社区微信群开通啦,扫一扫抢先加入社区官方微信群
社区微信群
网页集成软电话需要使用https协议,页面与freeswitch平台建立websocket长连接。使用jssip库进行相关开发
wget http://files.freeswitch.org/downloads/ssl.ca-0.1.tar.gz
tar zxfv ssl.ca-0.1.tar.gz
[root@localhost ~]# cd ssl.ca-0.1/
[root@localhost ssl.ca-0.1]# perl -i -pe 's/md5/sha1/g' *.sh
[root@localhost ssl.ca-0.1]# perl -i -pe 's/2048/2048/g' *.sh
[root@localhost ssl.ca-0.1]# ./new-root-ca.sh
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
.....................++++++
...............................................................++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key: 根证书密码
Verifying - Enter pass phrase for ca.key:
Self-sign the root CA...
Enter pass phrase for ca.key: 根证书密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:CN 国籍
State or Province Name (full name) [Perak]:bj 省份
Locality Name (eg, city) [Sitiawan]:bj 市
Organization Name (eg, company) [My Directory Sdn Bhd]:qd 公司名称
Organizational Unit Name (eg, section) [Certification Services Division]:ts 组织名称
Common Name (eg, MD Root CA) []:su 常用名
Email Address []:su@163.com 邮箱地址
[root@localhost ssl.ca-0.1]# ./new-server-cert.sh server
Fill in certificate data
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:bj
Locality Name (eg, city) [Sitiawan]:bj
Organization Name (eg, company) [My Directory Sdn Bhd]:qd
Organizational Unit Name (eg, section) [Secure Web Server]:ts
Common Name (eg, www.domain.com) []:www.fstest.com 此处须域名
Email Address []:su@163.com
You may now run ./sign-server-cert.sh to get it signed
[root@localhost ssl.ca-0.1]# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'bj'
localityName :PRINTABLE:'bj'
organizationName :PRINTABLE:'qd'
organizationalUnitName:PRINTABLE:'ts'
commonName :PRINTABLE:'www.fstest.com'
emailAddress :IA5STRING:'su@163.com'
Certificate is to be certified until Nov 9 06:26:54 2019 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK
出现:/etc/pki/CA/index.txt: No such file or directory
执行命令:
touch /etc/pki/CA/index.txt
出现:/etc/pki/CA/serial: No such file or directory
执行命令:
echo 00 > /etc/pki/CA/serial
执行完毕后,生成了server.crt文件
[root@localhost ssl.ca-0.1]# cat server.crt server.key > wss.pem
[root@localhost certs]# cd /usr/local/freeswitch/certs/
[root@localhost certs]# ls
dtls-srtp.pem tls.pem wss.crt wss.pem
删除已有的dtls-srtp.pem,FS重启后会自动生成!
[root@localhost certs]# rm -rf dtls-srtp.pem wss.pem
[root@localhost certs]# cp /usr/local/freeswitch/certs/wss.pem ./
[root@localhost certs]# ls
tls.pem wss.crt wss.pem
[root@localhost certs]# freeswitch -stop
Killing: 26732
[root@localhost certs]# freeswitch -nc
29868 Backgrounding.
修改freeswitch配置文件
[root@254 ssl.ca-0.1]# vim /usr/local/freeswitch/conf/sip_profiles/internal.xml
设置wss-binding,默认为7443,可修改
<param name="wss-binding" value=":7443"/>
[root@254 ssl.ca-0.1]# vim /usr/local/freeswitch/conf/vars.xml
设置以下参数
<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/>
conf/autoload_configs/acl.conf.xml 中,加入下面配置:
<list name="localnet.auto" default="allow">
</list>
然后,conf/sip_profiles/internal.xml 中加入下列配置:
<param name="apply-candidate-acl" value="rfc1918.auto"/>
<param name="apply-candidate-acl" value="localnet.auto"/>
检查是否成功
执行此命令可以看到wss所绑定的端口
[root@254 ssl.ca-0.1]# fs_cli -x 'sofia status profile internal' | grep WSS-BIND-URL
WSS-BIND-URL sips:mod_sofia@192.168.0.254:7443;transport=wss
最后再次重启或F6重新加载配置
[root@localhost ~]# nginx -V
nginx version: nginx/1.9.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/data/nginx --with-http_ssl_module
--with-http_ssl_module
否则需要自行安装vim /data/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# HTTPS server
server {
listen 443 ssl;
server_name fstest.com www.fstest.com;
ssl on;
## server.crt 和server.key 是上面生成的证书文件
ssl_certificate /root/ssl.ca-0.1/server.crt;
ssl_certificate_key /root/ssl.ca-0.1/server.key;
# ssl_session_cache shared:SSL:1m;
ssl_session_timeout 50m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
location / {
root /data/demo/; #前端编译后的静态页面目录
}
}
server {
listen 80;
server_name fstest.com www.fstest.com; #多个域名用空格分开
#将请求转成https
rewrite ^(.*)$ https://$host$1 permanent;
}
}
使用jssip类库集成。详情参见jssip官方文档和官方demo或者本篇文章使用的demo(推荐)
测试通话
修改本机hosts文件,以Mac系统为例:
打开命令行窗口 或者 item
sudo vi /etc/hosts
输入密码
加入:192.168.1.34 www.fstest.com
:wq保存退出
打开浏览器(chorme)地址栏输入:
chrome://flags/#unsafely-treat-insecure-origin-as-secure
如下图设置
重启浏览器后地址栏输入:https://www.fstest.com
(结合nginx配置)
如下图设置
输入账号,密码,先注册,成功后即可拨打或者接听电话!
#参考资料
参考地址:http://www.bubuko.com/infodetail-2032889.html
中文文档:http://www.dujinfang.com/2010/04/14/freeswitch-chu-bu.html
《Freeswitch权威指南》
https://blog.csdn.net/weixin_42275389/article/details/89183536
如果觉得我的文章对您有用,请随意打赏。你的支持将鼓励我继续创作!