ambiser
/
openvidu
mirror of https://github.com/OpenVidu/openvidu.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added letsencrypt and minor changes in compose

pull/431/head
OscarSotoSanchez 2020-03-25 12:42:26 +01:00
parent b4522cb9e5
commit e5833cbba8
11 changed files with 151 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
openvidu-server/docker/openvidu-docker-compose/.env
View File

@ -1,18 +1,28 @@
openvidu_public_ip=192.168.1.66 # OpenVidu configuration
openvidu_secret=MY_SECRET # ----------------------
# Documentation: https://openvidu.io/docs/reference-docs/openvidu-server-params/
# Certificate type # OpenVidu SECRET used for apps and to access to the inspector. Change it.
# You can choose: OPENVIDU_SECRET=MY_SECRET
# 1. Self Signed (selfsigned) The certificate will be generate within
# the instance (default)
# 2. Let's encrypt (letsencrypt) Free SSL certificate provider
# 3. Your own certificate (owncert) If you own a SSL certificate, use this one.
# You need to provide your certificate files (nginx.key and nginx.crt) and
# put then in roles/nginx/files folder.
whichcert=selfsigned
# Your custom domain name i.e. openvidu.example.com # Domain name. If you do not have one, the public IP of the machine.
domain_name=openvidu.example.com DOMAIN_OR_PUBLIC_IP=openvidu.example.com
# Let's Encrypt email to receive notifications # Openvidu Folder Record used for save the openvidu recording videos. Change it
letsencrypt_email=openvidu@example.com with the folder you want to use from your host.
OPENVIDU_RECORDING_FOLDER=/opt/recordings
# Certificate type:
# - selfsigned: Self signed certificate. Not recommended for production use.
# Users will see an ERROR when connected to web page.
# - owncert: Valid certificate purchased in a Internet services company.
# Please put the certificates in same folder as docker-compose.yml
# file with names certificate.key and certificate.cert.
# - letsencrypt: Generate a new certificate using letsencrypt. Please set the
# required contact email for Let's Encrypt in LETSENCRYPT_EMAIL
# variable.
CERTIFICATE_TYPE=selfsigned
# If CERTIFICATE_TYPE=letsencrypt, you need to configure a valid email for
# notifications
LETSENCRYPT_EMAIL=user@example.com

56
openvidu-server/docker/openvidu-docker-compose/docker-compose.yml
View File

@ -3,35 +3,42 @@ version: '3.1'
services: services:
openvidu-ce: openvidu-ce:
image: openvidu/openvidu-server:2.12.0 image: openvidu/openvidu-server:2.12.0
entrypoint: ["java", "-jar", "-Dopenvidu.recording=true", "-Dopenvidu.recording.path=/opt/recordings", "-Dserver.ssl.enabled=false", "-Dopenvidu.publicurl=https://${openvidu_public_ip}:4443", "-Dserver.port=5443", "/openvidu-server.jar"] entrypoint: ["java", "-jar", "/openvidu-server.jar"]
ports: restart: on-failure
- "5443:5443" network_mode: host
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- ov-recordings:/opt/recordings - ${OPENVIDU_RECORDING_FOLDER}:${OPENVIDU_RECORDING_FOLDER}
environment: environment:
- openvidu.secret=${openvidu_secret} - SERVER_SSL_ENABLED=false
- kms.uris="[\"ws://${openvidu_public_ip}:8888/kurento\"]" - SERVER_PORT=5443
- coturn.ip=${openvidu_public_ip} - OPENVIDU_PUBLICURL=https://${DOMAIN_OR_PUBLIC_IP}:4443
- coturn.redis.ip=${openvidu_public_ip} - OPENVIDU_SECRET=${OPENVIDU_SECRET}
- OPENVIDU_RECORDING=true
- OPENVIDU_RECORDING_PATH=${OPENVIDU_RECORDING_FOLDER}
- KMS_URIS="[\"ws://127.0.0.1:8888/kurento\"]"
- COTURN_IP=127.0.0.1
- COTURN_REDIS_IP=127.0.0.1
kms: kms:
image: kurento/kurento-media-server:6.13.0 image: kurento/kurento-media-server:6.13.0
restart: on-failure
network_mode: host network_mode: host
environment: environment:
- KMS_EXTERNAL_ADDRESS=${openvidu_public_ip} - KMS_EXTERNAL_ADDRESS=${DOMAIN_OR_PUBLIC_IP}
redis-db: redis-db:
image: redis:5.0.7 image: redis:5.0.7
ports: restart: on-failure
- "6379:6379" network_mode: host
openvidu-coturn: openvidu-coturn:
image: openvidu-coturn image: openvidu-coturn
restart: on-failure
network_mode: host network_mode: host
environment: environment:
- REDIS_IP=localhost - REDIS_IP=127.0.0.1
- TURN_PUBLIC_IP=localhost - TURN_PUBLIC_IP=127.0.0.1
- TURN_LISTEN_PORT=3478 - TURN_LISTEN_PORT=3478
- DB_NAME=0 - DB_NAME=0
- DB_PASSWORD=turn - DB_PASSWORD=turn
@ -40,25 +47,22 @@ services:
proxy: proxy:
image: openvidu-nginx image: openvidu-nginx
restart: on-failure
network_mode: host network_mode: host
volumes: volumes:
- ./default.conf:/etc/nginx/conf.d/default.conf - ./nginx_conf:/nginx_conf
- ./openvidu.conf:/etc/nginx/conf.d/openvidu.conf - ./owncert:/owncert
- ./openvidu-call.conf:/etc/nginx/conf.d/openvidu-call.conf environment:
- DOMAIN_OR_PUBLIC_IP=${DOMAIN_OR_PUBLIC_IP}
- CERTIFICATE_TYPE=${CERTIFICATE_TYPE}
- LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
openvidu-call: openvidu-call:
image: openvidu-call image: openvidu-call
restart: on-failure
ports: ports:
- "5442:80" - "5442:80"
environment: environment:
- OPENVIDU_URL=https://${openvidu_public_ip}:4443 - OPENVIDU_URL=https://${DOMAIN_OR_PUBLIC_IP}:4443
- OPENVIDU_SECRET=${openvidu_secret} - OPENVIDU_SECRET=${OPENVIDU_SECRET}
volumes:
letsencrypt:
certbot:
ov-recordings:
driver_opts:
type: none
device: /opt/recordings # Recording host PATH
o: bind

1
openvidu-server/docker/openvidu-docker-compose/default.conf → openvidu-server/docker/openvidu-docker-compose/nginx_conf/default.conf
View File

@ -1,6 +1,7 @@
server { server {
listen 80; listen 80;
server_name {domain_name}; server_name {domain_name};
location / { location / {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }

1
openvidu-server/docker/openvidu-docker-compose/openvidu-call.conf → openvidu-server/docker/openvidu-docker-compose/nginx_conf/openvidu-call.conf
View File

@ -2,7 +2,6 @@ server {
listen 443 ssl; listen 443 ssl;
server_name {domain_name}; server_name {domain_name};
ssl on;
ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;

1
openvidu-server/docker/openvidu-docker-compose/openvidu.conf → openvidu-server/docker/openvidu-docker-compose/nginx_conf/openvidu.conf
View File

@ -2,7 +2,6 @@ server {
listen 4443 ssl; listen 4443 ssl;
server_name {domain_name}; server_name {domain_name};
ssl on;
ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem; ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;

0
openvidu-server/docker/openvidu-docker-compose/owncert/.gitignore vendored Normal file
View File

19
openvidu-server/docker/openvidu-docker-compose/owncert/certificate.cert Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDAzCCAeugAwIBAgIUY7YeT0y958HaS7gJ1oG13Pfim9UwDQYJKoZIhvcNAQEL
BQAwETEPMA0GA1UEAwwGcHJ1ZWJhMB4XDTIwMDMyNTExMjYyN1oXDTIxMDMyNTEx
MjYyN1owETEPMA0GA1UEAwwGcHJ1ZWJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA0K66CNXNFt7rcMsvWr09SCQdr2FMaZLHwgLaPZFJNAvtHdF8V9Yo
y1aG0amq3zXpOM6+qyVrVWuJbG3jxS3vSpNlIcbeL3L3ygiu1M0QI1SorxdUI1Ak
CE31uaBXLTzY1a6pmP8U9MJE/Wah5JlU9xsFUGnk3gDIpvkpjEgXMcRgvTbp98bw
j2Xi4UIjbBmZl8hqLwubKqJIgxEo1FT8WGbBuhFwyqpshqiokk+PuxB0NEcn1tph
886kTrF4TxTYU/6Eri7FPCz4C4MN2TCBe4c6bQL4B74tSzJJDt9uiKRKBL6zl6rG
ckvQKPQLzKl9GTRd/WuY+WQwHbz45ktRswIDAQABo1MwUTAdBgNVHQ4EFgQU8iti
pFuqNlN14mEWEGd8glmewYUwHwYDVR0jBBgwFoAU8itipFuqNlN14mEWEGd8glme
wYUwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEASW9gL70x2giC
AX7CsQoqtraR+AZDUi3ZFWkU0fFyfrSGommFwCrMHzTy+ztHh05U+n9uXF0bZuGg
3nUW7CPx4+9/ofr76njPis+jM35FgKA8ppPQeTKJDin/By5LW6lUz7x80rntRxGX
CwgDW60MqFoNTruzncOjk4V6F5Rl+rQoJhPVW/QZgm97pXsoZ4erlMUgm4/dle+K
OaLMJglcYsDKao80tBbVjFleONFvd8pa4esymhhn2J2Aai37m4HvQD+daDkRPsWY
DNdQuQ9FqGsIdm/ne3AC8fOLnuVpr8gJe+jlA3BX3Eccnte8T2xfTU5lerZPNisI
Yk1FQD9fdg==
-----END CERTIFICATE-----

28
openvidu-server/docker/openvidu-docker-compose/owncert/certificate.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDQrroI1c0W3utw
yy9avT1IJB2vYUxpksfCAto9kUk0C+0d0XxX1ijLVobRqarfNek4zr6rJWtVa4ls
bePFLe9Kk2Uhxt4vcvfKCK7UzRAjVKivF1QjUCQITfW5oFctPNjVrqmY/xT0wkT9
ZqHkmVT3GwVQaeTeAMim+SmMSBcxxGC9Nun3xvCPZeLhQiNsGZmXyGovC5sqokiD
ESjUVPxYZsG6EXDKqmyGqKiST4+7EHQ0RyfW2mHzzqROsXhPFNhT/oSuLsU8LPgL
gw3ZMIF7hzptAvgHvi1LMkkO326IpEoEvrOXqsZyS9Ao9AvMqX0ZNF39a5j5ZDAd
vPjmS1GzAgMBAAECggEAebqCkGbO9Jlic3BClkavOaa/ni8+mJLjbVumnKVkMzUF
wxAQ3VfygfJeQG0dXIkhG18WP9VbD//jsNlFNR7/Z9wk8RgFQV5qBnMcMMvRrxpS
L5iHHvY/noyDWx2Z3KySu8rf6XxaaA/umHZG14dN1brwVaD/vTRt12CeiNMAnKkn
rqst5RfP68aMib82QqIEOVRxEBeKypZcuoqso+e00aOJ0sB+NN19r0zjBajwFkZQ
r9vf9xPMyYLglWk6TgUqXsEUVKJd6Nju16zwmzRfDp6lGmch/qw7ec3gHBBE9mL/
rluXkKOTGXLsbtJKweavI/VL4/u+6QUidWzkX12RuQKBgQD103sD17OcMlAGTS1q
APU7G8YwjOyclRYCNzxjuD8+eQSkU2HV8fRgv8ighIDIC1Xv/k88Cfzwpiz65Ry8
EpmVOkvDEDI16t6Khz5/5/JTyN7qFXBL3jW1xPGULIakxMpOFQ33SPuwvXC7SZM0
tyarYZsVpicXqifKisG0asBpxQKBgQDZUbYVJW2O06MI7WMRAnXyVyxuMndsH9st
W/Cvt51+phQ7StOSbTicRLLC1CUBdKLWgmzXyp3XG5xpPPGHyadXrCriT7F5pXZQ
bE1yDO7ZpMVddBd5fcDWQK/y/pcPAJh40RJ8FiUBRnvwSpdD7WxCKr+l1COxayxh
3EyLS9SdFwKBgBiYUR2ATlMZYZJP1HRfpimEzN58qwu7itkr55nejE1W1FUQlqBO
NfIcHhmZSD07jRyW6ByMr0bwiV2M4MQcZEte6seYbj2gwyU/BMzNSxyA43SuMm8U
y3DlRHpbvhjsK4WGa8BLCAuV2JqUcOr8TB0nhdmzpwOiHZsRKPJBIAE1AoGAPF4L
Y3JjLaKyjj9LHqV9WBVJHU9dhyaOPtpkUJuD33OI+TN+9BTs/dPDiIVfxji9JzNR
wtvg3qkn2L/6JAsrNhp4SydyGGWTKSH8nWrkSocP4DbocnIxSBLuDWUVVzCGKkGB
jgCkxObsdMJzpIXmZbb0R79XLuijioekp6kn5X8CgYA37adGFgwzZYphQYemUeag
2HFfTx5LNGoApl+yTzZ5LfdxfpeVmL0cZ6HIav6DzFxzzXceruro8bp5btxEgi8k
D19JA/L5wZstHO17rxpth89nmV2+tY0jjLhJT3etjoVVDHWv3N+zc24mJrGc2BOF
NtzDU5rMxe7qdJwTdJQQNg==
-----END PRIVATE KEY-----

8
openvidu-server/docker/openvidu-nginx/Dockerfile
View File

@ -1,15 +1,19 @@
FROM nginx:1.17.9 FROM nginx:1.17.9
# Install certbot # Install certbot
RUN apt update && \ RUN apt-get update && \
apt install -y python python-dev libffi6 libffi-dev libssl-dev curl build-essential procps && \ apt-get install -y python python-dev libffi6 libffi-dev libssl-dev curl build-essential procps && \
curl -L 'https://bootstrap.pypa.io/get-pip.py' | python && \ curl -L 'https://bootstrap.pypa.io/get-pip.py' | python && \
pip install -U cffi certbot && \ pip install -U cffi certbot && \
mkdir -p /var/www/certbot && \
apt remove --purge -y python-dev build-essential libffi-dev libssl-dev curl && \ apt remove --purge -y python-dev build-essential libffi-dev libssl-dev curl && \
apt-get autoremove -y && \ apt-get autoremove -y && \
apt-get clean && \ apt-get clean && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
# Default nginx conf
COPY ./default.conf /etc/nginx/conf.d/default.conf
# Entrypoint # Entrypoint
COPY ./entrypoint.sh /usr/local/bin COPY ./entrypoint.sh /usr/local/bin
RUN chmod +x /usr/local/bin/entrypoint.sh RUN chmod +x /usr/local/bin/entrypoint.sh

7
openvidu-server/docker/openvidu-nginx/default.conf Normal file
View File

@ -0,0 +1,7 @@
server {
listen 80;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}

49
openvidu-server/docker/openvidu-nginx/entrypoint.sh
View File

@ -1,21 +1,42 @@
#!/bin/bash #!/bin/bash
if [[ ! -z "${whichcert}" && ! -z "${domain_name}" && ! -z "${letsencrypt_email}" ]]; then # Start with default certbot conf
sed -i "s/{domain_name}/${domain_name}/" /etc/nginx/conf.d/*.conf service nginx start
else
domain_name="openvidu" # Show input enviroment variables
echo "Domain name: ${DOMAIN_OR_PUBLIC_IP}"
echo "Certificated: ${CERTIFICATE_TYPE}"
echo "Letsencrypt Email: ${LETSENCRYPT_EMAIL}"
case ${CERTIFICATE_TYPE} in
"selfsigned")
echo "Creating selfsigned..."
DOMAIN_OR_PUBLIC_IP="openvidu"
mkdir -p /etc/letsencrypt/live/openvidu mkdir -p /etc/letsencrypt/live/openvidu
openssl req -new -nodes -x509 \
-subj "/CN=openvidu" -days 365 \
-keyout /etc/letsencrypt/live/openvidu/privkey.pem -out /etc/letsencrypt/live/openvidu/fullchain.pem -extensions v3_ca
;;
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \ "owncert")
-subj "/C=/ST=/L=/O=/CN=openvidu" \ echo "Using owncert..."
-keyout /etc/letsencrypt/live/openvidu/privkey.pem \
-out /etc/letsencrypt/live/openvidu/fullchain.pem
fi
CONFIG_FILES=/etc/nginx/conf.d/* mkdir -p /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}
for file in ${CONFIG_FILES} cp /owncert/certificate.key /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem
do cp /owncert/certificate.cert /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem
echo "$( cat ${file} | sed "s/{domain_name}/${domain_name}/")" > ${file} ;;
done
"letsencrypt")
echo "Requesting letsencrypt..."
certbot certonly -n --webroot -w /var/www/certbot -m ${LETSENCRYPT_EMAIL} --agree-tos -d ${DOMAIN_OR_PUBLIC_IP}
;;
esac
[ -d "/nginx_conf" ] && rm /etc/nginx/conf.d/* && cp /nginx_conf/* /etc/nginx/conf.d
sed -i "s/{domain_name}/${DOMAIN_OR_PUBLIC_IP}/" /etc/nginx/conf.d/*
service nginx restart
tail -f /var/log/nginx/*.log tail -f /var/log/nginx/*.log