FICUSONLINE F9E
How to set up Flexisip LIME Server
Linphone Instant Messaging Encryption (LIME) Server: In an encrypted messaging system utilizing the X3DH protocol, it manages users' public keys (such as identity keys and signed pre-keys) and provides them to other users. This is being implemented in a PHP script.
Takanobu FuseAdministrator

last month

Linux

Lime Server Official Released

Download LIME Server

https://gitlab.linphone.org/BC/public/lime-server/-/tree/release/1.3?ref_type=heads

Download the latest version 1.3

$ git clone -b release/1.3 https://gitlab.linphone.org/BC/public/lime-server.git

lime-server

linphone desktop

Assign PHP files

Integrate the LIME server PHP files into the system running via Docker Compose. Place the contents of the downloaded src folder according to the following structure.

Place the lime-server folder inside the directory where docker-compose.yml is stored.

Create new empty log files (file names and paths are configured in lime-server.conf) as needed.

$ tree lime-server
lime-server
├── lime-server.conf
├── log
│   └── lime-server
│       ├── access-lime.log
│       ├── lime-db.log
│       └── lime.log
└── lime
    ├── authenticated_lime.php
    ├── lime-createBase.php
    ├── lime-server.php
    └── lime.php

LIME Server Configurations

The LIME server configuration file lime-server.conf is used to configure the elliptic curve for encryption, database settings, realm, and whether to enable digest authentication, among other settings for LIME.

The main configuration points are as follows. Specify or modify other parameters as needed.

lime-server.conf

// Curve(s) to use, shall be either CurveId::CURVE25519, CurveId::CURVE448 or CURVE25519K512
// to allow only one base algorithm on the server, you can use the curveId and LIME_DB_NAME defines as a shortcut or legacy mode
define ("curveId", CurveId::CURVE25519);
define("LIME_DB_NAME", "databese");

// Flexisip database access for authentication
define("AUTH_DB_HOST", "xx.xx.xx.xx");
define("AUTH_DB_USER", "user");
define("AUTH_DB_PASSWORD", "password");
define("AUTH_DB_NAME", "database");

// Lime database access
// this database must already exists with the requested tables
define("LIME_DB_HOST", "xx.xx.xx.xx");
define("LIME_DB_USER", "user");
define("LIME_DB_PASSWORD", "password");

// Allow user db authentication
// explicitely define this constant to false is the only way to disable the digest auth
// if this constant is not defined, digest auth is enabled by default
define("DIGEST_AUTH", true);

// Authentication realm
// If this is not defined, the realm is fetched from the request. Do it ONLY if you need to run several domain/realms on one lime server.
// Otherwise this should be defined to your domain.
define("AUTH_REALM", "sip.example.com");

Add The Nginx Config File

Since the web server is running on an Nginx container, add a configuration file for the LIME server. (Use Subdomain https://lime.example.com).

nginx/lime.conf

server {
    server_name lime.example.com;
    server_tokens off;
    
    index lime-server.php;

    access_log  /var/log/nginx/lime.access.log;
    error_log   /var/log/nginx/lime.error.log error;

    root /var/www/html/lime;

    location ~ \.php$ {
        try_files $uri =404;
        # fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_pass xx.xx.xx.xx:9000;
        # fastcgi_index lime-server.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_connect_timeout 1800;
	    send_timeout 3000;
	    fastcgi_read_timeout 3000;
    }

    listen [::]:443 ssl;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Modify docker-compose

In the docker-compose.yml file, mount the lime-server directory (or file) to the appropriate directory (or file) inside the containers for both the nginx and ubuntu-flexisip services in their respective volumes sections.

docker-compose-yml

.....
.....

##### nginx
  nginx:
    container_name: nginx
    image: nginx:alpine
    tty: true
    ports:
      - 80:80
      - 443:443
    volumes:
      ......
      ......
      ### official lime
      - ./lime-server/lime:/var/www/html/lime
.....
.....
### flexisip
  ubuntu-flexisip:
    container_name: ubuntu-flexisip
    build: 
      context: ./docker_files
      dockerfile: flex-from-ubuntu-apt-repo
    volumes:
    ......
    ......
      ### official lime server
      - ./lime-server/lime:/var/www/html/lime
      - ./lime-server/lime-server.conf:/etc/lime-server/lime-server.conf
      - ./lime-server/log/lime-server:/var/opt/belledonne-communications/log/lime-server
    ......
    ......

Create Tables for LIME Server

Create a new LIME-specific table in the existing database.

After starting the system using the docker compose command, create the LIME-specific table using the following SQL query.

START TRANSACTION;

CREATE TABLE IF NOT EXISTS `Users` (
	`Uid` INTEGER NOT NULL AUTO_INCREMENT,
	`UserId` TEXT COLLATE utf8_bin NOT NULL,
	`Ik` BLOB NOT NULL,
	`SPk` BLOB DEFAULT NULL,
	`SPk_sig` BLOB DEFAULT NULL,
	`SPk_id` INTEGER UNSIGNED DEFAULT NULL,
	PRIMARY KEY(`Uid`),
	INDEX(UserId(100))
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

CREATE TABLE IF NOT EXISTS `OPk` (
	`id` INTEGER NOT NULL AUTO_INCREMENT,
	`Uid` INTEGER NOT NULL,
	`OPk` BLOB NOT NULL,
	`OPk_id` INTEGER UNSIGNED NOT NULL,
	PRIMARY KEY(`id`),
	FOREIGN KEY(`Uid`) REFERENCES Users(`Uid`) ON UPDATE CASCADE ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

CREATE TABLE IF NOT EXISTS Requests (
	`source` TEXT NOT NULL,
	`target` TEXT NOT NULL,
	`at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

CREATE TABLE IF NOT EXISTS `Config` (
	`Name` VARCHAR(20) COLLATE utf8_bin DEFAULT NULL,
	`Value` INTEGER NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

INSERT INTO `Config` (`Name`, `Value`) VALUES
('version', 1);

CREATE EVENT clean_requests ON SCHEDULE EVERY 1 WEEK DO
       DELETE FROM Requests WHERE at < DATE_SUB(NOW(), INTERVAL 2 WEEK);

COMMIT;

The above SQL query configures an event scheduler, but MySQL disables the event scheduler by default. Therefore, enable it.

SET GLOBAL event_scheduler = ON;

To check whether the event scheduler is enabled,

SHOW VARIABLES LIKE 'event_scheduler';

event_scheduler	ON

To permanently enable the event scheduler in the MariaDB container, add the command option to the MariaDB service in the docker-compose.yml file.

command: --event-scheduler=ON

Manage Logs (Option)

Apply the host’s logrotate daemon to the log files of the LIME server.

Create a configuration file on the host machine.

Note: The log file directory has already been mounted (shared) in docker-compose.yml.

/etc/logrotate.d/docker_lime

/project_pass_including_docker-compose.yml/lime-server/log/lime-server/access-lime*.log {
    maxsize 50M
    dateext dateformat -%Y%m%d%H
    create
    daily
    rotate 7
    missingok
    notifempty
    delaycompress
}
/project_pass_including_docker-compose.yml/lime-server/log/lime-server/lime*.log {
    maxsize 50M
    dateext dateformat -%Y%m%d%H
    create
    daily
    rotate 7
    missingok
    notifempty
    delaycompress
}