LetsEncrypt support for multiple domains using DOMAIN_OR_PUBLIC_IP

OpenVidu v2 Issues with deployment
1

Currently the .env property DOMAIN_OR_PUBLIC_IP doesn’t support both www.example.com and example.com domains. I believe this is the -d flag in certbot. So in certbot I would do:

-d example.com -d www.example.com

How do I indicate two domains using this property DOMAIN_OR_PUBLIC_IP?

2

After doing some searching I realise this is more of nginx docker issue than openvidu. I’ve manually ran the --expand certbot option on my current certificate to resolve this. Hopefully the auto-renewal will still work as it should.

3

Please note: Running the –expand solution actually will not work. This will cause the auto renewal by OpenVidu to fail. LetsEncrypt –expanded command is looking for the verification @ endpoint :80 (insecure) which gets redirected by Nginx to :443 (secure) but because this has an expired certificate the renewal will fail.

If I can’t add multiple domains i.e. the www as part of the OpenVidu (.env) LetsEncrypt process how can I change Nginx to redirect my traffic from www to non-www?

4

I can add this option in the next release of OpenVidu. I’ll just add this -d www.${DOMAIN_OR_PUBLIC_IP} in the nginx container:

Thanks for advising!

5

That would be really helpful

6

Hi when do you expect a new release? And is there a way for me to get this patch applied sooner. I’ve tried many workarounds and still have no site available on www.

7

We want to release in 2 weeks or so. As a workaround you can try to build your own nginx-proxy. I think it would be easy. I did not test it but you can try to follow this steps

  1. Clone OpenVidu repository:
    GitHub - OpenVidu/openvidu: OpenVidu Platform main repository

  2. Checkout to the tag v2.15.0

  3. Go to openvidu-server/docker/openvidu-proxy

  4. Change this files if you’re using CE:

  • /openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app-without-demos.conf
  • /openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default-app.conf
  • /openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf

If you’re using PRO, change this files:

  • openvidu-server/docker/openvidu-proxy/default_nginx_conf/prodefault-app-without-demos.conf
  • openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf

And replace the lines with:

server_name {domain_name};

with this:

server_name {domain_name} www.{domain_name};
  1. Go to /openvidu-server/docker/openvidu-proxy/entrypoint.sh and replace the line with:
certbot certonly -n --webroot -w /var/www/certbot \
                                    -m "${LETSENCRYPT_EMAIL}" \
                                    --agree-tos -d "${DOMAIN_OR_PUBLIC_IP}"

with this:

certbot certonly -n --webroot -w /var/www/certbot \
                                    -m "${LETSENCRYPT_EMAIL}" \
                                    --agree-tos -d "${DOMAIN_OR_PUBLIC_IP}" \
                                    -d www."${DOMAIN_OR_PUBLIC_IP}"
  1. With all the changes, go again to the directory openvidu-server/docker/openvidu-proxy and execute the script create_image.sh. You can use the TAG_NAME you want to use for your custom docker image:
./create_image.sh <TAG_NAME>

  1. Upload your docker image in the docker registry you want and pull it in your server

  2. When the customized image is in your server, replace it in `/opt/openvidu/docker-compose.yml:

...
nginx
    image: <YOUR_CUSTOM_IMAGE>
...

The 2.16.0 version will have an env variable to enable www redirection. Something like REDIRECT_WWW=true, so when you update to the new version you will not need to do anything like that again.

Best Regards,
Carlos

8

Thank you @cruizba that is awesome instructions.