SL-78: added settings to support protected recordings (#11)

* updates to docker-compose-dev

* added proxy-nginx config files for handling requests to protected recordings

* added template for protected recordings

* completed changes for protected recordngs

* completed changes for protected recordngs

5 files changed, 129 insertions, 8 deletions

diff --git a/data/proxy/nginx/sites.template.scalelite-local-protected b/data/proxy/nginx/sites.template.scalelite-local-protected
new file mode 100644
index 0000000..239c09e
--- /dev/null
+++ b/data/proxy/nginx/sites.template.scalelite-local-protected
@@ -0,0 +1,61 @@
+#### For <$NGINX_HOSTNAME>
+
+upstream docker-scalelite-api {
+    server $NGINX_HOSTNAME:3000;
+}
+
+upstream docker-scalelite-recordings {
+    server scalelite-recordings:80;
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen  80;
+    listen [::]:80;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return  301 https://$host$request_uri;
+    }
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    ## Configuration for Letsencrypt SSL Certificate
+    ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
+
+    ## Configuration for SSL Certificate from a CA other than LetsEncrypt
+    #ssl_certificate /etc/ssl/fullchain.pem;
+    #ssl_certificate_key /etc/ssl/privkey.pem;
+
+    location /health_check {
+        proxy_pass http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+
+    location /static-resource {
+        rewrite /static-resource(/|$)(.*) /$2 break;
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+        internal;
+    }
+
+    location /playback {
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
+    location / {
+        proxy_pass http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+}
diff --git a/data/proxy/nginx/sites.template.scalelite-proxy-protected b/data/proxy/nginx/sites.template.scalelite-proxy-protected
new file mode 100644
index 0000000..a4bb314
--- /dev/null
+++ b/data/proxy/nginx/sites.template.scalelite-proxy-protected
@@ -0,0 +1,61 @@
+#### For <$NGINX_HOSTNAME>
+
+upstream docker-scalelite-api {
+    server scalelite-api:3000;
+}
+
+upstream docker-scalelite-recordings {
+    server scalelite-recordings:80;
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen  80;
+    listen [::]:80;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return  301 https://$host$request_uri;
+    }
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    ## Configuration for Letsencrypt SSL Certificate
+    ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
+
+    ## Configuration for SSL Certificate from a CA other than LetsEncrypt
+    #ssl_certificate /etc/ssl/fullchain.pem;
+    #ssl_certificate_key /etc/ssl/privkey.pem;
+
+    location /health_check {
+        proxy_pass http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+
+    location /static-resource {
+        rewrite /static-resource(/|$)(.*) /$2 break;
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+        internal;
+    }
+
+    location /playback {
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
+    location / {
+        proxy_pass http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+}
diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index df8b97f..e37ad9a 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -13,12 +13,6 @@ volumes:
       type: 'none'
       o: 'bind'
       device: '${DOCKER_VOL_REDIS_DATA}'
-  scalelite-api-dev:
-    driver: local
-    driver_opts:
-      type: 'none'
-      o: 'bind'
-      device: '${DOCKER_VOL_SCALELITE_API}'
 
 services:
   postgres:
@@ -57,6 +51,8 @@ services:
 
   scalelite-proxy:
     image: nginx:1.18
+# Custom nginx with amazonlinux
+#    image: blindsidenetwks/nginx:amazonlinux
     container_name: scalelite-proxy
     restart: unless-stopped
     ports:
diff --git a/dotenv b/dotenv
index f20412d..a25d1fa 100644
--- a/dotenv
+++ b/dotenv
@@ -41,11 +41,12 @@ SCALELITE_RECORDINGS_DOCKER_IMAGE=bigbluebutton/bbb-playback-proxy:bionic-230-am
 # RECORDING_IMPORT_UNPUBLISHED=false
 #
 ### Optional when using docker-compose-dev.yml
-# DOCKER_VOL_SCALELITE_API=~/scalelite-run/data/scalelite
 # DOCKER_VOL_POSTGRES_DATA=~/scalelite-run/data/postgres
 # DOCKER_VOL_REDIS_DATA=~/scalelite-run/data/redis
 #
 ### Optional for development when using different profiles
-DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy
+#DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy
+DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy-protected
 #DOCKER_PROXY_NGINX_TEMPLATE=scalelite-local
+#DOCKER_PROXY_NGINX_TEMPLATE=scalelite-local-protected
 #DOCKER_PROXY_NGINX_TEMPLATE=scalelite-cluster
diff --git a/dotenv-dev b/dotenv-dev
index 8562754..a22d1b9 100644
--- a/dotenv-dev
+++ b/dotenv-dev
@@ -16,5 +16,7 @@ DOCKER_VOL_POSTGRES_DATA=/home/ubuntu/scalelite-run/data/postgres
 DOCKER_VOL_REDIS_DATA=/home/ubuntu/scalelite-run/data/redis
 
 DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy
+#DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy-protected
 #DOCKER_PROXY_NGINX_TEMPLATE=scalelite-local
+#DOCKER_PROXY_NGINX_TEMPLATE=scalelite-local-protected
 #DOCKER_PROXY_NGINX_TEMPLATE=scalelite-cluster