Overview

This documentation will guide you in the installation of single instance of Flexisip to provide a complete SIP service for a given domain.

All the communications between the proxy and the SIP user agent will be secured by TLS and communications between the proxy and its auxiliaries (presence server, databases, ...) will be in TCP on localhost.

All the commands are for CentOS 7 but it should be easy to transpose to other GNU/Linux distributions. Furthermore, in all this documentation, mydomain1.com refer to the domain which you are installing Flexisip for.

Set the DNS zone for your domain (mydomain1.com)

@          IN A    <ipv4_address>
           IN AAAA <ipv6_address>
_sip._tcp  IN SRV  0 0 0 .
_sip._udp  IN SRV  0 0 0 .
_sips._tcp IN SRV  0 0 5061 mydomain1.com.

Create all required database

Registrar database

You just need to install Redis server:

yum install redis
systemctl enable --now redis

User database

1. Install MariaDB:

yum install mariadb-server
systemctl enable --now mariadb

2. Create the database and grant access to Flexisip:

echo "
CREATE DATABASE flexisip_accounts;
GRANT ALL PRIVILEGES ON flexisip_accounts.* TO flexisip@localhost;
"
| mysql

3. It is your responsibility to create the schema of the database and to populate the tables. Alternatively, you may use the following schema for testing:

echo "
CREATE TABLE accounts (
  id int(11) unsigned NOT NULL AUTO_INCREMENT,
  username varchar(64) NOT NULL,
  domain varchar(64) NOT NULL,
  password varchar(255) NOT NULL,
  algorithm varchar(10) NOT NULL DEFAULT 'MD5',
  PRIMARY KEY (id),
  UNIQUE KEY identity (username,domain)
);

INSERT INTO accounts VALUES
  (1,'user1','mydomain1.com','secret','CLRTXT'),
  (2,'user2','mydomain1.com','secret','CLRTXT'),
  (3,'user3','mydomain1.com','secret','CLRTXT');
"
| mysql flexisip_accounts

4. Deployment with a lot of user may require to increase the max number of connections that the database may accept. To do so, edit /etc/my.cnf to have this:

[mysqld]
max_connections=500

and restart the database server then.

Conference database

The conference database ensures the persistence of the chat rooms of which the conference server is in charge.

1. Create user for Flexisip:

echo "CREATE USER flexisip@localhost IDENTIFIED BY '<db_password>';" | mysql

2. Create the database and grant access to Flexisip:

echo "
CREATE DATABASE flexisip_conference;
GRANT ALL PRIVILEGES ON flexisip_conference.* TO flexisip@localhost;
"
| mysql

Set up Flexisip

1. Instructions for the installation of Flexisip are available here.

2. Ensure that Soci backend for MySQL and SQlite are installed:

yum install bc-soci-mysql bc-soci-sqlite3

3. Edit /etc/flexisip/flexisip.conf to set the following parameters:

## PROXY SETTINGS ##
[global]

# Use TLS only for public communications and
# TCP for connections with services running
# on localhost (conference server, presence server, ...)
transports=sips:mydomain1.com:5061 sip:127.0.0.1:5060;transport=tcp

# Enable digest authentication
[module::Authentication]
enabled=true
auth-domains=mydomain1.com
available-algorithms=SHA-256
trusted-hosts=127.0.0.1
db-implementation=soci
soci-backend=mysql
soci-connection-string=db='flexisip_accounts' user='<db_user>' password='<db_password>' host='localhost'
soci-password-request=select password, algorithm from accounts where where username= :id and domain= :domain;

# Enable Registrar feature by using the Redis database
[module::Registrar]
enabled=true
reg-domains=mydomain1.com
db-implementation=redis
redis-server-domain=localhost
redis-server-port=6379

# Allow user agents to be registered for
# seven days in order they can receive
# push notifications seven days after
# disconnection.
max-expires=604800

[module::Router]
# Enable fork-late because it is required
# to send push notifications.
fork-late=true

# Chat messages will be kept by the proxy
# for seven days at the most if it cannot
# be delivered to the recipient immediately.
message-delivery-timeout=604800

# Enable push notifications for iOS and Android clients.
[module::PushNotification]
enabled=true
apple=true
firebase=true
firebase-projects-api-keys=<your_project_api_key>


## PRESENCE SERVER SETTINGS ##
[presence-server]
enabled=true
transports=sip:127.0.0.1:5065;transport=tcp

[module::Presence]
enabled=true
presence-server=sip:127.0.0.1:5065;transport=tcp


## CONFERENCE SERVER SETTINGS ##
[conference-server]
enabled=true
transport=sip:127.0.0.1:6064;transport=tcp
conference-factory-uris=sip:conference-factory@mydomain1.com
outbound-proxy=sip:127.0.0.1:5060;transport=tcp
local-domains=mydomain1.com
database-backend=mysql
database-connection-string=db='flexisip_conference' user='<db_user>' password='<db_password>' host='localhost'

4. Put the server certificate and key in /etc/flexisip/tls/agent.pem

5. Put chain certificates in /etc/flexisip/tls/cafile.pem

6. Put client certificates for authenticate against Apple's push notification server into /etc/flexisip/apn. See documentation about PushNotification module for more information.

Start the service

systemctl start flexisip-{proxy,presence,conference}
Tags:
Created by François Grisez on 2020/11/12 14:51