S2E2: WebRTC In The Cloud

In this Episode we will be installing Asterisk 18 and The Browser Phone onto a Virtual Private Cloud. We are going to be using Amazon Web Services and Google Cloud, and we will be installing Ubuntu 18 LTS and CentOS 8 (Stream). We will use Apache to host the phone pages, and reverse proxy the /ws/ folder to Asterisk. We will use Certbot to generate and maintain a certificate for us, but please be sure that you are in control of a domain, and are able to add DNS entries. Both Google and Amazon have free options, so this will not cost anything at first. If you would like to support this channel and my projects, please consider Buying Me a Coffee at: https://www.buymeacoffee.com/innovateast/

Github project page: https://github.com/InnovateAsterisk/S2E2

This article has two main sections: Ubuntu and CentOS. Once the instances are running the installation process is the same, so you only need to select the operating system you want:

Ubuntu 18 LTS on Amazon Web Services & Google Cloud Platform

First make sure the system is updated

$ sudo apt-get update

Install Asterisk

$ cd ~
$ wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18-current.tar.gz
$ tar -xvf asterisk-18[tab]
$ cd asterisk-18.[tab]
$ sudo su
# contrib/scripts/install_prereq install
# ./configure --with-pjproject-bundled
# make menuselect
# make && make install && make config
# exit
$ cd ~

Install Config files for Asterisk

$ git clone https://github.com/InnovateAsterisk/S2E2.git
$ sudo cp ~/S2E2/config/* /etc/asterisk

Edit the HTTP config file

$ sudo nano /etc/asterisk/http.conf

[general]
enabled=yes ; HTTP 
bindaddr=127.0.0.1 
bindport=8080 
tlsenable=no ; HTTPS 
enablestatic=no 

Asterisk can now be restarted, and will run correctly

$ sudo service asterisk restart

Install and Configure Apache2

$ cd ~
$ sudo su
# apt-get install apache2
# a2enmod ssl
# a2enmod proxy
# a2enmod proxy_http
# a2enmod proxy_wstunnel

Open the ports we need

# nano /etc/apache2/ports.conf

Listen 0.0.0.0:80
Listen 0.0.0.0:443
Listen 0.0.0.0:4443

Create a site for us to use

# nano /etc/apache2/sites-enabled/000-default.conf 

<VirtualHost 0.0.0.0:80>
        ServerName ubuntu-1._your_domain_goes_here_
        DocumentRoot /var/www/html
</VirtualHost>

Restart Apache2 to apply changes

# service apache2 restart

Test your work

# netstat -tunlp

Note: At this point you should go to your DNS manager (what ever you use) and create the host entry file to point to the servers IP address

Install Snap and Certbot

# snap install --classic certbot
# ln -s /snap/bin/certbot /usr/bin/certbot
# certbot --apache

Once Certbots is complete, a new site will be created, open it, and add the ws/ host.

# nano /etc/apache2/sites-enabled/000-default-le-ssl.conf 

<VirtualHost 0.0.0.0:4443>
        ServerName __copy_from_above__
        DocumentRoot /var/www/html

        SSLCertificateFile __copy_from_above__
        SSLCertificateKeyFile __copy_from_above__
        Include /etc/letsencrypt/options-ssl-apache.conf

        ProxyRequests off
        ProxyPreserveHost On
        ProxyPass /ws ws://127.0.0.1:8080/ws
        ProxyPassReverse /ws ws://127.0.0.1:8080/ws
</VirtualHost>

Apache config is now complete, restart Apache2, and exit, and return home

# service apache2 restart
# exit
$ cd ~

Install the Browser Phone

$ git clone https://github.com/InnovateAsterisk/Browser-Phone.git
$ sudo cp -r Browser-Phone/Phone/* /var/www/html/

Add users to Asterisk. At this point, if you want to change over to use FreePBX or some other GUI based config editor, you can do so easily. The users you add can the register on the phone settings page.

$ sudo nano /etc/asterisk/pjsip.conf

; == Users

[User1](basic_endpoint,webrtc_endpoint)
type=endpoint
callerid="One Hundred" <100>
auth=User1
aors=User1
[User1](single_aor)
type=aor
mailboxes=User1@default
[User1](userpass_auth)
type=auth
username=User1
password=1234

[User2](basic_endpoint,webrtc_endpoint)
type=endpoint
callerid="Two Hundred" <200>
auth=User2
aors=User2
[User2](single_aor)
type=aor
[User2](userpass_auth)
type=auth
username=User2
password=1234

[User3](basic_endpoint,webrtc_endpoint)
type=endpoint
callerid="Three Hundred" <300>
auth=User3
aors=User3
[User3](single_aor)
type=aor
[User3](userpass_auth)
type=auth
username=User3
password=1234

Update the dialplan to something basic

$ sudo nano /etc/asterisk/extensions.conf

[subscriptions]
exten => 100,hint,PJSIP/User1
exten => 200,hint,PJSIP/User2
exten => 300,hint,PJSIP/User3

[from-extensions]
exten => 100,1,Dial(PJSIP/User1,30)
exten => 200,1,Dial(PJSIP/User2,30)
exten => 300,1,Dial(PJSIP/User3,30)

exten => _[*0-9].,1,NoOp(Music On Hold)
exten => _[*0-9].,n,Ringing()
exten => _[*0-9].,n,Wait(2)
exten => _[*0-9].,n,Answer()
exten => _[*0-9].,n,Wait(1)
exten => _[*0-9].,n,MusicOnHold()

exten => e,1,Hangup()

Give Asterisk a restart to ensure all changes are applied

$ sudo service asterisk restart

CentOS 8 (Stream) on Amazon Web Services & Google Cloud Platform

CentOS is currently transitioning to 8 Stream, but the official image on AWS is still 8. Please use 8 Stream when possible, but if you are not able to make sure you switch the repos out for Stream, and then look out for the switch back.

Change to Super User

$ sudo su

Optional: If you are not on 8 Stream, you need to change the repo to 8 Stream

# echo '8-stream' > /etc/yum/vars/releasever 
# dnf swap centos-linux-repos centos-stream-repos
# dnf distro-sync

Check that your system is up to date, and install a few useful tools

# yum update -y
# yum install wget nano net-tools

Disable SELinux in runtime and config

# nano /etc/selinux/config

SELINUX=disabled

# setenforce 0

Optional: If you are not on 8 Stream, you need to change the repo back

# echo '8' > /etc/yum/vars/releasever

Install EPEL, “Development Tools”, and PowerTools

# yum install epel-release
# yum groupinstall "Development Tools"
# dnf install dnf-plugins-core
# dnf upgrade
# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# dnf config-manager --set-enabled powertools

Ensure you have everything with:

# dnf repolist

Exit Super User and return Home

# exit
$ cd ~

Install Asterisk

$ wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18-current.tar.gz
$ tar -xvf asterisk-18[tab]
$ cd asterisk-18.[tab]
$ sudo su
# contrib/scripts/install_prereq install
# ./configure --with-pjproject-bundled
# make menuselect
# make && make install && make config
# exit
$ cd ~

Install Config files for Asterisk

$ git clone https://github.com/InnovateAsterisk/S2E2.git
$ sudo cp ~/S2E2/config/* /etc/asterisk

Edit the HTTP config file

$ sudo nano /etc/asterisk/http.conf

[general]
enabled=yes ; HTTP 
bindaddr=127.0.0.1 
bindport=8080 
tlsenable=no ; HTTPS 
enablestatic=no 

Asterisk can now be restarted, and will run correctly

$ sudo service asterisk restart

Install and Configure httpd (Apache2)

$ cd ~
$ sudo su
# yum install httpd
# yum install mod_ssl

Open the ports we need

# nano /etc/httpd/conf/httpd.conf

Listen 0.0.0.0:80
Listen 0.0.0.0:4443

Create a site for us to use

# nano /etc/httpd/conf.d/000-default.conf 

<VirtualHost 0.0.0.0:80>
        ServerName centos-1._your_domain_goes_here_
        DocumentRoot /var/www/html
</VirtualHost>

Enable and Restart Apache2 to apply changes

# systemctl enable httpd.service
# systemctl restart httpd.service

Test your work

# netstat -tunlp

Note: At this point you should go to your DNS manager (what ever you use) and create the host entry file to point to the servers IP address

Install Snap and Certbot

# yum install snapd
# systemctl enable --now snapd.socket
# ln -s /var/lib/snapd/snap /snap
# snap install core
# snap refresh core
# snap install --classic certbot
# ln -s /snap/bin/certbot /usr/bin/certbot
# certbot --apache

Once Certbots is complete, a new site will be created, open it, and add the ws/ host.

# nano /etc/httpd/conf.d/000-default-le-ssl.conf 

<VirtualHost 0.0.0.0:4443>
        ServerName __copy_from_above__
        DocumentRoot /var/www/html

        SSLCertificateFile __copy_from_above__
        SSLCertificateKeyFile __copy_from_above__
        Include /etc/letsencrypt/options-ssl-apache.conf

        ProxyRequests off
        ProxyPreserveHost On
        ProxyPass /ws ws://127.0.0.1:8080/ws
        ProxyPassReverse /ws ws://127.0.0.1:8080/ws
</VirtualHost>

Apache config is now complete, restart Apache2, and exit, and return home

# service httpd restart
# exit
$ cd ~

Install the Browser Phone

$ git clone https://github.com/InnovateAsterisk/Browser-Phone.git
$ sudo cp -r Browser-Phone/Phone/* /var/www/html/

Add users to Asterisk. At this point, if you want to change over to use FreePBX or some other GUI based config editor, you can do so easily. The users you add can the register on the phone settings page.

$ sudo nano /etc/asterisk/pjsip.conf

; == Users

[User1](basic_endpoint,webrtc_endpoint)
type=endpoint
callerid="One Hundred" <100>
auth=User1
aors=User1
[User1](single_aor)
type=aor
mailboxes=User1@default
[User1](userpass_auth)
type=auth
username=User1
password=1234

[User2](basic_endpoint,webrtc_endpoint)
type=endpoint
callerid="Two Hundred" <200>
auth=User2
aors=User2
[User2](single_aor)
type=aor
[User2](userpass_auth)
type=auth
username=User2
password=1234

[User3](basic_endpoint,webrtc_endpoint)
type=endpoint
callerid="Three Hundred" <300>
auth=User3
aors=User3
[User3](single_aor)
type=aor
[User3](userpass_auth)
type=auth
username=User3
password=1234

Update the dialplan to something basic

$ sudo nano /etc/asterisk/extensions.conf

[subscriptions]
exten => 100,hint,PJSIP/User1
exten => 200,hint,PJSIP/User2
exten => 300,hint,PJSIP/User3

[from-extensions]
exten => 100,1,Dial(PJSIP/User1,30)
exten => 200,1,Dial(PJSIP/User2,30)
exten => 300,1,Dial(PJSIP/User3,30)

exten => _[*0-9].,1,NoOp(Music On Hold)
exten => _[*0-9].,n,Ringing()
exten => _[*0-9].,n,Wait(2)
exten => _[*0-9].,n,Answer()
exten => _[*0-9].,n,Wait(1)
exten => _[*0-9].,n,MusicOnHold()

exten => e,1,Hangup()

Give Asterisk a restart to ensure all changes are applied

$ sudo service asterisk restart

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.