Step 1 : WEBRTC Configuration
Follow the below steps to configure webrtc, Letencrypt SSL certificate and Viciphone webrtc webphone.
- Now you have your own domain and pointed to your server
- Try to access your server via domain http://xyz.ddns.net/
Step 2 : Free SSL Certificate from Letsencrypt
LetsEncrypt is a Certificate Authority (CA) that provides free certificates for Transport Layer Security (TLS) encryption, thereby enabling encrypted HTTPS on web servers. It simplifies the process of creation, validation, signing, installation, and renewal of certificates by providing a software client that automates most of the steps—Certbot.
To generate the letsencrypt SSL certificate follow below steps.
Step 3 : Install Certbot and Dependicies
yum install certbot python2-certbot-apache mod_ssl
Step 4 : certbot command to generate SSL certificate
certbot certonly --w /var/www/html -d 24ithub.com --register-unsafely-without-email
<note: replace 24ithub.com with your domain>
<enter 3 for webroot location.
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3
- Once the process is sucessfull ,you will get the sucessful message and the certificates and key will be save in below mentioned folder
- note: enter you domain after /live folder
cd /etc/letsencrypt/live/24ithub.com/
ls
cert.pem chain.pem fullchain.pem privkey.pem README
Step 5 : update ssl certificate in ssl.conf
You need to point your new ssl certificate and key path in the ssl.conf so that your server will be accessed via new Letsencrypt certificates.
edit vi /etc/httd/conf.d/ssl.conf
search the below lines and update with your certificate as show below
SSLCertificateFile
SSLCertificateKeyFile
SSLCertificateChainFile
SSLCertificateFile /etc/letsencrypt/live/24ithub.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/24ithub.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/24ithub.com/fullchain.pem
restart httpd service to update the changes
Step 6 : Check your SSL
Also access you dialer in a browser and make sure it is accessible via https and without any ssl error.
if Yes you are good to go next steps.
Step 7 : Redirect All HTTP request to HTTPS request
we need to force the dialer access only via https , in order to avoid agents login to dialer via http which leads to failure of webrtc support.
edit httpd.conf
vi /etc/httpd/conf/httpd.conf
add the below entry after the last line
replace 24ithub.com with your domain.
<VirtualHost *:80>
ServerName 24ithub.com
DocumentRoot /var/www/html
ErrorLog /var/www/error.log
CustomLog /var/www/requests.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =24ithub.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
restart the httpd service
Now access your dialer with http://domain/ it should auto redirect to https://domain.
Step 8 : updating Vicidial Recordings link with https
By default the vicidial recordings links are update with http extension in DB,
in order to update the recording link to https extension you need edit your cronjob which you done in step 12 .
just add --HTTPS label in AST_CRON_audio_2_compress.pl followed my --MP3 as shown below
/usr/share/astguiclient/AST_CRON_audio_2_compress.pl --MP3 --HTTPS
Step 9 : Asterisk Settings to enable webrtc
in order to asterisk support webrtc you need to edit below files
1. /etc/asterisk/http.conf
2. /etc/asterisk/modules.conf
3. /etc/asterisk/rtp.conf
4./etc/asterisk/sip.conf
vi /etc/asterisk/http.conf
and or enable below settings
enabled=yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/letsencrypt/live/24ithub.com/cert.pem
tlsprivatekey=/etc/letsencrypt/live/24ithub.com/privkey.pem
NOTE: replace 24ithub.com with your domain name
vi /etc/asterisk/modules.conf
add the below entry after the last line ,save the file and reboot to take effect the changes.
load => res_http_websocket.so
Reboot the server once, so the asterisk startup with http_websocket loaded,
to confirm websocket is loaded , run the below command
asterisk -rx 'http show status'
make sure it says “HTTPS Server Enabled and Bound to 0.0.0.0:8089”
[root@centos~]# asterisk -rx "http show status"
HTTP Server Status:
Prefix:
Server: Asterisk/13.29.2
Server Enabled and Bound to 0.0.0.0:8088
HTTPS Server Enabled and Bound to 0.0.0.0:8089
Enabled URI's:
/httpstatus => Asterisk HTTP General Status
/phoneprov/... => Asterisk HTTP Phone Provisioning Tool
/static/... => Asterisk HTTP Static Delivery
/ari/... => Asterisk RESTful API
/ws => Asterisk HTTP WebSocket
Enabled Redirects:
None.
vi /etc/asterisk/rtp.conf
rtpstart=10000
rtpend=20000
icesupport=yes
stunaddr=stun.counterpath.com:3478
vi /etc/asterisk/res_stun_monitor.conf
stunaddr=stun.counterpath.com:3478
stunrefresh = 30
go to asterisk cli ,reload once and check stun updates similar like below
centos-s-4vcpu-8gb-intel-nyc1-01*CLI> stun show status
Hostname Port Period Retries Status ExternAddr ExternPort
stun.counterpath.com 3478 30 3 OK xx.xxx.xx.xx 32997
centos-s-4vcpu-8gb-intel-nyc1-01*CLI>
vi /etc/asterisk/sip.conf
update below entry
realm=your-domain or publicip
externaddr=your-publicip
Step 10 : Downloading the Viciphone
you can download the official viciphone or enhanced version from below links, i prefer the enhanced version.
official link : https://viciphone.com
githublink : https://github.com/vicimikec/ViciPhone.git
enhanced link : https://github.com/ccabrerar/ViciPhone.git
- download the file to a temp directory
cd /var/tmp
git clone https://github.com/ccabrerar/ViciPhone.git
- copy the file to vicidial agc folder and provide permission
cd /var/tmp
cp -r ViciPhone /var/www/html/agc/viciphone
chmod -R 755 /var/www/html/agc/viciphone
Step 11 : Vicidial Settings to Support Webrtc
- Set webphone as default phone .
ADMIN > SYSTEM SETTINGS > Default Webphone: 1
ADMIN > SYSTEM SETTINGS > Webphone URL:
Webphone URL: viciphone/viciphone.php
ADMIN > SERVERS > Modify > Web Socket URL:
wss://striker24x7.ddns.net:8089/ws
Step 12 : Vicidial webrtc TEMPLATE
Now we need to create webrtc sip template which we will assign to each phone created in vicidial.
Go to Admin -> Templates
copy paste the below settings, make to point to your ssl certificate path
type=friend
host=dynamic
encryption=yes
avpf=yes
icesupport=yes
directmedia=no
transport=wss
force_avp=yes
dtlsenable=yes
dtlsverify=no
dtlscertfile=/etc/letsencrypt/live/24ithub.com/cert.pem
dtlsprivatekey=/etc/letsencrypt/live/24ithub.com/privkey.pem
dtlssetup=actpass
rtcp_mux=yes
Step 13 : Vicidial Phones as Webphone
Goto ADMIN > PHONES
either add new phone or modify your existing phone and enable the below settings
Set As Webphone: Y
Webphone Dialpad:Y
Webphone Auto-Answer: Y
Webphone Dialbox: Y
Webphone Mute: Y
Webphone Volume:Y
at Last line under TEMPLATE ID select the webrtc template created in step 27
Step 14 : Final workaround : delay the webphone login call
By default as soon you login as agent, the vicidial will initiate the first login call and play the message "you are the only person in conference"
You might miss this sound or call because of browser loading speed and time the webphone registring time.
To avoid this we will delay the call by 10 sec.
Follow the steps
cd /var/www/html/agc
cp options-example.php options.php
Now edit the options.php file and set 10 for $webphone_call_seconds
cd /var/www/html/agc
vi +64 /var/www/html/agc/options.php
search for below line and enter 10
$webphone_call_seconds = '10';
Step 15 : Oops we have Completed, time to test.
use your Favourite browser to access your dialer,
i prefer firefox as my favourite .
URL: https://FQDN/agc/admin.php
you should be now able to login as agent with webphone/webrtc as shown below
Note : while logging in , the browser will ask permission to use MIC , Press ALLOW
Finally you can see your agent panel with Webphone.
