SL-78: added settings to support protected recordings (#11)

* updates to docker-compose-dev * added proxy-nginx config files for handling requests to protected recordings * added template for protected recordings * completed changes for protected recordngs * completed changes for protected recordngs
2025-12-16 14:22:11 +01:00 · 2021-09-16 10:38:07 -04:00
parent a20eca0489
commit 390030bafc
5 changed files with 129 additions and 8 deletions
--- a/data/proxy/nginx/sites.template.scalelite-local-protected
+++ b/data/proxy/nginx/sites.template.scalelite-local-protected
@@ -0,0 +1,61 @@
+#### For <$NGINX_HOSTNAME>
+
+upstream docker-scalelite-api {
+    server $NGINX_HOSTNAME:3000;
+}
+
+upstream docker-scalelite-recordings {
+    server scalelite-recordings:80;
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen  80;
+    listen [::]:80;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return  301 https://$host$request_uri;
+    }
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    ## Configuration for Letsencrypt SSL Certificate
+    ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
+
+    ## Configuration for SSL Certificate from a CA other than LetsEncrypt
+    #ssl_certificate /etc/ssl/fullchain.pem;
+    #ssl_certificate_key /etc/ssl/privkey.pem;
+
+    location /health_check {
+        proxy_pass http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+
+    location /static-resource {
+        rewrite /static-resource(/|$)(.*) /$2 break;
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+        internal;
+    }
+
+    location /playback {
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
+    location / {
+        proxy_pass http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+}
--- a/data/proxy/nginx/sites.template.scalelite-proxy-protected
+++ b/data/proxy/nginx/sites.template.scalelite-proxy-protected
@@ -0,0 +1,61 @@
+#### For <$NGINX_HOSTNAME>
+
+upstream docker-scalelite-api {
+    server scalelite-api:3000;
+}
+
+upstream docker-scalelite-recordings {
+    server scalelite-recordings:80;
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen  80;
+    listen [::]:80;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return  301 https://$host$request_uri;
+    }
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    ## Configuration for Letsencrypt SSL Certificate
+    ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
+
+    ## Configuration for SSL Certificate from a CA other than LetsEncrypt
+    #ssl_certificate /etc/ssl/fullchain.pem;
+    #ssl_certificate_key /etc/ssl/privkey.pem;
+
+    location /health_check {
+        proxy_pass http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+
+    location /static-resource {
+        rewrite /static-resource(/|$)(.*) /$2 break;
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+        internal;
+    }
+
+    location /playback {
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
+    location / {
+        proxy_pass http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+}
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -13,12 +13,6 @@ volumes:
      type: 'none'
      o: 'bind'
      device: '${DOCKER_VOL_REDIS_DATA}'
-  scalelite-api-dev:
-    driver: local
-    driver_opts:
-      type: 'none'
-      o: 'bind'
-      device: '${DOCKER_VOL_SCALELITE_API}'

 services:
  postgres:
@@ -57,6 +51,8 @@ services:

  scalelite-proxy:
    image: nginx:1.18
+# Custom nginx with amazonlinux
+#    image: blindsidenetwks/nginx:amazonlinux
    container_name: scalelite-proxy
    restart: unless-stopped
    ports:
--- a/5
+++ b/5
@@ -41,11 +41,12 @@ SCALELITE_RECORDINGS_DOCKER_IMAGE=bigbluebutton/bbb-playback-proxy:bionic-230-am
 # RECORDING_IMPORT_UNPUBLISHED=false
 #
 ### Optional when using docker-compose-dev.yml
-# DOCKER_VOL_SCALELITE_API=~/scalelite-run/data/scalelite
 # DOCKER_VOL_POSTGRES_DATA=~/scalelite-run/data/postgres
 # DOCKER_VOL_REDIS_DATA=~/scalelite-run/data/redis
 #
 ### Optional for development when using different profiles
-DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy
+#DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy
+DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy-protected
 #DOCKER_PROXY_NGINX_TEMPLATE=scalelite-local
+#DOCKER_PROXY_NGINX_TEMPLATE=scalelite-local-protected
 #DOCKER_PROXY_NGINX_TEMPLATE=scalelite-cluster
--- a/2
+++ b/2
@@ -16,5 +16,7 @@ DOCKER_VOL_POSTGRES_DATA=/home/ubuntu/scalelite-run/data/postgres
 DOCKER_VOL_REDIS_DATA=/home/ubuntu/scalelite-run/data/redis

 DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy
+#DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy-protected
 #DOCKER_PROXY_NGINX_TEMPLATE=scalelite-local
+#DOCKER_PROXY_NGINX_TEMPLATE=scalelite-local-protected
 #DOCKER_PROXY_NGINX_TEMPLATE=scalelite-cluster