Merge pull request #2 from red5pro/hotfix/SSH

Update logic to allow SSH connection for specified IP address
red5pro · Mar 19, 2024 · 1092d34 · 1092d34
2 parents fc8a732 + 9ad3040
commit 1092d34
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -77,14 +77,15 @@ module "red5pro_single" {
 
   # SSH key configuration
   create_new_ssh_keys              = true                                                    # true - create new SSH key, false - use existing SSH key
-  new_ssh_key_name                 = "example-ssh-key"                                          # if `create_new_ssh_keys` = true, Name for new SSH key
-  existing_public_ssh_key_path     = "./example-ssh-key.pub"                                  # if `create_new_ssh_keys` = false, Path to existing SSH public key
+  new_ssh_key_name                 = "example-ssh-key"                                       # if `create_new_ssh_keys` = true, Name for new SSH key
+  existing_public_ssh_key_path     = "./example-ssh-key.pub"                                 # if `create_new_ssh_keys` = false, Path to existing SSH public key
   existing_private_ssh_key_path    = "./example-ssh-key.pem"                                 # if `create_new_ssh_keys` = false, Path to existing SSH private key
 
   # VPC configuration
   vpc_create                       = true                                                    # True - Create a new VPC in Google Cloud, False - Use existing VPC
   existing_vpc_network_name        = "example-vpc-name"                                      # if `vpc_create` = false, Existing VPC name used for the network configuration in Google Cloud
-
+  red5_single_ssh_connection_source_ranges = ["YOUR-PUBLIC-IP/32", "1.2.3.4/32"]             # List of IP address ranges to provide SSH connection with red5 server. Kindly provide your public IP to make SSH connection while running this terraform module
+  
   # Single Red5 Pro server HTTPS/SSL certificate configuration
   https_letsencrypt_enable                   = false                                         # true - create new Let's Encrypt HTTPS/SSL certificate, false - use Red5 Pro server without HTTPS/SSL certificate
   https_letsencrypt_certificate_domain_name  = "red5pro.example.com"                         # Domain name for Let's Encrypt SSL certificate

diff --git a/examples/single/main.tf b/examples/single/main.tf
@@ -17,14 +17,15 @@ module "red5pro_single" {
 
   # SSH key configuration
   create_new_ssh_keys              = true                                                    # true - create new SSH key, false - use existing SSH key
-  new_ssh_key_name                 = "example-ssh-key"                                          # if `create_new_ssh_keys` = true, Name for new SSH key
-  existing_public_ssh_key_path     = "./example-ssh-key.pub"                                  # if `create_new_ssh_keys` = false, Path to existing SSH public key
+  new_ssh_key_name                 = "example-ssh-key"                                       # if `create_new_ssh_keys` = true, Name for new SSH key
+  existing_public_ssh_key_path     = "./example-ssh-key.pub"                                 # if `create_new_ssh_keys` = false, Path to existing SSH public key
   existing_private_ssh_key_path    = "./example-ssh-key.pem"                                 # if `create_new_ssh_keys` = false, Path to existing SSH private key
 
   # VPC configuration
   vpc_create                       = true                                                    # True - Create a new VPC in Google Cloud, False - Use existing VPC
   existing_vpc_network_name        = "example-vpc-name"                                      # if `vpc_create` = false, Existing VPC name used for the network configuration in Google Cloud
-
+  red5_single_ssh_connection_source_ranges = ["YOUR-PUBLIC-IP/32", "1.2.3.4/32"]             # List of IP address ranges to provide SSH connection with red5 server. Kindly provide your public IP to make SSH connection while running this terraform module
+
   # Single Red5 Pro server HTTPS/SSL certificate configuration
   https_letsencrypt_enable                   = false                                         # true - create new Let's Encrypt HTTPS/SSL certificate, false - use Red5 Pro server without HTTPS/SSL certificate
   https_letsencrypt_certificate_domain_name  = "red5pro.example.com"                         # Domain name for Let's Encrypt SSL certificate

diff --git a/main.tf b/main.tf
@@ -96,6 +96,19 @@ resource "google_compute_firewall" "red5_single_firewall" {
   project       = local.google_cloud_project
 }
 
+resource "google_compute_firewall" "red5_single_ssh_firewall" {
+  count         = local.single ? 1 : 0
+  name          = "${var.name}-single-ssh-firewall"
+  network       = local.vpc_network_name
+  priority      = 1000
+  allow {
+    protocol    = "tcp"
+    ports       = ["22"]
+  }
+  source_ranges = var.red5_single_ssh_connection_source_ranges
+  project       = local.google_cloud_project
+}
+
 # Red5 Pro single server instance
 resource "google_compute_instance" "red5_single_server" {
   count        = local.single ? 1 : 0

diff --git a/variable.tf b/variable.tf
@@ -102,7 +102,13 @@ variable "ubuntu_images_gcp" {
 variable "red5_single_firewall_ports" {
   description = "The required port open for the Red5 Single server in Google cloud firewall"
   type        = list(string)
-  default     = ["22", "5080", "443", "80"]
+  default     = ["5080", "443", "80"]
+}
+
+variable "red5_single_ssh_connection_source_ranges" {
+  description = "List of IP which required the SSH connection with Red5 Single Server"
+  type        = list(string)
+  default     = ["0.0.0.0/32"]
 }
 
 variable "single_server_instance_type" {