Skip to content

OpenVidu Single Node Installation: AWS#

Regarding OpenVidu v2 compatibility

OpenVidu Single Node is not compatible with OpenVidu v2 API. For having compatibility with OpenVidu v2 applications, you must use OpenVidu Elastic or OpenVidu High Availability.

This section contains the instructions to deploy a production-ready OpenVidu Single Node deployment in AWS. Deployed services are the same as the On Premises Single Node Installation but automate the process with AWS CloudFormation.

First of all, import the template in the AWS CloudFormation console. You can click the following button...

...or access your AWS CloudFormation console and manually set this S3 URL in the Specify template section:

https://s3.eu-west-1.amazonaws.com/get.openvidu.io/community/singlenode/latest/aws/cf-openvidu-singlenode.yaml

Info

If you want to deploy an specific version of OpenVidu Elastic, replace latest with the version you want to deploy. For example, to deploy version 3.0.0, use the following URL:

https://s3.eu-west-1.amazonaws.com/get.openvidu.io/community/singlenode/3.0.0/aws/cf-openvidu-singlenode.yaml

This is how the architecture of the deployment looks like:

OpenVidu Single Node AWS Architecture
OpenVidu Single Node AWS Architecture

CloudFormation Parameters#

Depending on your needs, you need to fill the following CloudFormation parameters:

Domain and SSL Certificate Configuration#

These are the three possible scenarios you may have to configure in this section:

For a production-ready setup, this scenario is ideal when you have an FQDN (Fully Qualified Domain Name) and an Elastic IP at your disposal. It leverages the services of Let's Encrypt to automatically generate valid certificates.

First, you need to have the FQDN pointing to the Elastic IP you are going to use.

Then, you need to fill in the following parameters:

Let's Encrypt certificates

As you can see, you need to specify the DomainName with your FQDN, the PublicElasticIP with the Elastic IP that the domain points to, and the LetsEncryptEmail with your email address for Let’s Encrypt notifications. These parameters are mandatory.

This is the most straightforward option for deploying OpenVidu on AWS when you do not have a Fully Qualified Domain Name (FQDN). This method allows for the immediate use of OpenVidu in AWS using CloudFormation.

However, this convenience comes with the caveat that users will need to manually accept the certificate in their web browsers. Please be aware that this configuration is solely for developmental and testing purposes and is not suitable for a production environment.

These are the parameters needed in this section to use self-signed certificates:

Self-signed certificates

You don’t need to specify any parameters; just select the CertificateType as self-signed. The domain name used will be an AWS-generated one.

Opt for this method if you possess your own certificate for an existing FQDN. It enables you to deploy OpenVidu on AWS using your certificates.

You need to have a Fully Qualified Domain Name (FQDN) pointing to a previously created Elastic IP.

Also, you need a temporary HTTP server hosting your private and public certificate under a specific URL. These URLs are needed for the instance to be able to download and install your certificates.

The configured parameters would look like this:

Custom certificates

You need to specify at OwnPublicCertificate and OwnPrivateCertificate the URLs where the public and private certificates are hosted, respectively. The DomainName and PublicElasticIP are mandatory parameters.

Certificates need to be in PEM format and the URLs must be accessible from the instance.

EC2 Instance Configuration#

You need to specify some properties for the EC2 instance that will be created.

The parameters in this section may look like this:

EC2 Instance configuration

Simply select the type of instance you want to deploy at InstanceType, the SSH key you want to use to access the machine at KeyName, and the Amazon Image ID (AMI) to use at AmiId.

By default, the parameter AmiId is configured to use the latest LTS Ubuntu AMI, so ideally you don’t need to modify this.

(Optional) TURN server configuration with TLS#

This section is optional. It is useful when your users are behind a restrictive firewall that blocks UDP traffic. This parameter will only works if you are using letsencrypt or owncert as the CertificateType parameter.

The parameters in this section may look like this:

TURN server configuration with TLS

Set the TurnDomainName parameter to the domain name you intend to use for your TURN server. It should be pointing to the PublicElasticIP specified in the previous section.

If you are using letsencrypt as the CertificateType parameter, you can leave the TurnOwnPublicCertificate and TurnOwnPrivateCertificate parameters empty. If you are using owncert, you need to specify the URLs where the public and private certificates are hosted.

Deploying the Stack#

When you are ready with your CloudFormation parameters, just click on "Next", specify in "Stack failure options" the option "Preserve successfully provisioned resources" to be able to troubleshoot the deployment in case of error, click on "Next" again, and finally "Submit".

When everything is ready, you will see the following links in the "Outputs" section of CloudFormation:

CloudFormation Outputs

Configure your Application to use the Deployment#

The Output Key ServicesAndCredentials of the previous section points to an AWS Secret Manager secret that contains all URLs and credentials to access the services deployed. You can access the secret by clicking on the link in the Output Value column.

Then, click on Retrieve secret value to get the JSON with all the information.

To point your applications to your OpenVidu deployment, check the values of the JSON secret. All access credentials of all services are defined in this object.

Your authentication credentials and URL to point your applications would be:

  • URL: The value in the AWS Secret of DOMAIN_NAME as a URL. It could be wss://openvidu.example.io/ or https://openvidu.example.io/ depending on the SDK you are using.
  • API Key: The value in the AWS Secret of LIVEKIT_API_KEY
  • API Secret: The value in the AWS Secret of LIVEKIT_API_SECRET

Troubleshooting Initial CloudFormation Stack Creation#

If something goes wrong during the initial CloudFormation stack creation, your stack may reach the CREATE_FAILED status for multiple reasons. It could be due to a misconfiguration in the parameters, a lack of permissions, or a problem with the AWS services. When this happens, the following steps can help you troubleshoot the issue and identify what went wrong:

  1. While deploying the stack, make sure at "Stack failure options" you have selected the option "Preserve successfully provisioned resources" to be able to troubleshoot the deployment in case of an error.

    Disable Rollback on failure

  2. Check if the EC2 instance or instances are running. If they are not, check the CloudFormation events for any error messages.

  3. If the EC2 instance or instances are running, SSH into the instance and check the logs of the following files:

    • /var/log/cloud-init-output.log
    • /var/log/cloud-init.log

    These logs will give you more information about the CloudFormation stack creation process.

  4. If everything seems fine, check the status and the logs of the installed OpenVidu services.

Configuration and administration#

When your CloudFormation stack reaches the CREATE_COMPLETE status, your OpenVidu Single Node deployment is ready to use. You can check the Administration section to learn how to manage your deployment.