Hi,
@cruizba, Can you please provide me the list of outbound requests hit by OPENVDU server .
Thanks & Regards,
Neeraj Paliwal
What do you mean by outbound requests?
OpenVidu PRO/Enterprise connects to media nodes through port 3000 and to Kurento Media Server/Mediasoup through port 8888. In OpenVidu CE openvidu connects to port 8888 to Kurento Media Server.
Other outbound connection can be done by the media node through ports 40000 - 65535 or for relay connections in OpenVidu PRO/Enterprise.
Do you mean that?
Hi, @cruizba
https://docs.openvidu.io/en/2.17.0/deployment/deploying-on-premises/
As we Installaling Openvidu 2.17 on-premises in our server.
For security reasons, we want to know that how many outbound URL / API Call from the OPENVIDU server.
So we can whitelist only those outbound calls in our firewall.
Outbound Means that OPENVIDU calls any website or third-party application during installation and videocall. We are stuck in this so please help us out.
Thanks & Regards,
Neeraj Paliwal
Are you using OpenVidu CE? I will check what outbound calls are necessary by deploying it and I’ll message back.
Why don’t you use 2.20.0?
Regards
Thanks, @cruizba for your response.
As our application currently supports 2.17.0 and we are looking forward to updating it ASAP.
Waiting for your valuable reply for outbound calls.
Thanks & Regards,
Neeraj Paliwal
OpenVidu CE - Minimal ports configuration. This only applies to OpenVidu CE from 2.17.0 to current latest version (2.20.0)
- Follow official Installation instruction. You need to grant Internet access at least for the installation process.
Then, While installing, these ports should be opened for the outbound rules:
Outbound ports
- When everything is installed, you need to configure the public IP of OpenVidu in
COTURN_IPenvironment variable in/opt/openvidu/.env, because it can’t autodiscover the public IP without Internet outbound rules:
COTURN_IP=<your-public-ip>
Also, fill your configuration parameters as stated in the official documentation
-
Close all outbounds ports. Security groups / Ports policy should look like this:
Inbound ports
Outbound ports
-
Start OpenVidu:
sudo su
cd /opt/openvidu
./openvidu start
Don’t worry if the first access gives you an nginx 404 error. This is because nginx can not autodiscover its public IP and it needs to timeout. After some seconds you should see OpenVidu Call (or your app).
Notes
-
With this configuration, the media instead of going directly to Kurento, it passes through STUN/TURN and then this service relay the media to Kurento Media Server. Take into account that this can affect to media quality because of that. This is why this is not the default recommended way to deploy. If you use two processes instead of one for the media, TURN and Kurento will consume CPU, then more resources will be used. Also, I don’t know if this can cause more delay, it is possible, but as TURN and Kurento lives in the same server, maybe it is unoticeable.
-
For OpenVidu Pro/Enterprise other rules will be needed and an Offline license needs to be bought.
-
Webhooks will not work, you need to whitelist this IPs/Ports in your Security Group.
We want for the next release to reorganize deployment instructions to present to OpenVidu users different ways to deploy OpenVidu and its pros and cons.
Also, if you are concerned about security, I recommend you to update to the latest release. Always be up-to-date if possible 
Best Regards