# Setting up Asterisk for webrtc To set up with sipml5 I had been through the asterisk offiial site and I do recommand you to visit it. We need to update several config file which are located on `/etc/asterisk`. Those filename are listed below 1. modules.conf 1. extensions.conf 1. http.conf 1. pjsip.conf 1. rtp.conf I have posted how these file looks below with breif explaination. 1. **modules.conf**: Since we are using `pjsip`, we need to stop loading `sip`. As both of them cannot be used simultaneously. You can update manually or use the bash script below: ```bash sudo sh -c "echo 'noload => chan_sip.so' >> /etc/asterisk/modules.conf" ``` 1. **extension.conf**:Add these things to the `extension.conf` at the end of the file. If you have just installed a fresh copy of asterisk you can even override the existing code. I have added two extensions, which are in fact dial plans. * Where `helloworld` just plays the hello-world music when we call in any number * Whereas the `helloworld2`, first plays the hello-world and then calls to another number, it also waits for the **dtmf** and plays its name based on whether the called number is registered one or not. ```text [helloworld] exten => _X.,1,NoOp(${EXTEN}) same => n,Playback(hello-world) same => n,Hangup() [helloworld2] exten => _X.,1,NoOp(${EXTEN}) same => n,Playback(hello-world) same => n,Dial(PJSIP/${EXTEN},20) same => n,Read(Digits,,) same => n,Playback(you-entered) same => n,SayNumber(${Digits}) ``` 1. **http.conf**: Please update the file accordingly, or replace if you want. ```text [general] enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/asterisk/keys/asterisk.pem ``` 1. **pjsip.conf**: `199` is for web based phone `3002` and `3001` for sip clients: *(like Linphone for desktop and CSipSimle for mobile)* This file need to have: ```text [transport-wss] type=transport protocol=wss bind=0.0.0.0 [199] type=endpoint aors=199 auth=199 use_avpf=yes media_encryption=dtls dtls_ca_file=/etc/asterisk/keys/ca.crt dtls_cert_file=/etc/asterisk/keys/asterisk.pem dtls_verify=fingerprint dtls_setup=actpass ice_support=yes media_use_received_transport=yes rtcp_mux=yes context=helloworld2 disallow=all allow=ulaw allow=opus [199] type=auth auth_type=userpass username=199 password=199@pass1 [199] type=aor max_contacts=1 remove_existing=yes [transport-udp] type=transport protocol=udp bind=0.0.0.0 [3001] type=endpoint context=helloworld2 disallow=all allow=ulaw auth=3001 aors=3001 [3001] type=auth auth_type=userpass password=3001pass username=3001 [3001] type=aor max_contacts=1 remove_existing=yes [3002] type=endpoint context=helloworld2 disallow=all allow=ulaw auth=3002 aors=3002 [3002] type=auth auth_type=userpass password=3002pass username=3002 [3002] type=aor max_contacts=1 remove_existing=yes ``` 1. **rtp.conf**: Need to have these on rtp.conf. ```text [general] rtpstart=10000 rtpend=20000 icesupport=true stunaddr=stun.l.google.com:19302 ``` ###Create Certificates Call the script as such: ```bash cd /usr/local/src/asterisk-13.17.2/contrib/scripts sudo ./ast_tls_cert -C pbx.example.com -O "My Super Company" -d /etc/asterisk/keys ``` * The "-C" option is used to define our host - DNS name or our IP address. * The "-O" option defines our organizational name. * The "-d" option is the output directory of the keys. 1. You'll be asked to enter a pass phrase for /etc/asterisk/keys/ca.key, put in something that you'll remember for later. 1. This will create the /etc/asterisk/keys/ca.crt file. 1. You'll be asked to enter the pass phrase again, and then the /etc/asterisk/keys/asterisk.key file will be created. 1. The /etc/asterisk/keys/asterisk.crt file will be automatically generated. 1. You'll be asked to enter the pass phrase a third time, and the /etc/asterisk/keys/asterisk.pem, a combination of the asterisk.key and asterisk.crt files, will be created. 1. You can then check your **/etc/asterisk/keys** directory to verify the new files were created, as such: ```bash ls -w 1 /etc/asterisk/keys ``` And you should see: ```bash asterisk.crt asterisk.csr asterisk.key asterisk.pem ca.cfg ca.crt ca.key tmp.cfg ``` You can reload the asterisk by: ```bash asterisk -rvvvvvv ``` or simply typing `reload` on Asterisk's cli. To verify the web server is running, perform: ```bash netstat -an | grep 8089 ``` And you should see: ```bash tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN ``` Next, to ensure these modules are loaded by Asterisk, you can perform: ```bash asterisk -rx "module show like crypto" asterisk -rx "module show like websocket" asterisk -rx "module show like opus" ``` You should see something similar to: ```bash # asterisk -rx "module show like crypto" Module Description Use Count Status Support Level res_crypto.so Cryptographic Digital Signatures 1 Running core 1 modules loaded # asterisk -rx "module show like websocket" Module Description Use Count Status Support Level res_http_websocket.so HTTP WebSocket Support 3 Running extended res_pjsip_transport_websocket.so PJSIP WebSocket Transport Support 0 Running core 2 modules loaded # asterisk -rx "module show like opus" Module Description Use Count Status Support Level codec_opus.so OPUS Coder/Decoder 0 Running extended res_format_attr_opus.so Opus Format Attribute Module 1 Running core ```