Thursday, July 9, 2015

Asterisk & A2billing on production

I was thinking of this for long, to keep notes of my different works on Asterisk and A2billing in different time.

Many different problem I'd faced and put them in various places, that quite difficult to find now.

So, now I thought to put them in together and keep updating everytime, I'm updating anything. Which means, this blog, is elastic.

1. Today I was installing asterisk CDR viewer, the simplest CDR viewer for asterisk, and faced a problem like -
 my_load_module: Failed to connect to mysql database asteriskcdrdb on localhost.
 This problem is just placed in /etc/asterisk/cdr_mysql.conf


You can see that sock is given wrong mysql.sock which ofcourse asterisk didn't found and produce above error.

Replace it with


Its up and running.

2. Configure https for A2billing web access, and enforce to use only https

Environment is - CentOS 6.5 (X86_64)
Asterisk Version - 11

Install openssl and mod_ssl 
[root@asterisk11 ~]# yum install mod_ssl openssl
Generate CA key
[root@asterisk11 ~]# openssl genrsa -out ca.key 1024
Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)
Request Certificate Signing Request  from certificate authority. It will ask some information, like - location, country, common-name, organization name etc. Fill with appropriate information
[root@asterisk11 ~]# openssl req -new -key ca.key -out ca.csr
Country Name (2 letter code) [XX]:DE
State or Province Name (full name) []:Schleswig-Holstein
Locality Name (eg, city) [Default City]:Neumuenster
Organization Name (eg, company) [Default Company Ltd]:Junkclearing Ltd.
Organizational Unit Name (eg, section) []: VoIP
Common Name (eg, your name or your server's hostname) []:junkvoip
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:abcd1234
An optional company name []:junk

Generate CA certificate.
[root@asterisk11 ~]# openssl x509 -req -days 1826 -in ca.csr -signkey ca.key -out ca.crt
 Signature ok
subject=/C=DE/ST=Schleswig-Holstein/L=Neumuenster/O=Junkclearing Ltd./OU=VoIP/CN=junkvoip/
 Copy all files to tls directory.
[root@asterisk11 ~]# cp ca.crt /etc/pki/tls/certs/
[root@asterisk11 ~]# cp ca.key /etc/pki/tls/private/
[root@asterisk11 ~]# cp ca.csr /etc/pki/tls/private/
[root@asterisk11 ~]# setenforce 0
setenforce: SELinux is disabled

Change & restore pki  directory and files but not file label
[root@asterisk11 ~]# restorecon -RvF /etc/pki/

Configure your newly created CERT and KEY at ssl.conf
[root@asterisk11 ~]# vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Make change in httpd.conf
[root@asterisk11 ~]# vim /etc/httpd/conf/httpd.conf
AllowOverride All

Enforce https instead of http in DocumentRoot [i.e. /var/www/html ]

[root@asterisk11 html]# cat .htaccess
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

You are Ready.

No comments:

Post a Comment