Page MenuHomePhabricator
IndexNew Document
Phriction Welcome SylkServer SylkServer installation guide

SylkServer installation guide
Updated YesterdayPublic
Actions

This guide explains how to install SylkServer and related dependencies on a Debian or Ubuntu Linux server with a minimal functional configuration for
inter-operating with SylkServer and generic SIP devices and Web clients.

At the end of this guide you will be able to:

  • Place calls and send messages between SIP devices registered on the same server as well as to and from foreign domains.
  • Use a web browser to make and received calls and organise multimedia conferences.
  • Use offline messaging, file transfers and OpenPGP encryption

Replace SYLK.DOMAIN with your domain and PUBLIC.IP with your public IP address and PRIVATE.IP with your private IP in case of using a NAT-ed container.

Compatibility and requirements

Linux Debian Bookworm operating system.

A public IP address and an Internet domain, e.g. SYLK.DOMAIN.

A DNS server or DNS service with support for SIP related records.

OpenSIPS 3.4 branch.

When OpenSIPS and SylkServer run on the same server, one must use different ports for listening to SIP traffic. Using these instructions, SylkServer will listen on ports 5060 (TCP, UDP) and 5061 (TLS) and OpenSIPS will listen on ports 15060 (TCP, UDP) and 15061 (TLS).

When running inside a container with a private IP address you must forward the following destination ports:

  • SIP signaling: UDP and TCP, 15060, TCP 15061 (OpenSIPS)
  • RTP media: UDP 60000:60500 (MediaProxy)
  • MSRP media: TCP 2855 (MSRPRelay)
  • Web server and WebRTC socket: TCP 443, 10888 (SylkServer)
  • WebRTC media: UDP 60500:61000 (Janus)

All ports can be configured in their respective applications.

DNS configuration

To receive incoming calls from other domains you must add certain records to
the DNS zone.

The DNS zone template:

SYLK.DOMAIN.              600 IN    NAPTR   10 100 "s" "SIPS+D2T "" _sips._tcp.SYLK.DOMAIN.
SYLK.DOMAIN.              600 IN    NAPTR   20 100 "s" "SIP+D2T" ""  _sip._tcp.SYLK.DOMAIN.
SYLK.DOMAIN.              600 IN    NAPTR   30 100 "s" "SIP+D2U" ""  _sip._udp.SYLK.DOMAIN.
conference.SYLK.DOMAIN.   600 IN    NAPTR  100 100 "s" "SIP+D2T" ""  _sip._tcp.SYLK.DOMAIN.
_sips._tcp.SYLK.DOMAIN.   600 IN    SRV    100 100 15061 SYLK.DOMAIN
_sip._tcp.SYLK.DOMAIN.    600 IN    SRV    100 100 15060 SYLK.DOMAIN
_sip._udp.SYLK.DOMAIN.    600 IN    SRV    100 100 15060 SYLK.DOMAIN
_msrps._tcp.SYLK.DOMAIN.  600 IN    SRV	   100 100 2855 SYLK.DOMAIN.
SYLK.DOMAIN.              600 IN    A      PUBLIC.IP

Replace SYLK.DOMAIN and PUBLIC.IP with your real domain and real IP address.

You can create and manage your SIP enabled domain at http://mdns.sipthor.net

https://docs.sipthor.net/w/sip2sip/domain_enrollment/

Repositories

Configure OpenSIPS 3.4 repository as explained here:

https://apt.opensips.org

Configure OpenSIPS CLI repository as explained here:

https://apt.opensips.org/packages.php?v=cli

Configure AG Projects repository as explained here:

https://docs-new.sipthor.net/w/debian_package_repositories/

Install the software

sudo apt update
sudo apt install opensips-config-sylkserver

Configure and start the software

Set the hostname:

sudo hostnamectl set-hostname SYLK.DOMAIN

Create OpenSIPS database:

cd /etc/opensips
sudo /usr/sbin/opensips-dbinit

Enable OpenSIPS to run at system start:

Edit /etc/default/opensips:

RUN_OPENSIPS=yes

If the system hostname is properly setup, the IP address corresponding to the
default route will be automatically detected and used by OpenSIPS.
If hostname -I returns this IP address, there is nothing to set.

If running inside a container with a private IP address edit the file:

/etc/opensips/config/settings.m4

And set:

/etc/config/settings.m4
define(`SYLK_SERVER_IP', `PRIVATE.IP')
define(`SERVER_IP', `PRIVATE.IP')
define(`ADVERTISED_SERVER_IP', `PUBLIC.IP')

Custom OpenSIPS behaviour can be configured in the files located inside the folder:

/etc/opensips/config/siteconfig/

Generate OpenSIPS configuration file:

sudo /usr/sbin/opensips-config

Start OpenSIPS and enabled it at boot:

sudo systemctl start opensips
sudo systemctl enable opensips

To check for OpenSIPS activity in the system logs:

sudo journalctl -u opensips -f

Create SIP accounts

In this guide we shall use SYLK.DOMAIN as Internet domain:

Add SYLK.DOMAIN domain to OpenSIPS:

sudo mysql opensips -e "insert into domain (domain) values ('SYLK.DOMAIN')"

Multiple domains can be added in the same way.

Reload OpenSIPS domains:

sudo opensips-cli -x mi domain_reload

Add a new account:

sudo opensips-cli -x user add user@SYLK.DOMAIN somepassword

Change the password for an existing account:

sudo opensips-cli -x user password user@SYLK.DOMAIN someotherpassword

To see the registered SIP devices:

sudo opensips-cli -o output_type=lines -x mi ul_dump

MediaProxy configuration

MediaProxy solves the issue of NAT traversal for RTP audio/video streams.

Copy the default TLS certificates:

sudo cp /usr/share/doc/mediaproxy-common/tls/* /etc/mediaproxy/tls/

Edit /etc/mediaproxy/config.ini and set in [Relay] section:

dispatchers = 127.0.0.1

Start the software:

sudo systemctl start mediaproxy-dispatcher
sudo systemctl start mediaproxy-relay
sudo systemctl enable mediaproxy-dispatcher
sudo systemctl enable mediaproxy-relay

If behind a 1-to-1 NAT-ed host, you must set the advertised_ip to
the public IP and the port_range = 60000:60500 (or setup up your own range).

MSRP relay

MSRP relay is needed for NAT traversal of chat and file transfers streams.

Edit /etc/msrprelay/config.ini

[Relay]
certificate = /etc/sylkserver/tls/SYLK.DOMAIN.crt 
key = /etc/sylkserver/tls/SYLK.DOMAIN.crt 
backend = database
hostname = SYLK.DOMAIN

[Database]
uri = mysql://opensips:opensips@localhost/opensips

Start the relay:

sudo systemctl enable msrprelay
sudo systemctl restart msrprelay

SylkServer configuration

Edit config.ini and configure [WebServer] section to use HTTPS:

certificate = /etc/sylkserver/tls/SYLK.DOMAIN.crt
hostname = SYLK.DOMAIN

For Let's encrypt certificate you must also set:

certificate_chain = /etc/sylkserver/tls/fullchain1.pem

Edit webrtcgateway.ini and configure the outbound proxy:

outbound_sip_proxy = proxy.SYLK.DOMAIN:15060;transport=tcp

You can test sylkserver by running it in the foreground using:

sudo /usr/bin/sylk-server --no-fork

If the software starts well, leave it running in the background:

sudo systemctl restart sylkserver
sudo systemctl enable sylkserver

MSRP conferencing

Using a SIP client with support for MSRP conferencing, like Blink, you can
start a conference with both chat and audio.

Blink menu: Messages -> Join MSRP conference

WebRTC setup

Janus setup for NAT-ed scenario

Edit /etc/janus/janus.plugin.sip.jcfg and /etc/janus/janus.jcfg

Replace rtp_port_range in each file:

rtp_port_range = "60500-61000"

Set sdp_ip to the public IP of the server:

sdp_ip = "PUBLIC.IP"

Install the software:

sudo apt install npm nodejs nginx certbot python3-certbot-nginx git yarnpkg

Create a symlink required for building:

sudo ln -s /usr/bin/yarnpkg /usr/bin/yarn

Create a user in the system. In the folowing example we use agp as the username.

Login as user agp:

sudo su - agp
mkdir work

Clone sylk-webrtc repository, this is the website for the application:

cd work
git clone https://github.com/AGProjects/sylk-webrtc

Edit src/app/config.js with the correct domain name and ports.

Build Sylk website:

cd sylk-webrtc
./configure
make

The website is now available in /home/agp/work/sylk-webrtc/dist

The same website can be built into a standalone desktop app, see README.md

Start nginx webserver with its default configuration.

Backup default configuration file:

/etc/nginx/sites-enabled/default

Create TLS certificates for SylkServer WebRTC server:

sudo certbot --nginx -d SYLK.DOMAIN

/etc/nginx/sites-enabled/default will be changed.

Create the a new virtual domain for nginx web server:

Edit /etc/nginx/sites-available/SYLK.DOMAIN

server {
        listen [::]:443 ssl ipv6only=on;
        listen 443 ssl; 
        ssl_certificate /etc/letsencrypt/live/SYLK.DOMAIN/fullchain.pem; 
        ssl_certificate_key /etc/letsencrypt/live/SYLK.DOMAIN/privkey.pem; 

        include /etc/letsencrypt/options-ssl-nginx.conf; 
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 

        server_name SYLK.DOMAIN;

        root /home/agp/work/sylk-webrtc/dist;
        index index.html;

        access_log           /var/log/sylkserver/nginx-access.log;
        error_log            /var/log/sylkserver/nginx-error.log;

        location / {
                try_files $uri $uri/ /index.html;
        }
}

Enable the website:

sudo ln -s /etc/nginx/sites-available/SYLK.DOMAIN /etc/nginx/sites-enabled/

Modify /etc/nginx/sites-enabled/default which has been changed by certbot

Restart nginx server:

sudo systemctl restart nginx

Copy the TLS certificate to OpenSIPS:

sudo cp /etc/letsencrypt/archive/SYLK.DOMAIN/fullchain1.pem  /etc/opensips/tls/default.crt
sudo cp /etc/letsencrypt/archive/SYLK.DOMAIN/privkey1.pem  /etc/opensips/tls/default.key

sudo systemctl restart opensips

Copy the TLS certificate id SYLK.DOMAIN to SylkServer also:

sudo su -

cat /etc/letsencrypt/archive/SYLK.DOMAIN/fullchain1.pem  \
/etc/letsencrypt/archive/SYLK.DOMAIN/privkey1.pem >> \
/etc/sylkserver/tls/SYLK.DOMAIN.crt

Edit [WebServer] section of config.ini and enable TLS certificate:

certificate = /etc/sylkserver/tls/SYLK.DOMAIN.crt
sudo systemctl restart sylkserver

Copy the TLS certificate to MSRP Relay:

sudo cp /etc/letsencrypt/archive/SYLK.DOMAIN/fullchain1.pem  /etc/msrprelay/tls/msrprelay.crt
sudo cp /etc/letsencrypt/archive/SYLK.DOMAIN/privkey1.pem  /etc/msrprelay/tls/msrprelay.key
sudo systemctl restart msrprelay

Security considerations

Change MySQL password as soon as you have tested the server functionality.

The password must be changed in these files:

/etc/opensips/dbinit.cf
/etc/opensips/opensips-cli.cfg 
/etc/opensips/config/settings.m4

Generate new TLS certificates for OpenSIPS, MediaProxy and SylkServer.

Enable TLS verification in /etc/opensips/config/settings.m4

Testing

At this point you are ready to use a SIP or a Web client to make and receive calls
and messages.

Enter into your SIP device configuration:

Username  : user
Domain    : SYLK.DOMAIN 
Password  : somepassword
SIP Proxy : SYLK.DOMAIN
Transport : TLS on port 15061 or TCP/UDP on port 15060

If using Blink client set the conference server address to:

conference.SYLK.DOMAIN

You can receive calls and messages at user@SYLK.DOMAIN and call any SIP
address publicly reachable.

Using a web browser:

Login with the same SIP account at:

https://SYLK.DOMAIN/

Once logged in you can test your setup with:

  • playback - to test the audio output
  • echo - to test the microphone

Call any SIP address in the form of user@domain

To create a multi-party conference:

https://SYLK.DOMAIN/conference/test

Replace test with any name and share the link to other participants.

Sylk web client debugging

In the web browser go to Console.
window.blinkDebugger.enable('sylkrtc*,blinkrtc*');

SylkServer message storage

sudo sylk-db show user@SYLK.DOMAIN

This will display the storage information about the user, like the number of
messages and public key.

Last Author
tijmen
Last Edited
Tue, Feb 4, 4:12 PM