S2E2: WebRTC In The Cloud
In this Episode we will be installing Asterisk 18 and The Browser Phone onto a Virtual Private Cloud. We are going to be using Amazon Web Services and Google Cloud, and we will be installing Ubuntu 18 LTS and CentOS 8 (Stream). We will use Apache to host the phone pages, and reverse proxy the /ws/ folder to Asterisk. We will use Certbot to generate and maintain a certificate for us, but please be sure that you are in control of a domain, and are able to add DNS entries. Both Google and Amazon have free options, so this will not cost anything at first. If you would like to support this channel and my projects, please consider Buying Me a Coffee at: https://www.buymeacoffee.com/innovateast/
Github project page: https://github.com/InnovateAsterisk/S2E2
This article has two main sections: Ubuntu and CentOS. Once the instances are running the installation process is the same, so you only need to select the operating system you want:
Ubuntu 18 LTS on Amazon Web Services & Google Cloud Platform
First make sure the system is updated
$ sudo apt-get update
Install Asterisk
$ cd ~
$ wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18-current.tar.gz
$ tar -xvf asterisk-18[tab]
$ cd asterisk-18.[tab]
$ sudo su
# contrib/scripts/install_prereq install
# ./configure --with-pjproject-bundled
# make menuselect
# make && make install && make config
# exit
$ cd ~
Install Config files for Asterisk
$ git clone https://github.com/InnovateAsterisk/S2E2.git
$ sudo cp ~/S2E2/config/* /etc/asterisk
Edit the HTTP config file
$ sudo nano /etc/asterisk/http.conf
[general]
enabled=yes ; HTTP
bindaddr=127.0.0.1
bindport=8080
tlsenable=no ; HTTPS
enablestatic=no
Asterisk can now be restarted, and will run correctly
$ sudo service asterisk restart
Install and Configure Apache2
$ cd ~
$ sudo su
# apt-get install apache2
# a2enmod ssl
# a2enmod proxy
# a2enmod proxy_http
# a2enmod proxy_wstunnel
Open the ports we need
# nano /etc/apache2/ports.conf
Listen 0.0.0.0:80
Listen 0.0.0.0:443
Listen 0.0.0.0:4443
Create a site for us to use
# nano /etc/apache2/sites-enabled/000-default.conf
<VirtualHost 0.0.0.0:80>
ServerName ubuntu-1._your_domain_goes_here_
DocumentRoot /var/www/html
</VirtualHost>
Restart Apache2 to apply changes
# service apache2 restart
Test your work
# netstat -tunlp
Note: At this point you should go to your DNS manager (what ever you use) and create the host entry file to point to the servers IP address
Install Snap and Certbot
# snap install --classic certbot
# ln -s /snap/bin/certbot /usr/bin/certbot
# certbot --apache
Once Certbots is complete, a new site will be created, open it, and add the ws/ host.
# nano /etc/apache2/sites-enabled/000-default-le-ssl.conf
<VirtualHost 0.0.0.0:4443>
ServerName __copy_from_above__
DocumentRoot /var/www/html
SSLCertificateFile __copy_from_above__
SSLCertificateKeyFile __copy_from_above__
Include /etc/letsencrypt/options-ssl-apache.conf
ProxyRequests off
ProxyPreserveHost On
ProxyPass /ws ws://127.0.0.1:8080/ws
ProxyPassReverse /ws ws://127.0.0.1:8080/ws
</VirtualHost>
Apache config is now complete, restart Apache2, and exit, and return home
# service apache2 restart
# exit
$ cd ~
Install the Browser Phone
$ git clone https://github.com/InnovateAsterisk/Browser-Phone.git
$ sudo cp -r Browser-Phone/Phone/* /var/www/html/
Add users to Asterisk. At this point, if you want to change over to use FreePBX or some other GUI based config editor, you can do so easily. The users you add can the register on the phone settings page.
$ sudo nano /etc/asterisk/pjsip.conf
; == Users
[User1](basic_endpoint,webrtc_endpoint)
type=endpoint
callerid="One Hundred" <100>
auth=User1
aors=User1
[User1](single_aor)
type=aor
mailboxes=User1@default
[User1](userpass_auth)
type=auth
username=User1
password=1234
[User2](basic_endpoint,webrtc_endpoint)
type=endpoint
callerid="Two Hundred" <200>
auth=User2
aors=User2
[User2](single_aor)
type=aor
[User2](userpass_auth)
type=auth
username=User2
password=1234
[User3](basic_endpoint,webrtc_endpoint)
type=endpoint
callerid="Three Hundred" <300>
auth=User3
aors=User3
[User3](single_aor)
type=aor
[User3](userpass_auth)
type=auth
username=User3
password=1234
Update the dialplan to something basic
$ sudo nano /etc/asterisk/extensions.conf
[subscriptions]
exten => 100,hint,PJSIP/User1
exten => 200,hint,PJSIP/User2
exten => 300,hint,PJSIP/User3
[from-extensions]
exten => 100,1,Dial(PJSIP/User1,30)
exten => 200,1,Dial(PJSIP/User2,30)
exten => 300,1,Dial(PJSIP/User3,30)
exten => _[*0-9].,1,NoOp(Music On Hold)
exten => _[*0-9].,n,Ringing()
exten => _[*0-9].,n,Wait(2)
exten => _[*0-9].,n,Answer()
exten => _[*0-9].,n,Wait(1)
exten => _[*0-9].,n,MusicOnHold()
exten => e,1,Hangup()
Give Asterisk a restart to ensure all changes are applied
$ sudo service asterisk restart
CentOS 8 (Stream) on Amazon Web Services & Google Cloud Platform
CentOS is currently transitioning to 8 Stream, but the official image on AWS is still 8. Please use 8 Stream when possible, but if you are not able to make sure you switch the repos out for Stream, and then look out for the switch back.
Change to Super User
$ sudo su
Optional: If you are not on 8 Stream, you need to change the repo to 8 Stream
# echo '8-stream' > /etc/yum/vars/releasever
# dnf swap centos-linux-repos centos-stream-repos
# dnf distro-sync
Check that your system is up to date, and install a few useful tools
# yum update -y
# yum install wget nano net-tools
Disable SELinux in runtime and config
# nano /etc/selinux/config
SELINUX=disabled
# setenforce 0
Optional: If you are not on 8 Stream, you need to change the repo back
# echo '8' > /etc/yum/vars/releasever
Install EPEL, “Development Tools”, and PowerTools
# yum install epel-release
# yum groupinstall "Development Tools"
# dnf install dnf-plugins-core
# dnf upgrade
# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# dnf config-manager --set-enabled powertools
Ensure you have everything with:
# dnf repolist
Exit Super User and return Home
# exit
$ cd ~
Install Asterisk
$ wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18-current.tar.gz
$ tar -xvf asterisk-18[tab]
$ cd asterisk-18.[tab]
$ sudo su
# contrib/scripts/install_prereq install
# ./configure --with-pjproject-bundled
# make menuselect
# make && make install && make config
# exit
$ cd ~
Install Config files for Asterisk
$ git clone https://github.com/InnovateAsterisk/S2E2.git
$ sudo cp ~/S2E2/config/* /etc/asterisk
Edit the HTTP config file
$ sudo nano /etc/asterisk/http.conf
[general]
enabled=yes ; HTTP
bindaddr=127.0.0.1
bindport=8080
tlsenable=no ; HTTPS
enablestatic=no
Asterisk can now be restarted, and will run correctly
$ sudo service asterisk restart
Install and Configure httpd (Apache2)
$ cd ~
$ sudo su
# yum install httpd
# yum install mod_ssl
Open the ports we need
# nano /etc/httpd/conf/httpd.conf
Listen 0.0.0.0:80
Listen 0.0.0.0:4443
Create a site for us to use
# nano /etc/httpd/conf.d/000-default.conf
<VirtualHost 0.0.0.0:80>
ServerName centos-1._your_domain_goes_here_
DocumentRoot /var/www/html
</VirtualHost>
Enable and Restart Apache2 to apply changes
# systemctl enable httpd.service
# systemctl restart httpd.service
Test your work
# netstat -tunlp
Note: At this point you should go to your DNS manager (what ever you use) and create the host entry file to point to the servers IP address
Install Snap and Certbot
# yum install snapd
# systemctl enable --now snapd.socket
# ln -s /var/lib/snapd/snap /snap
# snap install core
# snap refresh core
# snap install --classic certbot
# ln -s /snap/bin/certbot /usr/bin/certbot
# certbot --apache
Once Certbots is complete, a new site will be created, open it, and add the ws/ host.
# nano /etc/httpd/conf.d/000-default-le-ssl.conf
<VirtualHost 0.0.0.0:4443>
ServerName __copy_from_above__
DocumentRoot /var/www/html
SSLCertificateFile __copy_from_above__
SSLCertificateKeyFile __copy_from_above__
Include /etc/letsencrypt/options-ssl-apache.conf
ProxyRequests off
ProxyPreserveHost On
ProxyPass /ws ws://127.0.0.1:8080/ws
ProxyPassReverse /ws ws://127.0.0.1:8080/ws
</VirtualHost>
Apache config is now complete, restart Apache2, and exit, and return home
# service httpd restart
# exit
$ cd ~
Install the Browser Phone
$ git clone https://github.com/InnovateAsterisk/Browser-Phone.git
$ sudo cp -r Browser-Phone/Phone/* /var/www/html/
Add users to Asterisk. At this point, if you want to change over to use FreePBX or some other GUI based config editor, you can do so easily. The users you add can the register on the phone settings page.
$ sudo nano /etc/asterisk/pjsip.conf
; == Users
[User1](basic_endpoint,webrtc_endpoint)
type=endpoint
callerid="One Hundred" <100>
auth=User1
aors=User1
[User1](single_aor)
type=aor
mailboxes=User1@default
[User1](userpass_auth)
type=auth
username=User1
password=1234
[User2](basic_endpoint,webrtc_endpoint)
type=endpoint
callerid="Two Hundred" <200>
auth=User2
aors=User2
[User2](single_aor)
type=aor
[User2](userpass_auth)
type=auth
username=User2
password=1234
[User3](basic_endpoint,webrtc_endpoint)
type=endpoint
callerid="Three Hundred" <300>
auth=User3
aors=User3
[User3](single_aor)
type=aor
[User3](userpass_auth)
type=auth
username=User3
password=1234
Update the dialplan to something basic
$ sudo nano /etc/asterisk/extensions.conf
[subscriptions]
exten => 100,hint,PJSIP/User1
exten => 200,hint,PJSIP/User2
exten => 300,hint,PJSIP/User3
[from-extensions]
exten => 100,1,Dial(PJSIP/User1,30)
exten => 200,1,Dial(PJSIP/User2,30)
exten => 300,1,Dial(PJSIP/User3,30)
exten => _[*0-9].,1,NoOp(Music On Hold)
exten => _[*0-9].,n,Ringing()
exten => _[*0-9].,n,Wait(2)
exten => _[*0-9].,n,Answer()
exten => _[*0-9].,n,Wait(1)
exten => _[*0-9].,n,MusicOnHold()
exten => e,1,Hangup()
Give Asterisk a restart to ensure all changes are applied
$ sudo service asterisk restart