Incorrect http.conf on vicibox 9?

dspaan

Most Senior Member
dspaan - Most Senior Member  
I noticed my webphone wasn't working on vicibox9 even though i had a valid SSL cert.

Chrome dev console said:

Code:
sip.js:8403 WebSocket connection to 'wss://myserver:8089/ws' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED
After some troubleshooting i replaced /etc/asterisk/http.conf with a version from vicibox 8 and bang! My webphone worked like a charm again.

Is this a bug? The http.conf on vicibox9 looks completely different from the one on vicibox8, the settings also mentioned in this thread are missing:

viewtopic.php?t=37686
 

dspaan

Most Senior Member
dspaan - Most Senior Member  
The files are completely different.

Image


The one in vicibox9 is full of explanatory text which is all commented out. The only line that's not commented out is [general].

The working file has these lines:

[general]
;servername=Asterisk
enabled=yes
bindaddr=0.0.0.0
bindport=8088
;prefix=asterisk
;sessionlimit=100
;session_inactivity=30000
;session_keep_alive=15000
;enablestatic=yes
;redirect = / /static/config/index.html
tlsenable=yes ; enable tls - default no.
tlsbindaddr=0.0.0.0:8089 ; address and port to bind to - default is bindaddr and port 8089.
tlscertfile=/etc/certbot/live/myserver.com/cert.pem
tlsprivatekey=/etc/certbot/live/myserver.com/privkey.pem

Of course the fact that the vicibox-certbot script doesn't work can also play a part in this.
 

dspaan

Most Senior Member
dspaan - Most Senior Member  
The screenshot is just a file compare from winmerge, but you can't scroll in a screenshot so i posted the working file below the screenshot, it only has those lines whereas the vicibox 9 version has a lot of comments and not those lines.
 

williamconley

Most Senior Member
williamconley - Most Senior Member  
So vicibox 9 has nothing in that file?

It should at least have an include imperative to load other files.

Perhaps you should dump both files to disk without the comments and diff the results?
 

alo

Well-known member
alo - Well-known member  
Just a quick Note. it works fine for me. there may be something commented that you need to uncomment if I recal.
 

dspaan

Most Senior Member
dspaan - Most Senior Member  
Yes, i already downloaded the file from both systems. Here is the one from vicibox9. Everything commented out except for two lines.

Code:
;
; Asterisk Builtin mini-HTTP server
;
;
; Note about Asterisk documentation:
;   If Asterisk was installed from a tarball, then the HTML documentation should
;   be installed in the static-http/docs directory which is
;   (/var/lib/asterisk/static-http/docs) on linux by default.  If the Asterisk
;   HTTP server is enabled in this file by setting the "enabled", "bindaddr",
;   and "bindport" options, then you should be able to view the documentation
;   remotely by browsing to:
;       http://<server_ip>:<bindport>/static/docs/index.html
;
[general]
;
; The name of the server, advertised in both the Server field in HTTP
; response message headers, as well as the <address /> element in certain HTTP
; response message bodies. If not furnished here, "Asterisk/{version}" will be
; used as a default value for the Server header field and the <address />
; element. Setting this property to a blank value will result in the omission
; of the Server header field from HTTP response message headers and the
; <address /> element from HTTP response message bodies.
;
;servername=Asterisk
;
; Whether HTTP/HTTPS interface is enabled or not.  Default is no.
; This also affects manager/rawman/mxml access (see manager.conf)
;
;enabled=yes
;
; Address to bind to, both for HTTP and HTTPS. You MUST specify
; a bindaddr in order for the HTTP server to run. There is no
; default value.
;
bindaddr=127.0.0.1
;
; Port to bind to for HTTP sessions (default is 8088)
;
;bindport=8088
;
; Prefix allows you to specify a prefix for all requests
; to the server.  The default is blank.  If uncommented
; all requests must begin with /asterisk
;
;prefix=asterisk
;
; sessionlimit specifies the maximum number of httpsessions that will be
; allowed to exist at any given time. (default: 100)
;
;sessionlimit=100
;
; session_inactivity specifies the number of milliseconds to wait for
; more data over the HTTP connection before closing it.
;
; Default: 30000
;session_inactivity=30000
;
; session_keep_alive specifies the number of milliseconds to wait for
; the next HTTP request over a persistent connection.
;
; Set to 0 to disable persistent HTTP connections.
; Default: 15000
;session_keep_alive=15000
;
; Whether Asterisk should serve static content from static-http
; Default is no.
;
;enablestatic=yes
;
; Redirect one URI to another.  This is how you would set a
; default page.
;   Syntax: redirect=<from here> <to there>
; For example, if you are using the Asterisk-gui,
; it is convenient to enable the following redirect:
;
;redirect = / /static/config/index.html
;
; HTTPS support. In addition to enabled=yes, you need to
; explicitly enable tls, define the port to use,
; and have a certificate somewhere.
;tlsenable=yes          ; enable tls - default no.
;tlsbindaddr=0.0.0.0:8089    ; address and port to bind to - default is bindaddr and port 8089.
;
;tlscertfile=</path/to/certificate.pem>  ; path to the certificate file (*.pem) only.
;tlsprivatekey=</path/to/private.pem>    ; path to private key file (*.pem) only.
; If no path is given for tlscertfile or tlsprivatekey, default is to look in current
; directory. If no tlsprivatekey is given, default is to search tlscertfile for private key.
;
; To produce a certificate you can e.g. use openssl. This places both the cert and
; private in same .pem file.
; openssl req -new -x509 -days 365 -nodes -out /tmp/foo.pem -keyout /tmp/foo.pem
;
; tlscipher=                             ; The list of allowed ciphers
;                                        ; if none are specified the following cipher
;                                        ; list will be used instead:
; ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:
; ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:
; kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:
; ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
; ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:
; DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:
; AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:
; AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:
; !EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
;
; tlsdisablev1=yes                ; Disable TLSv1 support - if not set this defaults to "yes"
; tlsdisablev11=yes               ; Disable TLSv1.1 support - if not set this defaults to "no"
; tlsdisablev12=yes               ; Disable TLSv1.2 support - if not set this defaults to "no"
;
; tlsservercipherorder=yes        ; Use the server preference order instead of the client order
;                                 ; Defaults to "yes"
;
; The post_mappings section maps URLs to real paths on the filesystem.  If a
; POST is done from within an authenticated manager session to one of the
; configured POST mappings, then any files in the POST will be placed in the
; configured directory.
;
;[post_mappings]
;
; NOTE: You need a valid HTTP AMI mansession_id cookie with the manager
; config permission to POST files.
;
; In this example, if the prefix option is set to "asterisk", then using the
; POST URL: /asterisk/uploads will put files in /var/lib/asterisk/uploads/.
;uploads = /var/lib/asterisk/uploads/
;
 

williamconley

Most Senior Member
williamconley - Most Senior Member  
Just a quick Note. it works fine for me. there may be something commented that you need to uncomment if I recal.
Excellent contribution.

Can you post your copy of that file? Or at least the Uncommented lines? (as text, not image, lol)
 

Kumba

Well-known member
Kumba - Well-known member  
These items needs to be uncommented:

tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=</path/to/certificate.pem>
tlsprivatekey=</path/to/private.pem>

You'll want to make sure the tlscertfile and tlsprivatekey point to the actual SSL cert and key. This issue is corrected in ViciBox v.9.0.2 and hopefully up.
 

carpenox

Most Senior Member
carpenox - Most Senior Member  
This may be a stupid question, but where is that http.conf file located at? because when i look in /etc/apache2/ i find httpd.conf but theres none of those settings in it and when i try to use WebRTC it says reg. failed. I Used the vicibox 9.0.2 installer and ran vicibox-certbot to get my certificate.
 

dspaan

Most Senior Member
dspaan - Most Senior Member  
These are the files i edit when creating a new server:

nano /etc/apache2/vhosts.d/dynportal-ssl.conf
nano /srv/www/vhosts/dynportal/inc/defaults.inc.php

Admin>templates>WebRTC
Admin>Servers>Web socket URL

Also check this: https://viciphone.com/?page_id=353

Are you using the vicibox firewall and manually opening ports or are you using the dynamic or whitelist function from VB-firewall?
 

carpenox

Most Senior Member
carpenox - Most Senior Member  
I havent setup whitelist, since ive been trying out different carriers ive only enabled blacklist on vb-firewall at the moment. i was just curious about dynportal not showing up under the SSL cert, im gonna redo the webrtc now tho and see how it goes, ill follow your lead, thx
 

Kumba

Well-known member
Kumba - Well-known member  
Looks like the bindaddr needs adjusting.
Your /etc/asterisk/http.conf should have these major lines uncommented and set as such:

enabled=yes
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/apache2/ssl.crt/<certfile>.crt
tlsprivatekey=/etc/apache2/ssl.key/<certfile>.key




The tlscertfile and tlsprivatekey parts need to point to your actual certificate files. Also make sure you're using the DNS in the wss line, like wss://my.server.domain:8089/ws
 
close button
Top