Deploy Flexisip for one domain
Overview
This documentation will guide you through the installation of single instance of Flexisip to provide a complete SIP service for a given domain.
All the communications between the proxy and the SIP user agent will be secured by TLS and communications between the proxy and its auxiliaries (presence server, databases, ...) will be in TCP on localhost.
All the commands are for CentOS 7 but it should be easy to transpose to other GNU/Linux distributions. Furthermore, through all this documentation, mydomain1.com refers to the domain on which you are installing Flexisip.
Set the DNS zone for your domain (mydomain1.com)
IN AAAA <ipv6_address>
_sip._tcp IN SRV 0 0 0 .
_sip._udp IN SRV 0 0 0 .
_sips._tcp IN SRV 0 0 5061 mydomain1.com.
Create all required database
Registrar database
You just need to install Redis server:
systemctl enable --now redis
User database
1. Install MariaDB:
systemctl enable --now mariadb
2. Create the database and grant access to Flexisip:
CREATE DATABASE flexisip_accounts;
GRANT ALL PRIVILEGES ON flexisip_accounts.* TO flexisip@localhost;
" | mysql
3. It is your responsibility to create the schema of the database and to populate the tables. Alternatively, you may use the following schema for testing:
CREATE TABLE accounts (
id int(11) unsigned NOT NULL AUTO_INCREMENT,
username varchar(64) NOT NULL,
domain varchar(64) NOT NULL,
password varchar(255) NOT NULL,
algorithm varchar(10) NOT NULL DEFAULT 'MD5',
PRIMARY KEY (id),
UNIQUE KEY identity (username,domain)
);
INSERT INTO accounts VALUES
(1,'user1','mydomain1.com','secret','CLRTXT'),
(2,'user2','mydomain1.com','secret','CLRTXT'),
(3,'user3','mydomain1.com','secret','CLRTXT');
" | mysql flexisip_accounts
4. Deployment with a lot of user may require to increase the max number of connections that the database may accept. To do so, edit /etc/my.cnf to have this:
max_connections=500
and restart the database server then.
Conference database
The conference database ensures the persistence of the chat rooms of which the conference server is in charge.
1. Create user for Flexisip:
2. Create the database and grant access to Flexisip:
CREATE DATABASE flexisip_conference;
GRANT ALL PRIVILEGES ON flexisip_conference.* TO flexisip@localhost;
" | mysql
Set up Flexisip
1. Instructions for the installation of Flexisip are available here.
2. Edit /etc/flexisip/flexisip.conf to set the following parameters:
[global]
# Use TLS only for public communications and
# TCP for connections with services running
# on localhost (conference server, presence server, ...)
transports=sips:mydomain1.com:5061 sip:127.0.0.1:5060;transport=tcp
tls-certificates-file=/etc/letsencrypt/live/mydomain1.com/fullchain.pem
tls-certificates-private-key=/etc/letsencrypt/live/mydomain1.com/privkey.pem
# Enable digest authentication
[module::Authentication]
enabled=true
auth-domains=mydomain1.com
available-algorithms=SHA-256
trusted-hosts=127.0.0.1
db-implementation=soci
soci-backend=mysql
soci-connection-string=db='flexisip_accounts' user='<db_user>' password='<db_password>' host='localhost'
soci-password-request=select password, algorithm from accounts where where username= :id and domain= :domain;
# Enable Registrar feature by using the Redis database
[module::Registrar]
enabled=true
reg-domains=mydomain1.com
db-implementation=redis
redis-server-domain=localhost
redis-server-port=6379
# Allow user agents to be registered for
# seven days in order they can receive
# push notifications seven days after
# disconnection.
max-expires=604800
[module::Router]
# Enable fork-late because it is required
# to send push notifications.
fork-late=true
# Chat messages will be kept by the proxy
# for seven days at the most if it cannot
# be delivered to the recipient immediately.
message-delivery-timeout=604800
# Enable push notifications for iOS and Android clients.
[module::PushNotification]
enabled=true
apple=true
firebase=true
firebase-projects-api-keys=<your_project_api_key>
## PRESENCE SERVER SETTINGS ##
[presence-server]
enabled=true
transports=sip:127.0.0.1:5065;transport=tcp
[module::Presence]
enabled=true
presence-server=sip:127.0.0.1:5065;transport=tcp
## CONFERENCE SERVER SETTINGS ##
[conference-server]
enabled=true
transport=sip:127.0.0.1:6064;transport=tcp
conference-factory-uris=sip:conference-factory@mydomain1.com
outbound-proxy=sip:127.0.0.1:5060;transport=tcp
local-domains=mydomain1.com
database-backend=mysql
database-connection-string=db='flexisip_conference' user='<db_user>' password='<db_password>' host='localhost'
3. Put client certificates to authenticate against Apple's push notification server into /etc/flexisip/apn. See documentation about PushNotification module for more information.