deployment: nginx refactor

faustfizz · Nov 1, 2020 · 44bb958 · 44bb958
1 parent 79648c4
commit 44bb958
Show file tree

Hide file tree

Showing 25 changed files with 286 additions and 1,216 deletions.
diff --git a/openvidu-server/deployments/ce/docker-compose/.env b/openvidu-server/deployments/ce/docker-compose/.env
@@ -39,6 +39,9 @@ [email protected]
 # SDKs, REST clients and browsers will have to connect to this port
 # HTTPS_PORT=443
 
+# If true request to with www will be redirected to non-www requests
+# REDIRECT_WWW=false
+
 # Access restrictions
 # In this section you will be able to restrict the IPs from which you can access to
 # Openvidu API and the Administration Panel

diff --git a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml
@@ -92,3 +92,4 @@ services:
             - PROXY_MODE=CE
             - WITH_APP=true
             - SUPPORT_DEPRECATED_API=${SUPPORT_DEPRECATED_API:-true}
+            - REDIRECT_WWW=${REDIRECT_WWW:-false}
diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/.env
@@ -42,6 +42,9 @@ [email protected]
 # SDKs, REST clients and browsers will have to connect to this port
 # HTTPS_PORT=443
 
+# If true request to with www will be redirected to non-www requests
+# REDIRECT_WWW=false
+
 # Access restrictions
 # In this section you will be able to restrict the IPs from which you can access to
 # Openvidu API and the Administration Panel

diff --git a/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml b/openvidu-server/deployments/pro/docker-compose/openvidu-server-pro/docker-compose.yml
@@ -86,6 +86,7 @@ services:
             - PROXY_MODE=PRO
             - WITH_APP=true
             - SUPPORT_DEPRECATED_API=${SUPPORT_DEPRECATED_API:-true}
+            - REDIRECT_WWW=${REDIRECT_WWW:-false}
 
     elasticsearch:
         image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0

diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf
diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf
@@ -1,7 +1,4 @@
-# Openvidu call
-upstream yourapp {
-    server localhost:5442;
-}
+{app_upstream}
 
 upstream openviduserver {
     server localhost:5443;
@@ -11,89 +8,20 @@ server {
     listen {https_port} ssl;
     server_name {domain_name};
 
-    ssl_certificate         /etc/letsencrypt/live/{domain_name}/fullchain.pem;
-    ssl_certificate_key     /etc/letsencrypt/live/{domain_name}/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
-
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_timeout 5m;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-
-    ssl_prefer_server_ciphers on;
+    {ssl_config}
 
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header X-Forwarded-Proto https;
-    proxy_headers_hash_bucket_size 512;
-    proxy_redirect off;
+    {proxy_config}
 
-    # Websockets
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-
-    # Welcome
-    #root /var/www/html;
-
-    # Your app
-    location / {
-        proxy_pass http://yourapp; # Openvidu call by default
-    }
+    {app_config}
 
-    #################################
-    # Common rules                  #
-    #################################
-    # Dashboard rule
-    location /dashboard {
-        {rules_access_dashboard}
-        deny all;
-        proxy_pass http://openviduserver;
-    }
+    ########################
+    # OpenVidu Locations   #
+    ########################
+    {common_api_ce}
 
-    # Websocket rule
-    location ~ /openvidu$ {
-        proxy_pass http://openviduserver;
-    }
+    {deprecated_api_ce}
 
-    #################################
-    # New API                       #
-    #################################
-    location /openvidu/layouts {
-        rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
-        root /opt/openvidu;
-    }
-
-    location /openvidu/recordings {
-        proxy_pass http://openviduserver;
-    }
-
-    location /openvidu/api {
-        {rules_acess_api}
-        deny all;
-        proxy_pass http://openviduserver;
-    }
-
-    location /openvidu/info {
-        {rules_access_dashboard}
-        deny all;
-        proxy_pass http://openviduserver;
-    }
-
-    location /openvidu/accept-certificate {
-        proxy_pass http://openviduserver;
-    }
-
-    location /openvidu/cdr {
-        {rules_acess_api}
-        deny all;
-        proxy_pass http://openviduserver;
-    }
+    {new_api_ce}
 
     #################################
     # LetsEncrypt                   #

diff --git a/...penvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf b/...penvidu-proxy/default_nginx_conf/ce/support_deprecated_api/default-app-without-demos.conf