Installation and configuration of WebRTC with asterisk on Amazon

Installation and configuration of WebRTC with asterisk on Amazon

Installing Base Packages needed in Amazon Linux or CentOS to install Asterisk PBX

We first need to install some basic packages, to compile everything:

sudo yum install \
gcc \
gcc-c++ \
make \
autoconf \
libtool \
ncurses-devel \
libuuid-devel \
libxml2-devel \
sqlite-devel \
git \
speex-devel \
patch \
screen \
pkgconfig \
wget \
nginx \
svn

 

Nginx is installed so we can serve our own HTML5 application in the same server, but you can skip it if that will not be your case.

NOTE: In CentOS you will need to install epel-release to install nginx.

yum install epel-release

Install Daemon Tools to start the Asterisk PBX as a service

It is highly recommended that you manage your asterisk installations with daemon tools. You can find out how to install them in this article titled: Installing Daemon Tools in Amazon Linux (or CentOS like OS).

Install libgsm 1.0.13

cd /usr/src
wget http://www.quut.com/gsm/gsm-1.0.13.tar.gz
tar -xvzf gsm-1.0.13.tar.gz

You have to download and apply the following patch so you can build libgsm as a shared library:

wget https://gist.githubusercontent.com/marcelog/9b5410706640279218ba/raw/017e98f03187ebd12e059f0170f7ca764a81edfa/libgsm-shared.patch
patch -p0 < libgsm-shared.patch

 

Then you can proceed to build and install:

cd gsm-1.0-pl13 && make && make install
ln -s /usr/local/include /usr/local/inc
mkdir -p /usr/local/man/man3
make GSM_INSTALL_ROOT=/usr/local install
cp lib/libgsm.so* /usr/local/lib

Install OpenSSL 1.0.2d

cd /usr/src
wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
tar zxf openssl-1.0.2d.tar.gz
cd openssl-1.0.2d
./config shared –prefix=/usr –openssldir=/usr/openssl-1.0.2d
make
make install

Install libsrtp 1.5.2 as a shared library

libsrtp is used to provide audio by using SRTP and its mandatory for webrtc communications. We need to install libsrtp as a shared library:

cd /usr/src
git clone https://github.com/cisco/libsrtp/
cd libsrtp
git checkout v1.5.2
CFLAGS=-fPIC ./configure –enable-pic && make shared_library && make install

Install libjansson 2.7

cd /usr/src
wget http://www.digip.org/jansson/releases/jansson-2.7.tar.gz
tar zxf jansson-2.7.tar.gz
cd jansson-2.7
./configure –prefix=/usr/libjansson-2.7
make
make install

Install PjProject 2.4

PJSip is a new full SIP stack, used to replace chan_sip. And although we’re still going to use chan_sip here, pjsip is needed to correctly handle ICE and STUN.

cd /usr/src
git clone https://github.com/asterisk/pjproject pjproject
cd pjproject/
CFLAGS=-I/usr/srtp-2.4/include -I/usr/libsrtp-1.5.2/include \
LDFLAGS=-L/usr/srtp-2.4/lib -L/usr/libsrtp-1.5.2/lib \
./configure \
–prefix=/usr/pjproject-2.4 \
–enable-shared \
–disable-sound \
–disable-resample \
–disable-video \
–disable-opencore-amr \
–with-external-speex \
–with-external-srtp \
–with-external-gsm
make dep
make
make install

Install Asterisk 13.6.0

cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-13.6.0.tar.gz
tar zxf asterisk-13.6.0.tar.gz
cd asterisk-13.6.0
PKG_CONFIG_PATH=${PKG_CONFIG}:/usr/pjproject-2.4/lib/pkgconfig \
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/pjproject-2.4/lib:/usr/libsrtp-1.5.2/lib:/usr/openssl-1.0.2d/lib \
CFLAGS=-I/usr/srtp-2.4/include \
-I/usr/libsrtp-1.5.2/include \
-I/usr/pjproject-2.4/include \
LDFLAGS=-L/usr/libsrtp-1.5.2/lib \
-L/usr/libsrtp-1.5.2/lib \
-L/usr/pjproject-2.4/lib ./configure \
–with-jansson=/usr/libjansson-2.7 \
–prefix=/usr/asterisk-13.6.0 \
–with-ssl=/usr/openssl-1.0.2d \
–with-crypto=/usr/openssl-1.0.2d \
–with-pjproject=/usr/pjproject-2.4 \
–with-srtp=/usr/libsrtp-1.5.2

Configure Asterisk. Make sure that all the pj* resources are enabled, as well as the res_srtp and res_http_websocket ones.

make menuconfig
make
make install
make samples
ln -s /usr/asterisk-13.6.0 /usr/asterisk

Add library paths to /etc/profile

You might want to add this to your /etc/profile so the correct libraries will be used in your shell:

export LD_LIBRARY_PATH=/usr/libjansson-2.7/lib:/usr/pjproject-2.4/lib:/usr/openssl-1.0.2d/lib:/usr/libsrtp-1.5.2/lib:/usr/local/lib
PATH=$PATH:/usr/asterisk/sbin
PATH=$PATH:/command
export PATH

Setup /usr/asterisk/etc/asterisk/sip.conf

In the general section of your sip.conf file set:

[general]
externaddr=a.b.c.d ; Your public ElasticIP
media_address=a.b.c.d ; Your public ElasticIP
localnet=q.q.q.q/w.w.w.w ; Your internal network and mask
context=public
realm=your-web-domain.net ; Used for authentication
transport=udp,wss

Sample SIP Peer for WebRTC in Asterisk

[100]
context=wrtc
host=dynamic
type=friend
encryption=yes
avpf=yes
icesupport=yes
directmedia=no
canreinvite=no
disallow=all
allow=ulaw
transport=ws,wss,udp
force_avp=yes
nat=force_rport,comedia
qualify=yes
secret=100
dtlsenable=yes
dtlsverify=no
dtlscertfile=/etc/ssl/certs/your-ssl-cert-with-intermediate-certificates.pem
dtlsprivatekey=/etc/ssl/certs/your-ssl-cert-key.key
dtlscafile=/etc/ssl/certs/your-ca-cert.pem
dtlssetup=actpass
srtpcapable=yes
videosupport=no

Setup the HTTP webserver in Asterisk PBX to support the WebRTC websocket in /usr/asterisk/etc/asterisk/http.conf

In your http.conf file:

servername=your-web-domain.net
enabled=yes
bindaddr=0.0.0.0
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/ssl/certs/your-ssl-cert-with-intermediate-certificates.pem
tlsprivatekey=/etc/ssl/certs/your-ssl-cert-key.key

Setup the RTP ports in Asterisk in /usr/asterisk/etc/asterisk/rtp.conf

In your rtp.conf file:

stunaddr=stun.l.google.com:19302
icesupport=true

Create a user for Asterisk

NOTE: You can skip this step if you’re not using daemontools.

useradd -s /bin/false -M -U asterisk

Setup daemontools to start asterisk

NOTE: You can skip this step if you’re not using daemontools.

mkdir /tmp/asterisk
cd /tmp/asterisk
mkdir env
mkdir log
echo /usr/libjansson-2.7/lib:/usr/pjproject-2.4/lib:/usr/openssl-1.0.2d/lib:/usr/libsrtp-1.5.2/lib:/usr/local/lib > env/LD_LIBRARY_PATH

Create the ./log/run file with the following contents:

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/command
exec 2>&1
mkdir -p /var/log/asterisk
chown -R asterisk:asterisk /var/log/asterisk
exec envuidgid asterisk multilog t s10485760 n5 !tai64nlocal /var/log/asterisk

Create the ./run file with the following contents:

mkdir -p /var/run/asterisk
chown -R asterisk /var/run/asterisk
exec 2>&1
exec setuidgid root envdir /etc/service/asterisk/env /usr/asterisk/sbin/asterisk -f

Make daemontools start Asterisk automatically:

chmod 700 run
chmod 700 log/run
cd ..
mv asterisk /etc/service

Install SIPML5

NOTE: You can skip this step if you already have your own webrtc application or other means to test the installation.

cd /usr/share/nginx/html
git clone https://github.com/DoubangoTelecom/sipml5

Setup the nginx host to serve your WebRTC VoIP Application

NOTE: You can skip this step if you already have your own webrtc application or other means to test the installation.

Generate a stronger DHE for SSL key exchange

cd /etc/ssl/certs
openssl dhparam -out dhparam.pem 4096

Setup the nginx host:

listen 443;
server_name your-web-domain.net;
root /usr/share/nginx/html/sipml5;
ssl on;
ssl_trusted_certificate /etc/ssl/certs/your-ca-cert.pem;
ssl_certificate /etc/ssl/certs/your-ssl-cert-with-intermediate-certificates.pem;
ssl_certificate_key /etc/ssl/certs/your-ssl-cert-key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers “ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE
-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-
SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4″;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;

After starting nginx, you should be able to point your browser to: https://your-web-domain.net/call.htm?svn=230# and see the SIPML5 demo.

SIPML5 configuration for the Asterisk PBX

In the Expert section:

      • Check “Disable Video”
      • Check “Enable RTCWeb Breaker”
      • Set the “Websocket Server URL”: wss://your-web-domain.net:8089/ws
      • Set the “ICE servers”: [{ url: ‘stun:stun.l.google.com:19302’}]
      • Check “Cache the media stream”

In the Login section:

      • Set “Display Name”: 100
      • Set “Private Identity”: 100
      • Set “Public Identity”: sip:100@your-web-domain.net
      • Set “Password”: 100
      • Set “Realm”: your-web-domain.net

Using self signed certificates

If you’re using self signed certificates and notice an error in your javascript console like this one

…failed: WebSocket opening handshake was canceled

You have to manually add the certificate to the browser’s trusted vault. To do this manually point your browser to https://your-web-domain.net:8089/ws and confirm the security exception. That should solve the issue and you should be able to connect to the websocket port from SIPML5.

One thought on “Installation and configuration of WebRTC with asterisk on Amazon

Comments are closed.