4083
Comment:
|
5574
|
Deletions are marked like this. | Additions are marked like this. |
Line 58: | Line 58: |
== Sample DNS entries for SIP and XMPP == ''' ; the servers where everything will run turn-server1 IN A 195.8.117.18 turn-server1 IN AAAA 2001:67c:1388:1000::18 sip-server1 IN A 195.8.117.19 sip-server1 IN AAAA 2001:67c:1388:1000::19 xmpp-server1 IN A 195.8.117.20 xmpp-server1 IN AAAA 2001:67c:1388:1000::20 ; some convenient CNAMEs turn-server IN CNAME turn-server1 sip-proxy IN CNAME sip-server1 jabber-gw IN CNAME xmpp-server1 ; SRV record for TURN _stun._udp IN SRV 0 1 3478 turn-server.debian.org. ; TURN over TLS default port is 5349, but we use 443 to help ; people stuck behind strict firewalls _stuns._tcp IN SRV 0 1 443 turn-server.debian.org. ; SRV record for SIP ; SIP over TLS default port is 5061, but we use 443 to help ; people stuck behind strict firewalls or facing anti-SIP ; restrictions from their ISP _sips._tcp IN SRV 0 1 443 sip-proxy.debian.org. ; SRV records for Jabber Server and Client modes: _xmpp-client._tcp IN SRV 5 0 5222 jabber-gw.debian.org. _xmpp-server._tcp IN SRV 5 0 5269 jabber-gw.debian.org. ; NAPTR records @ IN NAPTR 10 0 "s" "SIPS+D2T" "" _sips._tcp.debian.org. ''' |
These pages are about creating real-time communications services for use by the Debian Developer community.
Phase 1: TURN server
The TURN server provides a convenient way to relay media streams when situated in a NAT/firewalled environment, on a mobile network, etc.
The TURN server can be used with both XMPP (Jabber) and SIP. It can also be used for other things although XMPP and SIP are the most common. TURN has been selected as the mechanism for enabling WebRTC peer-to-peer communications between browsers so it is becoming increasingly prominent.
Action items:
- choose servers (to minimise latency, probably need at least four: North America, South America, Europe, Asia)
- assign IPv4 and IPv6 addresses
- set up DNS entries
- A, AAAA and/or CNAME records are essential
- SRV records can be created but they are not widely used by any client yet, creating them is a good idea though
- decide on a mechanism for exporting DD credentials to the servers (they require H(A1) hashed passwords, similar to Apache digest passwords)
- it has been suggested that developers should have a secondary password for low-security services such as VoIP, not the same as their main Debian password
- choose one of the server packages to use
Package |
Comment |
from reSIProcate project, built using boost::asio C++ asynchronous programming style |
|
very popular with the WebRTC community now |
|
from the Jitsi community |
- configure the package
test with something like JsSIP tryit
Phase 2: SIP or XMPP server (or both)
This phase does not involve a full-featured PBX solution like Asterisk. It is simply about providing a basic SIP proxy or XMPP server to allow users to contact each other and the outside world.
- choose one or two servers
- assign IPv4 and IPv6 addresses
set up DNS entries (DNS examples)
- A, AAAA, possibly CNAME
- SRV and NAPTR records are also essential
- decide on a mechanism for exporting DD credentials to the servers
- SIP requires H(A1) hashed passwords, similar to Apache digest passwords
- X.509 certificates can be used too, all SIP servers listed below support them, but only some client devices support client certs
- it has been suggested that developers should have a secondary password for low-security services such as VoIP, not the same as their main Debian password
- choose one of the server packages to use
Package |
Technology |
Comments |
XMPP |
Developed with erlang, very popular, can authenticate against LDAP |
|
SIP |
from the reSIProcate project, supports WebRTC, very easy to configure, uses MySQL or RADIUS for authentication, Python scripting support for routing can be used to lookup forwarding address in LDAP, etc |
|
SIP |
the most advanced successor of SIP Express Router (SER), wide community support, wide range of user database schemes supported, slightly more complicated configuration syntax (bespoke scripting language) although many working examples available |
Beyond phase 2
There are many possibilities. Phase 1 and 2 are the bare minimum to provide a useful service equivalent to Debian's email services. Anything else is optional and depends on the willingness of volunteers to setup and maintain it. Possible projects:
Using Jitsi Video Bridge as a conferencing solution in parallel with IRC
- Sending SIP or XMPP chat messages when events occur (e.g. build failure, new RC bug in package, ...)
Using asterisk or FreeSWITCH to provide PBX services (e.g. voicemail)
Sample DNS entries for SIP and XMPP
; the servers where everything will run turn-server1 IN A 195.8.117.18 turn-server1 IN AAAA 2001:67c:1388:1000::18 sip-server1 IN A 195.8.117.19 sip-server1 IN AAAA 2001:67c:1388:1000::19 xmpp-server1 IN A 195.8.117.20 xmpp-server1 IN AAAA 2001:67c:1388:1000::20 ; some convenient CNAMEs turn-server IN CNAME turn-server1 sip-proxy IN CNAME sip-server1 jabber-gw IN CNAME xmpp-server1 ; SRV record for TURN _stun._udp IN SRV 0 1 3478 turn-server.debian.org. ; TURN over TLS default port is 5349, but we use 443 to help ; people stuck behind strict firewalls _stuns._tcp IN SRV 0 1 443 turn-server.debian.org. ; SRV record for SIP ; SIP over TLS default port is 5061, but we use 443 to help ; people stuck behind strict firewalls or facing anti-SIP ; restrictions from their ISP _sips._tcp IN SRV 0 1 443 sip-proxy.debian.org. ; SRV records for Jabber Server and Client modes: _xmpp-client._tcp IN SRV 5 0 5222 jabber-gw.debian.org. _xmpp-server._tcp IN SRV 5 0 5269 jabber-gw.debian.org. ; NAPTR records @ IN NAPTR 10 0 "s" "SIPS+D2T" "" _sips._tcp.debian.org.