enable tls/wss

create single point of configuration (substdef.cfg)

kamailio/certs/.placeholder

@@ -0,0 +1 @@
+ensure certs directory gets created

kamailio/default.cfg

@@ -169,6 +169,17 @@ loadmodule "uac_redirect.so"
 ######## DoS prevention mdule ########
 loadmodule "pike.so"
 
+#!ifdef TLS-ROLE
+####### TLS Parameters #########
+enable_tls = yes
+loadmodule "tls.so"
+modparam("tls", "config", "/etc/kazoo/kamailio/tls.cfg")
+#!endif
+
+####### Kazoo Integration module ##########
+loadmodule "db_kazoo.so"
+modparam("db_kazoo", "node_hostname",  "kamailio.2600hz.com")
+
 ####### Role Configurations ##########
 #!ifdef DISPATCHER-ROLE
 include_file "dispatcher-role.cfg"
@@ -186,10 +197,6 @@ include_file "nat-traversal-role.cfg"
 include_file "websockets-role.cfg"
 #!endif
 
-####### Kazoo Integration module ##########
-#!ifdef INCLUDE-DB-KAZOO
-loadmodule "db_kazoo.so"
-#!endif
 
 ####### DB Text module ##########
 loadmodule "db_text.so"

kamailio/kamailio.cfg

@@ -3,6 +3,9 @@
 ####### Roles Configuration ######
 include_file "roles.cfg"
 
+####### variables #####
+include_file "substdef.cfg"
+
 ####### Default Configuration ######
 include_file "default.cfg"
 

kamailio/kamctlrc

@@ -0,0 +1,104 @@
+# $Id$
+#
+# The Kamailio configuration file for the control tools.
+#
+# Here you can set variables used in the kamctl and kamdbctl setup
+# scripts. Per default all variables here are commented out, the control tools
+# will use their internal default values.
+
+## your SIP domain
+## chrooted directory
+# $CHROOT_DIR="/path/to/chrooted/directory"
+
+## database type: MYSQL, PGSQL, ORACLE, DB_BERKELEY, or DBTEXT, by default none is loaded
+# If you want to setup a database with kamdbctl, you must at least specify
+# this parameter.
+DBENGINE=DBTEXT
+
+# database path used by dbtext or db_berkeley
+DB_PATH="/etc/kazoo/kamailio/dbtext"
+DBTEXT_PATH="/etc/kazoo/kamailio/dbtext"
+
+
+# Program to calculate a message-digest fingerprint 
+# MD5="md5sum"
+
+# awk tool
+# AWK="awk"
+
+# If you use a system with a grep and egrep that is not 100% gnu grep compatible,
+# e.g. solaris, install the gnu grep (ggrep) and specify this below.
+#
+# grep tool
+# GREP="grep"
+
+# egrep tool
+# EGREP="egrep"
+
+# sed tool
+# SED="sed"
+
+# tail tool
+# LAST_LINE="tail -n 1"
+
+# expr tool
+# EXPR="expr"
+
+
+# Describe what additional tables to install. Valid values for the variables
+# below are yes/no/ask. With ask (default) it will interactively ask the user
+# for an answer, while yes/no allow for automated, unassisted installs.
+#
+
+# If to install tables for the modules in the EXTRA_MODULES variable.
+# INSTALL_EXTRA_TABLES=ask
+
+# If to install presence related tables.
+# INSTALL_PRESENCE_TABLES=ask
+
+# Define what module tables should be installed.
+# If you use the postgres database and want to change the installed tables, then you
+# must also adjust the STANDARD_TABLES or EXTRA_TABLES variable accordingly in the
+# kamdbctl.base script.
+
+# Kamailio standard modules
+# STANDARD_MODULES="standard acc lcr domain group permissions registrar usrloc msilo
+#                   alias_db uri_db speeddial avpops auth_db pdt dialog dispatcher
+#                   dialplan"
+
+# Kamailio extra modules
+# EXTRA_MODULES="imc cpl siptrace domainpolicy carrierroute userblacklist htable purple"
+
+
+## type of aliases used: DB - database aliases; UL - usrloc aliases
+## - default: none
+# ALIASES_TYPE="DB"
+
+## control engine: FIFO or UNIXSOCK
+## - default FIFO
+# CTLENGINE="FIFO"
+
+## path to FIFO file
+# OSER_FIFO="FIFO"
+
+## check ACL names; default on (1); off (0)
+# VERIFY_ACL=1
+
+## ACL names - if VERIFY_ACL is set, only the ACL names from below list
+## are accepted
+# ACL_GROUPS="local ld int voicemail free-pstn"
+
+## verbose - debug purposes - default '0'
+# VERBOSE=1
+
+## do (1) or don't (0) store plaintext passwords
+## in the subscriber table - default '1'
+# STORE_PLAINTEXT_PW=0
+
+## OPENSER START Options
+## PID file path - default is: /var/run/kamailio.pid
+# PID_FILE=/var/run/kamailio.pid
+
+## Extra start options - default is: not set
+# example: start Kamailio with 64MB share memory: STARTOPTIONS="-m 64"
+STARTOPTIONS="-m 1024"

kamailio/local.cfg

@@ -13,42 +13,52 @@ debug = L_INFO
 
 ####### Binding Parameters #########
 # mhomed=1
-listen = tcp:127.0.0.1:5060
-listen = udp:127.0.0.1:5060
-listen = tcp:127.0.0.1:7000
-listen = udp:127.0.0.1:7000
+listen=MY_TCP_ADDR_1
+listen=MY_UDP_ADDR_1
+listen=MY_TCP_ADDR_2
+listen=MY_UDP_ADDR_2
+
+#!ifdef TLS-ROLE
+listen=MY_TLS_ADDR
+#!endif
+
 #!ifdef WEBSOCKETS-ROLE
-listen = udp:127.0.0.1:8080
-listen = tcp:127.0.0.1:8080
+listen=MY_WS_ADDR
+#!ifdef TLS-ROLE
+listen=MY_WSS_ADDR
+#!endif
 #!endif
 
+
+
+
+
 ####### Dispatcher module  ########
 #!ifdef DISPATCHER-ROLE
-modparam("dispatcher", "ds_ping_from", "sip:sipcheck@127.0.0.1")
-# modparam("dispatcher", "ds_ping_sock", "udp:127.0.0.1:5060")
+modparam("dispatcher", "ds_ping_from", "sip:sipcheck@@MY_HOST_NAME")
 #!endif
 
 ######## NAT Traversal module - signaling functions ########
 #!ifdef NAT-TRAVERSAL-ROLE
-modparam("nathelper", "sipping_from", "sip:sipcheck@127.0.0.1")
+modparam("nathelper", "sipping_from", "sip:sipcheck@MY_HOST_NAME")
 # modparam("nathelper", "natping_socket", "127.0.0.1:5060")
 #!endif
 
 ####### Kazoo Integration module ##########
 #!ifdef INCLUDE-DB-KAZOO
 ## NOTE: The hostname that should be advertised to Kazoo
-modparam("db_kazoo", "node_hostname",  "kamailio.2600hz.com")
+modparam("db_kazoo", "node_hostname",  "MY_HOST_NAME")
 ## NOTE: If you want a certain fs_path to be sent Kazoo,
 ##       uncomment the next line and set the right value
-# modparam("db_kazoo", "register_fs_path", "127.0.0.1:5060")
+# modparam("db_kazoo", "register_fs_path", "MY_HOST_NAME")
 #!endif
 
 ####### Common Module Parameters ##########
 #!ifdef REGISTRAR-ROLE
-modparam("auth_db|usrloc", "db_url", "kazoo://guest:guest@127.0.0.1:5672/callmgr")
+modparam("auth_db|usrloc", "db_url", "kazoo://guest:guest@MY_RABBIT_HOST_NAME:5672/callmgr")
 #!endif
 #!ifdef PRESENCE-ROLE
-modparam("presence", "db_url", "kazoo://guest:guest@127.0.0.1:5672/dialoginfo")
+modparam("presence", "db_url", "kazoo://guest:guest@MY_RABBIT_HOST_NAME:5672/dialoginfo")
 #!endif
 
 # vim: tabstop=4 softtabstop=4 shiftwidth=4 expandtab

kamailio/presence-role.cfg

@@ -10,12 +10,20 @@ modparam("pua_dialoginfo", "library_mode", 1)
 ######## Presence server module ########
 loadmodule "presence.so"
 loadmodule "presence_dialoginfo.so"
+loadmodule "presence_mwi.so"
 modparam("presence", "subs_db_mode", 1)
 modparam("presence", "expires_offset", 60)
 modparam("presence", "publ_cache", 0)
-modparam("presence", "min_expires", 300)
+#modparam("presence", "min_expires", 300)
 modparam("presence", "max_expires", 3600)
 
+loadmodule "pua.so"
+modparam("pua", "db_url", "text:///etc/kazoo/kamailio/dbtext")
+modparam("pua", "db_mode", 0)
+modparam("pua", "outbound_proxy", "sip:MY_IP_ADDR")
+modparam("pua", "min_expires", 300)
+
+
 ####### Presence Logic ########
 route[HANDLE_SUBSCRIBE]
 {

kamailio/roles.cfg

@@ -5,5 +5,6 @@
 #!trydef PRESENCE-ROLE
 # # #!trydef TRAFFIC-FILTER-ROLE
 # # #!trydef WEBSOCKETS-ROLE
+# # #!trydef TLS-ROLE
 
 ## vim:set tabstop=4 softtabstop=4 shiftwidth=4 expandtab

kamailio/substdef.cfg

@@ -0,0 +1,19 @@
+#!substdef "!MY_IP_ADDR!127.0.0.1!g"
+#!substdef "!MY_HOST_NAME!fqdn.of.this.host!g"
+#!substdef "!MY_RABBIT_HOST_NAME!fqdn.of.rabbit.host!g"
+#!substdef "!MY_SIP_PORT_1!5060!g"
+#!substdef "!MY_SIP_PORT_2!7000!g"
+#!substdef "!MY_TLS_PORT!5061!g"
+#!substdef "!MY_WS_PORT!80!g"
+#!substdef "!MY_WSS_PORT!443!g"
+#!substdef "!MY_MSRP_PORT!9000!g"
+#!substdef "!MY_WS_ADDR!tcp:MY_IP_ADDR:MY_WS_PORT!g"
+#!substdef "!MY_WSS_ADDR!tls:MY_IP_ADDR:MY_WSS_PORT!g"
+#!substdef "!MY_MSRP_ADDR!tls:MY_IP_ADDR:MY_MSRP_PORT!g"
+#!substdef "!MSRP_MIN_EXPIRES!1800!g"
+#!substdef "!MSRP_MAX_EXPIRES!3600!g"
+#!substdef "!MY_UDP_ADDR_1!udp:MY_IP_ADDR:MY_SIP_PORT_1!g"
+#!substdef "!MY_UDP_ADDR_2!udp:MY_IP_ADDR:MY_SIP_PORT_2!g"
+#!substdef "!MY_TCP_ADDR_1!tcp:MY_IP_ADDR:MY_SIP_PORT_1!g"
+#!substdef "!MY_TCP_ADDR_2!tcp:MY_IP_ADDR:MY_SIP_PORT_2!g"
+#!substdef "!MY_TLS_ADDR!tls:MY_IP_ADDR:MY_TLS_PORT!g"

kamailio/tls.cfg

@@ -0,0 +1,52 @@
+#
+# $Id$
+#
+# Example Kamailio TLS Configuration File
+#
+
+# This is the default server domain, settings
+# in this domain will be used for all incoming
+# connections that do not match any other server
+# domain in this configuration file.
+#
+# We do not enable anything else than TLSv1
+# over the public internet. Clients do not have
+# to present client certificates by default.
+#
+[server:default]
+method = SSLv23
+verify_certificate = no
+require_certificate = no
+#crl = /etc/kazoo/kamailio/certs/crl.pem
+certificate = /etc/kazoo/kamailio/certs/cert.pem
+private_key = /etc/kazoo/kamailio/certs/key.pem
+ca_list = /etc/kazoo/kamailio/certs/ca.pem
+
+# This is the default client domain, settings
+# in this domain will be used for all outgoing
+# TLS connections that do not match any other
+# client domain in this configuration file.
+# We require that servers present valid certificate.
+#
+[client:default]
+verify_certificate = no
+require_certificate = no
+
+# This is an example server domain for TLS connections
+# received from the loopback interface. We allow
+# the use of SSLv2 and SSLv3 protocols here, we do
+# not require that clients present client certificates
+# but if they present it it must be valid. We also use
+# a special certificate and CA list for loopback
+# interface.
+#
+#[server:127.0.0.1:5061]
+#method = SSLv23
+#verify_certificate = yes
+#require_certificate = no
+#private_key = /etc/kazoo/kamailio/certs/local_key.pem
+#certificate = /etc/kazoo/kamailio/certs/local_cert.pem
+#verify_depth = 3
+#ca_list = /etc/kazoo/kamailio/certs/local_ca.pem
+#crl = /etc/kazoo/kamailio/certs/local_crl.pem
+