Page 1 of 1

HOW TO SETUP WEBRTC ON VICIBOX 8.0 - 100 % WORKING

PostPosted: Fri Feb 16, 2018 12:48 pm
by dito
WEBRTC INEGRATION ON VICIBOX 8

1 – setup ssl for web
2 – setup ssl for asterisk
3 – setup vicidial
4 – Use of PBXWebPhone as webrtc phone


Work done on a VPS 4 cores 16 Gb Ram 80 Gb HDD, Vicidiabox 8 with asterisk 13
Needed to set up separated cert for asterisk in addition to the web cert setup it worked after ..
I did those steps in a drafty mode it worked I hope I will optimize it and may be not a day a kind of script to do all those steps …
Don’t forget to replace yourdomain.com with your domain
Don’t forget the domain not the ip …


1 – setup ssl for web (@kumba how to )
First you need to modify the file /etc/certbot/cli.ini. Here's what you need to modify or verify:
1) Uncomment and make sure the 'email =' section is set to your valid email. This is what ties the SSL certificates to you for management.
2) Uncomment and put the Fully Qualified Domain Name (FQDN) into the 'domains =' section.
3) Uncomment the line 'agree-tos = True'
4) Uncomment the line 'renew-by-default = True'
5) Uncomment the 'authenticator =' line and change it from standalone to webroot, I.E. 'authenticator = webroot'
6) Uncomment the 'webroot-path =a /srv/www/htdocs' line
7) Comment out the staging 'server =' line and uncomment the production 'server =' line.

After this, you need to make sure you can successfully generate an SSL certificate before continuing to modify Apache configs. If you modify Apache and cannot get an SSL cert issued then Apache will error and refuse to start. You can run certbot by running 'certbot certonly --webroot'. In the output it should say that the SSL was successfully issued. Only once you have successfully gotten an SSL cert issued should you continue with the next set of instructions.


Once you have the SSL cert issued, you need to modify the file /etc/apache2/vhosts.d/1111-default-ssl.conf to reflect where the new SSL certs will be. Replace <FQDN> with the actual fully qualified domain name, I.E. http://www.vicibox.com, etc:
1) Change the SSLCertificateFile line to read: SSLCertificateFile /etc/certbot/live/<FQDN>/cert.pem
2) Uncomment and change the SSLCertificateChainFile line to read: SSLCertificateChainFile /etc/certbot/live/<FQDN>/fullchain.pem
3) Change the SSLCertificateKeyFile line to read: SSLCertificateKeyFile /etc/certbot/live/<FQDN>/privkey.pem
4) service apache2 restart

After that, you should be able to go to https://<FQDN> and successfully reach your ViciDial server.

2 - setup ssl for asterisk :
First check if this line is correct in asterisk.conf : astkeydir => /usr/share/asterisk
And if a folder named key is in
Then get the script from the asterisk repo :
https://github.com/asterisk/asterisk/bl ... t_tls_cert
execute it
./ast_tls_cert -C pbx.example.com -O "My Super Company" -d /usr/share/asterisk/keys
You can then check your /usr/share/asterisk/keys directory to verify the new files were created, as such:
# ls -w 1 /usr/share/asterisk/keys

And you should see:
asterisk.crt
asterisk.csr
asterisk.key
asterisk.pem
ca.cfg
ca.crt
ca.key
tmp.cfg

now go to httpd.conf
Code: Select all
 [general]
enabled=yes
bindaddr=0.0.0.0
bindport=8088
enablestatic=yes
tlsenable=yes         
tlsbindaddr=YOURIP:8089
tlscertfile=/etc/certbot/live/yourdomain.com/cert.pem
tlsprivatekey=/etc/certbot/live/yourdomain.com/privkey.pem 


edit/add those lines to sip.conf :

Code: Select all
[general]
transport=udp,ws,wss
avpf=yes
srvlookup=yes
udpbindaddr=0.0.0.0:5060
context=trunkinbound 
allowguest=no     
allowoverlap=no
realm=YOURDOMAIN.com
bindport=5060
bindaddr=0.0.0.0
srvlookup=yes                 
disallow=all               
allow=ulaw                 
allow=alaw
mohinterpret=default
mohsuggest=default
language=en       


3 – setup vicidial

Go to admin – servers edit server then:
Add to the web socket line:
Code: Select all
wss://yourdomaine.com:8089/ws

Then go to admin templates add a new template call it WebRTC Phone then add :

Code: Select all
type=friend
host=dynamic
trustrpid=yes
sendrpid=no
qualify=yes
qualifyfreq=600
transport=ws,wss,udp
encryption=yes
avpf=yes
icesupport=yes
rtcp_mux=yes
directmedia=no
disallow=all
allow=ulaw,opus,vp8,h264
nat=yes
directmedia=no
dtlsenable=yes
dtlsverify=no
dtlscertfile=/etc/certbot/live/yourdomain.com/cert.pem
dtlsprivatekey=/etc/certbot/live/yourdomain.com/privkey.pem
dtlssetup=actpass



go to admin – phone then create a phone using the webrtc template ,
then go to edit the phone setting go to the line set as webphone to Y

4 – Use of PBXWebPhone as webrtc phone

https://github.com/chornyitaras/PBXWebPhone
Git clone it into your web root folder /srv/www/htdocs/
Then in vicidial goto admin – system settings then to the line :
Default webphone set it to 1
Webphone url:
Code: Select all
PBXWebPhone/index.php


Open url log the agent with the created phone you should hear the sexy laday voice " you are the only one in the world" :p

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Fri Feb 16, 2018 12:50 pm
by williamconley
Now that's a cool post. ;)

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Fri Feb 16, 2018 12:59 pm
by dito
williamconley wrote:Now that's a cool post. ;)

thanks sir, i think the webrtc + asterisk 15 (the newest one with streaming feature into the confbridge)
could be the core of future release of vicidial team
i thank you all vicidial team, you helped a lot of people for years and years
i hope i will succeed to make an automate script for webrtc ..

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Fri Feb 16, 2018 2:10 pm
by Kumba
You can also use the certbot SSL keys for Asterisk as long as the FQDN matches, or run certbot separately on all the dialer servers. This might be a better solution in case WebRTC ever complains about Asterisk using a self-signed SSL certificate.

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Fri Feb 16, 2018 3:38 pm
by dito
Kumba wrote:You can also use the certbot SSL keys for Asterisk as long as the FQDN matches, or run certbot separately on all the dialer servers. This might be a better solution in case WebRTC ever complains about Asterisk using a self-signed SSL certificate.

Yes still not sandboxed a clustered vicidial... I will love to make it work with the asterisk 15 .. confbridge seems to be at it's top level..if it continues to rain this weekend. Will give a try.. thx for the help sir !

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Fri Feb 16, 2018 3:44 pm
by dito
Spoiler from asterisk 15 release (i tested it on a routing environment 300 channels / 50 cps results very similiar to the asterisk 13 but feeling that he is much lighter in process ... in asterisk 15 webrtc config will be so much easier:
Streams
Streams, at their core are logical flows of media. They can be unidirectional or bidirectional and are comprised of media formats. The media formats also contain a type. To simplify things streams only carry a single type of media. Streams can also carry an identifier in the form of a name. For a simple voice call, the stream concept adds no additional value. For video, and specifically WebRTC, streams are essential for things like multi-party video conferencing where a single client may have 8 video streams coming in, 1 video stream going out and 1 bi-directional audio stream.

Prior to version 15, Asterisk had no explicit interface for streams and simply had a single pipe that frames are written to and read from. The negotiated formats are scoped to the entire channel as a result. Interfaces that needed to manipulate media had to inject themselves into this single pipe and had to take special care to not manipulate frames they do not need to. This same pipe also carries control frames and other signaling related operations. The result was a very loose stream implementation. For Asterisk 15, the stream concept has been codified with a new set of capabilities designed specifically for manipulating streams and stream topologies that can be used by any channel driver.

WebRTC
To simplify configuration for users a new option, webrtc, has been created which controls configuration options that are required for WebRTC. If the webrtc option is set to "yes" then all options required for WebRTC are enabled. This does still require that DTLS certificates be manually created and configured.

BUNDLE support has been added which improves call setup time. BUNDLE allows multiple streams (for example audio and video) to use the same underlying transport. Since in WebRTC a transport has to go through ICE negotiation and DTLS negotiation this reduces each of those to only happening once. If additional streams are added to a call this also removes the need to do ICE negotiation and DTLS negotiation allowing the media to flow immediately.

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Wed Mar 07, 2018 3:40 am
by proper
Thank you for the detailed post Dito.

This setup works well for servers facing the internet but did not work with the server behind a network, with direct NAT.

Phone shows ready and gets the call but looks like RTP traffic is not received by the server, any specific configuration changes that would make it work?

Network config is very simple, external IP translated to local IP and any traffic from local IP outbound is routed as external IP, NAT setting is not even needed as all outbound traffic shows up with servers external IP.

If you have any ideas, will appreciate your input.

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Wed Mar 07, 2018 12:51 pm
by dito
proper wrote:Thank you for the detailed post Dito.

This setup works well for servers facing the internet but did not work with the server behind a network, with direct NAT.

Phone shows ready and gets the call but looks like RTP traffic is not received by the server, any specific configuration changes that would make it work?

Network config is very simple, external IP translated to local IP and any traffic from local IP outbound is routed as external IP, NAT setting is not even needed as all outbound traffic shows up with servers external IP.

If you have any ideas, will appreciate your input.


hi propoer,
did you follow all steps ?
webrtc over lan is quite easier !
using webrtc on a local asterisk-freepbx working without https over LAN...

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Wed Mar 07, 2018 2:52 pm
by chornyi_taras
2 - setup ssl for asterisk :
First check if this line is correct in asterisk.conf : astkeydir => /usr/share/asterisk
And if a folder named key is in
Then get the script from the asterisk repo :
https://github.com/asterisk/asterisk/bl ... t_tls_cert
execute it
./ast_tls_cert -C pbx.example.com -O "My Super Company" -d /usr/share/asterisk/keys
You can then check your /usr/share/asterisk/keys directory to verify the new files were created, as such:
# ls -w 1 /usr/share/asterisk/keys

And you should see:
asterisk.crt
asterisk.csr
asterisk.key
asterisk.pem
ca.cfg
ca.crt
ca.key
tmp.cfg


I believe that this can be skipped. script from the asterisk repo will generate self signed cert which is not used. for wss concretion as well as for phone configuration letsencrypt cert is used

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Wed Mar 07, 2018 9:34 pm
by proper
dito wrote:hi propoer,
did you follow all steps ?
webrtc over lan is quite easier !
using webrtc on a local asterisk-freepbx working without https over LAN...


My tests were from outside the network, and asterisk CLI reported lack of RTP activity. The phone registered fine though, just no voice data.

I set up multiple servers with webrtc phone and all of the were facing the internet but this one was behind lan and it is the only one I could not get to work. I checked and recheck all settings number of times. Just thought there maybe setting I am missing for being behind the router.

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Thu Mar 08, 2018 4:02 am
by dito
proper wrote:
dito wrote:hi propoer,
did you follow all steps ?
webrtc over lan is quite easier !
using webrtc on a local asterisk-freepbx working without https over LAN...


My tests were from outside the network, and asterisk CLI reported lack of RTP activity. The phone registered fine though, just no voice data.

I set up multiple servers with webrtc phone and all of the were facing the internet but this one was behind lan and it is the only one I could not get to work. I checked and recheck all settings number of times. Just thought there maybe setting I am missing for being behind the router.


did ou forwarded 20000 to 60000 udp on your router? rtp on webrct seems to use high port udp range
- shut down your firewall to have clear test.
- try to use same codec for exten as for carrier ex: ulaw

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Thu Mar 15, 2018 4:00 pm
by proper
dito wrote:
proper wrote:
dito wrote:hi propoer,
did you follow all steps ?
webrtc over lan is quite easier !
using webrtc on a local asterisk-freepbx working without https over LAN...


My tests were from outside the network, and asterisk CLI reported lack of RTP activity. The phone registered fine though, just no voice data.

I set up multiple servers with webrtc phone and all of the were facing the internet but this one was behind lan and it is the only one I could not get to work. I checked and recheck all settings number of times. Just thought there maybe setting I am missing for being behind the router.


did ou forwarded 20000 to 60000 udp on your router? rtp on webrct seems to use high port udp range
- shut down your firewall to have clear test.
- try to use same codec for exten as for carrier ex: ulaw


All firewalls were shut down as part of testing, and ordinary sip phone worked without issues.
I am sure this has something to do with audio packets not getting to the server despite 1:1 NAT on the external firewall, this means any traffic to given IP is sent to the internal server IP.
I also made sure that any traffic leaving the server is tagged with its external IP

I will play with this soon to see what I can find.

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Thu Apr 12, 2018 2:56 am
by vkad
dito wrote:
proper wrote:
dito wrote:hi propoer,
did you follow all steps ?
webrtc over lan is quite easier !
using webrtc on a local asterisk-freepbx working without https over LAN...


My tests were from outside the network, and asterisk CLI reported lack of RTP activity. The phone registered fine though, just no voice data.

I set up multiple servers with webrtc phone and all of the were facing the internet but this one was behind lan and it is the only one I could not get to work. I checked and recheck all settings number of times. Just thought there maybe setting I am missing for being behind the router.


did ou forwarded 20000 to 60000 udp on your router? rtp on webrct seems to use high port udp range
- shut down your firewall to have clear test.
- try to use same codec for exten as for carrier ex: ulaw



Does your /etc/asterisk/sip.conf contains externip?

Does your /etc/asterisk/rtp.conf contain any ice servers or ice candidate mapping locaip => externip

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Fri Apr 13, 2018 7:15 am
by buns
Hi all,

Great tutorial. Do not forget to compile asterisk with "./configure --with-pjproject-bundled" ; I experienced 488 not acceptable here without it.
My full ./configure options are : --libdir=/usr/lib --with-gsm=internal --enable-opus --enable-srtp --with-ogg=/usr/lib64/ --with-ssl --enable-asteriskssl --with-pjproject-bundled

Sugestions are welcome !

Cheers

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Mon Apr 23, 2018 8:53 pm
by rrb555
Does your /etc/asterisk/sip.conf contains externip?

Does your /etc/asterisk/rtp.conf contain any ice servers or ice candidate mapping locaip => externip


My installation doesn't have any externip. Which is very good unlike before

rtp.cofnf question > i didn't bother to configure this one. and my webrtc is working just fine. Already upgraded an old vicibox 6 installation to v 8 because of this. What I want to test next is the Viciphone which I think is great.

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Mon Apr 23, 2018 8:54 pm
by rrb555
buns wrote:Hi all,

Great tutorial. Do not forget to compile asterisk with "./configure --with-pjproject-bundled" ; I experienced 488 not acceptable here without it.
My full ./configure options are : --libdir=/usr/lib --with-gsm=internal --enable-opus --enable-srtp --with-ogg=/usr/lib64/ --with-ssl --enable-asteriskssl --with-pjproject-bundled

Sugestions are welcome !

Cheers


I didn't get this error, already installed Viciboxv8 10 times

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Wed Sep 05, 2018 1:42 am
by rheymzkilove
Hellow,

i follow all the steps on how to but still im getting error .

An Error occured while connecting to the web socket :(

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Sat Sep 08, 2018 2:25 am
by chornyi_taras
Make shure that port 8089 is open in firewall

Re: HOW TO SETUP WEBRTC ON VICIBOX 8 - 100 % WORKING

PostPosted: Sun Sep 09, 2018 8:13 pm
by rheymzkilove
its all good now... thanks guys

Re: HOW TO SETUP WEBRTC ON VICIBOX 8.0 - 100 % WORKING

PostPosted: Tue Nov 13, 2018 5:41 pm
by escondido
Great tutorial. Looking forward to implementing this ASAP.

Re: HOW TO SETUP WEBRTC ON VICIBOX 8.0 - 100 % WORKING

PostPosted: Tue Nov 13, 2018 6:36 pm
by dspaan
This manual is already outdated since vicibox 8.1.2

Re: HOW TO SETUP WEBRTC ON VICIBOX 8.0 - 100 % WORKING

PostPosted: Thu Nov 22, 2018 10:19 am
by josecapurro
Does it auto answers the login call?

I receive the call in the webphone, but it rings and i can't find a way to answer it.

There is only the MUTE button.

I've tried setting Webphone Auto-Answer: Y in Admin > Phones to no avail.

Any insights?

Re: HOW TO SETUP WEBRTC ON VICIBOX 8.0 - 100 % WORKING

PostPosted: Thu Nov 22, 2018 12:29 pm
by thephaseusa
With viciphone you choose a campaign click submit
Then your screen says go back or Call AGent Webphone
When you click call agent webphone you hear the woman’s voice say you are the only one in this conference.

Are you trying viciphone?
There are several tutorials on this site, and also you can go to
Viciphone.com
And get all info there.

Re: HOW TO SETUP WEBRTC ON VICIBOX 8.0 - 100 % WORKING

PostPosted: Thu Nov 22, 2018 1:33 pm
by dspaan
What i don't understand is why the webphone is not auto dialed after you login.

Re: HOW TO SETUP WEBRTC ON VICIBOX 8.0 - 100 % WORKING

PostPosted: Thu Nov 22, 2018 1:44 pm
by williamconley
Prolly because nobody has modified the methodology to remove that step. Probably just a javascript function that fires a few seconds after page load would do it. But I'm guessing, we haven't looked.

Re: HOW TO SETUP WEBRTC ON VICIBOX 8.0 - 100 % WORKING

PostPosted: Tue Apr 23, 2019 9:36 am
by vkalpsupport
dito wrote:WEBRTC INEGRATION ON VICIBOX 8

1 – setup ssl for web
2 – setup ssl for asterisk
3 – setup vicidial
4 – Use of PBXWebPhone as webrtc phone


Work done on a VPS 4 cores 16 Gb Ram 80 Gb HDD, Vicidiabox 8 with asterisk 13
Needed to set up separated cert for asterisk in addition to the web cert setup it worked after ..
I did those steps in a drafty mode it worked I hope I will optimize it and may be not a day a kind of script to do all those steps …
Don’t forget to replace yourdomain.com with your domain
Don’t forget the domain not the ip …


1 – setup ssl for web (@kumba how to )
First you need to modify the file /etc/certbot/cli.ini. Here's what you need to modify or verify:
1) Uncomment and make sure the 'email =' section is set to your valid email. This is what ties the SSL certificates to you for management.
2) Uncomment and put the Fully Qualified Domain Name (FQDN) into the 'domains =' section.
3) Uncomment the line 'agree-tos = True'
4) Uncomment the line 'renew-by-default = True'
5) Uncomment the 'authenticator =' line and change it from standalone to webroot, I.E. 'authenticator = webroot'
6) Uncomment the 'webroot-path =a /srv/www/htdocs' line
7) Comment out the staging 'server =' line and uncomment the production 'server =' line.

After this, you need to make sure you can successfully generate an SSL certificate before continuing to modify Apache configs. If you modify Apache and cannot get an SSL cert issued then Apache will error and refuse to start. You can run certbot by running 'certbot certonly --webroot'. In the output it should say that the SSL was successfully issued. Only once you have successfully gotten an SSL cert issued should you continue with the next set of instructions.


Once you have the SSL cert issued, you need to modify the file /etc/apache2/vhosts.d/1111-default-ssl.conf to reflect where the new SSL certs will be. Replace <FQDN> with the actual fully qualified domain name, I.E. http://www.vicibox.com, etc:
1) Change the SSLCertificateFile line to read: SSLCertificateFile /etc/certbot/live/<FQDN>/cert.pem
2) Uncomment and change the SSLCertificateChainFile line to read: SSLCertificateChainFile /etc/certbot/live/<FQDN>/fullchain.pem
3) Change the SSLCertificateKeyFile line to read: SSLCertificateKeyFile /etc/certbot/live/<FQDN>/privkey.pem
4) service apache2 restart

After that, you should be able to go to https://<FQDN> and successfully reach your ViciDial server.

2 - setup ssl for asterisk :
First check if this line is correct in asterisk.conf : astkeydir => /usr/share/asterisk
And if a folder named key is in
Then get the script from the asterisk repo :
https://github.com/asterisk/asterisk/bl ... t_tls_cert
execute it
./ast_tls_cert -C pbx.example.com -O "My Super Company" -d /usr/share/asterisk/keys
You can then check your /usr/share/asterisk/keys directory to verify the new files were created, as such:
# ls -w 1 /usr/share/asterisk/keys

And you should see:
asterisk.crt
asterisk.csr
asterisk.key
asterisk.pem
ca.cfg
ca.crt
ca.key
tmp.cfg

now go to httpd.conf
Code: Select all
 [general]
enabled=yes
bindaddr=0.0.0.0
bindport=8088
enablestatic=yes
tlsenable=yes         
tlsbindaddr=YOURIP:8089
tlscertfile=/etc/certbot/live/yourdomain.com/cert.pem
tlsprivatekey=/etc/certbot/live/yourdomain.com/privkey.pem 


edit/add those lines to sip.conf :

Code: Select all
[general]
transport=udp,ws,wss
avpf=yes
srvlookup=yes
udpbindaddr=0.0.0.0:5060
context=trunkinbound 
allowguest=no     
allowoverlap=no
realm=YOURDOMAIN.com
bindport=5060
bindaddr=0.0.0.0
srvlookup=yes                 
disallow=all               
allow=ulaw                 
allow=alaw
mohinterpret=default
mohsuggest=default
language=en       


3 – setup vicidial

Go to admin – servers edit server then:
Add to the web socket line:
Code: Select all
wss://yourdomaine.com:8089/ws

Then go to admin templates add a new template call it WebRTC Phone then add :

Code: Select all
type=friend
host=dynamic
trustrpid=yes
sendrpid=no
qualify=yes
qualifyfreq=600
transport=ws,wss,udp
encryption=yes
avpf=yes
icesupport=yes
rtcp_mux=yes
directmedia=no
disallow=all
allow=ulaw,opus,vp8,h264
nat=yes
directmedia=no
dtlsenable=yes
dtlsverify=no
dtlscertfile=/etc/certbot/live/yourdomain.com/cert.pem
dtlsprivatekey=/etc/certbot/live/yourdomain.com/privkey.pem
dtlssetup=actpass



go to admin – phone then create a phone using the webrtc template ,
then go to edit the phone setting go to the line set as webphone to Y

4 – Use of PBXWebPhone as webrtc phone

https://github.com/chornyitaras/PBXWebPhone
Git clone it into your web root folder /srv/www/htdocs/
Then in vicidial goto admin – system settings then to the line :
Default webphone set it to 1
Webphone url:
Code: Select all
PBXWebPhone/index.php


Open url log the agent with the created phone you should hear the sexy laday voice " you are the only one in the world" :p

Re: HOW TO SETUP WEBRTC ON VICIBOX 8.0 - 100 % WORKING

PostPosted: Wed Apr 15, 2020 5:29 am
by rmathur2588
I am trying to follow these instructions on VICIBox 8.0.1.

When I run "certbot certonly --webroot" it returns an error

"An unexpected error occurred:
The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end ... mev1/88430 for details."

It looks like ACMEv1 is end of life. How can I upgrade and use ACMEv2 in this setup.

Please suggest.

Thanks
Rohit

dito wrote:WEBRTC INEGRATION ON VICIBOX 8

1 – setup ssl for web
2 – setup ssl for asterisk
3 – setup vicidial
4 – Use of PBXWebPhone as webrtc phone


Work done on a VPS 4 cores 16 Gb Ram 80 Gb HDD, Vicidiabox 8 with asterisk 13
Needed to set up separated cert for asterisk in addition to the web cert setup it worked after ..
I did those steps in a drafty mode it worked I hope I will optimize it and may be not a day a kind of script to do all those steps …
Don’t forget to replace yourdomain.com with your domain
Don’t forget the domain not the ip …


1 – setup ssl for web (@kumba how to )
First you need to modify the file /etc/certbot/cli.ini. Here's what you need to modify or verify:
1) Uncomment and make sure the 'email =' section is set to your valid email. This is what ties the SSL certificates to you for management.
2) Uncomment and put the Fully Qualified Domain Name (FQDN) into the 'domains =' section.
3) Uncomment the line 'agree-tos = True'
4) Uncomment the line 'renew-by-default = True'
5) Uncomment the 'authenticator =' line and change it from standalone to webroot, I.E. 'authenticator = webroot'
6) Uncomment the 'webroot-path =a /srv/www/htdocs' line
7) Comment out the staging 'server =' line and uncomment the production 'server =' line.

After this, you need to make sure you can successfully generate an SSL certificate before continuing to modify Apache configs. If you modify Apache and cannot get an SSL cert issued then Apache will error and refuse to start. You can run certbot by running 'certbot certonly --webroot'. In the output it should say that the SSL was successfully issued. Only once you have successfully gotten an SSL cert issued should you continue with the next set of instructions.


Once you have the SSL cert issued, you need to modify the file /etc/apache2/vhosts.d/1111-default-ssl.conf to reflect where the new SSL certs will be. Replace <FQDN> with the actual fully qualified domain name, I.E. http://www.vicibox.com, etc:
1) Change the SSLCertificateFile line to read: SSLCertificateFile /etc/certbot/live/<FQDN>/cert.pem
2) Uncomment and change the SSLCertificateChainFile line to read: SSLCertificateChainFile /etc/certbot/live/<FQDN>/fullchain.pem
3) Change the SSLCertificateKeyFile line to read: SSLCertificateKeyFile /etc/certbot/live/<FQDN>/privkey.pem
4) service apache2 restart

After that, you should be able to go to https://<FQDN> and successfully reach your ViciDial server.

2 - setup ssl for asterisk :
First check if this line is correct in asterisk.conf : astkeydir => /usr/share/asterisk
And if a folder named key is in
Then get the script from the asterisk repo :
https://github.com/asterisk/asterisk/bl ... t_tls_cert
execute it
./ast_tls_cert -C pbx.example.com -O "My Super Company" -d /usr/share/asterisk/keys
You can then check your /usr/share/asterisk/keys directory to verify the new files were created, as such:
# ls -w 1 /usr/share/asterisk/keys

And you should see:
asterisk.crt
asterisk.csr
asterisk.key
asterisk.pem
ca.cfg
ca.crt
ca.key
tmp.cfg

now go to httpd.conf
Code: Select all
 [general]
enabled=yes
bindaddr=0.0.0.0
bindport=8088
enablestatic=yes
tlsenable=yes         
tlsbindaddr=YOURIP:8089
tlscertfile=/etc/certbot/live/yourdomain.com/cert.pem
tlsprivatekey=/etc/certbot/live/yourdomain.com/privkey.pem 


edit/add those lines to sip.conf :

Code: Select all
[general]
transport=udp,ws,wss
avpf=yes
srvlookup=yes
udpbindaddr=0.0.0.0:5060
context=trunkinbound 
allowguest=no     
allowoverlap=no
realm=YOURDOMAIN.com
bindport=5060
bindaddr=0.0.0.0
srvlookup=yes                 
disallow=all               
allow=ulaw                 
allow=alaw
mohinterpret=default
mohsuggest=default
language=en       


3 – setup vicidial

Go to admin – servers edit server then:
Add to the web socket line:
Code: Select all
wss://yourdomaine.com:8089/ws

Then go to admin templates add a new template call it WebRTC Phone then add :

Code: Select all
type=friend
host=dynamic
trustrpid=yes
sendrpid=no
qualify=yes
qualifyfreq=600
transport=ws,wss,udp
encryption=yes
avpf=yes
icesupport=yes
rtcp_mux=yes
directmedia=no
disallow=all
allow=ulaw,opus,vp8,h264
nat=yes
directmedia=no
dtlsenable=yes
dtlsverify=no
dtlscertfile=/etc/certbot/live/yourdomain.com/cert.pem
dtlsprivatekey=/etc/certbot/live/yourdomain.com/privkey.pem
dtlssetup=actpass



go to admin – phone then create a phone using the webrtc template ,
then go to edit the phone setting go to the line set as webphone to Y

4 – Use of PBXWebPhone as webrtc phone

https://github.com/chornyitaras/PBXWebPhone
Git clone it into your web root folder /srv/www/htdocs/
Then in vicidial goto admin – system settings then to the line :
Default webphone set it to 1
Webphone url:
Code: Select all
PBXWebPhone/index.php


Open url log the agent with the created phone you should hear the sexy laday voice " you are the only one in the world" :p

Re: HOW TO SETUP WEBRTC ON VICIBOX 8.0 - 100 % WORKING

PostPosted: Fri Apr 24, 2020 4:02 am
by carpenox
This should help you update your certbot program, https://en.opensuse.org/Let%E2%80%99s_Encrypt

Hope that helps

-Nox

Re: HOW TO SETUP WEBRTC ON VICIBOX 8.0 - 100 % WORKING

PostPosted: Fri Jun 12, 2020 6:49 am
by virtualsky
Can I use Vicidial instead of Vicibox?

dito wrote:WEBRTC INEGRATION ON VICIBOX 8

1 – setup ssl for web
2 – setup ssl for asterisk
3 – setup vicidial
4 – Use of PBXWebPhone as webrtc phone


Work done on a VPS 4 cores 16 Gb Ram 80 Gb HDD, Vicidiabox 8 with asterisk 13
Needed to set up separated cert for asterisk in addition to the web cert setup it worked after ..
I did those steps in a drafty mode it worked I hope I will optimize it and may be not a day a kind of script to do all those steps …
Don’t forget to replace yourdomain.com with your domain
Don’t forget the domain not the ip …


1 – setup ssl for web (@kumba how to )
First you need to modify the file /etc/certbot/cli.ini. Here's what you need to modify or verify:
1) Uncomment and make sure the 'email =' section is set to your valid email. This is what ties the SSL certificates to you for management.
2) Uncomment and put the Fully Qualified Domain Name (FQDN) into the 'domains =' section.
3) Uncomment the line 'agree-tos = True'
4) Uncomment the line 'renew-by-default = True'
5) Uncomment the 'authenticator =' line and change it from standalone to webroot, I.E. 'authenticator = webroot'
6) Uncomment the 'webroot-path =a /srv/www/htdocs' line
7) Comment out the staging 'server =' line and uncomment the production 'server =' line.

After this, you need to make sure you can successfully generate an SSL certificate before continuing to modify Apache configs. If you modify Apache and cannot get an SSL cert issued then Apache will error and refuse to start. You can run certbot by running 'certbot certonly --webroot'. In the output it should say that the SSL was successfully issued. Only once you have successfully gotten an SSL cert issued should you continue with the next set of instructions.


Once you have the SSL cert issued, you need to modify the file /etc/apache2/vhosts.d/1111-default-ssl.conf to reflect where the new SSL certs will be. Replace <FQDN> with the actual fully qualified domain name, I.E. http://www.vicibox.com, etc:
1) Change the SSLCertificateFile line to read: SSLCertificateFile /etc/certbot/live/<FQDN>/cert.pem
2) Uncomment and change the SSLCertificateChainFile line to read: SSLCertificateChainFile /etc/certbot/live/<FQDN>/fullchain.pem
3) Change the SSLCertificateKeyFile line to read: SSLCertificateKeyFile /etc/certbot/live/<FQDN>/privkey.pem
4) service apache2 restart

After that, you should be able to go to https://<FQDN> and successfully reach your ViciDial server.

2 - setup ssl for asterisk :
First check if this line is correct in asterisk.conf : astkeydir => /usr/share/asterisk
And if a folder named key is in
Then get the script from the asterisk repo :
https://github.com/asterisk/asterisk/bl ... t_tls_cert
execute it
./ast_tls_cert -C pbx.example.com -O "My Super Company" -d /usr/share/asterisk/keys
You can then check your /usr/share/asterisk/keys directory to verify the new files were created, as such:
# ls -w 1 /usr/share/asterisk/keys

And you should see:
asterisk.crt
asterisk.csr
asterisk.key
asterisk.pem
ca.cfg
ca.crt
ca.key
tmp.cfg

now go to httpd.conf
Code: Select all
 [general]
enabled=yes
bindaddr=0.0.0.0
bindport=8088
enablestatic=yes
tlsenable=yes         
tlsbindaddr=YOURIP:8089
tlscertfile=/etc/certbot/live/yourdomain.com/cert.pem
tlsprivatekey=/etc/certbot/live/yourdomain.com/privkey.pem 


edit/add those lines to sip.conf :

Code: Select all
[general]
transport=udp,ws,wss
avpf=yes
srvlookup=yes
udpbindaddr=0.0.0.0:5060
context=trunkinbound 
allowguest=no     
allowoverlap=no
realm=YOURDOMAIN.com
bindport=5060
bindaddr=0.0.0.0
srvlookup=yes                 
disallow=all               
allow=ulaw                 
allow=alaw
mohinterpret=default
mohsuggest=default
language=en       


3 – setup vicidial

Go to admin – servers edit server then:
Add to the web socket line:
Code: Select all
wss://yourdomaine.com:8089/ws

Then go to admin templates add a new template call it WebRTC Phone then add :

Code: Select all
type=friend
host=dynamic
trustrpid=yes
sendrpid=no
qualify=yes
qualifyfreq=600
transport=ws,wss,udp
encryption=yes
avpf=yes
icesupport=yes
rtcp_mux=yes
directmedia=no
disallow=all
allow=ulaw,opus,vp8,h264
nat=yes
directmedia=no
dtlsenable=yes
dtlsverify=no
dtlscertfile=/etc/certbot/live/yourdomain.com/cert.pem
dtlsprivatekey=/etc/certbot/live/yourdomain.com/privkey.pem
dtlssetup=actpass



go to admin – phone then create a phone using the webrtc template ,
then go to edit the phone setting go to the line set as webphone to Y

4 – Use of PBXWebPhone as webrtc phone

https://github.com/chornyitaras/PBXWebPhone
Git clone it into your web root folder /srv/www/htdocs/
Then in vicidial goto admin – system settings then to the line :
Default webphone set it to 1
Webphone url:
Code: Select all
PBXWebPhone/index.php


Open url log the agent with the created phone you should hear the sexy laday voice " you are the only one in the world" :p

Re: HOW TO SETUP WEBRTC ON VICIBOX 8.0 - 100 % WORKING

PostPosted: Fri Jun 12, 2020 7:48 am
by carpenox
vicibox is vicidial, asterisk, mysql, and apache all in one which is one you have installed anyways.....so YES