From e66e5a23e1839e170829a7a36aa665fae608d80a Mon Sep 17 00:00:00 2001 From: cruizba Date: Fri, 13 Jun 2025 22:02:13 +0200 Subject: [PATCH] openvidu-deployment: - HA - Open port 5349 in media nodes for master nodes if Turn Domain is not configured --- openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml index ff14ddec..82ee0eea 100644 --- a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml +++ b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml @@ -416,6 +416,7 @@ Metadata: Conditions: TurnTLSIsEnabled: !Or [!Not [!Equals [!Ref TurnDomainName, ""]], !Not [!Equals [!Ref TurnCertificateARN, ""]]] + TurnTLSIsNotEnabled: !Or [!Equals [!Ref TurnDomainName, ""], !Equals [!Ref TurnCertificateARN, ""]] CreateRecordingsBucket: !Equals [!Ref S3AppDataBucketName, ""] CreateClusterDataBucket: !Equals [!Ref S3ClusterDataBucketName, ""] @@ -2104,6 +2105,7 @@ Resources: OpenViduLoadBalancerTurnTLSToMediaNodeIngressSG: Type: AWS::EC2::SecurityGroupIngress + Condition: TurnTLSIsEnabled Properties: GroupId: !Ref OpenViduMediaNodeSG IpProtocol: tcp @@ -2111,6 +2113,16 @@ Resources: ToPort: 5349 SourceSecurityGroupId: !Ref OpenViduTurnTLSLoadBalancerSG + OpenViduLoadBalancerTurnTLSMasterNodeToMediaNodeIngressSG: + Type: AWS::EC2::SecurityGroupIngress + Condition: "TurnTLSIsNotEnabled" + Properties: + GroupId: !Ref OpenViduMediaNodeSG + IpProtocol: tcp + FromPort: 5349 + ToPort: 5349 + SourceSecurityGroupId: !Ref OpenViduMasterNodeSG + OpenViduLoadBalancerTurnTLSToMediaNodeHealthCheckSG: Type: AWS::EC2::SecurityGroupIngress Condition: TurnTLSIsEnabled