File: repro.README.Debian

package info (click to toggle)
resiprocate 1%3A1.9.7-5
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 36,456 kB
  • ctags: 27,123
  • sloc: cpp: 195,346; xml: 12,515; sh: 11,986; ansic: 6,807; makefile: 2,182; php: 1,150; python: 300; objc: 91; sql: 85; perl: 21; csh: 5
file content (122 lines) | stat: -rw-r--r-- 3,882 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

Background
----------

The original goal of repro was to provide a SIP proxy that is
very easy to get started with.  That was summarised in a post
to the mailing list from Cullen Jennings in 2004:

   "I thought I would just start an email thread on thins
   that would be nice in an open source proxy.

   The key thing is the out of box experience, you can go
   from nothing to having a running proxy that allows phone A
   to call phone B in 15 minutes.

   The key property of it is that it provides what is needed for
   secure phone calls with devices behind a NAT."

   http://list.resiprocate.org/archive/resiprocate-devel/msg00639.html

This package aims to help fulfil that promise.

Important - upgrades from v1.8.x to v1.9.0 and beyond
-----------------------------------------------------

Earlier versions of repro stored the web admin password in repro.config.
As of v1.9.0, the web admin password is stored in a separate file,
using a format compatible with the Apache htdigest utility.

It is necessary to specify the location of the users.txt file in
repro.config, for example, like this:

  HttpAdminUserFile = /etc/repro/users.txt

and manually set the admin password.  The easiest way to create the users.txt
file and set the password is using the htdigest utility, for example:

  # htdigest -c /etc/repro/users.txt repro admin

In this example, the realm value, 'repro', must match the HttpAdminRealm
value in repro.config (if not specified, the default realm name is repro).

Quick start
-----------

After installing the package, the daemon starts.

There is a built-in web server listening on port 5080
with username = admin, password = admin.

You can (and definitely should) change the password in
/etc/repro/repro.config

Using the web interface, you can:
- add SIP accounts for your devices
- set routing rules for calls between devices or calls
  to external gateways

Most other things (e.g. setting up SSL/TLS) is currently done
by modifying /etc/repro/repro.config

More complete documentation is here:

  http://www.resiprocate.org/Using_Repro

SSL/TLS on Debian
-----------------

The normal place for certs on Debian is in /etc/ssl

Before repro v1.9.0~beta9, repro had particular expectations about
certificate filenames and permissions.

In particular, they needed to have names matching a particular
template.

Now, however, it is possible to specify any arbitrary certificate
and key filenames on a per-transport basis, e.g.

Transport1TlsCertificate = /etc/ssl/ssl.crt/sip-server.example.org.crt
Transport1TlsPrivateKey = /etc/ssl/ssl.key/sip-server.example.org.key

The TlsCertificate file should also contain any intermediate certificates.
The server certificate should be first and the intermiediate certificates
should be listed in order, starting with the one that signed your
certificate and finishing with the one below the root.

  Intermediate certificates
  -------------------------

    Sometimes the CA provides an intermediate certificate.
    The intermediate certificate(s) should be appended to
    the file containing the server certificate.  repro
    will read all the certificates in the file and 
    present them to the TLS client.

    Please be aware that some older IP phones may not
    work with intermediate certificates, 4096 bit certificates,
    high-security hash algorithms such as SHA256.

  Testing TLS with OpenSSL
  ------------------------

    You can make a test connection like this:

      openssl s_client \
          -connect secure.trendhosting.net:5061 \
          -tls1 \
          -CAfile /etc/ssl/certs/ca-certificates.crt

    Once the connection is confirmed, you can cut and paste
    SIP messages and see the replies from repro.

Getting help
------------

Please feel free to join the repro-users mailing list
if you have questions:

  http://list.resiprocate.org/mailman/listinfo