From a5b4f09bc8a2c44809abfa3ff6e8bd7295c3c506 Mon Sep 17 00:00:00 2001 From: Dennis Scheiba Date: Fri, 18 Aug 2023 14:44:52 +0200 Subject: [PATCH 1/5] add live deployment --- Makefile | 8 +- caster-back/gencaster/settings/deploy_live.py | 61 +++++++++++++ docker-compose.deploy.live.yml | 87 +++++++++++++++++++ vars.deploy.live.env | 13 +++ 4 files changed, 168 insertions(+), 1 deletion(-) create mode 100644 caster-back/gencaster/settings/deploy_live.py create mode 100644 docker-compose.deploy.live.yml create mode 100644 vars.deploy.live.env diff --git a/Makefile b/Makefile index 445c3528..38fe6808 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,8 @@ DOCKER_EDITOR = -f docker-compose.editor.yml DOCKER_FRONTEND = -f docker-compose.frontend.yml DOCKER_LOCAL = -f docker-compose.yml -f docker-compose.local.yml DOCKER_DEPLOY_DEV = -f docker-compose.yml -f docker-compose.deploy.dev.yml -DOCKER_ALL_FILES = $(DOCKER_LOCAL) $(DOCKER_EDITOR) $(DOCKER_FRONTEND) -f docker-compose.deploy.dev.yml +DOCKER_DEPLOY_LIVE = -f docker-compose.yml -f docker-compose.deploy.live.yml +DOCKER_ALL_FILES = $(DOCKER_LOCAL) $(DOCKER_EDITOR) $(DOCKER_FRONTEND) -f docker-compose.deploy.dev.yml -f docker-compose.deploy.live.yml venv: caster-back/venv/touchfile @@ -60,6 +61,11 @@ docker-deploy-dev: docker compose $(DOCKER_DEPLOY_DEV) build docker compose $(DOCKER_DEPLOY_DEV) up -d +docker-deploy-live: + docker compose $(DOCKER_ALL_FILES) stop + docker compose $(DOCKER_DEPLOY_LIVE) build + docker compose $(DOCKER_DEPLOY_LIVE) up -d + docker-stop: docker compose $(DOCKER_ALL_FILES) stop diff --git a/caster-back/gencaster/settings/deploy_live.py b/caster-back/gencaster/settings/deploy_live.py new file mode 100644 index 00000000..fc99952d --- /dev/null +++ b/caster-back/gencaster/settings/deploy_live.py @@ -0,0 +1,61 @@ +""" +Deploy Live +=========== + +Settings for deploying "*production*" environment on the server via Docker. +""" + +import sentry_sdk +from sentry_sdk.integrations.django import DjangoIntegration + +from .base import * # noqa + +CSRF_TRUSTED_ORIGINS = [ + "https://live.gencaster.org", + "https://backend.live.gencaster.org", + "https://editor.live.gencaster.org", +] + +DEBUG = False + +ALLOWED_HOSTS = [ + "*.gencaster.org", + "gencaster.org", + "live.gencaster.org", + "editor.live.gencaster.org", + "backend.live.gencaster.org", + "localhost", + "127.0.0.1", +] + +CORS_ALLOWED_ORIGINS = [ + "https://live.dev.gencaster.org", + "https://live.gencaster.org", + "https://backend.live.gencaster.org", +] + +SESSION_COOKIE_DOMAIN = ".live.gencaster.org" +CSRF_COOKIE_DOMAIN = ".live.gencaster.org" + +CORS_ALLOW_CREDENTIALS = True + +SESSION_COOKIE_SAMESITE = None + +CSRF_COOKIE_SECURE = True + + +if SENTRY_DSN := os.environ.get("SENTRY_DSN_CASTER_BACK", None): + print("### SENTRY LOGGING ACTIVE ###") + sentry_sdk.init( + dsn=SENTRY_DSN, + integrations=[ + DjangoIntegration(), + ], + # Set traces_sample_rate to 1.0 to capture 100% + # of transactions for performance monitoring. + # We recommend adjusting this value in production. + traces_sample_rate=0.2, + # If you wish to associate users to errors (assuming you are using + # django.contrib.auth) you may enable sending PII data. + send_default_pii=True, + ) diff --git a/docker-compose.deploy.live.yml b/docker-compose.deploy.live.yml new file mode 100644 index 00000000..7d766623 --- /dev/null +++ b/docker-compose.deploy.live.yml @@ -0,0 +1,87 @@ +version: '3.9' + +volumes: + static: +services: + database: + env_file: + - vars.env + - vars.deploy.live.env + - .secrets.env + + backend: + env_file: + - vars.env + - vars.deploy.live.env + - .secrets.env + volumes: + - static:/home/gencaster/static:rw + - ./data:/data + - ./data:/home/gencaster/media + extra_hosts: + - "host.docker.internal:host-gateway" + + osc_backend: + volumes: + - ./data:/data + - ./data:/home/gencaster/media + env_file: + - vars.env + - vars.deploy.live.env + - .secrets.env + ports: + - 7000:7000/udp + + sound: + network_mode: host + env_file: + - vars.env + - vars.deploy.live.env + volumes: + - ./data:/data + - ./caster-sound/janus.jcfg:/opt/janus/etc/janus/janus.jcfg + # - ./caster-sound/janus.plugin.audiobridge.jcfg:/opt/janus/etc/janus/janus.plugin.audiobridge.jcfg + + nginx: + image: nginx:1.23-alpine + volumes: + - ./nginx.deploy.conf:/etc/nginx/conf.d/default.conf + - static:/static/:ro + - ./data:/home/gencaster/media + ports: + - 8081:80 + depends_on: + - backend + + editor: + platform: linux/amd64 + build: + context: caster-editor + dockerfile: Dockerfile.deploy + args: + - BACKEND_URL=https://backend.live.gencaster.org + - SENTRY_DSN_CASTER_EDITOR=https://4f4b994233384dc3a79ec1a4fea3cd80@o4504548423565312.ingest.sentry.io/4505476421386240 + ports: + - 3001:80 + environment: + - HOST=0.0.0.0 + - PORT=3001 + - BACKEND_URL="https://backend.live.gencaster.org" + depends_on: + - backend + + frontend: + platform: linux/amd64 + build: + context: caster-front + dockerfile: Dockerfile.deploy + args: + - BACKEND_URL=https://backend.live.gencaster.org + - JANUS_URL=https://sound.live.gencaster.org/janus + - SENTRY_DSN_CASTER_FRONT=https://cf06c7d74e1644cab833acf57ae598b3@o4504548423565312.ingest.sentry.io/4505476517396480 + ports: + - 3000:80 + environment: + - NGINX_HOST=0.0.0.0 + depends_on: + - backend diff --git a/vars.deploy.live.env b/vars.deploy.live.env new file mode 100644 index 00000000..b977734c --- /dev/null +++ b/vars.deploy.live.env @@ -0,0 +1,13 @@ +SUPERCOLLIDER_HOST=host.docker.internal + +DJANGO_SETTINGS_MODULE="gencaster.settings.deploy_live" +BACKEND_OSC_HOST=localhost + +# this is needed during build time so change it in +# docker-compose.deploy.dev.yml as well if this changes +BACKEND_URL="https://backend.dev.gencaster.org" + +JANUS_PUBLIC_IP=213.133.101.74 + +SUPERCOLLIDER_USE_INPUT=1 +SUPERCOLLIDER_NUM_STREAMS=15 From 065fefe9ec583a74b4cbf6bea7a90fa9f5d0d6c0 Mon Sep 17 00:00:00 2001 From: Dennis Scheiba Date: Mon, 28 Aug 2023 12:13:27 +0200 Subject: [PATCH 2/5] fix typo in cors --- caster-back/gencaster/settings/deploy_live.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caster-back/gencaster/settings/deploy_live.py b/caster-back/gencaster/settings/deploy_live.py index fc99952d..2b2cec6a 100644 --- a/caster-back/gencaster/settings/deploy_live.py +++ b/caster-back/gencaster/settings/deploy_live.py @@ -29,7 +29,7 @@ ] CORS_ALLOWED_ORIGINS = [ - "https://live.dev.gencaster.org", + "https://editor.live.gencaster.org", "https://live.gencaster.org", "https://backend.live.gencaster.org", ] From 277c9117bf85da7ab93b4431903923179000555a Mon Sep 17 00:00:00 2001 From: Dennis Scheiba Date: Tue, 19 Sep 2023 15:24:14 +0200 Subject: [PATCH 3/5] remove host mode for sound container --- caster-sound/Dockerfile | 4 +++- caster-sound/caster-sound.conf | 3 ++- caster-sound/janus.jcfg | 8 ++++---- docker-compose.deploy.dev.yml | 8 ++++---- docker-compose.deploy.live.yml | 6 ++++-- docker-compose.yml | 2 ++ vars.deploy.dev.env | 4 ++-- vars.deploy.live.env | 4 ++-- 8 files changed, 23 insertions(+), 16 deletions(-) diff --git a/caster-sound/Dockerfile b/caster-sound/Dockerfile index cd8a5b8d..beca7cc2 100644 --- a/caster-sound/Dockerfile +++ b/caster-sound/Dockerfile @@ -144,7 +144,9 @@ RUN git clone --depth 1 --branch "v0.11.8" https://github.com/meetecho/janus-gat make configs && \ rm -rf /root/janus-gateway -RUN apk add parallel +# moreutils contains sponge which is needed for this +# https://stackoverflow.com/a/74551579/3475778 +RUN apk add parallel moreutils # ------------------ STATIC HTML FILES # are served via a python http server - only for debugging diff --git a/caster-sound/caster-sound.conf b/caster-sound/caster-sound.conf index 41544592..7bb11a81 100644 --- a/caster-sound/caster-sound.conf +++ b/caster-sound/caster-sound.conf @@ -25,7 +25,8 @@ stdout_logfile=/root/sclang.log stderr_logfile=/root/sclang.log [program:janus] -command=/opt/janus/bin/janus +# inject the env variable into the config before starting +command=sh -c "envsubst '$JANUS_PUBLIC_IP' < /opt/janus/etc/janus/janus.jcfg | sponge /opt/janus/etc/janus/janus.jcfg && /opt/janus/bin/janus" user=root priority=40 startsecs=10 diff --git a/caster-sound/janus.jcfg b/caster-sound/janus.jcfg index 82315feb..a7644b18 100644 --- a/caster-sound/janus.jcfg +++ b/caster-sound/janus.jcfg @@ -214,7 +214,7 @@ media: { ipv6 = true ipv6_linklocal = true #min_nack_queue = 500 - #rtp_port_range = "20000-40000" + rtp_port_range = "10000-10200" #dtls_mtu = 1200 #no_media_timer = 1 #slowlink_threshold = 4 @@ -268,8 +268,8 @@ media: { # be used for gathering candidates, and enable or disable the # internal libnice debugging, if needed. nat: { - # stun_server = "stun.l.google.com" - # stun_port = 19302 + stun_server = "stun.l.google.com" + stun_port = 19302 # nice_debug = false full_trickle = false #ice_nomination = "regular" @@ -300,7 +300,7 @@ nat: { # Multiple public IP addresses can be specified as a comma separated list # if the Janus is deployed in a DMZ between two 1-1 NAT for internal and # external users. - nat_1_1_mapping = "195.201.163.94" + nat_1_1_mapping = "$JANUS_PUBLIC_IP" #keep_private_host = true # You can configure a TURN server in two different ways: specifying a diff --git a/docker-compose.deploy.dev.yml b/docker-compose.deploy.dev.yml index f84f8631..888f4cb9 100644 --- a/docker-compose.deploy.dev.yml +++ b/docker-compose.deploy.dev.yml @@ -18,8 +18,6 @@ services: - static:/home/gencaster/static:rw - ./data:/data - ./data:/home/gencaster/media - extra_hosts: - - "host.docker.internal:host-gateway" osc_backend: volumes: @@ -33,14 +31,16 @@ services: - 7000:7000/udp sound: - network_mode: host env_file: - vars.env - vars.deploy.dev.env + ports: + - 8090:8090 # debug frontend + - 8088:8088 # janus server + - 10000-10200:10000-10200 volumes: - ./data:/data - ./caster-sound/janus.jcfg:/opt/janus/etc/janus/janus.jcfg - # - ./caster-sound/janus.plugin.audiobridge.jcfg:/opt/janus/etc/janus/janus.plugin.audiobridge.jcfg nginx: image: nginx:1.23-alpine diff --git a/docker-compose.deploy.live.yml b/docker-compose.deploy.live.yml index 7d766623..6ddd5fab 100644 --- a/docker-compose.deploy.live.yml +++ b/docker-compose.deploy.live.yml @@ -33,14 +33,16 @@ services: - 7000:7000/udp sound: - network_mode: host env_file: - vars.env - vars.deploy.live.env + ports: + - 8090:8090 # debug frontend + - 8088:8088 # janus server + - 10000-10200:10000-10200 volumes: - ./data:/data - ./caster-sound/janus.jcfg:/opt/janus/etc/janus/janus.jcfg - # - ./caster-sound/janus.plugin.audiobridge.jcfg:/opt/janus/etc/janus/janus.plugin.audiobridge.jcfg nginx: image: nginx:1.23-alpine diff --git a/docker-compose.yml b/docker-compose.yml index 7c299e61..9cab5c26 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -34,6 +34,8 @@ services: env_file: - vars.env - .secrets.env + depends_on: + - database command: ['python', '-m', 'osc_server.server'] sound: diff --git a/vars.deploy.dev.env b/vars.deploy.dev.env index 7b3141d3..6378d302 100644 --- a/vars.deploy.dev.env +++ b/vars.deploy.dev.env @@ -1,7 +1,7 @@ -SUPERCOLLIDER_HOST=host.docker.internal +SUPERCOLLIDER_HOST=sound DJANGO_SETTINGS_MODULE="gencaster.settings.deploy_dev" -BACKEND_OSC_HOST=localhost +BACKEND_OSC_HOST=osc_backend # this is needed during build time so change it in # docker-compose.deploy.dev.yml as well if this changes diff --git a/vars.deploy.live.env b/vars.deploy.live.env index b977734c..6cff930e 100644 --- a/vars.deploy.live.env +++ b/vars.deploy.live.env @@ -1,7 +1,7 @@ -SUPERCOLLIDER_HOST=host.docker.internal +SUPERCOLLIDER_HOST=sound DJANGO_SETTINGS_MODULE="gencaster.settings.deploy_live" -BACKEND_OSC_HOST=localhost +BACKEND_OSC_HOST=osc_backend # this is needed during build time so change it in # docker-compose.deploy.dev.yml as well if this changes From 00d04737acdde3ea4edbfca171993785f76f8ecf Mon Sep 17 00:00:00 2001 From: Dennis Scheiba Date: Tue, 19 Sep 2023 15:39:41 +0200 Subject: [PATCH 4/5] update docs regarding host mode --- README.md | 3 --- docs/deployment.rst | 14 ++------------ 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index ee1b6a8f..8da3a968 100644 --- a/README.md +++ b/README.md @@ -77,9 +77,6 @@ passworrd | `admin` ### Network -As the connection of WebRTC relies on delicate network routing we deploy the Janus service in docker network mode `host` instead of `bridge` which puts every service behind a NAT. -The `host` method has the disadvantage that every port we expose within our container is also exposed on our host which an lead to port clashes as well as security problems so please be sure that the firewall is set up correctly. - As WebRTC only works within a SSL environment we use a nginx reverse proxy to forward the port `8089` to the local port `8088` which is the http version of the Janus server. By doing this we can let nginx handle the SSL context and not need to embed this into Janus. diff --git a/docs/deployment.rst b/docs/deployment.rst index 4f37536f..3e256db7 100644 --- a/docs/deployment.rst +++ b/docs/deployment.rst @@ -1,21 +1,11 @@ Deployment ========== -The only supported way to deploy Gencaster is by using Docker. -This allows for easier development but also introduces some challenges regarding WebRTC communication and CPU realtime priority. - Docker ------ -As WebRTC relies on a peer-to-peer connection it is necessary to run the streaming container :ref:`caster-sound` in ``host`` mode as otherwise the connection can not be initiated because of a lack of proper IP propagation because otherwise the Docker network acts as a NAT. -For more information regarding this topic refer to the `Mozilla Documentation `_. - -.. important:: - - ``host`` mode uses ports on the host machine directly rather than forwarding them from the Docker NAT. - The result is: **it is only possible to run ONE instance of Gencaster on a server**. - Also all necessary ports need to be free on the host. - +As the setup of the streaming stack is delicate the only supported way of deployment is via `docker compose` which automates most of the setup procedure. +Yet it is still necessary to provide some config files which are described here. ``.secrets.env`` ^^^^^^^^^^^^^^^^ From 6b353b129ce9df141eb1f0a74dc82d69129299a3 Mon Sep 17 00:00:00 2001 From: Dennis Scheiba Date: Tue, 19 Sep 2023 15:54:02 +0200 Subject: [PATCH 5/5] fix backend URL --- vars.deploy.live.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars.deploy.live.env b/vars.deploy.live.env index 6cff930e..a3b9977a 100644 --- a/vars.deploy.live.env +++ b/vars.deploy.live.env @@ -5,7 +5,7 @@ BACKEND_OSC_HOST=osc_backend # this is needed during build time so change it in # docker-compose.deploy.dev.yml as well if this changes -BACKEND_URL="https://backend.dev.gencaster.org" +BACKEND_URL="https://backend.live.gencaster.org" JANUS_PUBLIC_IP=213.133.101.74