Deploying OpenVidu Pro on AWS



Before deploying OpenVidu Pro you need to create an OpenVidu account to get your license key.
There's a 15 day free trial waiting for you!

Deployment instructions

1) Access to the console of AWS Cloud Formation

Go to CloudFormation



2) Select Create Stack 🠚 With new resources


3) Option Specify template 🠚 Amazon S3 URL with the following URL

https://s3-eu-west-1.amazonaws.com/aws.openvidu.io/CF-OpenVidu-Pro-latest.yaml


4. Specify stack details

First of all, indicate a name for your deployment. Next fill each section of the Parameters formulary:

OpenVidu Pro License

Your OpenVidu Pro License key. You need an OpenVidu account to purchase it. There's a 15 day free trial waiting for you!

SSL certificate configuration

Configuration for your CloudFormation stack certificate. We provide 3 different scenarios: you can use the default SELF-SIGNED CERTIFICATE stored in the application (users will need to accept the browser security alert) or if you have a custom domain, either allow LET'S ENCRYPT to automatically generate a valid and free certificate for your domain or use your own CUSTOM CERTIFICATE if you already have one.

Self-Signed certificate Let's Encrypt certificate Custom certificate
Choose the certificate selfsigned letsencrypt owncert
Email for Let's Encrypt certification authority Your choice
My domain name Your fully qualified domain
For example: if your full URL is https://openvidu.io/ then this is openvidu.io
Your fully qualified domain
For example: if your full URL is https://openvidu.io/ then this is openvidu.io
Public elastic IP (EIP) One AWS Elastic IP you generated
(check AWS Docs to generate a new one)
One AWS Elastic IP you generated
(check AWS Docs to generate a new one)
URL to the CRT file URL to your public key file
The CloudFormation stack must have access to this URL, at least temporarily
URL to the key file URL to your private key file
The CloudFormation stack must have access to this URL, at least temporarily

If you are using LET'S ENCRYPT CERTIFICATE, of course you will need to register your ElasticIP in your DNS hosting service and associate it with the fully qualified domain name. Until your domain name is not accessible through the public IP you chose, this deployment won't work

OpenVidu CE configuration

Configuration properties specific for OpenVidu Server CE. You have a complete description of all available properties here.

OpenVidu Pro configuration

Configuration properties specific for OpenVidu Server Pro. You have a complete description of all available properties here.

Kibana configuration

Username and password for the Kibana service deployed with OpenVidu Pro. You will need these credentials for later access to the Kibana dashboard of your OpenVidu Pro deployment. Visit section Detailed session monitoring for further information.

Networking configuration

OpenVidu VPC
Dedicated VPC for the OpenVidu Pro cluster
All of the EC2 instances of the cluster will connect to this VPC
Choose from the drop-down button
OpenVidu Subnet
Subnet of the VPC where to deploy the OpenVidu Pro cluster
Choose from the drop-down button

Other configuration

These properties configure specific details of the CloudFormation stack.

Instance type for Openvidu Server Pro Node
Type of EC2 Instance where to deploy the OpenVidu Server Pro Node
Choose from the drop-down button
Instance type for Media Nodes
Type of EC2 Instance where to deploy the Media Nodes
Choose from the drop-down button
Key name
SSH key the EC2 Instances of the cluster
Choose from the drop-down button
(check AWS Docs to create a new one)



5. Create your stack

No extra options are necessary. Click on NextNextCreate stack

CREATE_IN_PROGRESS status will show up. You will now have to wait for a few minutes (about 10) until it shows CREATE_COMPLETE.

To connect to OpenVidu Inspector and the Kibana dashboard, simply access Outputs tab after CREATE_COMPLETE status is reached. There you will have both URLs to access both services.

To consume OpenVidu REST API, use URL https://OPENVIDUPRO_PUBLIC_IP:4443. For example, in the image above that would be https://ec2-34-244-193-135.eu-west-1.compute.amazonaws.com:4443 using AWS domain. When deploying with a custom domain name (which you should do for a production environment), of course you must use your domain name instead.



Scalability

Set the number of Media Nodes on startup

When filling the CloudFormation form, simply set the desired number in section OpenVidu Pro configuration.

In section Other configuration you can choose the size of your OpenVidu Server Pro Node and your Media Nodes.

Change the number of Media Nodes on the fly

You can launch and drop Media Nodes dynamically in two different ways:

From OpenVidu Inspector

In Cluster page you can launch and drop Media Nodes just by pressing buttons.

With OpenVidu Pro REST API

You can programmatically launch and drop Media Nodes from your application by consuming OpenVidu Pro REST API.

WARNING: there are some important aspects to keep in mind when launching and dropping Media Nodes in AWS deployemnts, specially through OpenVidu Pro REST API (OpenVidu Inspector UI is quite self-descriptive):

  • Trying to drop a Media Node which is currently hosting an OpenVidu Session will fail by default. You can manage the drop policy when calling DELETE /pro/media-nodes through parameter deletion-strategy.



Updating OpenVidu Pro configuration

You may want to change the current configuration of an existing OpenVidu Pro cluster. This configuration includes all of the parameters listed in these pages:

When deploying an OpenVidu Pro cluster you give value to these parameters directly or indirectly, depending on the deployment environment. Once the cluster is running, there are different ways you can update the value of the configuration parameters. Take into account that all of them require restarting your OpenVidu Server Pro process, so any active OpenVidu Session will be terminated.

1) With OpenVidu Inspector

OpenVidu Inspector allows you to restart the OpenVidu Server Pro process from Config page just by filling a formulary.
More information here.

NOTE 1: take into account that not all configuration properties are able to be updated this way
NOTE 2: new values will be stored and remembered, so they will be used when OpenVidu Server Pro is restarted in the future

2) With OpenVidu Pro REST API

You can consume REST API method POST /pro/restart to programmatically restart the OpenVidu Server Pro process and update its configuration values.

NOTE 1: take into account that not all configuration properties are able to be updated this way
NOTE 2: new values will be stored and remembered, so they will be used when OpenVidu Server Pro is restarted in the future

3) Manually connecting through SSH

The ultimate and most definitive way of updating the configuration parameters of an OpenVidu Pro cluster is connecting to the OpenVidu Server Pro Node through SSH and changing the desired values:

  1. SSH to the OpenVidu Server Pro machine using your private rsa key
  2. Update file /opt/openvidu/application.properties with the new configuration values
  3. Restart OpenVidu Server Pro with sudo systemctl restart openvidu

To validate your changes and check that everything went well, you should take a look to OpenVidu Server Pro logs. If there were any errors with any configuration parameter, OpenVidu Server Pro log should help you fix the issue. You can show last 200 lines of the logs with command journalctl -n 200 -u openvidu | cat



Troubleshooting

First of all, an AWS CloudFormation stack may reach CREATE_FAILED status for missing a default VPC. Check out this FAQ to learn how to fix it.

If that is not the problem, then follow these steps:

  • 1) Try to deploy again, but this time disabling option Rollback on failure (Configure stack options 🡆 Advanced Options 🡆 Stack creation options). This will prevent the instance to be terminated in case of failure so logs can be gathered. Once you re-deploy with this option, the stack will still fail but you’ll be able to access instances through SSH and retrieve some files to debug the problem.
  • 2) We will also need the parameters you've used to deploy, to check possible problems in their values
  • 3) Once you have performed step 1) and the stack creation has failed, please SSH into the instances created and share with us Cloudformation logs

    • /var/log/cloud-init.log
    • /var/log/cloud-init-output.log

  • 4) Get also the log output of openvidu with this command and share with us the output file:

    • journalctl -u openvidu > openvidu.log

Regarding the compatibility of openvidu-browser and server SDKs (REST API, openvidu-java-client, openvidu-node-client), use the same version numbers as stated for openvidu-server in Releases page. For example, for OpenVidu Pro 2.10.0, use the artifact versions indicated in 2.10.0 release table



OpenVidu Pro in AWS Marketplace

The recommended way of deploying OpenVidu Pro in AWS is by directly using CloudFormation.
Latest available version of OpenVidu Pro in AWS Marketplace is 2.11.0, but we are working on 2.12.0 support
Before deploying OpenVidu Pro in AWS Marketplace you need to contact us through Commercial page to get the credentials you will need during the deployment process. For this outdated way of deploying an OpenVidu Pro cluster you don't need an OpenVidu account, but you will need some special credentials we need to provide to you.

1) Steps towards configuration

Go to marketplace



2) Configure your OpenVidu Server Pro

Fill each section of the form with the appropriate values as stated below.

Stack name

The name of your deployment

SSL Certificate Configuration

This is the kind of certificate you will be using in your deployment. Three different options are offered:

  • selfsigned: use a selfsigned certificate. This options is meant for testing and developing environments. Leave the rest of the fields with their default value
  • letsencrypt: use an automatic certificate by Let's Encrypt. This way you don't have to worry about providing your own certificate. You simply have to enter an email account where Let's Encrypt will send its messages, your fully qualified domain name and one AWS Elastic IP for the same region you selected before (allocate one if you don't have it). Of course, you will need to register this Elastic IP in your DNS hosting service and associate it with your fully qualified domain name. Only after this association between the Elastic IP and your domain name is effective your deployment with Let's Encrypt will work fine.
  • owncert: use your own certificate. You must provide one AWS Elastic IP for the same region you selected before (allocate one if you don't have it), and your public certificate and private key, both accessible through uris (an Amazon S3 bucket is the best way to do it). Leave the default values for Email and Fully qualified domain name fields.

OpenVidu Configuration

These fields respectively configure different system properties of OpenVidu Server.

Besides, you'll find two fields for OpenVidu Pro credentials (OpenViduProUsername and OpenViduProPassword). We provide those credentials for you and with them you'll be able to access the OpenVidu Pro artifact (contact us through Commercial page to get them).

If you want to enable OpenVidu Webhook module by setting OpenViduWebhook field to true, your endpoint defined in field OpenViduWebhookEndpoint will probably be secured in some way. The syntax for the webhook header (field OpenViduWebhookHeaders) should be used to provide the security credentials. For example:

Authorization: Basic T1BFTlZJRFVBUFA6TVlfU0VDUkVU

for a basic auth token.

Openvidu Security Group

These fields allow you to limit the IPs that will be able to connect to OpenVidu Server Pro.

WARNING: be careful when limiting these IP ranges

  • Port 4443 access Range: OpenVidu Server Pro REST API and client access point. This should be set to 0.0.0.0/0 if you want any client to be able to use your deployment
  • Port 3478 access Range: TURN server port. This should be set to 0.0.0.0/0 if you want any client to be able to use your deployment, as you never know which user might need a TURN connection to be able to send and receive media
  • SSH Port access Range can be limited as you want, as it provides SSH access to the server with the proper private key through port 22
  • HTTPS and HTTP (ports 443 and 80) access Range: HTTPS access range will determine the directions able to connect to Kibana dashboard. If you are using Let's Encrypt SSL configuration, set HTTP access range to 0.0.0.0/0, as Let's Encrypt will need to access your server through port 80.
  • UDP Port access Range and TCP Port access Range: limits the clients that will be able to establish TCP and UDP connections to your OpenVidu Server Pro. So again, if you want to provide service to any client these should be set to 0.0.0.0/0
  • MinOpenPort and MaxOpenPort: determine what ports will be available to establish the media connections, so the generous default value is a good choice. If you change the values leaving out any of the previously stated ports, the deployment may fail

Kibana Dashboard

Set the user and password for accessing Kibana dashboard.

Networking info

Because Kurento Media Server cluster runs in an Autoscaling Group this CloudFormation template will create a VPC and a Subnet with all they need to provide internet access to the instances and public IPs. Then all the instances will be connected to this VPC.

Clustering Options

How many Kurento Media Servers do you want to deploy? Default to 1. Keep in mind AWS has limits to the amount of instances you can launch in EC2. Also, you will pay for every instance individually.

Other parameters

Choose the size of your instance (see OpenVidu performance FAQ) and a Key Pair (create one if you don't have any).

You can choose different sizes for OpenVidu Server machine and KMS machines.

You are ready to go. Click on Next 🡆 Next and complete the following point to deploy OpenVidu Pro cluster.

Roles

Before you can deploy the stack, you have to agree that this template will create Roles which will perform request to AWS API in you behalf from the instances. The Role's policy is only ec2:DescribeInstances, is the minimum required permission and it's needed to discover other cluster members. Every instance is tagged and the query to the API will simply filter by this tag.

After clicking the checkbox, you can now finally press Create stack button and deploy OpenVidu Pro cluster.



3) Connecting to your OpenVidu Server Pro

Now you just have to wait until Stack status is set to CREATE_COMPLETE. Then you will have a production-ready setup with all the advanced features provided by OpenVidu Pro.


To connect to OpenVidu Inspector and the Kibana dashboard, simply access Outputs tab. There you will have both URLs to access both services.

To consume OpenVidu REST API, use URL https://OPENVIDUPRO_PUBLIC_IP:4443. For example, in the image above that would be https://ec2-34-244-193-135.eu-west-1.compute.amazonaws.com:4443