Asterisk + WebRTC

Enable WebRTC so you can use a plain old HTML5 browser to make calls.

I had already configured Asterisk’s http server to use my Let’s Encrypt certificates. This was pretty much redundant for http usage as I always put systems behind an Nginx reverse proxy where I can.

http.conf

[general]
servername=pbx.domain.tld
enabled=yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes            ; enable tls - default no.
tlsbindaddr=0.0.0.0:8089 ; address and port to bind to - default is bindaddr and port 8089.
tlscertfile=/etc/asterisk/keys/fullchain1.pem ; path to the certificate file (*.pem) only.
tlsprivatekey=/etc/asterisk/keys/privkey1.pem ; path to private key file (*.pem) only.

/etc/nginx/conf.d/asterisk.conf

Snippets added into the nginx.conf to proxy to the asterisk /ws path.

Note the use of the non-https port for the upstream asterisk.

upstream asterisk {
  server 127.0.0.1:8088;
}
server {
  ...
  location /ws {
    proxy_buffers 8 32k;
    proxy_buffer_size 64k;
    proxy_pass http://asterisk/ws;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 999999999;
  }
}

pjsip.conf

[transport-wss]
type=transport
protocol=wss
bind=0.0.0.0

ps_aors

Set the max_contacts to 5

ps_endpoints

Set dtls_auto_generate_cert to yes, webrtc to yes

References

https://wiki.asterisk.org/wiki/display/AST/Configuring+Asterisk+for+WebRTC+Clients

https://wiki.asterisk.org/wiki/display/AST/WebRTC+tutorial+using+SIPML5

https://www.bidon.ca/fr/notes/asterisk-webrtc

Jitsi + Asterisk = Jigasi

As I’m working on Asterisk right now the actual challenge is to get Jitsi configured so we can conference in audio users to our video chats. To do this you need to use a SIP add-on called ‘Jigasi’.

Continue reading →

Asterisk – IAX

I just spent the best part of the morning trying to setup Inter Asterisk eXchange between two hosts on the same network. This was described to me as “an easy way to attach a pair of Asterisk servers over a secure link” – which was fine until the “easy” part.

Continue reading →

Asterisk – SIP + TLS

Given that the SIP credentials passed by Asterisks real-time backends are stored as either MD5 or plain-text It’s best that we think about securing the communication over TLS.

Continue reading →

Asterisk and PostgreSQL

I started out wanting a real-time database connection to our existing LDAP server. This went well, but involved importing a schema into the LDAP cn=config and mapping the data into Asterisk.

It then became apparent that the effort involved in linking Asterisk to LDAP didn’t really produce the key result that I was after. My whole reason for linking Asterisk to LDAP was to share authentication credentials from our users for their SIP devices. After I’d deployed it I discovered that Asterisk would store it’s credentials in different fields and what’s worse is that the password could only be plain-text or an MD5 hash.

If our users must use a separate credential for logging into a SIP device, then using LDAP is no longer of interest to me. We may as well use a database – enter PostgreSQL.

Continue reading →

Asterisk PBX v17 Docker

In light of the possibility of many people needing to work from home the boss wanted to upgrade the phone system to bring in some fixes and new features for home working.

I’ve no experience of Asterisk and I’m not really a phone person, but he asked me to get a replacement system using the latest v17 release. I noticed there are v16 images available, but he was insistent upon v17. That meant building from source.

It’s a week of firsts as up until now I haven’t built a multi-stage Docker image either.

Continue reading →