PBX is an architecture that forwards incoming calls from telephony service providers to Rocket.Chat. It is used for call bookkeeping, which includes information such as the number of queues, extension data, agent allocation to a queue, and routing system.
For the purpose of this guide, we'll be using FreePBX as the call management server. You can use any Asterisk distro of your choice.
{% hint style="info" %} Before you proceed, see getting-started-with-voice-channel.md to view all the necessary requirements. {% endhint %}
Install your FreePBX server, as usual (that’s out of the scope of this tutorial), and update it using your OS package manager. In such a case, it’s:
yum update -y
Enter your server web interface http://your.domain.name
and set the password and update settings, and do the activation process. Do not skip the activation process, as you’ll need some features later that are only available if you activate your server instance. Complete the firewall basic configuration.
Now you need to prepare the FreePBX firewall to accept AMI (Asterisk Manager Interface) and WSS (WebSocket Secure).
Navigate to Connectivity > Firewall > Services > Enable Firewall. Under the Services tab, search for WebRTC and mark Internet and Other options, Local is active by default.
We want WebRTC in the Internet zone because the Webphone will connect from the client’s IP address, which could be anywhere.
Navigate to the Custom Services tab and hit the Create new service, name the service AMI, select TCP, and write the port range 5038:5039. Click Save.
Mark the Other option and Save.
{% hint style="info" %} AMI goes in the “Other” zone because only some specific endpoints should be connecting to AMI. {% endhint %}
Now you don’t want your Rocket.Chat to get banned by the FreePBX firewall so you have to add it to the Whitelist List. First, you need to know the IP or IP Networks from your Rocket.Chat instance. When you have a SaaS Rocket.Chat instance you will have a URL (subdomain) like MyChosenName.rocket.chat, so just ping it. In this demo:
Rocket.Chat will be connecting from the whole network 51.81.0.0/16
If you have your own Rocket.Chat instance self-hosted or similar, you should know what’s your IP address or network.
Now, navigate to Connectivity > Firewall > Networks, and add the IP address needed or Network. Select the Other zone and Save:
Rocket.Chat will be in the Other zone.
{% hint style="info" %} We used Letsencrypt for this demo. {% endhint %}
This will only work if you have your FreePBX already activated.
Navigate to Admin > Port Management. Change the Admin (web portal) to another port and set Letsencrypt to port 80. Click Update Now.
Please note that until here, you have been accessing the server by HTTP (not HTTPS) on port 80. Until you finish the SSL configuration, you are going to be using the newly selected port, 8080, in this demo.
Now navigate to Admin > Certificate Management, and click on New Certificate > Generate Let’s Encrypt Certificate:
Fill out the form according to your settings and click Generate Certificate:
Once it’s generated, mark it as the system’s default:
Now you can start using it. Go to the Admin > System Admin > HTTPS Setup and then to the Settings tab. Here select the certificate that was just generated and click on Install, wait, then select the Protocols TLS 1.2 and 1.3 as others are considered deprecated or insecure:
Finally, click on Save and Restart Apache (A server restart is suggested here). Test in incognito that the changes are applied and the certificate is recognized as valid.
Additionally, you can go back to the Admin > System Admin > Port Management to enforce HTTPS, select your FQDN and select the force (arrow) button from HTTP (8080) to HTTPS (443), then click hit Save:
Test it. Congratulations! you have an HTTPS-valid SSL FreePBX server up and running.
We are using chan_pjsip as the only SIP driver. Go to Settings > Advanced Settings, search for SIP Channel Driver, and choose chan_pjsip. Hit Submit.
Using the article Configuring Asterisk for WebRTC Clients 1 in Asterisk’s Wiki, we are going only for the principal parameters if you need more details, the article is a great guide.\
First, check that you have the needed modules loaded using the command module show like <module_name>
We are reusing the Let’s Encrypt certificates for the Asterisk mini-HTTP server, WebSockets, TLS encryption, and others. Start by going to Settings > Advanced Settings (again), search for the Asterisk Builtin mini-HTTP server section and, configure as shown, apply changes. Asterisk restart is also recommended here:
Using the command http show status
verify that both HTTP and HTTPS are up and running:
If HTTP does but HTTPS doesn’t check that Asterisk can read the certificate and private key files: Add capture of file reading error.
Navigate to Settings > Asterisk SIP Settings. In the General SIP Settings tab configure your audio codecs, enable video, and select video codecs (vp8 and vp9 needed for WebRTC), NAT, etc. Then in the SIP Settings (chan_pjsip) tab, choose your valid SSL certificate for TLS/SSL/SRTP and enable all the desired transports, especially WS and WSS:
Click submit and apply changes (an Asterisk restart is recommended)
Navigate to https://mysub.domainname.domain:8089/httpstatus
and verify that it loads, SSL Port is present, and the SSL certificate is valid:
Congratulations! You have a valid SSL Asterisk WebRTC-ready server up and running.