|
@@ -1,6 +1,6 @@
|
|
|
#!KAMAILIO
|
|
#!KAMAILIO
|
|
|
|
|
|
|
|
-#!define DBURL "sqlite:////etc/kamailio/db.sqlite"
|
|
|
|
|
|
|
+#!define DBURL "sqlite:////etc/kamailio/db.sqlite"
|
|
|
|
|
|
|
|
####### Global Parameters #########
|
|
####### Global Parameters #########
|
|
|
|
|
|
|
@@ -8,15 +8,21 @@ debug=2
|
|
|
fork=yes
|
|
fork=yes
|
|
|
children=4
|
|
children=4
|
|
|
|
|
|
|
|
|
|
+enable_tls=1
|
|
|
|
|
+
|
|
|
alias="example.com"
|
|
alias="example.com"
|
|
|
-listen=192.168.111.12
|
|
|
|
|
-port=5060
|
|
|
|
|
-listen=192.168.111.12
|
|
|
|
|
-port=80
|
|
|
|
|
|
|
+
|
|
|
|
|
+listen=192.168.111.2:5060
|
|
|
|
|
+listen=tcp:192.168.111.2:80
|
|
|
|
|
+
|
|
|
|
|
+listen=tls:192.168.111.2:5061
|
|
|
|
|
+listen=tls:192.168.111.2:443
|
|
|
|
|
|
|
|
tcp_connection_lifetime=3604
|
|
tcp_connection_lifetime=3604
|
|
|
tcp_accept_no_cl=yes
|
|
tcp_accept_no_cl=yes
|
|
|
|
|
|
|
|
|
|
+enable_tls=1
|
|
|
|
|
+
|
|
|
syn_branch=0
|
|
syn_branch=0
|
|
|
|
|
|
|
|
#mpath="/usr/lib64/kamailio/modules_k/:/usr/lib64/kamailio/modules/"
|
|
#mpath="/usr/lib64/kamailio/modules_k/:/usr/lib64/kamailio/modules/"
|
|
@@ -41,6 +47,7 @@ loadmodule "xhttp.so"
|
|
|
loadmodule "kex.so"
|
|
loadmodule "kex.so"
|
|
|
loadmodule "websocket.so"
|
|
loadmodule "websocket.so"
|
|
|
loadmodule "mi_rpc.so"
|
|
loadmodule "mi_rpc.so"
|
|
|
|
|
+loadmodule "tls.so"
|
|
|
|
|
|
|
|
# ----------------- setting module-specific parameters ---------------
|
|
# ----------------- setting module-specific parameters ---------------
|
|
|
|
|
|
|
@@ -73,6 +80,14 @@ modparam("auth_db", "calculate_ha1", yes)
|
|
|
modparam("auth_db", "password_column", "password")
|
|
modparam("auth_db", "password_column", "password")
|
|
|
modparam("auth_db", "load_credentials", "")
|
|
modparam("auth_db", "load_credentials", "")
|
|
|
|
|
|
|
|
|
|
+# ----- websocket params -----
|
|
|
|
|
+modparam("websocket", "keepalive_timeout", 30)
|
|
|
|
|
+
|
|
|
|
|
+# ----- tls params -----
|
|
|
|
|
+modparam("tls", "tls_method", "SSLv23")
|
|
|
|
|
+modparam("tls", "certificate", "CA/ser1_cert.pem")
|
|
|
|
|
+modparam("tls", "private_key", "CA/privkey.pem")
|
|
|
|
|
+modparam("tls", "ca_list", "CA/calist.pem")
|
|
|
|
|
|
|
|
####### Routing Logic ########
|
|
####### Routing Logic ########
|
|
|
|
|
|
|
@@ -224,12 +239,14 @@ route[AUTH] {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
event_route[xhttp:request] {
|
|
event_route[xhttp:request] {
|
|
|
- if ($Rp != "80") {
|
|
|
|
|
|
|
+ if ($Rp != "80" && $Rp != "443") {
|
|
|
xlog("L_WARN", "HTTP request received on $Rp\n");
|
|
xlog("L_WARN", "HTTP request received on $Rp\n");
|
|
|
xhttp_reply("403", "Forbidden", "", "");
|
|
xhttp_reply("403", "Forbidden", "", "");
|
|
|
exit;
|
|
exit;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ xlog("L_INFO", "HTTP Request Received\n");
|
|
|
|
|
+
|
|
|
if ($hdr(Upgrade)=~"websocket"
|
|
if ($hdr(Upgrade)=~"websocket"
|
|
|
&& $hdr(Connection)=~"Upgrade"
|
|
&& $hdr(Connection)=~"Upgrade"
|
|
|
&& $rm=~"GET") {
|
|
&& $rm=~"GET") {
|
Peter Dunkley