This time, I will introduce the procedure to create the Docker-Compose file, and in the next blog, I will introduce Flexisip Account Manager, which is a web front end for user registration and management, and the provisioning for loading the settings of Linphone application.
In advance, prepare the Dockerfile for creating the Flexisip Image and other related images required for the Docker-Compose file.
1. Flexisip Docker Image
2. Redis(alpine) Dockerfile
3. Nginx(alpine) Dockerfile
4. PHP-FPM-Laravel(alpine) Dockerfile
5. phpMyAdmin(alpine) Dockerfile
6 Docker-Compose File
1. Flexisip Docker Image
Works in the downloaded Flexisip directory.
Copy the already built flexisip DEB packages to the newly created DEBS folder in the flexisip/docker directory. The + marks in the figure below mean the files or directory to be added.
Next, prepare the Dockerfile: flex-ubuntu-from-deb for creating the Flexisip Docker Image in the flexisip/docker directory.
Dockerfile:flex-ubuntu-from-deb
FROM ubuntu:20.04
MAINTAINER Takanobu Fuse < [email protected]>
ENV DEBIAN_FRONTEND=noninteractive
# Prepare dependencies + SNMP:https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/SNMP/
RUN apt-get update && apt-get install -y nano xsdcxx gdb libmariadb3 net-tools iptables snmp snmpd snmp-mibs-downloader
RUN update-alternatives --set iptables /usr/sbin/iptables-nft \
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
# Get flexisip package
COPY DEBS/*.deb DEBS/*.ddeb deb-packages/
RUN apt-get install -y /deb-packages/bc-*.deb /deb-packages/bc-*.ddeb
RUN rm -rf /deb-packages
# Add it to the default path
ENV PATH=$PATH:/opt/belledonne-communications/bin
ENV LD_LIBRARY_PATH=/opt/belledonne-communications/lib
WORKDIR /opt/belledonne-communications
# Generate a default configuration
RUN flexisip --dump-default all > /etc/flexisip/flexisip.conf
VOLUME /etc/opt/belledonne-communications/flexisip
VOLUME /var/opt/belledonne-communications/log/flexisip
COPY flexisip-entrypoint.sh /
# COPY flexisip-snmpd.sh /
COPY backtrace.gdb /
# COPY snmp.conf /etc/snmp/snmp.conf
COPY snmpd.conf /etc/snmp/snmpd.conf
RUN chmod a+x /flexisip-entrypoint.sh # /flexisip-snmpd.sh
# Script to wait db before launch flexisip [Licence Apache2]
ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.2.1/wait /wait
RUN chmod +x /wait
ENTRYPOINT ["/flexisip-entrypoint.sh"]
# CMD ["/flexisip-snmpd.sh"]
CMD flexisip
Also, add a few command lines to the Makefile to build the image from this Dockerfile.
Makefile
BASE_NAME=gitlab.linphone.org:4567/bc/public/flexisip
$(eval GIT_DESCRIBE = $(shell sh -c "git describe"))
DOCKER_TAG=$(BASE_NAME):$(GIT_DESCRIBE)
DOCKER_FILE=flex-from-src
# We cannot use dockerfile's COPY outside build context
# we use then flexisip directory as context for flex-from-src instead of docker directory
ifeq ($(DOCKER_FILE), flex-from-src)
CONTEXT=..
else
CONTEXT=.
endif
flexisip-build:
docker build -f $(DOCKER_FILE) --pull --no-cache -t $(DOCKER_TAG) --rm $(CONTEXT)
flexisip-push:
docker push $(DOCKER_TAG)
flexisip-clean:
docker image rm $(DOCKER_TAG)
flexisip-deb-before:
$(eval DOCKER_FILE = flex-from-deb)
# forcing context to .
# at the moment of the condition above being executed, $DOCKER_FILE doesn't have the right value
$(eval CONTEXT = .)
$(eval DOCKER_TAG = $(DOCKER_TAG)-deb)
# For Ubuntu 20.04
flexisip-ubuntu-deb-before:
$(eval DOCKER_FILE = flex-ubuntu-from-deb)
# forcing context to .
# at the moment of the condition above being executed, $DOCKER_FILE doesn't have the right value
$(eval CONTEXT = .)
$(eval DOCKER_TAG = $(DOCKER_TAG)-deb)
flexisip-deb-build: flexisip-deb-before flexisip-build
flexisip-deb-push: flexisip-deb-before flexisip-push
flexisip-deb-clean: flexisip-deb-before flexisip-clean
# For Ubuntu 20.04
flexisip-ubuntu-deb-build: flexisip-ubuntu-deb-before flexisip-build
flexisip-ubuntu-deb-push: flexisip-ubuntu-deb-before flexisip-push
flexisip-ubuntu-deb-clean: flexisip-ubuntu-deb-before flexisip-clean
.PHONY: flexisip-build
Execute the following command on the host machine to create a Flexisip Docker Image.
$ make flexisip-ubuntu-deb-build
Confirm the created image
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
gitlab.linphone.org:4567/bc/public/flexisip 2.1.0-beta-14-g0ba5e300-deb 715a157478c9 2 weeks ago 842MB
gitlab.linphone.org:4567/bc/public/linphone-sdk/bc-dev-ubuntu 20.04 9b42d1ba1b96 2 weeks ago 2.59GB
Since SNMP is an option, please refer to the forum article for installation and its functions.
2. Redis(alpine) Dockerfile
Create a Dockerfile for Redis, a cache memory that temporarily stores the Flexisip User IP. It is created based on the Alpine image, but since the configuration file is not provided by default, please download it from the original site.
Set the following (1) bind and (2) requirepass in the downloaded configuration file:redis.conf.
(1) bind
Added IP 172.xx.x.x of redis container specified in docker-compose file to bind item so that it can be accessed from other containers in the docker network.
bind 127.0.0.1 172.xx.x.x
(2) requirepass
Create a 60-character random password from the openssl command below.
$ openssl rand 60 | openssl base64 -A
ZeXT9aNJc3FjrVZ3i7XYAiqaUXq6OU40C9hbrF3d9oG+Ox+BB51/6O4aZaalXQzQ8UxTqRQx86CnEEiR
Copy the created password to requirepass section in redis.conf.
requirepass ZeXT9aNJc3FjrVZ3i7XYAiqaUXq6OU40C9hbrF3d9oG+Ox+BB51/6O4aZaalXQzQ8UxTqRQx86CnEEiR
Prepare the following dockerfile:redis-alpine to create a redis image that incorporates the above redis.conf.
dockerfile:redis-alpine
FROM redis:alpine
RUN apk add --no-cache bash nano
COPY redis/redis.conf /etc/redis/redis.conf
3. Nginx(alpine) Dockerfile
In order to manage the schedule for authentication updates by certbot, prepare dockerfile:nginx-alpine to create an image by adding a clone job daemon:crond to the default job:Nginx.
dockerfile:nginx-alpine
FROM nginx:alpine
# Set working directory
WORKDIR /var/www/html
RUN apk add --no-cache bash nano tzdata certbot-nginx \
&& cp /usr/share/zoneinfo/Asia/Tokyo /etc/localtime \
&& echo "Asia/Tokyo" > /etc/timezone \
&& apk del tzdata
COPY nginx/nginx_default.conf /etc/nginx/conf.d/default.conf
COPY nginx/nginx_crond /etc/periodic/monthly
COPY nginx-crond.sh /
RUN chmod a+x /nginx-crond.sh
CMD ["/nginx-crond.sh"]
Copy the shell script below to the monthly directory of ClonJob.
nginx-crond
#!/bin/sh
certbot renew
nginx -s reload
Create the script to execute the multi-service in the container.
Run multiple services in a container
nginx-crond.sh
#!/bin/bash
# turn on bash's job control
set -m
# Start the primary process and put it in the background
nginx -g 'daemon off;' &
# Start the helper process
crond
# the my_helper_process might need to know how to wait on the
# primary process to start before it does its work and returns
# now we bring the primary process back into the foreground
# and leave it there
fg %1
4. PHP-FPM-Laravel(alpine) Dockerfile
Prepare a dockerfile:php-fpm-alpine-laravel to create an image of the Flexisip Account Manager provided for user management web frontend, provisioning. An image is created with the composer and the PHP frameworks Laravel, sql driver, etc. installed.
dockerfile:php-fpm-alpine-laravel
FROM php:7.4-fpm-alpine
# Set working directory
WORKDIR /var/www/html
RUN apk add --no-cache bash nano libpng-dev freetype-dev libjpeg-turbo-dev libxml2-dev \
&& docker-php-ext-install mysqli xmlrpc \
&& docker-php-ext-enable mysqli xmlrpc \
&& docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ \
&& docker-php-ext-install -j$(nproc) gd pdo pdo_mysql \
&& docker-php-ext-enable gd pdo pdo_mysql
# Installing composer
COPY composer_installer.sh /var/www/html
RUN echo 'precedence ::ffff:0:0/96 100' >> /etc/gai.conf \
&& ./composer_installer.sh && mv composer.phar /usr/local/bin/composer
# Installing Laravel
RUN chown -R www-data:www-data /var/www/html
RUN composer global require laravel/installer \
&& ln -s /root/.config/composer/vendor/laravel/installer/bin/laravel /usr/local/bin/laravel
# Make the log directory and the log file for flexisip-account-manager
RUN mkdir -p /var/opt/belledonne-communications/log \
&& cd /var/opt/belledonne-communications/log \
&& touch account-manager.log \
&& chown www-data:www-data account-manager.log
5. phpMyAdmin(alpine) Dockerfile
In order to manage the database with a browser, we also prepare dockerfile:phpmyadmin-alpine for creating an image of phpMyAdmin.
dockerfile:phpmyadmin-alpine
FROM phpmyadmin/phpmyadmin:fpm-alpine
RUN apk add --no-cache bash nano \
&& docker-php-ext-install mysqli \
&& docker-php-ext-enable mysqli
6 Docker-Compose File
Create the Docker-Compose File including MariaDB service in addition to the each service launched from the above images to operate the SIP server by Flexisip. Note) Please also read the comment section of each service.
docker-compose.yml
version: '3'
services:
##### redis-server
redis:
container_name: redis
build:
context: ./docker_files
dockerfile: redis-alpine
# need to download default config file:redis.conf from https://redis.io/topics/config
# then modify it to enable the auth access(password), and input it into /redis/etc directory.
# NOTE: maybe no need to run with redis.conf, because of it is running only inside the docker network.
# WARNING overcommit_memory is set to 0! Background save may fail under low memory condition.
# To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or
# run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
command: ["redis-server", "/etc/redis/redis.conf"]
privileged: true
restart: always
networks:
proxy-tier:
ipv4_address: 172.xx.x.2
##### nginx
# after "docker-compose up -d", enter the container and execute the following commands.
# "certbot certonly --standalone --agree-tos -n -m [email protected] -d sip.example.org"
# or
# "certbot --nginx --agree-tos -n -m [email protected] -d sip.example.org"
# then
# "cd /etc/letsencrypt/live/sip.example.org"
# "cp fullchain.pem cafile.pem"
# "awk 1 privkey.pem cert.pem > agent.pem"
nginx:
container_name: nginx
build:
context: ./docker_files
dockerfile: nginx-alpine
tty: true
ports:
- "80:80"
- "443:443"
volumes:
# nginx config
- ./nginx:/etc/nginx/conf.d
# certbot letsencrypt certification
- letsencrypt:/etc/letsencrypt
# shared the directory /var/www/html in php-fpm container
- ./html:/var/www/html
# shared the directory /var/www/html in phpmysql-fpm container
- phpmyadmin:/var/www/html/phpmyadmin
# for flexisip-account-manager
#- ./flexisip-account-manager:/var/www/html/flexisip-account-manager
depends_on:
- phpmyadmin-fpm
- php-fpm-laravel
restart: always
networks:
proxy-tier:
ipv4_address: 172.xx.x.3
##### mariadb
flexisip-mariadb:
container_name: flexisip-mariadb
image: mariadb
restart: always
volumes:
- ./db:/var/lib/mysql
- ./mariadb:/etc/mysql/conf.d
# refer to .env
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
networks:
proxy-tier:
ipv4_address: 172.xx.x.5
### flexisip
ubuntu-flexisip:
container_name: ubuntu-flexisip
image: gitlab.linphone.org:4567/bc/public/flexisip:2.1.0-beta-14-g0ba5e300-deb
ports:
- 5060-5061:5060-5061
#### Presence-Server
- 5065:5065
#### Conference and RegEvent Server
- 6064-6065:6064-6065
- 10000-10050:10000-10050/udp
#### STUN Server
- 3478:3478/udp
volumes:
- letsencrypt:/etc/flexisip/tls
# previously need to add "flexisip" directory and input "flexisip.conf" into it.
- ./flexisip:/etc/flexisip
depends_on:
- nginx
- flexisip-mariadb
restart: always
networks:
proxy-tier:
ipv4_address: 172.xx.x.6
## allow the privilege of network to the container
#ulimits:
# nofile:
# soft: 200
# hard: 400
cap_add:
- NET_ADMIN
# - SYS_RESOURCE
privileged: true
##### phpmyadmin-fpm
phpmyadmin-fpm:
container_name: phpmyadmin-fpm
build:
context: ./docker_files
dockerfile: phpmyadmin-alpine
tty: true
expose:
- "9000"
environment:
- PMA_HOST=flexisip-mariadb
- PMA_PORT=3306
- PMA_ABSOLUTE_URI=http://localhost/phpmyadmin
volumes:
- phpmyadmin:/var/www/html
- /sessions
depends_on:
- flexisip-mariadb
restart: always
networks:
proxy-tier:
ipv4_address: 172.xx.x.7
##### php-fpm-laravel
php-fpm-laravel:
container_name: php-fpm-laravel
build:
context: ./docker_files
dockerfile: php-fpm-alpine-laravel
tty: true
expose:
- "9000"
# "php artisan serve" commmand default port
ports:
- 8000:8000
volumes:
# for laravel php framework
- ./html:/var/www/html
- ./etc/conf:/etc/flexisip-account-manager
depends_on:
- flexisip-mariadb
restart: always
networks:
proxy-tier:
ipv4_address: 172.xx.x.8
### $ docker network create --gateway 172.xx.x.1 --subnet 172.xx.x.0/24 nginx-proxy
networks:
proxy-tier:
external:
name: nginx-proxy
### $ docker volume create phpmyadmin letsencrypt
volumes:
phpmyadmin:
external: true
letsencrypt:
external: true
Run Flexisip SIP Server System
Edit the Flexisip configuration file flexisip.conf by referring to the reference guide below to meet your environment.
Configuration Reference Guide
Start the Flexisip SIP server system with the docker-compose command from the directory containing the docker-compose.yml file.
$ docker-compose up -d
Note) The configuration file flexisip.conf will be created in the flexisip container's /etc/flexisip directory by default, but it is replaced with flexisip.conf in ./flexisip specified in the docker-compose file. If you want to get the default flexisip.conf file, comment out this " -./flexisip:/etc/flexisip " line and start it.
Copy flexisip.conf from the Flexisip container
$ mkdir flexisip
$ docker cp ubuntu-flexisip:/etc/flexisip/flexisip.conf ./flexisip
You can also get it from the below.
https://github.com/BelledonneCommunications/liblinphone/tree/master/tester/flexisip
GitHub : Flexisip + Account Manager on Ubuntu 20.04
Uploaded the related files to GitHub below. Some configuration files are omitted for security reasons. Please read the comment of the each service in the docker-compose file.