Skip to main content

How to – Setup Up Secure WebRTC Communication for Vicidial with LetsEncrypt

In this tutorial, we will guide you through the process of securing your Vicidial server and ViciPhone with SSL certificates from LetsEncrypt. Ensuring a secure connection is crucial, especially when dealing with sensitive information in a call center environment. Follow these step-by-step instructions to implement secure communication using WebRTC.

Step 1: Install LetsEncrypt

Run the following command to install LetsEncrypt on your server:


zypper install certbot python3-certbot-apache

Step 2: Create SSL Certificate

Generate SSL certificates for your Vicidial server and ViciPhone using the following command:


certbot certonly --webroot -w /path/of/webroot -d demo.example.com

Step 3: Configure Apache for SSL

Edit the Vicibox vhost file to include the SSL certificate information:


nano /etc/apache2/vhost.d/1111-default-ssl.conf

Update the SSLCertificateFile and SSLCertificateKeyFile paths with your certificate details.

Step 4: Redirect HTTP to HTTPS

Edit the specified file to add a redirect from HTTP to HTTPS:


nano /etc/apache2/vhost.d/1111.default.conf

Add the following line after DocumentRoot:


Redirect permanent / https://yourserverip/

Save the file and restart Apache:


systemctl restart apache2

Step 5: Install SSL Certificate in Asterisk

Update the Asterisk configuration file with SSL certificate information:


cd /etc/asterisk/
nano http.conf

Add the following details:


[general]
enabled=yes
bindaddr=0.0.0.0
bindport=8088
enablestatic=yes
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/letsencrypt/live/domain_name/cert.pem
tlsprivatekey=/etc/letsencrypt/live/domain_name/privkey.pem

Restart Apache and Asterisk:

service apache restart
service asterisk restart

Verify HTTPS status in Asterisk:


asterisk -rx 'http show status'

Step 6: Download and Install ViciPhone

SSH to your Vicibox and run the following commands:


cd /var/tmp
git clone https://github.com/vicimikec/ViciPhone.git
cd Viciphone
cp -r src /srv/www/htdocs/agc/viciphone
chmod -R 755 /srv/www/htdocs/agc/viciphone

Step 7: Vicidial Configuration

Ensure the Vicidial admin interface is accessible via HTTPS. Update the Wephone URL in System settings:


https://192.168.0.201/vicidial/admin.php

Step 8: Configure External Server IP in Vicidial

Navigate to ADMIN -> Servers and configure the External Server IP and Web Socket URL:


Web Socket URL: wss://192.168.0.201:8089/ws

Step 9: Configure Vicidial Websocket Template

Go to Admin -> Templates and create a new template named "Web_phone". Paste the specified entries, adjusting the cert path:


type=friend 
host=dynamic 
context=default 
trustrpid=yes 
sendrpid=no 
qualify=yes 
qualifyfreq=600 
transport=ws,wss,udp
encryption=yes
avpf=yes
icesupport=yes
rtcp_mux=yes
directmedia=no
disallow=all
allow=ulaw,opus,vp8,h264
nat=yes
dtlsenable=yes
dtlsverify=no
dtlscertfile=/etc/letsencrypt/live/domain_name/cert.pem
dtlsprivatekey=/etc/letsencrypt/live/domain_name/privkey.pem
dtlssetup=actpass

Step 10: Create Phone as Webphone

Go to Admin -> Phones -> Add A New Phone and edit the settings as follows:

  1. Set As Webphone: Y
  2. Webphone Auto-Answer: Y
  3. Use External Server IP: N (if using external IP, set to Y)
  4. Template: Select the template created in Step 9 above

By following these steps, you've successfully secured your Vicidial server and ViciPhone with LetsEncrypt SSL certificates, ensuring a safe and encrypted communication environment.

Comments

Post a Comment

Popular posts from this blog

Vicidial Scratch installation Alma -9

Step 1 – Download the dependencies   hostnamectl set-hostname xxxxxx.xxxxx.xxx ### Use YOUR SubDomain vi /etc/hosts ##Change domain name for actual server ip (xxx.xxx.xxx.xxx   complete domain name    subdomain only) timedatectl set-timezone Asia/Kolkata yum check-update yum update -y yum -y install epel-release yum update -y yum install git -y yum install -y kernel* sudo dnf install kernel-devel-$(uname -r) -y #Disable SELINUX sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config     reboot Step 2 – Run the Script cd /usr/src/ git clone https://github.com/manish23k/vicidial-install-scripts cd vicidial-install-scripts ####For PHP 7.4 use this script. chmod +x alma-rocky9-ast16.sh ./alma-rocky9-ast16.sh Or the Asterisk 18 version: chmod +x alma-rocky9-ast18.sh ./alma-rocky9-ast18.sh ####For PHP 8 use this script. chmod +x main-installer-php8.sh ./main-installer-php8.sh
Post a Comment
Read more

How to delete old call logs and other logs in vicidial or goautodial.

Step 1 : SSH to the server using the Putty Step 2:   login to mysql by typing   mysql -p                    (if you dont know password try below command )               mysql -ucron -p1234 Step 3 : select the asterisk database by typing               use asterisk step 4: Run the below command to check total disk occupied by asterisk database                SELECT table_schema AS "asterisk", ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS "Size (MB)" FROM information_schema.TABLES GROUP BY table_schema; Step 5 : Run the below command to check disk space consumed by each table in asterisk database SELECT table_name AS "Table", ROUND(((data_length + index_length) / 1024 / 1024), 2) AS "Size (MB)" FROM information_schema.TABLES WHERE table_schema = "asterisk" ORDER BY (data_length + inde...
Post a Comment
Read more

Alma 9 Vicidial Selfsign Webrtc

I am going to provide step by step guide to integrate, enable and configure the viciphone(a webrtc phone) in vicidial (also applicable to any vicidial based system) using the Self Signed SSL Certificate ,ie without a public-ip and FQDN or accessing the vicidial with internal LAN IP. 1️⃣ Install OpenSSL (if not installed) sudo dnf install -y openssl 2️⃣ Generate a Private Key openssl genpkey -algorithm RSA -out selfsigned.key -pkeyopt rsa_keygen_bits:2048 3️⃣ Create a Certificate Signing Request (CSR) openssl req -new -key selfsigned.key -out selfsigned.csr It will prompt you for details like: Country Name (e.g., IN ) State or Province (e.g., Gujarat ) Locality (City) Organization Name Common Name (Domain, e.g., example.com or your server IP) Email Address You can use localhost or an IP address if needed. 4️⃣ Generate a Self-Signed Certificate openssl x509 -req -days 365 -in selfsigned.csr -signkey selfsigned.key -out selfsigned.crt -days 365 → Valid for 1 year (Adjust as needed) ...
Post a Comment
Read more