mirror of https://github.com/OpenVidu/openvidu.git
openvidu proxy updated
OscarSotoSanchez
parent
f73c682903
commit
f1a684c615
|
|
@ -26,6 +26,15 @@ CERTIFICATE_TYPE=selfsigned
|
|||
# If CERTIFICATE_TYPE=letsencrypt, you need to configure a valid email for notifications
|
||||
LETSENCRYPT_EMAIL=user@example.com
|
||||
|
||||
# Proxy configuration
|
||||
# If you want to change the ports on which openvidu listens, uncomment the following lines
|
||||
|
||||
# Used for http connections and necessary to obtain letsencrypt certificated
|
||||
# PROXY_HTTP_PORT=80
|
||||
|
||||
# Used for Openvidu API and the application deployed using docker
|
||||
# PROXY_HTTPS_PORT=443
|
||||
|
||||
# Whether to enable recording module or not
|
||||
OPENVIDU_RECORDING=false
|
||||
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ services:
|
|||
- MAX_PORT=65535
|
||||
|
||||
nginx:
|
||||
image: openvidu/openvidu-proxy:1.0.0
|
||||
image: openvidu/openvidu-proxy:2.0.0-beta1
|
||||
restart: on-failure
|
||||
network_mode: host
|
||||
volumes:
|
||||
|
|
@ -78,5 +78,7 @@ services:
|
|||
- DOMAIN_OR_PUBLIC_IP=${OPENVIDU_DOMAIN_OR_PUBLIC_IP}
|
||||
- CERTIFICATE_TYPE=${CERTIFICATE_TYPE}
|
||||
- LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
|
||||
- PROXY_HTTP_PORT=${PROXY_HTTP_PORT:-}
|
||||
- PROXY_HTTPS_PORT=${PROXY_HTTPS_PORT:-}
|
||||
- PROXY_MODE=CE
|
||||
- WITH_DEMOS=true
|
||||
|
|
|
|||
|
|
@ -1,15 +1,10 @@
|
|||
FROM nginx:1.17.9
|
||||
FROM nginx:1.18.0-alpine
|
||||
|
||||
# Install certbot
|
||||
RUN apt-get update && \
|
||||
apt-get install -y python python-dev libffi6 libffi-dev libssl-dev curl build-essential procps cron apache2-utils && \
|
||||
curl -L 'https://bootstrap.pypa.io/get-pip.py' | python && \
|
||||
pip install -U cffi certbot && \
|
||||
mkdir -p /var/www/certbot && \
|
||||
apt remove --purge -y python-dev build-essential libffi-dev libssl-dev curl && \
|
||||
apt-get autoremove -y && \
|
||||
apt-get clean && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
RUN apk update && \
|
||||
apk add certbot && \
|
||||
apk add openssl && \
|
||||
rm -rf /var/cache/apk/*
|
||||
|
||||
# Default nginx conf
|
||||
COPY ./default.conf /etc/nginx/conf.d/default.conf
|
||||
|
|
@ -17,6 +12,7 @@ COPY ./default_nginx_conf /default_nginx_conf
|
|||
|
||||
# Entrypoint
|
||||
COPY ./entrypoint.sh /usr/local/bin
|
||||
RUN chmod +x /usr/local/bin/entrypoint.sh
|
||||
RUN mkdir -p /var/www/certbot && \
|
||||
chmod +x /usr/local/bin/entrypoint.sh
|
||||
|
||||
CMD /usr/local/bin/entrypoint.sh
|
||||
|
|
@ -8,7 +8,7 @@ upstream openviduserver {
|
|||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen {https_port} ssl;
|
||||
server_name {domain_name};
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
|
||||
|
|
@ -60,7 +60,7 @@ server {
|
|||
proxy_pass http://openviduserver;
|
||||
}
|
||||
|
||||
location /openvidu {
|
||||
location ~ /openvidu$ {
|
||||
proxy_pass http://openviduserver;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ upstream openviduserver {
|
|||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen {https_port} ssl;
|
||||
server_name {domain_name};
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
|
||||
|
|
@ -60,7 +60,7 @@ server {
|
|||
proxy_pass http://openviduserver;
|
||||
}
|
||||
|
||||
location /openvidu {
|
||||
location ~ /openvidu$ {
|
||||
proxy_pass http://openviduserver;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen {http_port};
|
||||
server_name {domain_name};
|
||||
|
||||
# Redirect to https
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
|
||||
}
|
||||
|
||||
# letsencrypt
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ upstream openviduserver {
|
|||
server {
|
||||
# Redirect to https
|
||||
if ($host = {domain_name}) {
|
||||
return 301 https://$host$request_uri;
|
||||
rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
|
||||
} # managed by Certbot
|
||||
|
||||
listen 80 default_server;
|
||||
listen {http_port} default_server;
|
||||
server_name {domain_name};
|
||||
|
||||
# letsencrypt
|
||||
|
|
@ -39,7 +39,7 @@ server {
|
|||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl default deferred;
|
||||
listen {https_port} ssl default deferred;
|
||||
server_name {domain_name};
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
|
||||
|
|
@ -95,7 +95,7 @@ server {
|
|||
proxy_pass http://openviduserver;
|
||||
}
|
||||
|
||||
location /openvidu {
|
||||
location ~ /openvidu$ {
|
||||
proxy_pass http://openviduserver;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,10 +18,10 @@ upstream openviduserver {
|
|||
server {
|
||||
# Redirect to https
|
||||
if ($host = {domain_name}) {
|
||||
return 301 https://$host$request_uri;
|
||||
rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
|
||||
} # managed by Certbot
|
||||
|
||||
listen 80 default_server;
|
||||
listen {http_port} default_server;
|
||||
server_name {domain_name};
|
||||
|
||||
# letsencrypt
|
||||
|
|
@ -44,7 +44,7 @@ server {
|
|||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl default deferred;
|
||||
listen {https_port} ssl default deferred;
|
||||
server_name {domain_name};
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
|
||||
|
|
@ -105,7 +105,7 @@ server {
|
|||
proxy_pass http://openviduserver;
|
||||
}
|
||||
|
||||
location /openvidu {
|
||||
location ~ /openvidu$ {
|
||||
proxy_pass http://openviduserver;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,9 +1,14 @@
|
|||
#!/bin/bash
|
||||
#!/bin/sh
|
||||
|
||||
[ -z "${PROXY_HTTP_PORT}" ] && export PROXY_HTTP_PORT=80
|
||||
[ -z "${PROXY_HTTPS_PORT}" ] && export PROXY_HTTPS_PORT=443
|
||||
|
||||
# Start with default certbot conf
|
||||
service nginx start
|
||||
nginx -g "daemon on;"
|
||||
|
||||
# Show input enviroment variables
|
||||
echo "Http Port: ${PROXY_HTTP_PORT}"
|
||||
echo "Https Port: ${PROXY_HTTPS_PORT}"
|
||||
echo "Domain name: ${DOMAIN_OR_PUBLIC_IP}"
|
||||
echo "Certificated: ${CERTIFICATE_TYPE}"
|
||||
echo "Letsencrypt Email: ${LETSENCRYPT_EMAIL}"
|
||||
|
|
@ -19,11 +24,12 @@ case ${CERTIFICATE_TYPE} in
|
|||
echo "Generating certificated..."
|
||||
|
||||
rm -rf /etc/letsencrypt/live/*
|
||||
mkdir -p /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}
|
||||
mkdir -p "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}"
|
||||
|
||||
openssl req -new -nodes -x509 \
|
||||
-subj "/CN=${DOMAIN_OR_PUBLIC_IP}" -days 365 \
|
||||
-keyout /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem -out /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem -extensions v3_ca
|
||||
-keyout "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem" \
|
||||
-out "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem" -extensions v3_ca
|
||||
else
|
||||
echo "The certificate already exists, using them..."
|
||||
fi
|
||||
|
|
@ -36,9 +42,9 @@ case ${CERTIFICATE_TYPE} in
|
|||
echo "Using owmcert..."
|
||||
|
||||
rm -rf /etc/letsencrypt/live/*
|
||||
mkdir -p /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}
|
||||
cp /owncert/certificate.key /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem
|
||||
cp /owncert/certificate.cert /etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem
|
||||
mkdir -p "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}"
|
||||
cp /owncert/certificate.key "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem"
|
||||
cp /owncert/certificate.cert "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem"
|
||||
|
||||
else
|
||||
echo "The certificate already exists, using them..."
|
||||
|
|
@ -49,12 +55,12 @@ case ${CERTIFICATE_TYPE} in
|
|||
echo "===Mode letsencrypt==="
|
||||
|
||||
# Auto renew cert
|
||||
echo "0 12 * * * certbot renew >> /var/log/nginx/cron-letsencrypt.log" | crontab
|
||||
echo "0 12 * * * certbot renew >> /var/log/nginx/cron-letsencrypt.log" | crontab -
|
||||
|
||||
if [[ ! -f "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/privkey.pem" && ! -f "/etc/letsencrypt/live/${DOMAIN_OR_PUBLIC_IP}/fullchain.pem" ]]; then
|
||||
echo "Requesting certificate..."
|
||||
|
||||
certbot certonly -n --webroot -w /var/www/certbot -m ${LETSENCRYPT_EMAIL} --agree-tos -d ${DOMAIN_OR_PUBLIC_IP}
|
||||
certbot certonly -n --webroot -w /var/www/certbot -m "${LETSENCRYPT_EMAIL}" --agree-tos -d "${DOMAIN_OR_PUBLIC_IP}"
|
||||
else
|
||||
echo "The certificate already exists, using them..."
|
||||
fi
|
||||
|
|
@ -98,12 +104,15 @@ EOF
|
|||
# Load nginx conf files
|
||||
rm /etc/nginx/conf.d/*
|
||||
cp /default_nginx_conf/* /etc/nginx/conf.d
|
||||
sed -i "s/{domain_name}/${DOMAIN_OR_PUBLIC_IP}/" /etc/nginx/conf.d/*
|
||||
sed -i "s/{domain_name}/${DOMAIN_OR_PUBLIC_IP}/g" /etc/nginx/conf.d/*
|
||||
sed -i "s/{http_port}/${PROXY_HTTP_PORT}/g" /etc/nginx/conf.d/*
|
||||
sed -i "s/{https_port}/${PROXY_HTTPS_PORT}/g" /etc/nginx/conf.d/*
|
||||
|
||||
# Restart nginx service
|
||||
service nginx restart
|
||||
nginx -s reload
|
||||
|
||||
# Init cron
|
||||
cron -f
|
||||
/usr/sbin/crond -f &
|
||||
|
||||
# nginx logs
|
||||
tail -f /var/log/nginx/*.log
|
||||
|
|
|
|||
Loading…
Reference in New Issue