weissmall/athena-test
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
athena-test/docs/Dipal/Backend/Fox/Third-party services/Kamailio.md

331 lines
9.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Installation from package repository
You can install Kamailio from APT repos:
```text
sudo apt-get install kamailio kamailio-websocket-modules kamailio-mysql-modules kamailio-tls-modules kamailio-presence-modules mysql-server
```
# Configuration Files
Configuration files are located in /etc/kamailio/ folder. Copy: kamailio into /etc/kamailio/ rtpengine into /etc/rtpengine fail2ban into /etc/fail2ban
`kamctlrc` The /etc/kamailio/kamctlrc is the configuration file for kamctl and kamdbctl tools. You need to edit it and set the SIP\_DOMAIN to your SIP service domain (or IP address if you don't have a DNS hostname associated with your SIP service).
Set also the DBENGINE to be MYSQL and adjust other setting as you want. Very important are the passwords to connect to MySQL server, respectively DBRWPW and DBROPW. By default, their values are kamailiorw and kamailioro. You should change them before executing kamdbctl create (step detailed the section Create Database).
`kamailio.cfg` The /etc/kamailio/kamailio.cfg is the configuration file for kamailio. Edit it to enable some of the features shipped with it.
To enable use of MySQL server backend, user authentication and persistent user location, add after the first line:
```text
#!define WITH_MYSQL
#!define WITH_AUTH
#!define WITH_USRLOCDB
```
For a more detailed configuration, see [our Kamailio docs](http://194.226.0.195:32127/telecom/kamailio).
## Create Database
To create the database structure needed by Kamailio, run:
```text
kamdbctl create
```
The database name created in MySQL is kamailio. Two access users to MySQL server were created:
`kamailio` - (with password set by DBRWPW in kamctlrc) - user which has full access rights to kamailio database
`kamailioro` - ((with password set by DBROPW in kamctlrc) - user which has read-only access rights to kamailio database
The access for the two users is restricted to localhost, but as advised above, it is recommended to change their default passwords.
If you changed the value of DBRWPW in kamctlrc, you must update the value of DBURL define inside kamailio.cfg.
```text
#!define DBURL "mysql://kamailio:_NEW_DBRWPW_@localhost/kamailio"
```
> Alternavely, you can use [our SQL script](http://194.226.0.195:32127/telecom/kamailio/db) to configure database. {.is-info}
## Startup Scripts
### Init.d Scripts
Depending on startup system, you may have an /etc/init.d/kamailio script that you can use to start/stop kamailio.
First you should edit /etc/default/kamailio and adjust the setting for kamailio startup script, in particular the one that enables kamailio to start.
```text
sudo /etc/init.d/kamailio start
sudo /etc/init.d/kamailio stop
```
### Systemd Scripts
If the default startup system is systemd, then kamailio can be managed via systemctl:
```text
sudo systemctl start kamailio
sudo systemctl stop kamailio
```
First you may also need to edit /etc/default/kamailio and adjust the setting for kamailio startup script, in particular the one that enables kamailio to start.
## Adding Subscribers
To add subscribers (users), you can use the kamctl command:
```text
kamctl add userid password
```
Then you can configure your phone to register to Kamailio using the username and password set in the above command.
## Reading logs
You can print Kamailio logs from journalctl into file:
```text
sudo journalctl -eu kamailio -f > kamailio.log
vim kamailio.log
```
# Installing RTPengine
1. Clone the RTPengine repo:
```text
git clone https://github.com/sipwise/rtpengine.git
cd rtpengine
```
1. Install the necessary dependencies:
```text
sudo apt install debhelper-compat libmysqlclient-dev gperf libavcodec-dev libavfilter-dev libavformat-dev libavutil-dev libbencode-perl libcrypt-openssl-rsa-perl libcrypt-rijndael-perl libcurl4-openssl-dev libdigest-crc-perl libdigest-hmac-perl libevent-dev libglib2.0-dev libhiredis-dev libio-multiplex-perl libio-socket-inet6-perl libiptc-dev libjson-glib-dev libjson-perl libmosquitto-dev libnet-interface-perl libopus-dev libpcre3-dev libsocket6-perl libspandsp-dev libswresample-dev libsystemd-dev libwebsockets-dev libxmlrpc-core-c3-dev libxtables-dev markdown python3-websockets
```
1. Install the bcg729 library:
```text
VER=1.0.4
curl https://codeload.github.com/BelledonneCommunications/bcg729/tar.gz/$VER >bcg729_$VER.orig.tar.gz
tar zxf bcg729_$VER.orig.tar.gz
cd bcg729-$VER
git clone https://github.com/ossobv/bcg729-deb.git debian
dpkg-buildpackage -us -uc -sa -b -rfakeroot
cd ../
dpkg -i libbcg729-*.deb
```
1. Check the RTPengine dependencies again:
```text
dpkg-checkbuilddeps
```
1. Bulid the deb packages:
```text
dpkg-buildpackage --no-sign
```
> To fix the installation error:
>
> ```text
> invoke-rc.d: syntax error: unknown option "--skip-systemd-native"
> dpkg: error processing package ngcp-rtpengine-daemon (--install):
> ```
>
> You need to put the init-system-helpers from bionic-backports to do this by adding the source to /etc/apt/sources.list:
>
> ```text
> deb http://archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse
> ```
>
> Create the file /etc/apt/preferences.d/init-system-helpers with following content:
>
> ```text
> Package: init-system-helpers
> Pin: release a=bionic-backports
> Pin-Priority: 500
> ```
>
> Install the package:
>
> ```text
> apt update
> apt install init-system-helpers
> ```
{.is-warning}
1. Install the RTPengine:
```text
dpkg -i ngcp-rtpengine-daemon_*.deb
dpkg -i ngcp-rtpengine-iptables_*.deb
dpkg -i ngcp-rtpengine-kernel-dkms_*.deb
dpkg -i ngcp-rtpengine-kernel-source_*.deb
dpkg -i ngcp-rtpengine-recording-daemon_*.deb
dpkg -i ngcp-rtpengine-utils_*.deb
dpkg -i ngcp-rtpengine_*.deb
```
## Configure RTPengine
```text
[rtpengine]
table = -1
interface = pub/<YOUR LOCAL ADDRESS>
listen-ng = 127.0.0.1:16400
listen-udp = 16401
timeout = 60
silent-timeout = 3600
tos = 184
port-min = 16384
port-max = 16485
log-level = 7
log-facility = daemon
log-facility-cdr = local0
log-facility-rtcp = local1
```
## Reading logs
You can print RTPengine logs from journalctl into file:
```text
sudo journalctl -eu ngcp-rtpengine-daemon -f > rtpengine.log
vim rtpengine.log
```
# Kamailio configuration
## Preprocessor directives
Kamailio configuration supports preprocessor directives to set constants.
See about configuration language on [official site](http://www.kamailio.org/wiki/cookbooks/devel/core).
At first we should define constants which activate some Kamailio features:
```text
#!define WITH_DEBUG
#!define WITH_MYSQL
#!define WITH_AUTH
#!define WITH_WEBSOCKETS
#!define WITH_LOCALHOST_WS
#!define WITH_NAT
#!define WITH_LOCALHOST_SIP
#!define WITH_TLS
#!define WITH_RTPENGINE
#!define WITH_ANTIFLOOD
```
After that we can define the constants we are going to use in our configuration (adresses, ports, etc.):
```text
#!substdef "!MY_SIP_PORT!5060!g"
#!substdef "!MY_SIPS_PORT!5061!g"
#!substdef "!MY_WS_PORT!8080!g"
#!substdef "!MY_WSS_PORT!8089!g"
#!substdef "!MY_IP4_ADDR!<YOUR EXTERNAL ADDRESS>!g"
#!substdef "!MY_IP4_LOCAL_ADDR!<YOUR LOCAL NETWORK ADDRESS>!g"
#!substdef "!IP4_LOCALHOST!127.0.0.1!g"
#!substdef "!MY_WS4_ADDR!tcp:MY_IP4_ADDR:MY_WS_PORT!g"
#!substdef "!MY_WSS4_ADDR!tls:MY_IP4_ADDR:MY_WSS_PORT!g"
#!substdef "!LOCALHOST_WS4_ADDR!tcp:IP4_LOCALHOST:MY_WS_PORT!g"
#!substdef "!LOCALHOST_WSS4_ADDR!tls:IP4_LOCALHOST:MY_WSS_PORT!g"
```
## Addresses
Set up listening IP addresses:
```text
#listen=MY_IP4_ADDR
#!ifdef WITH_LOCALHOST_SIP
listen=IP4_LOCALHOST
#!endif
#!endif
##!ifdef WITH_NAT
#listen=udp:MY_IP4_LOCAL_ADDR:5060
#listen=tcp:MY_IP4_LOCAL_ADDR:5060
#listen=udp:MY_IP4_LOCAL_ADDR:5060 advertise MY_IP4_ADDR:5060
#listen=tcp:MY_IP4_LOCAL_ADDR:5060 advertise MY_IP4_ADDR:5060
##!endif
#!ifdef WITH_WEBSOCKETS
listen=MY_WS4_ADDR
#!ifdef WITH_LOCALHOST_WS
listen=LOCALHOST_WS4_ADDR
#!endif
#!ifdef WITH_TLS
listen=MY_WSS4_ADDR
#!ifdef WITH_LOCALHOST_WS
listen=LOCALHOST_WSS4_ADDR
#!endif
#!endif
#!endif
```
Do not forget to configure alias:
```text
/* add local domain aliases */
alias="your.domain.com"
```
## Generate certificate
**Lets Encrypt** is a service offering free SSL certificates through an automated API. The most popular Lets Encrypt client is EFFs **Certbot**.
Install Certbot:
```text
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
```
Certbot needs to answer a cryptographic challenge issued by the Lets Encrypt API in order to prove we control our domain. It uses ports 80 (HTTP) or 443 (HTTPS) to accomplish this. Open up the appropriate port in your firewall:
```text
sudo ufw allow 80
```
Substitute 443 above if thats the port youre using. ufw will output confirmation that your rule was added:
> Output Rule added Rule added (v6) {.is-success}
We can now run Certbot to get our certificate. Well use the --standalone option to tell Certbot to handle the challenge using its own built-in web server. The --preferred-challenges option instructs Certbot to use port 80 or port 443. If youre using port 80, you want --preferred-challenges http. For port 443 it would be --preferred-challenges tls-sni. Finally, the -d flag is used to specify the domain youre requesting a certificate for. You can add multiple -d options to cover multiple domains in one certificate.
```text
sudo certbot certonly --standalone --preferred-challenges http -d example.com
```
Add cerificates to Kamailio:
```text
[server:default]
method = TLSv1.2+
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/keys/privkey.pem
certificate = /etc/kamailio/keys/cert.pem
```
Reference in New Issue View Git Blame Copy Permalink