Flexisip Account Manager, Provisioning
Deploy the Flexisip Account Manager on the Flexisip SIP server system introduced in the previous blog. Flexisip Account Manager has two roles:
Provisioning: Provisioning is to load (overwrite) the setting file required for the Linphone application, and this setting file is provided by the XML-RPC server. The contents of the conf and src directories correspond to this function.
Web front end: A web interface for user registration and management using the Laravel PHP framework. This is the flexiapi directory.
Download the source code distributed by GitLab below and copy the conf, src, flexiapi folders to the directory of the host machine specified in the docker-compose file.
GitLab: flexisip-account-manager Source Code
BC / public / flexisip-account-manager
$ cp -r flexisip-account-manager/conf project/ubuntu20-04/etc
$ cp -r flexisip-account-manager/src/* project/ubuntu20-04/html/flexisip-account-manager
$ cp -r flexisip-account-manager/flexiapi project/ubuntu20-04/html
Set Files and Directories Permission
Fix the Files and Directories Permission in php-fpm-laravel container
$ docker exec -ti php-fpm-laravel bash
# cd /var/www/html
# chown -R www-data:www-data ./
# chmod -R 755 ./
1. Config Files
Configure The Database:db.conf
The MariaDB container specified in the docker-compose file is used as the database host. And set the database name, user, and password to access it.
db.conf
/*
* The host on which the database is located.
*
* Default value: localhost
*/
define("DB_HOST", "flexisip-mariadb");
/*
* Enable data transfert over ssl.
*
* Default value: False
*/
define("DB_ENABLE_SSL", "False");
/*
* rootca path. MANDATORY for DB SSL to work
*
* Default value: ""
* Possible value : /opt/belledonne-communications/share/linphone/rootca.pem
*/
define("ROOT_CA_PATH", "");
/*
* The database username.
*
* Default value: flexisip_rw
*/
define("DB_USER", "flexisip");
/*
* The database user's password.
*
* Default value:
*/
define("DB_PASSWORD", "flexisip1234");
/*
* The name of the database.
*
* Default value: flexisip
*/
define("DB_NAME", "flexisip");
Configure The Provisioning:provisioning.conf
Overwriting the configuration file from remote should be activated.
define("REMOTE_PROVISIONING_OVERWRITE_ALL", True);
The default configration file:default.rc should be created in the same directory as it.
provisioning.conf
<?php
/*
* If set to True, each section will be flagged as overwrite, otherwise none of them will be flagged.
*
* Default value: False
*/
define("REMOTE_PROVISIONING_OVERWRITE_ALL", True);
/*
* The path to a default linphone rc file to add to the generated remote provisioning
* If using the default value, the default.rc file should be created in /opt/belledonne-communications/share/flexisip-account-manager/xmlrpc/ directory
* If the file does not exists it is ignored
*
* The file should follow the lpconfig format, for example:
* [sip]
* rls_uri=sips:rls@sip.linphone.org
* # This is a commentary, it won't appear in the generated xml provisioning
*
* Default value: "default.rc"
*/
define("REMOTE_PROVISIONING_DEFAULT_CONFIG", "default.rc");
/*
* The default transport to set in the proxy config if not specified
* Can be "tls", "tcp" or "udp"
*
* Default value: "tls"
*/
define("REMOTE_PROVISIONING_DEFAULT_TRANSPORT", "tls");
/*
* If set to True, provisioning.php will generate a new password if the account was not activated yet and activate it.
*
* Default value: False
*/
define("REMOTE_PROVISIONING_ONE_TIME_PASSWORD", False);
/*
* If set to True, digest authentication will be asked for remote provisioning process (see auth.conf).
*
* Default value: False
*/
define("REMOTE_PROVISIONING_USE_DIGEST_AUTH", False);
?>
Configure Accounts:accounts.conf
Set password hash condition, Mail and SMS activation etc..
accounts.conf
<?php
/*
* The SIP domain to use to hash passwords.
*
* Default value: sip.example.org
*/
define("SIP_DOMAIN", "sip.example.org");
/*
* If true, when account is created, the password will be generated automatically (see below).
* Otherwise it has to be given as the last parameter of the create_account method call.
*
* Default value: False
*/
define("GENERATE_PASSWORD_ENABLED", False);
/*
* A string with each character allowed in the password generation.
*
* Default value: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789``-=~!@#$%^&*()_+,./<>?;:[]{}\|
*/
define("GENERATED_PASSWORD_CHARACTERS", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789``-=~!@#$%^&*()_+,./<>?;:[]{}\|");
/*
* The length of the passwords that will be generated.
*
* Default value: 8
*/
define("GENERATED_PASSWORD_LENGTH", 8);
/*
* The default algorithm to use if not specified in the request
*
* Default value: MD5
*/
define("DEFAULT_ALGORITHM", "MD5");
/*
* A string with each character allowed in the username generation.
*
* Default value: abcdefghijklmnopqrstuvwxyz0123456789.-_
*/
define("GENERATED_USERNAME_CHARACTERS", "abcdefghijklmnopqrstuvwxyz0123456789.-_");
/*
* The length of the username that will be generated.
*
* Default value: 12
*/
define("GENERATED_USERNAME_LENGTH", 12);
/*
* If set to True, a created account will automatically be activated and it's expiration date set to now + TRIAL_DURATION_DAYS,
* otherwise expiration date for trial will be set when account is activated via a different xml rpc call.
*/
define('AUTO_ACTIVATE_ACCOUNT', False);
/*
* Send an email to activate the account when it is created.
*/
define('SEND_ACTIVATION_EMAIL', True);
/*
* Send a sms to activate the phone account when it is created.
*/
define('SEND_ACTIVATION_SMS', True);
/*
* If false, creating an account with an email that is already used for another account will trigger an error
*/
define('ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS', True);
/*
* If true, when an account creation request is received for an existing number, assumes recover procedure
*/
define('RECOVER_ACCOUNT_IF_EXISTS', False);
/*
* Enabling geoloc of accounts in user_info table.
* When this option is set, the fields coutry_name and country_code will be filled
* with a call to api.ipapi.com
*
* Default value: False
*/
define("ENABLE_NEW_ACCOUNTS_GEOLOC", False);
/* API key for geoloc. If you need geoloc and don't have a key,
* ask it on ipapi.com
*/
define("GEOLOC_ACCESS_KEY", "");
?>
Please edit other setting files as needed.
2. Provisioning
It is used when changing the default settings of the Linphone app.
Click "FETCH REMOTE CONFIGURATION" from the Linphone app's assistant menu.
Create the default configuration file default.rc specified in provisioning.conf as shown before, and enter https://sip.example.cpm/flexisip-account-manager/provisioning.php in the input field of the URL below. Then, default.rc will be converted to an XML format configuration file, the contents will be load into the Linphone app, and the settings will be overwritten.
Create default.rc in the xmlrpc directory.
/flexisip-account-manager/xmlrpc/default.rc
#
#This file shall not contain path referencing package name, in order to be portable when app is renamed.
#Paths to resources must be set from LinphoneManager, after creating LinphoneCore.
[assistant]
domain=sip.example.com
xmlrpc_url=https://sip.example.com/flexisip-account-manager/xmlrpc.php
The standard settings file for the Linphone app is available below. We are verifying whether the default settings will be overwritten by customizing and loading this.
You can also read the user by directly specifying the file in XML format.
Below, the Linphone default XML-RPC server loads the registered user into the Linphone app.
Provisioning
https://wiki.linphone.org/xwiki/wiki/public/view/Lib/Features/Remote%20Provisioning/
Ex) Loading the User Account
Read by specifying the QR code or the following address from the Linphone assistant menu.
https://www.linphone.org/remote_provisioning.xml
Reference) XML-RPC
https://en.wikipedia.org/wiki/XML-RPC
3. Web Front Ends
Build the environment of Flexisip-Account-Manager by the artisan console of PHP framework Laravel.
Enter the php-fpm-laravel container defined in the docker-compose file and execute the following command in the flexiapi directory.
$ docker exec -ti php-fpm-laravel bash
# cd flexiapi
# composer install --no-dev
# cp .env.example .env
# php artisan key:generate
Set the database etc. in the .env file to which APP_KEY is added.
APP_NAME=FlexiAPI
APP_ENV=local
APP_KEY=base64:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
APP_DEBUG=false
APP_URL=https://www.example.com
APP_SIP_DOMAIN=www.example.com
APP_FLEXISIP_PROXY_PID=/var/run/flexisip-proxy.pid
APP_FLEXISIP_PUSHER_PATH=
APP_EVERYONE_IS_ADMIN=false
# SIP server parameters
ACCOUNT_PROXY_REGISTRAR_ADDRESS=ficus-home.duckdns.org # Proxy registrar address, can be different than the SIP domain
ACCOUNT_TRANSPORT_PROTOCOL_TEXT="TLS (recommended), TCP or UDP" # Simple text, to explain how the SIP server can be reached
ACCOUNT_REALM=null # Default realm for the accounts, fallback to the domain if not set, enforce null by default
# Account provisioning
ACCOUNT_PROVISIONING_RC_FILE=
ACCOUNT_PROVISIONING_OVERWRITE_ALL=
# Instance specific parameters
INSTANCE_COPYRIGHT= # Simple text displayed in the page footer
INSTANCE_INTRO_REGISTRATION= # Markdown text displayed in the home page
INSTANCE_CUSTOM_THEME=false
INSTANCE_CONFIRMED_REGISTRATION_TEXT= # Markdown text displayed when an account is confirmed
NEWSLETTER_REGISTRATION_ADDRESS= # Address to contact when a user wants to register to the newsletter
PUBLIC_REGISTRATION=true # Toggle to enable/disable the public registration forms
PHONE_AUTHENTICATION=true # Toggle to enable/disable the SMS support, requires public registration
DEVICES_MANAGEMENT=false # Toggle to enable/disable the devices management support
TERMS_OF_USE_URL= # A URL pointing to the Terms of Use
PRIVACY_POLICY_URL= # A URL pointing to the Privacy Policy
LOG_CHANNEL=stack
# External FlexiSIP database
# Ensure that you have the proper SELinux configuration to allow database connections, see the README
DB_DRIVER=mysql
DB_HOST=database_host
DB_PORT=3306
DB_DATABASE=flexisip
DB_USERNAME=flexisip
DB_PASSWORD=password
# Logs
# Ensure that you have the proper SELinux configuration to write in the storage directory, see the README
BROADCAST_DRIVER=log
CACHE_DRIVER=file
QUEUE_CONNECTION=sync
SESSION_DRIVER=cookie
SESSION_LIFETIME=120
# SMTP and emails
# Ensure that you have the proper SELinux configuration to allow emails sending, see the README
MAIL_DRIVER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=xxxxxxxxxxxxxxxxxx
MAIL_PASSWORD=xxxxxxxxxxxxxxxxxx
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=xxxxxxxx@gmail.com
MAIL_FROM_NAME=xxxxxxxxxxxx
MAIL_ALLOW_SELF_SIGNED=false
MAIL_VERIFY_PEER=true
MAIL_VERIFY_PEER_NAME=true
MAIL_SIGNATURE="The xxxxx Team"
MAIL_ENCRYPTION=tls
# OVH SMS API variables
OVH_APP_KEY=
OVH_APP_SECRET=
OVH_APP_ENDPOINT=ovh-eu
OVH_APP_CONSUMER_KEY=
OVH_APP_SENDER=
# Google reCaptcha v2 parameters
NOCAPTCHA_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NOCAPTCHA_SITEKEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Create the required tables for Flexisip. Install the driver extension module pdo_mysql that connects from php to mysql in advance (let's write this in the Dockerfile so that it will be installed when creating the php-fpm image).
https://www.php.net/manual/en/ref.pdo-mysql.php
# docker-php-ext-install pdo_mysql
Create a table with Laravel's Artisan console.
https://laravel.com/docs/8.x/artisan
# php artisan migrate
The following table will be created.
When you access the URL set in the .env file, the management screen page will be displayed.
Note that to enable the user registration, you need to set SMTP and emails (for email authentication), OVH SMS API variables (for SMS authentication) section and reCAPTCHA settings in the .env file.
Account creation / management home screen
User registration screen by email authentication
Note) If a 500 server error is displayed, review the flexiapi permissions or restart the container.
4. Administrator User Settings
Set any registered user as an administrator user.
Register an existing user as an administrator with the following Laravel php artisan console inside the php-fpm-laravel container. Specify the ID of the registered user.
$ dcoker exec -ti php-fpm-laravel bash
# php artisan accounts:set-admin USER_ID_NUMBER
php artisan help
https://laravel.com/docs/8.x/artisan
# php artisan --help
php artisan “accounts:set-admin” help
# php artisan accounts:set-admin --help
Description:
Give the admin role to an account
Usage:
accounts:set-admin <id>
Arguments:
id
By becoming an administrator user, you will be given the authority to manage, add, and edit other user accounts.
Admin area
User Accounts List
An User Account
5. Customize The Theme
Theme customization should be set in the .env file.
.env
.....
APP_ENV=local
.....
INSTANCE_CUSTOM_THEME=true
.....
# memo
# If you set INSTANCE_CUSTOM_THEME to true(.env), FlexiAPI will try to load a CSS # file located in public/css/$APP_ENV.style.css. If the file doesn’t exists it will fallback to public/css/style.css.
# We advise you to copy the style.css file and rename it to make your custom CSS # configurations for your instance.
GitHub : Flexisip + Account Manager on Ubuntu 20.04
Upload related files to GitHub below. Some configuration files are omitted for security reasons. Please read the comment section of the docker-compose file.
docker-flexisip/ubuntu20-04 at master · capitalfuse/docker-flexisip