}allow $PUBLIC_IP;"
|
RULES_DASHBOARD="${RULES_DASHBOARD}{new_line}allow $PUBLIC_IP;"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -187,14 +279,14 @@ if [ "${RULES_DASHBOARD}" != "allow all;" ]; then
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for IP in ${LOCAL_NETWORKS}
|
for IP in ${LOCAL_NETWORKS}
|
||||||
do
|
do
|
||||||
if ! echo "${RULES_DASHBOARD}" | grep -q "$IP" && valid_ip_v4 "$IP"; then
|
if ! echo "${RULES_DASHBOARD}" | grep -q "$IP" && valid_ip_v4 "$IP" || valid_ip_v6 "$IP"; then
|
||||||
RULES_DASHBOARD="${RULES_DASHBOARD}{new_line}allow $IP;"
|
RULES_DASHBOARD="${RULES_DASHBOARD}{new_line}allow $IP;"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "${RULES_RESTAPI}" != "allow all;" ]; then
|
if [ "${RULES_RESTAPI}" != "allow all;" ]; then
|
||||||
if ! echo "${RULES_RESTAPI}" | grep -q "$PUBLIC_IP" && valid_ip_v4 "$PUBLIC_IP"; then
|
if ! echo "${RULES_RESTAPI}" | grep -q "$PUBLIC_IP" && valid_ip_v4 "$PUBLIC_IP" || valid_ip_v6 "$IP"; then
|
||||||
RULES_RESTAPI="${RULES_RESTAPI}{new_line}allow $PUBLIC_IP;"
|
RULES_RESTAPI="${RULES_RESTAPI}{new_line}allow $PUBLIC_IP;"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -205,7 +297,7 @@ if [ "${RULES_RESTAPI}" != "allow all;" ]; then
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for IP in ${LOCAL_NETWORKS}
|
for IP in ${LOCAL_NETWORKS}
|
||||||
do
|
do
|
||||||
if ! echo "${RULES_RESTAPI}" | grep -q "$IP" && valid_ip_v4 "$IP"; then
|
if ! echo "${RULES_RESTAPI}" | grep -q "$IP" && valid_ip_v4 "$IP" || valid_ip_v6 "$IP"; then
|
||||||
RULES_RESTAPI="${RULES_RESTAPI}{new_line}allow $IP;"
|
RULES_RESTAPI="${RULES_RESTAPI}{new_line}allow $IP;"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
@ -215,10 +307,17 @@ sed -i "s/{rules_access_dashboard}/$(echo "${RULES_DASHBOARD}" | sed 's#/#\\/#g'
|
||||||
sed -i "s/{rules_acess_api}/$(echo "${RULES_RESTAPI}" | sed 's#/#\\/#g')/g" /etc/nginx/conf.d/*
|
sed -i "s/{rules_acess_api}/$(echo "${RULES_RESTAPI}" | sed 's#/#\\/#g')/g" /etc/nginx/conf.d/*
|
||||||
sed -i "s/{new_line}/\n\t/g" /etc/nginx/conf.d/* # New line
|
sed -i "s/{new_line}/\n\t/g" /etc/nginx/conf.d/* # New line
|
||||||
|
|
||||||
printf "Rules DASHBOARD: \n \t%s\n" "$(echo "${RULES_DASHBOARD}" | sed 's/{new_line}/\n\t/g')"
|
printf "\n"
|
||||||
printf "Rules RESTAPI: \n \t%s\n" "$(echo "${RULES_RESTAPI}" | sed 's/{new_line}/\n\t/g')"
|
printf "\n Finish Rules:"
|
||||||
|
printf "\n Openvidu Dashboard: \n\t\t- %s" "$(echo "${RULES_DASHBOARD}" | sed 's/{new_line}/\n\t\t- /g')"
|
||||||
|
printf "\n Openvidu API: \n\t\t- %s" "$(echo "${RULES_RESTAPI}" | sed 's/{new_line}/\n\t\t- /g')"
|
||||||
|
|
||||||
# Restart nginx service
|
# Restart nginx service
|
||||||
|
printf "\n"
|
||||||
|
printf "\n ======================================="
|
||||||
|
printf "\n = START OPENVIDU PROXY ="
|
||||||
|
printf "\n ======================================="
|
||||||
|
printf "\n\n"
|
||||||
nginx -s reload
|
nginx -s reload
|
||||||
|
|
||||||
# Init cron
|
# Init cron
|
||||||
|
|
Loading…
Reference in New Issue