vicidial.org

Hi i have multiple sip webphone but most of them require ssl to work, how may i setup / install a ssl to vicidial to use webrtc ??

Code: Select all

gensslcert -n subdomain.domain.com
service apache2 restart

Probably a good idea to use a real domain name. Possibly even one you own.

This will generate and place a self-signed cert that works but "warns" users. Nothing wrong with that, but ...

Code: Select all

 nano /etc/apache2/vhosts.d/vhost-ssl.conf

Contains the locations of the certs. If you purchase "real" certs, you can place those cert files in the same locations as the self-signed certs and change the filenames.

Note that the seller of the certs usually has step-by-step instructions for the major OSs and Web Servers (including Apache2).

Code: Select all

 nano +115 /etc/sysconfig/apache2

Change:

Code: Select all

APACHE_SERVER_FLAGS="SSL"

Code: Select all

service apache2 restart

Yes i have a subdomain pointed to my server Ip Address ... i just begin the process and says "This is going to take a long time".

Thanks William you are always there for help, Leaders are the ones who give more and you are a leader for many of us. I will keep updating the proccess.

What i should do in this step ???, im stuck i already have a ssl certificate files ...

Code: Select all

nano /etc/apache2/vhosts.d/vhost-ssl.conf

depends on the content of that file. it contains the Apache2 configuration for SSL, stating where the SSL cert and/or CA are stored for the web site. You'd need to modify the existing entries to point to your commercial certs. Which is why you should have directions from the place you bought the certs.

IF you purchased the certs, the instructions should be provided by the company you bought the certs from. Not your hosting company (nor your electric company or the people who sold you the computer, but the people who sold you the CERT should give you instructions on how to install their CERT). IF (heaven forbid) you purchased the cert from your hosting company, they should still have instructions for installation of that cert in Apache2, as it's one of the biggest web server packages in the world.

i found 2 new folders in /etc/apache2 ssl.crt and ssl.csr.
If i edit the csr and crt files with the one who provide my ssl vendor it will work ?? what should be the next step ??

Depends on the instructions from the SSL provider. But if the files are edited correctly (be sure to make a backup of them before you save anything), restarting apache should give you your result ... or an error if there's a problem.

OK i did this:

Code: Select all

gensslcert -n subdomain.domain.com
service apache2 restart

Tried: https://subdomain.domain.com // No results

Code: Select all

nano /etc/apache2/vhosts.d/vhost-ssl.conf

Don't know what to do, i got nano screen with commands at the bottom

Code: Select all

nano +115 /etc/sysconfig/apache2

APACHE_SERVER_FLAGS="SSL" is already changed

Code: Select all

service apache2 restart

Tried: https://subdomain.domain.com // No results

Do i missing something ???

Kk Got it i found this file /etc/apache2/vhosts.d/vhost-ssl.template copy- paste content an change with real values

Code: Select all

# Template for a VirtualHost with SSL
# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
# Files must have the .conf suffix to be loaded.
#
# See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints
# about virtual hosts.

# NameVirtualHost statements should be added to /etc/apache2/listen.conf.

#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned. 
#

<IfDefine SSL>
<IfDefine !NOSSL>

##
## SSL Virtual Host Context
##

<VirtualHost _default_:443>

   #  General setup for the virtual host
   DocumentRoot "/srv/www/htdocs"
   #ServerName www.example.com:443
   #ServerAdmin webmaster@example.com
   ErrorLog /var/log/apache2/error_log
   TransferLog /var/log/apache2/access_log

   #   SSL Engine Switch:
   #   Enable/Disable SSL for this virtual host.
   SSLEngine on

   #   You can use per vhost certificates if SNI is supported.
   SSLCertificateFile /etc/apache2/ssl.crt/vhost-example.crt
   SSLCertificateKeyFile /etc/apache2/ssl.key/vhost-example.key
   #SSLCertificateChainFile /etc/apache2/ssl.crt/vhost-example-chain.crt

   #   Per-Server Logging:
   #   The home of a custom SSL log file. Use this when you want a
   #   compact non-error SSL logfile on a virtual host basis.
   CustomLog /var/log/apache2/ssl_request_log   ssl_combined

</VirtualHost>

</IfDefine>
</IfDefine>



Done Thanks

After Restarting what are the necessary steps i am trying to register SIPML5 phone on vicibox 8 , can anyone please guide me

###############################
##### Yast2 Configuration #####
###############################

yast firewall
custom rules -> add

# Source Network: 0/0 or Internet IP
# Protocol: TCP
# Destination Port: 8089

# Source Network: 0/0 or Internet IP
# Protocol: UDP
# Destination Port: 8089

###############################
#### Asterisk Configuration ###
###############################

vim /etc/asterisk/http.conf

[general]
enabled=yes
bindaddr=(Server IP)
bindport=8088
tlsenable=yes
tlsbindaddr=(Server IP):8089
tlscertfile=/etc/apache2/ssl.crt/vicibox.crt ; path to the certificate file (*.pem) only.
tlsprivatekey=/etc/apache2/ssl.key/vicibox.key ; path to private key file (*.pem) only.

### Open /etc/asterisk/sip.conf ###

realm=domain.com
transport=udp,ws,wss
avpf=yes
srvlookup=yes

###############################
#### Vicidial Configuration ###
###############################

### Configure Web phone URL ###
In vicidial ADMINISTRATION page change Admin->System Settings->Webphone URL: to https://domain.com/PBXWebPhone/index.php


### Specify Web Socket URL: ###
Admin->Servers->(Dialer Server)-> Web Socket URL: to "wss://domain.com:8089/ws"

### Enable Web phone in phone config ###
In vicidial ADMINISTRATION page change Admin->Phones->"Set As Webphone" to "Y"

### Add ssl configuration to phone config ###
### In vicidial ADMINISTRATION page go to Admin->Phones ###
### Select Template ID: SIP_generic Add following config to Conf Override: ###

avpf=yes
encryption=yes
icesupport=yes
nat=comedia
directmedia=no
dtlsenable=yes
dtlsverify=no
dtlscertfile=/etc/apache2/ssl.crt/vicibox.crt
dtlsprivatekey=/etc/apache2/ssl.key/vicibox.key
dtlssetup=actpass

Test https://domain.com:8089/ws