weissmall/athena-test
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
athena-test/Dipal/Backend/Fox/Third-party services/Kamailio.md
Sviatoslav Tsariov a1d392d80b docs added
2023-03-15 17:24:49 +03:00

9.4 KiB
Raw Blame History

Installation from package repository

You can install Kamailio from APT repos:

sudo apt-get install kamailio kamailio-websocket-modules kamailio-mysql-modules kamailio-tls-modules kamailio-presence-modules mysql-server

Configuration Files

Configuration files are located in /etc/kamailio/ folder. Copy: kamailio into /etc/kamailio/ rtpengine into /etc/rtpengine fail2ban into /etc/fail2ban

kamctlrc The /etc/kamailio/kamctlrc is the configuration file for kamctl and kamdbctl tools. You need to edit it and set the SIP_DOMAIN to your SIP service domain (or IP address if you don't have a DNS hostname associated with your SIP service).

Set also the DBENGINE to be MYSQL and adjust other setting as you want. Very important are the passwords to connect to MySQL server, respectively DBRWPW and DBROPW. By default, their values are kamailiorw and kamailioro. You should change them before executing kamdbctl create (step detailed the section Create Database).

kamailio.cfg The /etc/kamailio/kamailio.cfg is the configuration file for kamailio. Edit it to enable some of the features shipped with it.

To enable use of MySQL server backend, user authentication and persistent user location, add after the first line:

#!define WITH_MYSQL
#!define WITH_AUTH
#!define WITH_USRLOCDB

For a more detailed configuration, see our Kamailio docs.

Create Database

To create the database structure needed by Kamailio, run:

kamdbctl create

The database name created in MySQL is kamailio. Two access users to MySQL server were created:

kamailio - (with password set by DBRWPW in kamctlrc) - user which has full access rights to kamailio database

kamailioro - ((with password set by DBROPW in kamctlrc) - user which has read-only access rights to kamailio database

The access for the two users is restricted to localhost, but as advised above, it is recommended to change their default passwords.

If you changed the value of DBRWPW in kamctlrc, you must update the value of DBURL define inside kamailio.cfg.

#!define DBURL "mysql://kamailio:_NEW_DBRWPW_@localhost/kamailio"

Alternavely, you can use our SQL script to configure database. {.is-info}

Startup Scripts

Init.d Scripts

Depending on startup system, you may have an /etc/init.d/kamailio script that you can use to start/stop kamailio.

First you should edit /etc/default/kamailio and adjust the setting for kamailio startup script, in particular the one that enables kamailio to start.

sudo /etc/init.d/kamailio start
sudo /etc/init.d/kamailio stop

Systemd Scripts

If the default startup system is systemd, then kamailio can be managed via systemctl:

sudo systemctl start kamailio
sudo systemctl stop kamailio

First you may also need to edit /etc/default/kamailio and adjust the setting for kamailio startup script, in particular the one that enables kamailio to start.

Adding Subscribers

To add subscribers (users), you can use the kamctl command:

kamctl add userid password

Then you can configure your phone to register to Kamailio using the username and password set in the above command.

Reading logs

You can print Kamailio logs from journalctl into file:

sudo journalctl -eu kamailio -f > kamailio.log
vim kamailio.log

Installing RTPengine

  1. Clone the RTPengine repo:
git clone https://github.com/sipwise/rtpengine.git
cd rtpengine
  1. Install the necessary dependencies:
sudo apt install debhelper-compat libmysqlclient-dev gperf libavcodec-dev libavfilter-dev libavformat-dev libavutil-dev libbencode-perl libcrypt-openssl-rsa-perl libcrypt-rijndael-perl libcurl4-openssl-dev libdigest-crc-perl libdigest-hmac-perl libevent-dev libglib2.0-dev libhiredis-dev libio-multiplex-perl libio-socket-inet6-perl libiptc-dev libjson-glib-dev libjson-perl libmosquitto-dev libnet-interface-perl libopus-dev libpcre3-dev libsocket6-perl libspandsp-dev libswresample-dev libsystemd-dev libwebsockets-dev libxmlrpc-core-c3-dev libxtables-dev markdown python3-websockets
  1. Install the bcg729 library:
VER=1.0.4

curl https://codeload.github.com/BelledonneCommunications/bcg729/tar.gz/$VER >bcg729_$VER.orig.tar.gz
tar zxf bcg729_$VER.orig.tar.gz 
cd bcg729-$VER 
git clone https://github.com/ossobv/bcg729-deb.git debian 
dpkg-buildpackage -us -uc -sa -b -rfakeroot
cd ../
dpkg -i libbcg729-*.deb
  1. Check the RTPengine dependencies again:
dpkg-checkbuilddeps
  1. Bulid the deb packages:
dpkg-buildpackage --no-sign

To fix the installation error:

invoke-rc.d: syntax error: unknown option "--skip-systemd-native"
dpkg: error processing package ngcp-rtpengine-daemon (--install):

You need to put the init-system-helpers from bionic-backports to do this by adding the source to /etc/apt/sources.list:

deb http://archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse

Create the file /etc/apt/preferences.d/init-system-helpers with following content:

Package: init-system-helpers
Pin: release a=bionic-backports
Pin-Priority: 500

Install the package:

apt update
apt install init-system-helpers

{.is-warning}

  1. Install the RTPengine:
dpkg -i ngcp-rtpengine-daemon_*.deb 
dpkg -i ngcp-rtpengine-iptables_*.deb 
dpkg -i ngcp-rtpengine-kernel-dkms_*.deb 
dpkg -i ngcp-rtpengine-kernel-source_*.deb 
dpkg -i ngcp-rtpengine-recording-daemon_*.deb 
dpkg -i ngcp-rtpengine-utils_*.deb 
dpkg -i ngcp-rtpengine_*.deb

Configure RTPengine

[rtpengine]

table = -1
interface = pub/<YOUR LOCAL ADDRESS>

listen-ng = 127.0.0.1:16400
listen-udp = 16401

timeout = 60
silent-timeout = 3600
tos = 184

port-min = 16384
port-max = 16485


log-level = 7
log-facility = daemon
log-facility-cdr = local0
log-facility-rtcp = local1

Reading logs

You can print RTPengine logs from journalctl into file:

sudo journalctl -eu ngcp-rtpengine-daemon -f > rtpengine.log
vim rtpengine.log

Kamailio configuration

Preprocessor directives

Kamailio configuration supports preprocessor directives to set constants.

See about configuration language on official site.

At first we should define constants which activate some Kamailio features:

#!define WITH_DEBUG
#!define WITH_MYSQL
#!define WITH_AUTH
#!define WITH_WEBSOCKETS
#!define WITH_LOCALHOST_WS
#!define WITH_NAT
#!define WITH_LOCALHOST_SIP
#!define WITH_TLS
#!define WITH_RTPENGINE
#!define WITH_ANTIFLOOD

After that we can define the constants we are going to use in our configuration (adresses, ports, etc.):

#!substdef "!MY_SIP_PORT!5060!g"
#!substdef "!MY_SIPS_PORT!5061!g"
#!substdef "!MY_WS_PORT!8080!g"
#!substdef "!MY_WSS_PORT!8089!g"

#!substdef "!MY_IP4_ADDR!<YOUR EXTERNAL ADDRESS>!g"
#!substdef "!MY_IP4_LOCAL_ADDR!<YOUR LOCAL NETWORK ADDRESS>!g"
#!substdef "!IP4_LOCALHOST!127.0.0.1!g"
#!substdef "!MY_WS4_ADDR!tcp:MY_IP4_ADDR:MY_WS_PORT!g"
#!substdef "!MY_WSS4_ADDR!tls:MY_IP4_ADDR:MY_WSS_PORT!g"
#!substdef "!LOCALHOST_WS4_ADDR!tcp:IP4_LOCALHOST:MY_WS_PORT!g"
#!substdef "!LOCALHOST_WSS4_ADDR!tls:IP4_LOCALHOST:MY_WSS_PORT!g"

Addresses

Set up listening IP addresses:

#listen=MY_IP4_ADDR
#!ifdef WITH_LOCALHOST_SIP
listen=IP4_LOCALHOST
#!endif
#!endif

##!ifdef WITH_NAT
#listen=udp:MY_IP4_LOCAL_ADDR:5060
#listen=tcp:MY_IP4_LOCAL_ADDR:5060

#listen=udp:MY_IP4_LOCAL_ADDR:5060 advertise MY_IP4_ADDR:5060
#listen=tcp:MY_IP4_LOCAL_ADDR:5060 advertise MY_IP4_ADDR:5060
##!endif

#!ifdef WITH_WEBSOCKETS
listen=MY_WS4_ADDR
#!ifdef WITH_LOCALHOST_WS
listen=LOCALHOST_WS4_ADDR
#!endif
#!ifdef WITH_TLS
listen=MY_WSS4_ADDR
#!ifdef WITH_LOCALHOST_WS
listen=LOCALHOST_WSS4_ADDR
#!endif
#!endif
#!endif

Do not forget to configure alias:

/* add local domain aliases */
alias="your.domain.com"

Generate certificate

Lets Encrypt is a service offering free SSL certificates through an automated API. The most popular Lets Encrypt client is EFFs Certbot.

Install Certbot:

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot

Certbot needs to answer a cryptographic challenge issued by the Lets Encrypt API in order to prove we control our domain. It uses ports 80 (HTTP) or 443 (HTTPS) to accomplish this. Open up the appropriate port in your firewall:

sudo ufw allow 80

Substitute 443 above if thats the port youre using. ufw will output confirmation that your rule was added:

Output Rule added Rule added (v6) {.is-success}

We can now run Certbot to get our certificate. Well use the --standalone option to tell Certbot to handle the challenge using its own built-in web server. The --preferred-challenges option instructs Certbot to use port 80 or port 443. If youre using port 80, you want --preferred-challenges http. For port 443 it would be --preferred-challenges tls-sni. Finally, the -d flag is used to specify the domain youre requesting a certificate for. You can add multiple -d options to cover multiple domains in one certificate.

sudo certbot certonly --standalone --preferred-challenges http -d example.com

Add cerificates to Kamailio:

[server:default]
method = TLSv1.2+
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/keys/privkey.pem
certificate = /etc/kamailio/keys/cert.pem