Stuff I'm Up To

Technical Ramblings

Asterisk + WebRTC — April 16, 2020

Asterisk + WebRTC

Enable WebRTC so you can use a plain old HTML5 browser to make calls.

I had already configured Asterisk’s http server to use my Let’s Encrypt certificates. This was pretty much redundant for http usage as I always put systems behind an Nginx reverse proxy where I can.

http.conf

[general]
servername=pbx.domain.tld
enabled=yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes            ; enable tls - default no.
tlsbindaddr=0.0.0.0:8089 ; address and port to bind to - default is bindaddr and port 8089.
tlscertfile=/etc/asterisk/keys/fullchain1.pem ; path to the certificate file (*.pem) only.
tlsprivatekey=/etc/asterisk/keys/privkey1.pem ; path to private key file (*.pem) only.

/etc/nginx/conf.d/asterisk.conf

Snippets added into the nginx.conf to proxy to the asterisk /ws path.

Note the use of the non-https port for the upstream asterisk.

upstream asterisk {
  server 127.0.0.1:8088;
}
server {
  ...
  location /ws {
    proxy_buffers 8 32k;
    proxy_buffer_size 64k;
    proxy_pass http://asterisk/ws;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 999999999;
  }
}

pjsip.conf

[transport-wss]
type=transport
protocol=wss
bind=0.0.0.0

ps_aors

Set the max_contacts to 5

ps_endpoints

Set dtls_auto_generate_cert to yes, webrtc to yes

References

https://wiki.asterisk.org/wiki/display/AST/Configuring+Asterisk+for+WebRTC+Clients

https://wiki.asterisk.org/wiki/display/AST/WebRTC+tutorial+using+SIPML5

https://www.bidon.ca/fr/notes/asterisk-webrtc

Jitsi + Asterisk = Jigasi — April 15, 2020
Asterisk – IAX — April 14, 2020
Asterisk – SIP + TLS — April 13, 2020
Asterisk and PostgreSQL — April 12, 2020

Asterisk and PostgreSQL

I started out wanting a real-time database connection to our existing LDAP server. This went well, but involved importing a schema into the LDAP cn=config and mapping the data into Asterisk.

It then became apparent that the effort involved in linking Asterisk to LDAP didn’t really produce the key result that I was after. My whole reason for linking Asterisk to LDAP was to share authentication credentials from our users for their SIP devices. After I’d deployed it I discovered that Asterisk would store it’s credentials in different fields and what’s worse is that the password could only be plain-text or an MD5 hash.

If our users must use a separate credential for logging into a SIP device, then using LDAP is no longer of interest to me. We may as well use a database – enter PostgreSQL.

Continue reading
Wireguard Config Builder — April 10, 2020

Wireguard Config Builder

Back in the day when OpenVPN ruled the seas installing it, securing it and authenticating clients with certificates was an process involving plenty of effort. Now with wireguard the setup is a breeze.

Pretty much install wireguard, generate a key pair and start it up!

It sounds too easy, but it is. But let’s cover a few essentials, so you understand what you need to provide to get it working.

Continue reading
Wireguard on a Raspberry Pi — April 9, 2020
iptables – Part 1 — April 7, 2020

iptables – Part 1

My understanding of iptables is rudimentary and I thought it’s time to improve on it. I have an understanding of firewalls, nat and packet filtering, but putting this into iptables always seems hard work.

There are lots of online resources, but nothing seems to be comprehensive enough to cover everything I wanted and writing these posts also acts as a means of driving the material into my own brain. So I thought I’d document it myself in the way that I would typically use it.

Continue reading