From f1a684c615128aa401d71c63b39fdf43002369a9 Mon Sep 17 00:00:00 2001
From: OscarSotoSanchez <oscarsotosanchez@gmail.com>
Date: Tue, 28 Apr 2020 15:53:56 +0200
Subject: [PATCH] openvidu proxy updated

---
 .../docker/openvidu-docker-compose/.env       |  9 +++++
 .../docker-compose.yml                        |  4 ++-
 .../docker/openvidu-proxy/Dockerfile          | 20 +++++------
 .../ce/default-app-without-demos.conf         |  4 +--
 .../default_nginx_conf/ce/default-app.conf    |  4 +--
 .../default_nginx_conf/ce/default.conf        |  4 +--
 .../pro/default-app-without-demos.conf        |  8 ++---
 .../default_nginx_conf/pro/default.conf       |  8 ++---
 .../docker/openvidu-proxy/entrypoint.sh       | 33 ++++++++++++-------
 9 files changed, 55 insertions(+), 39 deletions(-)

diff --git a/openvidu-server/docker/openvidu-docker-compose/.env b/openvidu-server/docker/openvidu-docker-compose/.env
index b13280c3..4027bc9f 100644
--- a/openvidu-server/docker/openvidu-docker-compose/.env
+++ b/openvidu-server/docker/openvidu-docker-compose/.env
@@ -26,6 +26,15 @@ CERTIFICATE_TYPE=selfsigned
 # If CERTIFICATE_TYPE=letsencrypt, you need to configure a valid email for notifications
 LETSENCRYPT_EMAIL=user@example.com
 
+# Proxy configuration
+# If you want to change the ports on which openvidu listens, uncomment the following lines
+
+# Used for http connections and necessary to obtain letsencrypt certificated
+# PROXY_HTTP_PORT=80
+
+# Used for Openvidu API and the application deployed using docker
+# PROXY_HTTPS_PORT=443
+
 # Whether to enable recording module or not
 OPENVIDU_RECORDING=false
 
diff --git a/openvidu-server/docker/openvidu-docker-compose/docker-compose.yml b/openvidu-server/docker/openvidu-docker-compose/docker-compose.yml
index 5f2412d1..c2121c83 100644
--- a/openvidu-server/docker/openvidu-docker-compose/docker-compose.yml
+++ b/openvidu-server/docker/openvidu-docker-compose/docker-compose.yml
@@ -67,7 +67,7 @@ services:
             - MAX_PORT=65535
 
     nginx:
-        image: openvidu/openvidu-proxy:1.0.0
+        image: openvidu/openvidu-proxy:2.0.0-beta1
         restart: on-failure
         network_mode: host
         volumes:
@@ -78,5 +78,7 @@ services:
             - DOMAIN_OR_PUBLIC_IP=${OPENVIDU_DOMAIN_OR_PUBLIC_IP}
             - CERTIFICATE_TYPE=${CERTIFICATE_TYPE}
             - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+            - PROXY_HTTP_PORT=${PROXY_HTTP_PORT:-}
+            - PROXY_HTTPS_PORT=${PROXY_HTTPS_PORT:-}
             - PROXY_MODE=CE
             - WITH_DEMOS=true
diff --git a/openvidu-server/docker/openvidu-proxy/Dockerfile b/openvidu-server/docker/openvidu-proxy/Dockerfile
index 55110644..7fbdc745 100644
--- a/openvidu-server/docker/openvidu-proxy/Dockerfile
+++ b/openvidu-server/docker/openvidu-proxy/Dockerfile
@@ -1,15 +1,10 @@
-FROM nginx:1.17.9
+FROM nginx:1.18.0-alpine
 
 # Install certbot
-RUN apt-get update && \
-    apt-get install -y python python-dev libffi6 libffi-dev libssl-dev curl build-essential procps cron apache2-utils && \
-    curl -L 'https://bootstrap.pypa.io/get-pip.py' | python && \
-    pip install -U cffi certbot && \
-    mkdir -p /var/www/certbot && \
-    apt remove --purge -y python-dev build-essential libffi-dev libssl-dev curl && \
-    apt-get autoremove -y && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+RUN apk update && \
+    apk add certbot && \
+    apk add openssl && \
+    rm -rf /var/cache/apk/*
 
 # Default nginx conf
 COPY ./default.conf /etc/nginx/conf.d/default.conf
@@ -17,6 +12,7 @@ COPY ./default_nginx_conf /default_nginx_conf
 
 # Entrypoint
 COPY ./entrypoint.sh /usr/local/bin
-RUN chmod +x /usr/local/bin/entrypoint.sh
+RUN mkdir -p /var/www/certbot && \
+    chmod +x /usr/local/bin/entrypoint.sh
 
-CMD /usr/local/bin/entrypoint.sh
\ No newline at end of file
+CMD /usr/local/bin/entrypoint.sh
diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf
index e63ee351..35c1bd9a 100644
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf
@@ -8,7 +8,7 @@ upstream openviduserver {
 }
 
 server {
-    listen 443 ssl;
+    listen {https_port} ssl;
     server_name {domain_name};
 
     ssl_certificate         /etc/letsencrypt/live/{domain_name}/fullchain.pem;
@@ -60,7 +60,7 @@ server {
         proxy_pass http://openviduserver;
     }
 
-    location /openvidu {
+    location ~ /openvidu$ {
         proxy_pass http://openviduserver;
     }
 
diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf
index f98870a7..3a3aeab9 100644
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf
@@ -8,7 +8,7 @@ upstream openviduserver {
 }
 
 server {
-    listen 443 ssl;
+    listen {https_port} ssl;
     server_name {domain_name};
 
     ssl_certificate         /etc/letsencrypt/live/{domain_name}/fullchain.pem;
@@ -60,7 +60,7 @@ server {
         proxy_pass http://openviduserver;
     }
 
-    location /openvidu {
+    location ~ /openvidu$ {
         proxy_pass http://openviduserver;
     }
 
diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf
index 5abb9252..6afc2bbd 100644
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf
@@ -1,10 +1,10 @@
 server {
-    listen 80;
+    listen {http_port};
     server_name {domain_name};
     
     # Redirect to https
     location / {
-        return 301 https://$host$request_uri;
+        rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
     }    
 
     # letsencrypt
diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf
index 7c55fec7..778d00e5 100644
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf
@@ -13,10 +13,10 @@ upstream openviduserver {
 server {
     # Redirect to https
     if ($host = {domain_name}) {
-        return 301 https://$host$request_uri;
+        rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
     } # managed by Certbot
 
-    listen 80 default_server;
+    listen {http_port} default_server;
     server_name {domain_name};
 
     # letsencrypt
@@ -39,7 +39,7 @@ server {
 }
 
 server {
-    listen 443 ssl default deferred;
+    listen {https_port} ssl default deferred;
     server_name {domain_name};
 
     ssl_certificate         /etc/letsencrypt/live/{domain_name}/fullchain.pem;
@@ -95,7 +95,7 @@ server {
         proxy_pass http://openviduserver;
     }
 
-    location /openvidu {
+    location ~ /openvidu$ {
         proxy_pass http://openviduserver;
     }
 
diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf
index 7035a915..364c14c5 100644
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf
@@ -18,10 +18,10 @@ upstream openviduserver {
 server {
     # Redirect to https
     if ($host = {domain_name}) {
-        return 301 https://$host$request_uri;
+        rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
     } # managed by Certbot
 
-    listen 80 default_server;
+    listen {http_port} default_server;
     server_name {domain_name};
 
     # letsencrypt
@@ -44,7 +44,7 @@ server {
 }
 
 server {
-    listen 443 ssl default deferred;
+    listen {https_port} ssl default deferred;
     server_name {domain_name};
 
     ssl_certificate         /etc/letsencrypt/live/{domain_name}/fullchain.pem;
@@ -105,7 +105,7 @@ server {
         proxy_pass http://openviduserver;
     }
 
-    location /openvidu {
+    location ~ /openvidu$ {
         proxy_pass http://openviduserver;
     }
 
diff --git a/openvidu-server/docker/openvidu-proxy/entrypoint.sh b/openvidu-server/docker/openvidu-proxy/entrypoint.sh
index 13d68ef2..99d2575a 100644
--- a/openvidu-server/docker/openvidu-proxy/entrypoint.sh
+++ b/openvidu-server/docker/openvidu-proxy/entrypoint.sh
@@ -1,9 +1,14 @@
-#!/bin/bash
+#!/bin/sh
+
+[ -z "${PROXY_HTTP_PORT}" ] && export PROXY_HTTP_PORT=80
+[ -z "${PROXY_HTTPS_PORT}" ] && export PROXY_HTTPS_PORT=443
 
 # Start with default certbot conf
-service nginx start
+nginx -g "daemon on;"
 
 # Show input enviroment variables
+echo "Http Port: ${PROXY_HTTP_PORT}"
+echo "Https Port: ${PROXY_HTTPS_PORT}"
 echo "Domain name: ${DOMAIN_OR_PUBLIC_IP}"
 echo "Certificated: ${CERTIFICATE_TYPE}"
 echo "Letsencrypt Email: ${LETSENCRYPT_EMAIL}"
@@ -19,11 +24,12 @@ case ${CERTIFICATE_TYPE} in
       echo "Generating certificated..."
       
       rm -rf /etc/letsencrypt/live/*
-      mkdir -p /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}
+      mkdir -p "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}"
 
       openssl req -new -nodes -x509 \
         -subj "/CN=${DOMAIN_OR_PUBLIC_IP}" -days 365 \
-        -keyout /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem -out /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem -extensions v3_ca
+        -keyout "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem" \
+        -out "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem" -extensions v3_ca
     else
       echo "The certificate already exists, using them..."
     fi
@@ -36,9 +42,9 @@ case ${CERTIFICATE_TYPE} in
       echo "Using owmcert..."
 
       rm -rf /etc/letsencrypt/live/*
-      mkdir -p /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}
-      cp /owncert/certificate.key /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem
-      cp /owncert/certificate.cert /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem
+      mkdir -p "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}"
+      cp /owncert/certificate.key "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem"
+      cp /owncert/certificate.cert "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem"
 
     else
       echo "The certificate already exists, using them..."
@@ -49,12 +55,12 @@ case ${CERTIFICATE_TYPE} in
     echo "===Mode letsencrypt==="
 
     # Auto renew cert
-    echo "0 12 * * * certbot renew >> /var/log/nginx/cron-letsencrypt.log" | crontab
+    echo "0 12 * * * certbot renew >> /var/log/nginx/cron-letsencrypt.log" | crontab -
 
     if [[ ! -f "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem" && ! -f "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem" ]]; then
       echo "Requesting certificate..."
 
-    certbot certonly -n --webroot -w /var/www/certbot -m ${LETSENCRYPT_EMAIL} --agree-tos -d ${DOMAIN_OR_PUBLIC_IP}
+    certbot certonly -n --webroot -w /var/www/certbot -m "${LETSENCRYPT_EMAIL}" --agree-tos -d "${DOMAIN_OR_PUBLIC_IP}"
     else
       echo "The certificate already exists, using them..."
     fi
@@ -98,12 +104,15 @@ EOF
 # Load nginx conf files
 rm /etc/nginx/conf.d/*
 cp /default_nginx_conf/* /etc/nginx/conf.d
-sed -i "s/{domain_name}/${DOMAIN_OR_PUBLIC_IP}/" /etc/nginx/conf.d/*
+sed -i "s/{domain_name}/${DOMAIN_OR_PUBLIC_IP}/g" /etc/nginx/conf.d/*
+sed -i "s/{http_port}/${PROXY_HTTP_PORT}/g" /etc/nginx/conf.d/*
+sed -i "s/{https_port}/${PROXY_HTTPS_PORT}/g" /etc/nginx/conf.d/*
 
 # Restart nginx service
-service nginx restart
+nginx -s reload
 
 # Init cron
-cron -f
+/usr/sbin/crond -f &
 
+# nginx logs
 tail -f /var/log/nginx/*.log