From 33ff0e2c00d7ed9fe86d65dc0a6e318f647dd116 Mon Sep 17 00:00:00 2001 From: lazedo Date: Tue, 29 Apr 2014 11:50:06 +0100 Subject: [PATCH] enable tls/wss create single point of configuration (substdef.cfg) --- kamailio/certs/.placeholder | 1 + kamailio/default.cfg | 15 ++++-- kamailio/kamailio.cfg | 3 ++ kamailio/kamctlrc | 104 ++++++++++++++++++++++++++++++++++++ kamailio/local.cfg | 36 ++++++++----- kamailio/presence-role.cfg | 10 +++- kamailio/roles.cfg | 1 + kamailio/substdef.cfg | 19 +++++++ kamailio/tls.cfg | 52 ++++++++++++++++++ 9 files changed, 223 insertions(+), 18 deletions(-) create mode 100644 kamailio/certs/.placeholder create mode 100644 kamailio/kamctlrc create mode 100644 kamailio/substdef.cfg create mode 100644 kamailio/tls.cfg diff --git a/kamailio/certs/.placeholder b/kamailio/certs/.placeholder new file mode 100644 index 0000000..9581629 --- /dev/null +++ b/kamailio/certs/.placeholder @@ -0,0 +1 @@ +ensure certs directory gets created \ No newline at end of file diff --git a/kamailio/default.cfg b/kamailio/default.cfg index 0d645a3..2dc8c52 100644 --- a/kamailio/default.cfg +++ b/kamailio/default.cfg @@ -169,6 +169,17 @@ loadmodule "uac_redirect.so" ######## DoS prevention mdule ######## loadmodule "pike.so" +#!ifdef TLS-ROLE +####### TLS Parameters ######### +enable_tls = yes +loadmodule "tls.so" +modparam("tls", "config", "/etc/kazoo/kamailio/tls.cfg") +#!endif + +####### Kazoo Integration module ########## +loadmodule "db_kazoo.so" +modparam("db_kazoo", "node_hostname", "kamailio.2600hz.com") + ####### Role Configurations ########## #!ifdef DISPATCHER-ROLE include_file "dispatcher-role.cfg" @@ -186,10 +197,6 @@ include_file "nat-traversal-role.cfg" include_file "websockets-role.cfg" #!endif -####### Kazoo Integration module ########## -#!ifdef INCLUDE-DB-KAZOO -loadmodule "db_kazoo.so" -#!endif ####### DB Text module ########## loadmodule "db_text.so" diff --git a/kamailio/kamailio.cfg b/kamailio/kamailio.cfg index 3ce78f2..6452ef8 100644 --- a/kamailio/kamailio.cfg +++ b/kamailio/kamailio.cfg @@ -3,6 +3,9 @@ ####### Roles Configuration ###### include_file "roles.cfg" +####### variables ##### +include_file "substdef.cfg" + ####### Default Configuration ###### include_file "default.cfg" diff --git a/kamailio/kamctlrc b/kamailio/kamctlrc new file mode 100644 index 0000000..85ef600 --- /dev/null +++ b/kamailio/kamctlrc @@ -0,0 +1,104 @@ +# $Id$ +# +# The Kamailio configuration file for the control tools. +# +# Here you can set variables used in the kamctl and kamdbctl setup +# scripts. Per default all variables here are commented out, the control tools +# will use their internal default values. + +## your SIP domain +## chrooted directory +# $CHROOT_DIR="/path/to/chrooted/directory" + +## database type: MYSQL, PGSQL, ORACLE, DB_BERKELEY, or DBTEXT, by default none is loaded +# If you want to setup a database with kamdbctl, you must at least specify +# this parameter. +DBENGINE=DBTEXT + +# database path used by dbtext or db_berkeley +DB_PATH="/etc/kazoo/kamailio/dbtext" +DBTEXT_PATH="/etc/kazoo/kamailio/dbtext" + + +# Program to calculate a message-digest fingerprint +# MD5="md5sum" + +# awk tool +# AWK="awk" + +# If you use a system with a grep and egrep that is not 100% gnu grep compatible, +# e.g. solaris, install the gnu grep (ggrep) and specify this below. +# +# grep tool +# GREP="grep" + +# egrep tool +# EGREP="egrep" + +# sed tool +# SED="sed" + +# tail tool +# LAST_LINE="tail -n 1" + +# expr tool +# EXPR="expr" + + +# Describe what additional tables to install. Valid values for the variables +# below are yes/no/ask. With ask (default) it will interactively ask the user +# for an answer, while yes/no allow for automated, unassisted installs. +# + +# If to install tables for the modules in the EXTRA_MODULES variable. +# INSTALL_EXTRA_TABLES=ask + +# If to install presence related tables. +# INSTALL_PRESENCE_TABLES=ask + +# Define what module tables should be installed. +# If you use the postgres database and want to change the installed tables, then you +# must also adjust the STANDARD_TABLES or EXTRA_TABLES variable accordingly in the +# kamdbctl.base script. + +# Kamailio standard modules +# STANDARD_MODULES="standard acc lcr domain group permissions registrar usrloc msilo +# alias_db uri_db speeddial avpops auth_db pdt dialog dispatcher +# dialplan" + +# Kamailio extra modules +# EXTRA_MODULES="imc cpl siptrace domainpolicy carrierroute userblacklist htable purple" + + +## type of aliases used: DB - database aliases; UL - usrloc aliases +## - default: none +# ALIASES_TYPE="DB" + +## control engine: FIFO or UNIXSOCK +## - default FIFO +# CTLENGINE="FIFO" + +## path to FIFO file +# OSER_FIFO="FIFO" + +## check ACL names; default on (1); off (0) +# VERIFY_ACL=1 + +## ACL names - if VERIFY_ACL is set, only the ACL names from below list +## are accepted +# ACL_GROUPS="local ld int voicemail free-pstn" + +## verbose - debug purposes - default '0' +# VERBOSE=1 + +## do (1) or don't (0) store plaintext passwords +## in the subscriber table - default '1' +# STORE_PLAINTEXT_PW=0 + +## OPENSER START Options +## PID file path - default is: /var/run/kamailio.pid +# PID_FILE=/var/run/kamailio.pid + +## Extra start options - default is: not set +# example: start Kamailio with 64MB share memory: STARTOPTIONS="-m 64" +STARTOPTIONS="-m 1024" diff --git a/kamailio/local.cfg b/kamailio/local.cfg index adfba55..ec4cb61 100644 --- a/kamailio/local.cfg +++ b/kamailio/local.cfg @@ -13,42 +13,52 @@ debug = L_INFO ####### Binding Parameters ######### # mhomed=1 -listen = tcp:127.0.0.1:5060 -listen = udp:127.0.0.1:5060 -listen = tcp:127.0.0.1:7000 -listen = udp:127.0.0.1:7000 +listen=MY_TCP_ADDR_1 +listen=MY_UDP_ADDR_1 +listen=MY_TCP_ADDR_2 +listen=MY_UDP_ADDR_2 + +#!ifdef TLS-ROLE +listen=MY_TLS_ADDR +#!endif + #!ifdef WEBSOCKETS-ROLE -listen = udp:127.0.0.1:8080 -listen = tcp:127.0.0.1:8080 +listen=MY_WS_ADDR +#!ifdef TLS-ROLE +listen=MY_WSS_ADDR +#!endif #!endif + + + + ####### Dispatcher module ######## #!ifdef DISPATCHER-ROLE -modparam("dispatcher", "ds_ping_from", "sip:sipcheck@127.0.0.1") -# modparam("dispatcher", "ds_ping_sock", "udp:127.0.0.1:5060") +modparam("dispatcher", "ds_ping_from", "sip:sipcheck@@MY_HOST_NAME") #!endif ######## NAT Traversal module - signaling functions ######## #!ifdef NAT-TRAVERSAL-ROLE -modparam("nathelper", "sipping_from", "sip:sipcheck@127.0.0.1") +modparam("nathelper", "sipping_from", "sip:sipcheck@MY_HOST_NAME") # modparam("nathelper", "natping_socket", "127.0.0.1:5060") #!endif ####### Kazoo Integration module ########## #!ifdef INCLUDE-DB-KAZOO ## NOTE: The hostname that should be advertised to Kazoo -modparam("db_kazoo", "node_hostname", "kamailio.2600hz.com") +modparam("db_kazoo", "node_hostname", "MY_HOST_NAME") ## NOTE: If you want a certain fs_path to be sent Kazoo, ## uncomment the next line and set the right value -# modparam("db_kazoo", "register_fs_path", "127.0.0.1:5060") +# modparam("db_kazoo", "register_fs_path", "MY_HOST_NAME") #!endif ####### Common Module Parameters ########## #!ifdef REGISTRAR-ROLE -modparam("auth_db|usrloc", "db_url", "kazoo://guest:guest@127.0.0.1:5672/callmgr") +modparam("auth_db|usrloc", "db_url", "kazoo://guest:guest@MY_RABBIT_HOST_NAME:5672/callmgr") #!endif #!ifdef PRESENCE-ROLE -modparam("presence", "db_url", "kazoo://guest:guest@127.0.0.1:5672/dialoginfo") +modparam("presence", "db_url", "kazoo://guest:guest@MY_RABBIT_HOST_NAME:5672/dialoginfo") #!endif # vim: tabstop=4 softtabstop=4 shiftwidth=4 expandtab diff --git a/kamailio/presence-role.cfg b/kamailio/presence-role.cfg index b29c5d9..7ab393f 100644 --- a/kamailio/presence-role.cfg +++ b/kamailio/presence-role.cfg @@ -10,12 +10,20 @@ modparam("pua_dialoginfo", "library_mode", 1) ######## Presence server module ######## loadmodule "presence.so" loadmodule "presence_dialoginfo.so" +loadmodule "presence_mwi.so" modparam("presence", "subs_db_mode", 1) modparam("presence", "expires_offset", 60) modparam("presence", "publ_cache", 0) -modparam("presence", "min_expires", 300) +#modparam("presence", "min_expires", 300) modparam("presence", "max_expires", 3600) +loadmodule "pua.so" +modparam("pua", "db_url", "text:///etc/kazoo/kamailio/dbtext") +modparam("pua", "db_mode", 0) +modparam("pua", "outbound_proxy", "sip:MY_IP_ADDR") +modparam("pua", "min_expires", 300) + + ####### Presence Logic ######## route[HANDLE_SUBSCRIBE] { diff --git a/kamailio/roles.cfg b/kamailio/roles.cfg index c0fa138..f4a204d 100644 --- a/kamailio/roles.cfg +++ b/kamailio/roles.cfg @@ -5,5 +5,6 @@ #!trydef PRESENCE-ROLE # # #!trydef TRAFFIC-FILTER-ROLE # # #!trydef WEBSOCKETS-ROLE +# # #!trydef TLS-ROLE ## vim:set tabstop=4 softtabstop=4 shiftwidth=4 expandtab diff --git a/kamailio/substdef.cfg b/kamailio/substdef.cfg new file mode 100644 index 0000000..84a9e81 --- /dev/null +++ b/kamailio/substdef.cfg @@ -0,0 +1,19 @@ +#!substdef "!MY_IP_ADDR!127.0.0.1!g" +#!substdef "!MY_HOST_NAME!fqdn.of.this.host!g" +#!substdef "!MY_RABBIT_HOST_NAME!fqdn.of.rabbit.host!g" +#!substdef "!MY_SIP_PORT_1!5060!g" +#!substdef "!MY_SIP_PORT_2!7000!g" +#!substdef "!MY_TLS_PORT!5061!g" +#!substdef "!MY_WS_PORT!80!g" +#!substdef "!MY_WSS_PORT!443!g" +#!substdef "!MY_MSRP_PORT!9000!g" +#!substdef "!MY_WS_ADDR!tcp:MY_IP_ADDR:MY_WS_PORT!g" +#!substdef "!MY_WSS_ADDR!tls:MY_IP_ADDR:MY_WSS_PORT!g" +#!substdef "!MY_MSRP_ADDR!tls:MY_IP_ADDR:MY_MSRP_PORT!g" +#!substdef "!MSRP_MIN_EXPIRES!1800!g" +#!substdef "!MSRP_MAX_EXPIRES!3600!g" +#!substdef "!MY_UDP_ADDR_1!udp:MY_IP_ADDR:MY_SIP_PORT_1!g" +#!substdef "!MY_UDP_ADDR_2!udp:MY_IP_ADDR:MY_SIP_PORT_2!g" +#!substdef "!MY_TCP_ADDR_1!tcp:MY_IP_ADDR:MY_SIP_PORT_1!g" +#!substdef "!MY_TCP_ADDR_2!tcp:MY_IP_ADDR:MY_SIP_PORT_2!g" +#!substdef "!MY_TLS_ADDR!tls:MY_IP_ADDR:MY_TLS_PORT!g" diff --git a/kamailio/tls.cfg b/kamailio/tls.cfg new file mode 100644 index 0000000..1aad910 --- /dev/null +++ b/kamailio/tls.cfg @@ -0,0 +1,52 @@ +# +# $Id$ +# +# Example Kamailio TLS Configuration File +# + +# This is the default server domain, settings +# in this domain will be used for all incoming +# connections that do not match any other server +# domain in this configuration file. +# +# We do not enable anything else than TLSv1 +# over the public internet. Clients do not have +# to present client certificates by default. +# +[server:default] +method = SSLv23 +verify_certificate = no +require_certificate = no +#crl = /etc/kazoo/kamailio/certs/crl.pem +certificate = /etc/kazoo/kamailio/certs/cert.pem +private_key = /etc/kazoo/kamailio/certs/key.pem +ca_list = /etc/kazoo/kamailio/certs/ca.pem + +# This is the default client domain, settings +# in this domain will be used for all outgoing +# TLS connections that do not match any other +# client domain in this configuration file. +# We require that servers present valid certificate. +# +[client:default] +verify_certificate = no +require_certificate = no + +# This is an example server domain for TLS connections +# received from the loopback interface. We allow +# the use of SSLv2 and SSLv3 protocols here, we do +# not require that clients present client certificates +# but if they present it it must be valid. We also use +# a special certificate and CA list for loopback +# interface. +# +#[server:127.0.0.1:5061] +#method = SSLv23 +#verify_certificate = yes +#require_certificate = no +#private_key = /etc/kazoo/kamailio/certs/local_key.pem +#certificate = /etc/kazoo/kamailio/certs/local_cert.pem +#verify_depth = 3 +#ca_list = /etc/kazoo/kamailio/certs/local_ca.pem +#crl = /etc/kazoo/kamailio/certs/local_crl.pem +