FICUSONLINE F9E
Flexisip SIP Server on Ubuntu 20.04 (Docker-Compose)
Create the Flexisip Docker Image (Ubuntu 20.04) by using the Flexisip DEB packages introduced in the previous blog post. The Flexisip Image and the other images (Redis, Nginx, MariaDB, PHP-FPM) necessary for running the SIP server system are centrally managed by the Docker-Compose file to operate the SIP Server System.
Takanobu FuseAdministrator

14 min read

3 years ago

Linux

This time, I will introduce the procedure to create the Docker-Compose file, and in the next blog, I will introduce Flexisip Account Manager, which is a web front end for user registration and management, and the provisioning for loading the settings of Linphone application.

Docker Flexisip System

In advance, prepare the Dockerfile for creating the Flexisip Image and other related images required for the Docker-Compose file.

1. Flexisip Docker Image

2. Redis(alpine) Dockerfile

3. Nginx(alpine) Dockerfile

4. PHP-FPM-Laravel(alpine) Dockerfile

5. phpMyAdmin(alpine) Dockerfile

6 Docker-Compose File


1. Flexisip Docker Image

Works in the downloaded Flexisip directory.

Copy the already built flexisip DEB packages to the newly created DEBS folder in the flexisip/docker directory. The + marks in the figure below mean the files or directory to be added.

Flexisip Docker Directory

Next, prepare the Dockerfile: flex-ubuntu-from-deb for creating the Flexisip Docker Image in the flexisip/docker directory.

Dockerfile:flex-ubuntu-from-deb

FROM ubuntu:20.04
MAINTAINER  Takanobu Fuse < [email protected]>

ENV DEBIAN_FRONTEND=noninteractive

# Prepare dependencies + SNMP:https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/SNMP/
RUN apt-get update && apt-get install -y nano xsdcxx gdb libmariadb3 net-tools iptables snmp snmpd snmp-mibs-downloader
RUN update-alternatives --set iptables /usr/sbin/iptables-nft \
    && update-alternatives --set ip6tables /usr/sbin/ip6tables-nft

# Get flexisip package
COPY DEBS/*.deb DEBS/*.ddeb deb-packages/
RUN apt-get install -y /deb-packages/bc-*.deb /deb-packages/bc-*.ddeb
RUN rm -rf /deb-packages

# Add it to the default path
ENV PATH=$PATH:/opt/belledonne-communications/bin
ENV LD_LIBRARY_PATH=/opt/belledonne-communications/lib

WORKDIR /opt/belledonne-communications

# Generate a default configuration
RUN flexisip --dump-default all > /etc/flexisip/flexisip.conf

VOLUME /etc/opt/belledonne-communications/flexisip
VOLUME /var/opt/belledonne-communications/log/flexisip
COPY flexisip-entrypoint.sh /
# COPY flexisip-snmpd.sh /
COPY backtrace.gdb /
# COPY snmp.conf /etc/snmp/snmp.conf
COPY snmpd.conf /etc/snmp/snmpd.conf
RUN chmod a+x /flexisip-entrypoint.sh # /flexisip-snmpd.sh

# Script to wait db before launch flexisip [Licence Apache2]
ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.2.1/wait /wait
RUN chmod +x /wait

ENTRYPOINT ["/flexisip-entrypoint.sh"]
# CMD ["/flexisip-snmpd.sh"]
CMD flexisip

Also, add a few command lines to the Makefile to build the image from this Dockerfile.

Makefile

BASE_NAME=gitlab.linphone.org:4567/bc/public/flexisip
$(eval GIT_DESCRIBE = $(shell sh -c "git describe"))
DOCKER_TAG=$(BASE_NAME):$(GIT_DESCRIBE)
DOCKER_FILE=flex-from-src

# We cannot use dockerfile's COPY outside build context
# we use then flexisip directory as context for flex-from-src instead of docker directory

ifeq ($(DOCKER_FILE), flex-from-src)
  CONTEXT=..
else
  CONTEXT=.
endif

flexisip-build:
	docker build -f $(DOCKER_FILE) --pull --no-cache -t $(DOCKER_TAG) --rm $(CONTEXT)

flexisip-push:
	docker push $(DOCKER_TAG)

flexisip-clean:
	docker image rm $(DOCKER_TAG)

flexisip-deb-before:
	$(eval DOCKER_FILE = flex-from-deb)
	# forcing context to .
	# at the moment of the condition above being executed, $DOCKER_FILE doesn't have the right value
	$(eval CONTEXT = .)
	$(eval DOCKER_TAG = $(DOCKER_TAG)-deb)

# For Ubuntu 20.04
flexisip-ubuntu-deb-before:
	$(eval DOCKER_FILE = flex-ubuntu-from-deb)
	# forcing context to .
	# at the moment of the condition above being executed, $DOCKER_FILE doesn't have the right value
	$(eval CONTEXT = .)
	$(eval DOCKER_TAG = $(DOCKER_TAG)-deb)

flexisip-deb-build: flexisip-deb-before flexisip-build

flexisip-deb-push: flexisip-deb-before flexisip-push

flexisip-deb-clean: flexisip-deb-before flexisip-clean

# For Ubuntu 20.04
flexisip-ubuntu-deb-build: flexisip-ubuntu-deb-before flexisip-build

flexisip-ubuntu-deb-push: flexisip-ubuntu-deb-before flexisip-push

flexisip-ubuntu-deb-clean: flexisip-ubuntu-deb-before flexisip-clean

.PHONY: flexisip-build

Execute the following command on the host machine to create a Flexisip Docker Image.

$ make flexisip-ubuntu-deb-build

Confirm the created image

$ docker images
REPOSITORY                                                      TAG                           IMAGE ID       CREATED        SIZE
gitlab.linphone.org:4567/bc/public/flexisip                     2.1.0-beta-14-g0ba5e300-deb   715a157478c9   2 weeks ago    842MB
gitlab.linphone.org:4567/bc/public/linphone-sdk/bc-dev-ubuntu   20.04                         9b42d1ba1b96   2 weeks ago    2.59GB

Since SNMP is an option, please refer to the forum article for installation and its functions.


2. Redis(alpine) Dockerfile

Create a Dockerfile for Redis, a cache memory that temporarily stores the Flexisip User IP. It is created based on the Alpine image, but since the configuration file is not provided by default, please download it from the original site.

Set the following (1) bind and (2) requirepass in the downloaded configuration file:redis.conf.

(1) bind

Added IP 172.xx.x.x of redis container specified in docker-compose file to bind item so that it can be accessed from other containers in the docker network.

bind 127.0.0.1 172.xx.x.x

(2) requirepass

Create a 60-character random password from the openssl command below.

$ openssl rand 60 | openssl base64 -A
ZeXT9aNJc3FjrVZ3i7XYAiqaUXq6OU40C9hbrF3d9oG+Ox+BB51/6O4aZaalXQzQ8UxTqRQx86CnEEiR

Copy the created password to requirepass section in redis.conf.

requirepass ZeXT9aNJc3FjrVZ3i7XYAiqaUXq6OU40C9hbrF3d9oG+Ox+BB51/6O4aZaalXQzQ8UxTqRQx86CnEEiR

Prepare the following dockerfile:redis-alpine to create a redis image that incorporates the above redis.conf.

dockerfile:redis-alpine

FROM redis:alpine

RUN apk add --no-cache bash nano
COPY redis/redis.conf /etc/redis/redis.conf

3. Nginx(alpine) Dockerfile

In order to manage the schedule for authentication updates by certbot, prepare dockerfile:nginx-alpine to create an image by adding a clone job daemon:crond to the default job:Nginx.

dockerfile:nginx-alpine

FROM nginx:alpine

# Set working directory
WORKDIR /var/www/html

RUN apk add --no-cache bash nano tzdata certbot-nginx \
    && cp /usr/share/zoneinfo/Asia/Tokyo /etc/localtime \
    && echo "Asia/Tokyo" > /etc/timezone \
    && apk del tzdata
COPY nginx/nginx_default.conf /etc/nginx/conf.d/default.conf
COPY nginx/nginx_crond /etc/periodic/monthly
COPY nginx-crond.sh /
RUN chmod a+x /nginx-crond.sh
CMD ["/nginx-crond.sh"]

Copy the shell script below to the monthly directory of ClonJob.

nginx-crond

#!/bin/sh
certbot renew
nginx -s reload

Create the script to execute the multi-service in the container.

Run multiple services in a container

nginx-crond.sh

#!/bin/bash

# turn on bash's job control
set -m

# Start the primary process and put it in the background
nginx -g 'daemon off;' &

# Start the helper process
crond

# the my_helper_process might need to know how to wait on the
# primary process to start before it does its work and returns

# now we bring the primary process back into the foreground
# and leave it there
fg %1

4. PHP-FPM-Laravel(alpine) Dockerfile

Prepare a dockerfile:php-fpm-alpine-laravel to create an image of the Flexisip Account Manager provided for user management web frontend, provisioning. An image is created with the composer and the PHP frameworks Laravel, sql driver, etc. installed.

dockerfile:php-fpm-alpine-laravel

FROM php:7.4-fpm-alpine

# Set working directory
WORKDIR /var/www/html  

RUN apk add --no-cache bash nano libpng-dev freetype-dev libjpeg-turbo-dev libxml2-dev \
    && docker-php-ext-install mysqli xmlrpc \
    && docker-php-ext-enable mysqli xmlrpc \
    && docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ \
    && docker-php-ext-install -j$(nproc) gd pdo pdo_mysql \
    && docker-php-ext-enable gd pdo pdo_mysql

# Installing composer
COPY composer_installer.sh /var/www/html
RUN echo 'precedence ::ffff:0:0/96 100' >> /etc/gai.conf \
    && ./composer_installer.sh && mv composer.phar /usr/local/bin/composer

# Installing Laravel
RUN chown -R www-data:www-data /var/www/html
RUN composer global require laravel/installer \
    && ln -s /root/.config/composer/vendor/laravel/installer/bin/laravel /usr/local/bin/laravel

# Make the log directory and the log file for flexisip-account-manager    
RUN mkdir -p /var/opt/belledonne-communications/log \
    && cd /var/opt/belledonne-communications/log \
    && touch account-manager.log \
    && chown www-data:www-data account-manager.log

5. phpMyAdmin(alpine) Dockerfile

In order to manage the database with a browser, we also prepare dockerfile:phpmyadmin-alpine for creating an image of phpMyAdmin.

dockerfile:phpmyadmin-alpine

FROM phpmyadmin/phpmyadmin:fpm-alpine

RUN apk add --no-cache bash nano \
    && docker-php-ext-install mysqli \
    && docker-php-ext-enable mysqli

6 Docker-Compose File

Create the Docker-Compose File including MariaDB service in addition to the each service launched from the above images to operate the SIP server by Flexisip. Note) Please also read the comment section of each service.

docker-compose.yml

version: '3'

services:
##### redis-server
  redis:
    container_name: redis
    build: 
      context: ./docker_files
      dockerfile: redis-alpine
    # need to download default config file:redis.conf from https://redis.io/topics/config
    # then modify it to enable the auth access(password), and input it into /redis/etc directory.
    # NOTE: maybe no need to run with redis.conf, because of it is running only inside the docker network.
    # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. 
    # To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or 
    # run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
    command: ["redis-server", "/etc/redis/redis.conf"]
    privileged: true
    restart: always
    networks: 
      proxy-tier:
        ipv4_address: 172.xx.x.2

##### nginx
  # after "docker-compose up -d", enter the container and execute the following commands. 
  # "certbot certonly --standalone --agree-tos -n -m [email protected] -d sip.example.org"
  # or
  # "certbot --nginx --agree-tos -n -m [email protected] -d sip.example.org"
  # then
  # "cd /etc/letsencrypt/live/sip.example.org"
  # "cp fullchain.pem cafile.pem"
  # "awk 1 privkey.pem cert.pem > agent.pem"
  nginx:
    container_name: nginx
    build: 
      context: ./docker_files
      dockerfile: nginx-alpine
    tty: true
    ports:
      - "80:80"
      - "443:443"
    volumes:
      # nginx config
      - ./nginx:/etc/nginx/conf.d
      # certbot letsencrypt certification
      - letsencrypt:/etc/letsencrypt
      # shared the directory /var/www/html in php-fpm container
      - ./html:/var/www/html
      # shared the directory /var/www/html in phpmysql-fpm container
      - phpmyadmin:/var/www/html/phpmyadmin
      # for flexisip-account-manager
      #- ./flexisip-account-manager:/var/www/html/flexisip-account-manager
    depends_on:
      - phpmyadmin-fpm
      - php-fpm-laravel
    restart: always
    networks: 
      proxy-tier:
        ipv4_address: 172.xx.x.3        

##### mariadb
  flexisip-mariadb:
    container_name: flexisip-mariadb
    image: mariadb
    restart: always
    volumes:
      - ./db:/var/lib/mysql
      - ./mariadb:/etc/mysql/conf.d
    # refer to .env
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
    networks: 
      proxy-tier:
        ipv4_address: 172.xx.x.5

### flexisip
  ubuntu-flexisip:
    container_name: ubuntu-flexisip
    image: gitlab.linphone.org:4567/bc/public/flexisip:2.1.0-beta-14-g0ba5e300-deb
    ports:
      - 5060-5061:5060-5061
      #### Presence-Server
      - 5065:5065
      #### Conference and RegEvent Server
      - 6064-6065:6064-6065
      - 10000-10050:10000-10050/udp
      #### STUN Server
      - 3478:3478/udp   
    volumes:
      - letsencrypt:/etc/flexisip/tls
      # previously need to add "flexisip" directory and input "flexisip.conf" into it.
      - ./flexisip:/etc/flexisip
    depends_on:
      - nginx
      - flexisip-mariadb
    restart: always
    networks: 
      proxy-tier:
        ipv4_address: 172.xx.x.6
    ## allow the privilege of network to the container
    #ulimits:
    #  nofile:
    #    soft: 200
    #    hard: 400
    cap_add:
      - NET_ADMIN
    #  - SYS_RESOURCE
    privileged: true
    
##### phpmyadmin-fpm
  phpmyadmin-fpm:
    container_name: phpmyadmin-fpm
    build: 
      context: ./docker_files
      dockerfile: phpmyadmin-alpine
    tty: true
    expose: 
      - "9000"
    environment:
      - PMA_HOST=flexisip-mariadb
      - PMA_PORT=3306
      - PMA_ABSOLUTE_URI=http://localhost/phpmyadmin
    volumes:
      - phpmyadmin:/var/www/html
      - /sessions
    depends_on:
      - flexisip-mariadb
    restart: always
    networks: 
      proxy-tier:
        ipv4_address: 172.xx.x.7
        
##### php-fpm-laravel
  php-fpm-laravel:
    container_name: php-fpm-laravel
    build: 
      context: ./docker_files
      dockerfile: php-fpm-alpine-laravel      
    tty: true
    expose: 
      - "9000"
    # "php artisan serve" commmand default port
    ports:
      - 8000:8000
    volumes:
      # for laravel php framework
      - ./html:/var/www/html
      - ./etc/conf:/etc/flexisip-account-manager
    depends_on:
      - flexisip-mariadb
    restart: always
    networks: 
      proxy-tier:
        ipv4_address: 172.xx.x.8

### $ docker network create --gateway 172.xx.x.1 --subnet 172.xx.x.0/24 nginx-proxy
networks:
  proxy-tier:
    external:
      name: nginx-proxy

### $ docker volume create phpmyadmin letsencrypt     
volumes:
  phpmyadmin:
    external: true
  letsencrypt:
    external: true

Run Flexisip SIP Server System

Edit the Flexisip configuration file flexisip.conf by referring to the reference guide below to meet your environment.

Configuration Reference Guide

https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/A.%20Configuration%20Reference%20Guide/master/

Start the Flexisip SIP server system with the docker-compose command from the directory containing the docker-compose.yml file.

$ docker-compose up -d

Note) The configuration file flexisip.conf will be created in the flexisip container's /etc/flexisip directory by default, but it is replaced with flexisip.conf in ./flexisip specified in the docker-compose file. If you want to get the default flexisip.conf file, comment out this " -./flexisip:/etc/flexisip " line and start it.

Copy flexisip.conf from the Flexisip container

$ mkdir flexisip
$ docker cp ubuntu-flexisip:/etc/flexisip/flexisip.conf ./flexisip

You can also get it from the below.

https://github.com/BelledonneCommunications/liblinphone/tree/master/tester/flexisip


GitHub : Flexisip + Account Manager on Ubuntu 20.04

Uploaded the related files to GitHub below. Some configuration files are omitted for security reasons. Please read the comment of the each service in the docker-compose file.

docker-flexisip/ubuntu20-04 at master · capitalfuse/docker-flexisip