Differences between revisions 3 and 4
Revision 3 as of 2013-12-22 09:21:28
Size: 4083
Editor: DanielPocock
Comment:
Revision 4 as of 2013-12-22 09:29:51
Size: 5574
Editor: DanielPocock
Comment:
Deletions are marked like this. Additions are marked like this.
Line 58: Line 58:

== Sample DNS entries for SIP and XMPP ==

'''
; the servers where everything will run
turn-server1 IN A 195.8.117.18
turn-server1 IN AAAA 2001:67c:1388:1000::18
sip-server1 IN A 195.8.117.19
sip-server1 IN AAAA 2001:67c:1388:1000::19
xmpp-server1 IN A 195.8.117.20
xmpp-server1 IN AAAA 2001:67c:1388:1000::20

; some convenient CNAMEs
turn-server IN CNAME turn-server1
sip-proxy IN CNAME sip-server1
jabber-gw IN CNAME xmpp-server1

; SRV record for TURN
_stun._udp IN SRV 0 1 3478 turn-server.debian.org.
; TURN over TLS default port is 5349, but we use 443 to help
; people stuck behind strict firewalls
_stuns._tcp IN SRV 0 1 443 turn-server.debian.org.

; SRV record for SIP
; SIP over TLS default port is 5061, but we use 443 to help
; people stuck behind strict firewalls or facing anti-SIP
; restrictions from their ISP
_sips._tcp IN SRV 0 1 443 sip-proxy.debian.org.

; SRV records for Jabber Server and Client modes:
_xmpp-client._tcp IN SRV 5 0 5222 jabber-gw.debian.org.
_xmpp-server._tcp IN SRV 5 0 5269 jabber-gw.debian.org.

; NAPTR records
@ IN NAPTR 10 0 "s" "SIPS+D2T" "" _sips._tcp.debian.org.

'''

These pages are about creating real-time communications services for use by the Debian Developer community.

Phase 1: TURN server

The TURN server provides a convenient way to relay media streams when situated in a NAT/firewalled environment, on a mobile network, etc.

The TURN server can be used with both XMPP (Jabber) and SIP. It can also be used for other things although XMPP and SIP are the most common. TURN has been selected as the mechanism for enabling WebRTC peer-to-peer communications between browsers so it is becoming increasingly prominent.

Action items:

  • choose servers (to minimise latency, probably need at least four: North America, South America, Europe, Asia)
  • assign IPv4 and IPv6 addresses
  • set up DNS entries
    • A, AAAA and/or CNAME records are essential
  • SRV records can be created but they are not widely used by any client yet, creating them is a good idea though
  • decide on a mechanism for exporting DD credentials to the servers (they require H(A1) hashed passwords, similar to Apache digest passwords)
    • it has been suggested that developers should have a secondary password for low-security services such as VoIP, not the same as their main Debian password
  • choose one of the server packages to use

Package

Comment

resiprocate-turn-server

from reSIProcate project, built using boost::asio C++ asynchronous programming style

rfc5766-turn-server

very popular with the WebRTC community now

turnserver

from the Jitsi community

  • configure the package
  • test with something like JsSIP tryit

Phase 2: SIP or XMPP server (or both)

This phase does not involve a full-featured PBX solution like Asterisk. It is simply about providing a basic SIP proxy or XMPP server to allow users to contact each other and the outside world.

  • choose one or two servers
  • assign IPv4 and IPv6 addresses
  • set up DNS entries (DNS examples)

    • A, AAAA, possibly CNAME
    • SRV and NAPTR records are also essential
  • decide on a mechanism for exporting DD credentials to the servers
    • SIP requires H(A1) hashed passwords, similar to Apache digest passwords
    • X.509 certificates can be used too, all SIP servers listed below support them, but only some client devices support client certs
    • it has been suggested that developers should have a secondary password for low-security services such as VoIP, not the same as their main Debian password
  • choose one of the server packages to use

Package

Technology

Comments

ejabberd

XMPP

Developed with erlang, very popular, can authenticate against LDAP

repro

SIP

from the reSIProcate project, supports WebRTC, very easy to configure, uses MySQL or RADIUS for authentication, Python scripting support for routing can be used to lookup forwarding address in LDAP, etc

kamailio

SIP

the most advanced successor of SIP Express Router (SER), wide community support, wide range of user database schemes supported, slightly more complicated configuration syntax (bespoke scripting language) although many working examples available

  • configure the package
  • test with common client software (e.g. empathy and jitsi)

Beyond phase 2

There are many possibilities. Phase 1 and 2 are the bare minimum to provide a useful service equivalent to Debian's email services. Anything else is optional and depends on the willingness of volunteers to setup and maintain it. Possible projects:

  • Using Jitsi Video Bridge as a conferencing solution in parallel with IRC

  • Sending SIP or XMPP chat messages when events occur (e.g. build failure, new RC bug in package, ...)
  • Using asterisk or FreeSWITCH to provide PBX services (e.g. voicemail)

Sample DNS entries for SIP and XMPP

; the servers where everything will run turn-server1 IN A 195.8.117.18 turn-server1 IN AAAA 2001:67c:1388:1000::18 sip-server1 IN A 195.8.117.19 sip-server1 IN AAAA 2001:67c:1388:1000::19 xmpp-server1 IN A 195.8.117.20 xmpp-server1 IN AAAA 2001:67c:1388:1000::20

; some convenient CNAMEs turn-server IN CNAME turn-server1 sip-proxy IN CNAME sip-server1 jabber-gw IN CNAME xmpp-server1

; SRV record for TURN _stun._udp IN SRV 0 1 3478 turn-server.debian.org. ; TURN over TLS default port is 5349, but we use 443 to help ; people stuck behind strict firewalls _stuns._tcp IN SRV 0 1 443 turn-server.debian.org.

; SRV record for SIP ; SIP over TLS default port is 5061, but we use 443 to help ; people stuck behind strict firewalls or facing anti-SIP ; restrictions from their ISP _sips._tcp IN SRV 0 1 443 sip-proxy.debian.org.

; SRV records for Jabber Server and Client modes: _xmpp-client._tcp IN SRV 5 0 5222 jabber-gw.debian.org. _xmpp-server._tcp IN SRV 5 0 5269 jabber-gw.debian.org.

; NAPTR records @ IN NAPTR 10 0 "s" "SIPS+D2T" "" _sips._tcp.debian.org.