From 390030bafcacd73690c6ae52314b8875adf85bb7 Mon Sep 17 00:00:00 2001 From: Jesus Federico Date: Thu, 16 Sep 2021 10:38:07 -0400 Subject: SL-78: added settings to support protected recordings (#11) * updates to docker-compose-dev * added proxy-nginx config files for handling requests to protected recordings * added template for protected recordings * completed changes for protected recordngs * completed changes for protected recordngs --- .../nginx/sites.template.scalelite-local-protected | 61 ++++++++++++++++++++++ .../nginx/sites.template.scalelite-proxy-protected | 61 ++++++++++++++++++++++ docker-compose-dev.yml | 8 +-- dotenv | 5 +- dotenv-dev | 2 + 5 files changed, 129 insertions(+), 8 deletions(-) create mode 100644 data/proxy/nginx/sites.template.scalelite-local-protected create mode 100644 data/proxy/nginx/sites.template.scalelite-proxy-protected diff --git a/data/proxy/nginx/sites.template.scalelite-local-protected b/data/proxy/nginx/sites.template.scalelite-local-protected new file mode 100644 index 0000000..239c09e --- /dev/null +++ b/data/proxy/nginx/sites.template.scalelite-local-protected @@ -0,0 +1,61 @@ +#### For <$NGINX_HOSTNAME> + +upstream docker-scalelite-api { + server $NGINX_HOSTNAME:3000; +} + +upstream docker-scalelite-recordings { + server scalelite-recordings:80; +} + +server { + server_name $NGINX_HOSTNAME; + + listen 80; + listen [::]:80; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + server_name $NGINX_HOSTNAME; + + listen 443 ssl; + listen [::]:443 ssl; + + ## Configuration for Letsencrypt SSL Certificate + ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; + + ## Configuration for SSL Certificate from a CA other than LetsEncrypt + #ssl_certificate /etc/ssl/fullchain.pem; + #ssl_certificate_key /etc/ssl/privkey.pem; + + location /health_check { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } + + location /static-resource { + rewrite /static-resource(/|$)(.*) /$2 break; + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + internal; + } + + location /playback { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + + location / { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } +} diff --git a/data/proxy/nginx/sites.template.scalelite-proxy-protected b/data/proxy/nginx/sites.template.scalelite-proxy-protected new file mode 100644 index 0000000..a4bb314 --- /dev/null +++ b/data/proxy/nginx/sites.template.scalelite-proxy-protected @@ -0,0 +1,61 @@ +#### For <$NGINX_HOSTNAME> + +upstream docker-scalelite-api { + server scalelite-api:3000; +} + +upstream docker-scalelite-recordings { + server scalelite-recordings:80; +} + +server { + server_name $NGINX_HOSTNAME; + + listen 80; + listen [::]:80; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + server_name $NGINX_HOSTNAME; + + listen 443 ssl; + listen [::]:443 ssl; + + ## Configuration for Letsencrypt SSL Certificate + ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; + + ## Configuration for SSL Certificate from a CA other than LetsEncrypt + #ssl_certificate /etc/ssl/fullchain.pem; + #ssl_certificate_key /etc/ssl/privkey.pem; + + location /health_check { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } + + location /static-resource { + rewrite /static-resource(/|$)(.*) /$2 break; + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + internal; + } + + location /playback { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + + location / { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } +} diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml index df8b97f..e37ad9a 100644 --- a/docker-compose-dev.yml +++ b/docker-compose-dev.yml @@ -13,12 +13,6 @@ volumes: type: 'none' o: 'bind' device: '${DOCKER_VOL_REDIS_DATA}' - scalelite-api-dev: - driver: local - driver_opts: - type: 'none' - o: 'bind' - device: '${DOCKER_VOL_SCALELITE_API}' services: postgres: @@ -57,6 +51,8 @@ services: scalelite-proxy: image: nginx:1.18 +# Custom nginx with amazonlinux +# image: blindsidenetwks/nginx:amazonlinux container_name: scalelite-proxy restart: unless-stopped ports: diff --git a/dotenv b/dotenv index f20412d..a25d1fa 100644 --- a/dotenv +++ b/dotenv @@ -41,11 +41,12 @@ SCALELITE_RECORDINGS_DOCKER_IMAGE=bigbluebutton/bbb-playback-proxy:bionic-230-am # RECORDING_IMPORT_UNPUBLISHED=false # ### Optional when using docker-compose-dev.yml -# DOCKER_VOL_SCALELITE_API=~/scalelite-run/data/scalelite # DOCKER_VOL_POSTGRES_DATA=~/scalelite-run/data/postgres # DOCKER_VOL_REDIS_DATA=~/scalelite-run/data/redis # ### Optional for development when using different profiles -DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy +#DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy +DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy-protected #DOCKER_PROXY_NGINX_TEMPLATE=scalelite-local +#DOCKER_PROXY_NGINX_TEMPLATE=scalelite-local-protected #DOCKER_PROXY_NGINX_TEMPLATE=scalelite-cluster diff --git a/dotenv-dev b/dotenv-dev index 8562754..a22d1b9 100644 --- a/dotenv-dev +++ b/dotenv-dev @@ -16,5 +16,7 @@ DOCKER_VOL_POSTGRES_DATA=/home/ubuntu/scalelite-run/data/postgres DOCKER_VOL_REDIS_DATA=/home/ubuntu/scalelite-run/data/redis DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy +#DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy-protected #DOCKER_PROXY_NGINX_TEMPLATE=scalelite-local +#DOCKER_PROXY_NGINX_TEMPLATE=scalelite-local-protected #DOCKER_PROXY_NGINX_TEMPLATE=scalelite-cluster -- cgit v1.2.3