FICUSONLINE F9E
FLEXISIP + ACCOUNT MANAGER ON DOCKER CENTOS7
Deploy a CentOS7 docker container including the Official Flexisip Server and LAMP Server including Account Manager Web Frontend. LAMP Server and Flexisip Server run independently each other.
Takanobu FuseAdministrator

12 min read

4 years ago

Cloud / Server

The conditions are;

(1) Install all applications required to the LAMP server into one docker image file

(2) Install all applications required to the Flexisip server into one docker image file

(3) For implementing multi tasks in one container, embedded the system daemon:systemd

NOTES) Because of the difference for the flexisip server settings under your environment, you have to tweak these by yourself (MOST Important : Flexisip config + XMLRPC related files + Database settings and so on). Official Acount Manager web frontend design is different from mine introduced before. Officials adopts more simple design.

If you want to tweak these to meet your environment, please contact me.


Please visit the following Github site to check docker files, docker-compose files and so on.

https://github.com/capitalfuse/centos7_environment


1. Build CentOS7 Base Image with working systemd

First of all, create the docker image file running system daemon based on CentOS7, and build it.

centos7_environment/docker_files/centos7_systemd_base_image/Dockerfile

FROM centos:7
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]

Build,

$ cd dockerfiles/centos7_systemd_base_image
$ docker build --rm -t local/c7-systemd .

Confirm this image

$ docker images
REPOSITORY  local/c7-systemd 

2. Build LAMP Server image besed on local/c7-systemd

Create Dockerfile:lamp-c7 for building New LAMP Sever Image based on local/c7-systemd.

centos7_environment/docker_files/lamp-c7

FROM local/c7-systemd
MAINTAINER Takanobu Fuse< [email protected]>

# Prepare the Belledonne's repository
COPY Belledonne.repo /etc/yum.repos.d/Belledonne.repo

# Install varioius utilities
RUN yum -y install curl wget unzip git vim nano \
iproute sysvinit-tools hostname inotify-tools yum-utils which epel-release \
freetype-dev libjpeg-turbo-dev zip libxml2-dev icu-dev nodejs-current npm

# Install Apache
RUN yum -y install httpd httpd-mod_ssl httpd-mod_auth_mellon httpd-mod_security openssl

# Install PHP 7.3 
RUN yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm \
&& yum-config-manager --disable remi-php54 \
&& yum-config-manager --enable remi-php73 \
&& yum -y install php php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json \
   php-pdo php-soap php-xmlrpc php-xml php-opcache php-pdo_mysql php-zip php-mysqli php-intl

# Reconfigure Apache
RUN sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf

# Install phpMyAdmin
RUN yum install -y phpMyAdmin \
&& sed -i 's/Require ip 127.0.0.1//g' /etc/httpd/conf.d/phpMyAdmin.conf \
&& sed -i 's/Require ip ::1/Require all granted/g' /etc/httpd/conf.d/phpMyAdmin.conf \
&& sed -i 's/Allow from 127.0.0.1/Allow from all/g' /etc/httpd/conf.d/phpMyAdmin.conf \
&& sed -i "s/'cookie'/'config'/g" /etc/phpMyAdmin/config.inc.php \
&& sed -i "s/\['user'\] .*= '';/\['user'\] = 'root';/g" /etc/phpMyAdmin/config.inc.php \
&& sed -i "s/\['password'\] .*= '';/\['password'\] = 'password1234';/g" /etc/phpMyAdmin/config.inc.php \
# && sed -i "/AllowNoPassword.*/ {N; s/AllowNoPassword.*FALSE/AllowNoPassword'] = TRUE/g}" /etc/phpMyAdmin/config.inc.php \
&& sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 512M/g' /etc/php.ini \
&& sed -i 's/post_max_size = 8M/post_max_size = 512M/g' /etc/php.ini \
&& sed -i 's/memory_limit = 128M/memory_limit = 512M/g' /etc/php.ini

# Install MariaDB
# https://downloads.mariadb.org/mariadb/repositories/#distro=CentOS&distro_release=centos7-amd64--centos7&mirror=netactuate&version=10.5
# After start container, MariaDB [(none)]> set password for 'root'@localhost = password("password1234");
COPY MariaDB.repo /etc/yum.repos.d/MariaDB.repo
RUN yum -y install MariaDB-server MariaDB-client
### Create database and use and set root password in docker container lamp-c7
########## $ mariadb -u root -e 'create database flexisip;'
########## $ mariadb -u root -e 'grant all privileges on flexisip.* TO 'flexisip'@'localhost' identified by 'password1234';'
########## $ mariadb -u root -e 'set password for 'root'@localhost = password("password1234");'
# Place VOLUME statement below all changes to /var/lib/mysql
VOLUME /var/lib/mysql
#EXPOSE 3306

# Install Redis
RUN yum -y install redis
#EXPOSE 3000

# UTC Timezone & Networking
RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
&& echo "NETWORKING=yes" > /etc/sysconfig/network

# Install Composer and Laravel
COPY composer_installer.sh /var/www/html
RUN cd /var/www/html \
&& ./composer_installer.sh \ 
&& mv composer.phar /usr/local/bin/composer \
&& chown -R apache:apache /var/www/html \
&& composer global require laravel/installer \
&& ln -s /root/.config/composer/vendor/laravel/installer/bin/laravel /usr/local/bin/laravel

# Install flexisip-account-manager
#RUN yum -y install centos-release-scl-rh \
#RUN yum -y install bc-flexisip-account-manager \
#&& chown -R apache:apache /opt/belledonne-communications/share/flexisip-account-manager
#&& cp /opt/rh/httpd24/root/etc/httpd/conf.d/flexisip-account-manager.conf /etc/httpd/conf.d/
### OR
# Install latest flexisip-account-manager from github
RUN mkdir -p /opt/belledonne-communications/share/flexisip-account-manager /etc/flexisip-account-manager /var/opt/belledonne-communications/flexiapi/storage \
&& cd /tmp \
&& git clone https://gitlab.linphone.org/BC/public/flexisip-account-manager.git \
&& cd flexisip-account-manager \
&& cp -R flexiapi /opt/belledonne-communications/share/flexisip-account-manager/ \
&& cp -R src/* /opt/belledonne-communications/share/flexisip-account-manager/ \
&& cp -R conf/* /etc/flexisip-account-manager/ \
&& cp httpd/* /etc/httpd/conf.d/ \
### setting connfig file for flexisip account manager
&& sed -i "s/\"DB_USER\",.*\".*\"/\"DB_USER\", \"root\"/g" /etc/flexisip-account-manager/db.conf \
&& sed -i "s/\"DB_PASSWORD\",.*\".*\"/\"DB_PASSWORD\", \"password1234\"/g" /etc/flexisip-account-manager/db.conf \
&& sed -i "s/\"DB_NAME\",.*\".*\"/\"DB_NAME\", \"flexisip\"/g" /etc/flexisip-account-manager/db.conf \
&& sed -i "s/(\"REMOTE_PROVISIONING_OVERWRITE_ALL\",.*);/(\"REMOTE_PROVISIONING_OVERWRITE_ALL\", True);/g" /etc/flexisip-account-manager/provisioning.conf \
&& touch /var/opt/belledonne-communications/flexiapi/storage/db.sqlite \
&& chown -R apache:apache /opt/belledonne-communications/share/flexisip-account-manager \
&& cd /opt/belledonne-communications/share/flexisip-account-manager/flexiapi \
&& composer install --no-dev
### Implement the below php commnds in docker container lamp-c7
########## $ php /opt/belledonne-communications/share/flexisip-account-manager/tools/create_tables.php
########## $ php artisan key:generate
########## $ php artisan migrate:rollback
########## $ php artisan migrate
### set an account admin user {account_id}, in advance create user and use user's account_id 
########## $ php artisan accounts:set-admin 1

# Make the log directory and the log file for flexisip-account-manager    
RUN mkdir -p /var/opt/belledonne-communications/log \
&& cd /var/opt/belledonne-communications/log \
&& touch account-manager.log \
&& chown apache:apache account-manager.log

#EXPOSE 80

RUN systemctl enable httpd.service mariadb.service redis.service
CMD ["/usr/sbin/init"]

To build New LAMP docker image based on local/c7-systemd, there are two methos, the docker command method with options and the docker-compose command method including options. You choose which one. I choosed latter, so the doker-compose file seems to be like the below.

centos7_environment/docker_files/docker-compose.lamp.yml

version: '3.5'

services:
  # LAMP Server
  lamp-c7:
    container_name: lamp-c7
    build: 
      context: ./docker_files
      dockerfile: lamp-c7
    tty: true
    volumes:
      # for Systemd integration:https://hub.docker.com/_/centos
      - /sys/fs/cgroup:/sys/fs/cgroup:ro 
      - ${MAKE_TEMP}:/run
      # shared database
      - mariadb:/var/lib/mysql
      # copy flexiapi env file
      - ./flexiapi_env/flexiapi.env:/opt/belledonne-communications/share/flexisip-account-manager/flexiapi/.env
      # for laravel php framework
      # - ./html:/var/www/html:rw
      # - ./etc/flexisip-account-manager:/etc/flexisip-account-manager:rw
      # shared apache default.conf between host and container
      # - ./etc/http:/etc/http/conf.d/default.conf
      # shared the directory /var/www/html
      # - ./html:/var/www/html 
    restart: always
    network_mode: host
    cap_add:
      - SYS_ADMIN
    privileged: true
    devices:
      - /dev/fuse

# need to "$ docker volume create mariadb"
volumes:
  mariadb:
    external: true 

Build command;

$ docker-compose -f docker-compose.lamp.yml build

3. Build Flexisip SIP Server image besed on local/c7-systemd

Same as the above, create Dockerfile:flexisip-c7 for building New Flexisip Sever Image based on local/c7-systemd.

centos7_environment/docker_files/flexisip-c7

FROM local/c7-systemd
MAINTAINER  Jehan Monnier < [email protected]>

# Prepare the Belledonne's repository
COPY Belledonne.repo /etc/yum.repos.d/Belledonne.repo
RUN yum -y install epel-release  yum-downloadonly gdb
RUN yum update -y

# Download rpm to be able to skip systemd's scripts
RUN yum install -y --downloadonly --downloaddir=/opt bc-flexisip bc-flexisip-debuginfo bc-flexisip-jwe-auth-plugin
RUN mv /opt/bc-flexisip*.rpm /tmp
RUN rpm -i /opt/*.rpm
RUN rpm -i --noscripts /tmp/bc-flexisip*.rpm
#RUN echo '/tmp/core' > /proc/sys/kernel/core_pattern

RUN rm /opt/*.rpm

# Add it to the default path
ENV PATH=$PATH:/opt/belledonne-communications/bin

WORKDIR /opt/belledonne-communications

# Generate a default configuration
RUN flexisip --dump-default all > /etc/flexisip/flexisip.conf

VOLUME /etc/flexisip
COPY flexisip/flexisip-entrypoint.sh /
COPY flexisip/backtrace.gdb /
RUN chmod a+x /flexisip-entrypoint.sh

# Script to wait db before launch flexisip [Licence Apache2]
ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.2.1/wait /wait
RUN chmod +x /wait
RUN yum clean all

# Make the proxy and presence servers to start on system boot
RUN systemctl enable flexisip-proxy flexisip-presence
CMD ["/usr/sbin/init"]

Create the following docker-compose file and build New Flexisip Server Image.

NOTE)Important: flexisip configration file will be overwrited to config/felxisip.conf, so, in advance, you shoud modify each sections in it to meet your requirements.

centos7_environment/docker_files/docker-compose.flexisip.yml

version: '3.5'

services:
  # Flexisip SIP Server
  flexisip-c7:
    container_name: flexisip-c7
    build: 
      context: ./docker_files
      dockerfile: flexisip-c7
    tty: true   
    volumes:
      # for Systemd integration:https://hub.docker.com/_/centos
      - /sys/fs/cgroup:/sys/fs/cgroup:ro 
      - ${MAKE_TEMP}:/run
      #- ./letsencrypt:/etc/flexisip/tls
      - ./config:/etc/flexisip
     ### If you are using TLS Support for Apache to listen on 443 in the container drop them in /certs and set these:
      #- TLS_CERT=cert.pem
      #- TLS_KEY=key.pem
    restart: always
    network_mode: host
    cap_add:
      - SYS_ADMIN
    privileged: true
    devices:
      - /dev/fuse

Build the New Flexisip Server Image

$ docker-compose -f docker-compose.flexisip.yml build

4. How to run above images

In advance, create shared volume for mariadb database backup

$ docker volume create mariadb

CentOS7 LAMP Server start by docker-compose.lamp.yml If you don't run containers under Ubuntu host, move "MAKE_TEMP=/tmp/$(mktemp -d)" and delete "- ${MAKE_TEMP}:/run" in docker-compose file.

$ MAKE_TEMP=/tmp/$(mktemp -d) docker-compose -f docker-compose.lamp.yml up -d

CentOS7 Flexisip SIP Server start by docker-compose.flexisip.yml If you don't run containers under Ubuntu host, move "MAKE_TEMP=/tmp/$(mktemp -d)" and delete "- ${MAKE_TEMP}:/run" in docker-compose file.

$ MAKE_TEMP=/tmp/$(mktemp -d) docker-compose -f docker-compose.flexisip.yml up -d

If you want to deploy on the production CentOS system, check the following dockerfiles

docker_files/lamp-c7

docker_files/flexisip-c7

Implement the commands COPY, RUN and ENV lines in your Linux OS terminal(Not Inspected).


5. Set mariadb root password

For login to phpmyadmin by "root" admin user, set password in mariadb console.

$ docker exec -ti lamp-c7 bash
# mariadb
>MariaDB [(none)]> set password for 'root'@localhost = password("password1234");

6. Create database for flexisip

In phpmyadmin or mariadb console, create user "flexisip" with the same database "flexisip", password "password1234"


7. Modify the following files and create table for flexisip

Input DB_USER, DB_PASSWORD and DB_NAME defined by the above.

In lamp-c7 container;

etc/flexisip-account-manager/db.conf

/*
 * The database username.
 *
 * Default value: flexisip_rw
 */
define("DB_USER", "root");

/*
 * The database user's password.
 *
 * Default value:
 */
define("DB_PASSWORD", "password1234");

/*
 * The name of the database.
 *
 * Default value: flexisip
 */
define("DB_NAME", "flexisip");

Implement the following script to make flexisip table.

In lamp-c7 container;

$ php /opt/belledonne-communications/share/flexisip-account-manager/tools/create_tables.php

8. Load Custom Settings by XMLRPC Server(Provisioning)

For activing the override remote provisioning, "REMOTE_PROVISIONING_OVERWRITE_ALL" should be set to "True"

NOTE) Official Linphone App doen't load your custom settings by default. You need to modify Linphone App source code and rebuild it to activate and load your custom settings.

About how to activate and load custom settings, check the blog contents about email activation.

2020/11/03: Retrieved. No need to compile Linphone. Your provisioning settings will be loaded via "Fetch Remote Configuration".

In lamp-c7 container;

/etc/flexisip-account-manager/provisioning.conf

define("REMOTE_PROVISIONING_OVERWRITE_ALL", True);

By Creating the following default.rc, this is transformed automatically to provisioning XML file format by accessing : https://sip.example.cpm/flexisip-account-manager/provisioning.php .

In this case, you should input this URL as provisioning URL into Linphone Android "Remote Setting" menu.

In lamp-c7 container;

/opt/belledonne-communications/share/flexisip-account-manager/xmlrpc/default.rc

#
#This file shall not contain path referencing package name, in order to be portable when app is renamed.
#Paths to resources must be set from LinphoneManager, after creating LinphoneCore.
[assistant]
domain=sip.example.com
xmlrpc_url=https://sip.example.com/flexisip-account-manager/xmlrpc.php

OR

You can create own provisioning file by XML format like the below;

In lamp-c7 container;

/opt/belledonne-communications/share/flexisip-account-manager/xmlrpc/custom_provisioning.xml

 version="1.0" encoding="UTF-8"?>
< config xmlns="http://www.linphone.org/xsds/lpconfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.linphone.org/xsds/lpconfig.xsd lpconfig.xsd">
	< section name="assistant">
		< entry name="domain" overwrite="true">sip.example.com < /entry>
		< entry name="xmlrpc_url" overwrite="true">https://sip.example.com/flexisip-account-manager/xmlrpc.php < /entry>
	< /section>
< /config>

In this case, you should input the below URL as provisioning URL into Linphone Android "Remote Setting" menu. https://sip.example.cpm/flexisip-account-manager/custom_provisioning.xml

Please see also the following reference about provisioning;

https://wiki.linphone.org/xwiki/wiki/public/view/Lib/Features/Remote%20Provisioning/


9. Flexisip-Account-Manager Web Frontend

Modify the following file to access localhost database.

In lamp-c7 container;

/etc/flexisip-account-manager/fleiapi.env

.....
.....
# Local FlexiAPI database
DB_DATABASE=/var/opt/belledonne-communications/flexiapi/storage/db.sqlite

# External FlexiSIP database
DB_EXTERNAL_DRIVER=mysql
DB_EXTERNAL_HOST=127.0.0.1
DB_EXTERNAL_PORT=3306
#DB_EXTERNAL_DATABASE=/var/opt/belledonne-communications/flexiapi/storage/external.db.sqlite
DB_EXTERNAL_DATABASE=flexisip
DB_EXTERNAL_USERNAME=root
DB_EXTERNAL_PASSWORD=password1234
.....
.....
# SMTP and emails
MAIL_DRIVER=smtp
MAIL_HOST=smtp.XXXXX
MAIL_PORT=XXXX
MAIL_USERNAME=XXXXXXXX
MAIL_PASSWORD=XXXXXXXX
MAIL_FROM_ADDRESS=[email protected]
MAIL_FROM_NAME="${APP_NAME}"
MAIL_ALLOW_SELF_SIGNED=false
MAIL_VERIFY_PEER=true
MAIL_VERIFY_PEER_NAME=true
MAIL_SIGNATURE="The Example Team"

# OVH SMS API variables
OVH_APP_KEY=
OVH_APP_SECRET=
OVH_APP_ENDPOINT=ovh-eu
OVH_APP_CONSUMER_KEY=
OVH_APP_SENDER=

# Google reCaptcha v2 parameters
NOCAPTCHA_SECRET=XXXXXXXXXXXXXXXXXXXX
NOCAPTCHA_SITEKEY=XXXXXXXXXXXXXXXXXXX

In lamp-c7 container;

Implement the following php artisan command in '/opt/belledonne-communications/share/flexisip-account-manager/flexiapi` to cretate account table.

$ cd /opt/belledonne-communications/share/flexisip-account-manager/flexiapi
$ chown -R apache:apache /opt/belledonne-communications/share/flexisip-account-manager/flexiapi
$ php artisan key:generate
$ php artisan migrate:rollback
$ php artisan migrate

As not exist server.php(If you don't need to check as local address:http://localhost:8000, no need) in /opt/belledonne-communications/share/flexisip-account-manager/flexiapi directory, make it.

Note) No need this process if you could install the source from github.

In lamp-c7 container;

/opt/belledonne-communications/share/flexisip-account-manager/flexiapi/server.php

/**
 * Laravel - A PHP Framework For Web Artisans
 *
 * @package  Laravel
 * @author   Taylor Otwell < [email protected]>
 */

$uri = urldecode(
    parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)
);

// This file allows us to emulate Apache's "mod_rewrite" functionality from the
// built-in PHP web server. This provides a convenient way to test a Laravel
// application without having installed a "real" web server software here.
if ($uri !== '/' && file_exists(__DIR__.'/public'.$uri)) {
    return false;
}

require_once __DIR__.'/public/index.php';

In lamp-c7 container;

Start flexisip-account-manager server:

$ php artisan serve --host 127.0.0.1

Access

http://localhost:8000

Normally, don't need to execute "php artisan serve" command, so access;

http://yourdomain.com/flexiapi

If you try latest version frontend, download it from github and copy it into this directory; /opt/belledonne-communications/share/flexisip-account-manager/flexiapi

Github 'https://gitlab.linphone.org/BC/public/flexisip-account-manager/tree/master/flexiapi'

I will add or fix about this contents in the forum(only Japanese).

Flexiapi001

 

Flexiapi002