Skip to content

Configure secure communication

Jump to bottom
Andrey Maximov edited this page Jun 1, 2021 · 2 revisions

Prerequisites

  1. The installed conversion tool (see https://github.com/fivejars/vyva/wiki/Server-provisioning for details)
  2. An Open Y website with Virtual Y and Virtual Y Video Automation modules installed (see https://github.com/fivejars/vyva/wiki/Drupal-module-installation-and-configuration)

Securing Jenkins remote triggering

When you initiate a video processing on the Virtual Y side, the module triggers a job in Jenkins. In order to only let your website do that, you have to secure that job with the password.

  1. Log into Jenkins at the conversion tool server.
  2. Hover over the VIDEO_PIPELINE link, click on the chevron icon, click on the Configure link.
  3. At the top of page, click on the Build Triggers link and the page will scroll down.
  4. Set the value of the Authentication Token field under the Build Triggers section. It's recommended if the value is long (16+ characters). Keep the value in secret, as it allows to trigger the conversion remotely.

Remote trigger authentication token

  1. Save the changes.
  2. Log into you Virtual Y website.
  3. Go to Admin menu > Virtual Y > Virtual YMCA settings > Video Automation.
  4. Find the AUTHENTICATION SETTINGS sections and set the value of its Domain field to https://%CONVERSION_TOOL_DOMAIN_NAME%/buildByToken/buildWithParameters?job=VIDEO_PIPELINE&token=%AUTHENTICATION_TOKEN%, where:
    • %CONVERSION_TOOL_DOMAIN_NAME% is the domain name the conversion tool server is accessed at;
    • %AUTHENTICATION_TOKEN% is the value you set in item 4.

Virtual Y Remote Trigger Authentication Token

  1. Submit the form.

Securing the Virtual Y webhook

On each step, a Video processing reports back to the Virtual Y website to keep the progress visible and create a Video node in the end. The reporting happens via a webhook the Video Automation module provides. When the webhook is called, some changes to the database happen. You must not allow anything but trusted applications to make those changes.

The same technique is used here - an authentication token.

  1. Log into your Virtual Y website.
  2. Go to Admin menu > Virtual Y > Virtual YMCA settings > Video Automation.
  3. Find the WEBHOOK AUTHENTICATION sections and set the value of its Token field. Keep it long and keep it in secret.

Virtual Y Webhook Authentication

  1. Submit the form.
  2. Log into Jenkins at the conversion tool server.
  3. Hover over the Worker link in the sidebar, click on the chevron icon, click on the Configure link.
  4. Scroll the form down to the Node Properties > Environment variables.
  5. There are 3 environment variables: AUTH_PASS, AUTH_TOKEN, AUTH_USER. Popuplate the AUTH_TOKEN variable value with the token you set in item 3.

Jenkins Agent Webhook Authentication

  1. Save the changes.

Clone this wiki locally