[asterisk-users] How to set http.conf for HTTPS support on Debian Buster ?

Olivier oza.4h07 at gmail.com
Mon Nov 18 17:03:43 CST 2019 

May I add my modules.conf conf (this modules.conf was generated by make
basic-pbx) ?
Maybe a module is missing there ?
Shall I check something in menuselect ?
(Replacing its content with a simple "autoload = yes" does not change
either)

# cat modules.conf
[modules]
autoload = no

; This is a minimal module load. We are loading only the modules required
for
; the Asterisk features used in the Super Awesome Company configuration.

; Applications

load = app_bridgewait.so
load = app_dial.so
load = app_playback.so
load = app_stack.sothis
load = app_verbose.so
load = app_voicemail.so
load = app_directory.so
load = app_confbridge.so

; Bridging

load = bridge_builtin_features.so
load = bridge_builtin_interval_features.so
load = bridge_holding.so
load = bridge_native_rtp.so
load = bridge_simple.so
load = bridge_softmix.so

; Call Detail Records

load = cdr_custom.so

; Channel Drivers

load = chan_bridge_media.so
load = chan_pjsip.so

; Codecs

load = codec_gsm.so
load = codec_resample.so
load = codec_ulaw.so
load = codec_g722.so

; Formats

load = format_gsm.so
load = format_pcm.so
load = format_wav_gsm.so
load = format_wav.so

; Functions

load = func_callerid.so
load = func_cdr.so
load = func_pjsip_endpoint.so
load = func_sorcery.so
load = func_devstate.so
load = func_strings.so

; Core/PBX

load = pbx_config.so

; Resources

load = res_http_websocket.so
load = res_musiconhold.so
load = res_pjproject.so
load = res_pjsip_acl.so
load = res_pjsip_authenticator_digest.so
load = res_pjsip_caller_id.so
load = res_pjsip_dialog_info_body_generator.so
load = res_pjsip_diversion.so
load = res_pjsip_dtmf_info.so
load = res_pjsip_endpoint_identifier_anonymous.so
load = res_pjsip_endpoint_identifier_ip.so
load = res_pjsip_endpoint_identifier_user.so
load = res_pjsip_exten_state.so
load = res_pjsip_header_funcs.so
load = res_pjsip_logger.so
load = res_pjsip_messaging.so
load = res_pjsip_mwi_body_generator.so
load = res_pjsip_mwi.so
load = res_pjsip_nat.so
load = res_pjsip_notify.so
load = res_pjsip_one_touch_record_info.so
load = res_pjsip_outbound_authenticator_digest.so
load = res_pjsip_outbound_publish.so
load = res_pjsip_outbound_registration.so
load = res_pjsip_path.so
load = res_pjsip_pidf_body_generator.so
load = res_pjsip_pidf_digium_body_supplement.so
load = res_pjsip_pidf_eyebeam_body_supplement.so
load = res_pjsip_publish_asterisk.so
load = res_pjsip_pubsub.so
load = res_pjsip_refer.so
load = res_pjsip_registrar.so
load = res_pjsip_rfc3326.so
load = res_pjsip_sdp_rtp.so
load = res_pjsip_send_to_voicemail.so
load = res_pjsip_session.so
load = res_pjsip.so
load = res_pjsip_t38.so
load = res_pjsip_transport_websocket.so
load = res_pjsip_xpidf_body_generator.so
load = res_rtp_asterisk.so
load = res_sorcery_astdb.so
load = res_sorcery_config.so
load = res_sorcery_memory.so
load = res_sorcery_realtime.so
load = res_timing_timerfd.so

; Don't load res_hep.so and kin unless you are using hep monitoring in your
network

noload = res_hep.so
noload = res_hep_pjsip.so
noload = res_hep_rtcp.so

Le lun. 18 nov. 2019 à 22:18, Olivier <oza.4h07 at gmail.com> a écrit :

> Unfortunately, changing ownership did not solve the issue:
>
> # ls -al keys/
> total 40
> drwxr-xr-x 2 asterisk asterisk 4096 nov.  18 20:47 .
> drwxr-x--- 3 asterisk asterisk 4096 nov.  18 20:53 ..
> -rw------- 1 asterisk asterisk 1224 nov.  18 20:47 asterisk.crt
> -rw------- 1 asterisk asterisk  578 nov.  18 20:46 asterisk.csr
> -rw------- 1 asterisk asterisk  887 nov.  18 20:46 asterisk.key
> -rw------- 1 asterisk asterisk 2111 nov.  18 20:47 asterisk.pem
> -rw------- 1 asterisk asterisk  161 nov.  18 20:46 ca.cfg
> -rw------- 1 asterisk asterisk 1781 nov.  18 20:46 ca.crt
> -rw------- 1 asterisk asterisk 3311 nov.  18 20:46 ca.key
> -rw------- 1 asterisk asterisk  124 nov.  18 20:46 tmp.cfg
>
> # service asterisk stop
> # service asterisk start
> # asterisk -rx "http show status"
> HTTP Server Status:
> Prefix:
> Server: Asterisk/17.0.0
> Server Enabled and Bound to 0.0.0.0:8088
>
> Enabled URI's:
> /httpstatus => Asterisk HTTP General Status
> /static/... => Asterisk HTTP Static Delivery
>
> Enabled Redirects:
>
> Le lun. 18 nov. 2019 à 22:08, Richard Mudgett <rmudgett at digium.com> a
> écrit :
>
>>
>>
>> On Mon, Nov 18, 2019 at 2:53 PM Olivier <oza.4h07 at gmail.com> wrote:
>>
>>> Hello,
>>>
>>> I've installed a new Asterisk 17.0.0 on a Debian Buster system.
>>>
>>> This Asterisk instance is run by asterisk user (and group).
>>> I've got:
>>>
>>> # ls -l /etc/asterisk
>>> total 68
>>> -rw-r--r-- 1 asterisk asterisk  501 nov.  18 19:12 asterisk.conf
>>> -rw-r--r-- 1 asterisk asterisk  135 nov.  18 18:57 cdr.conf
>>> -rw-r--r-- 1 asterisk asterisk  684 nov.  18 18:57 cdr_custom.conf
>>> -rw-r--r-- 1 asterisk asterisk  103 nov.  18 18:57 confbridge.conf
>>> -rw-r--r-- 1 asterisk asterisk 6834 nov.  18 18:57 extensions.conf
>>> -rw-r--r-- 1 asterisk asterisk  138 nov.  18 21:42 http.conf
>>> -rw-r--r-- 1 asterisk asterisk  681 nov.  18 18:57 indications.conf
>>> drwxr-xr-x 2 root     root     4096 nov.  18 20:47 keys
>>> -rw-r--r-- 1 asterisk asterisk  160 nov.  18 18:57 logger.conf
>>> -rw-r--r-- 1 asterisk asterisk 2769 nov.  18 18:57 modules.conf
>>> -rw-r--r-- 1 asterisk asterisk   50 nov.  18 18:57 musiconhold.conf
>>> -rw-r--r-- 1 asterisk asterisk 6360 nov.  18 18:57 pjsip.conf
>>> -rw-r--r-- 1 asterisk asterisk  790 nov.  18 18:57 pjsip_notify.conf
>>> -rw-r--r-- 1 asterisk asterisk  768 nov.  18 18:57 README
>>> -rw-r--r-- 1 asterisk asterisk  513 nov.  18 18:57 voicemail.conf
>>>
>>> # ls -l /etc/asterisk/keys/
>>> total 32
>>> -rw------- 1 root root 1224 nov.  18 20:47 asterisk.crt
>>> -rw------- 1 root root  578 nov.  18 20:46 asterisk.csr
>>> -rw------- 1 root root  887 nov.  18 20:46 asterisk.key
>>> -rw------- 1 root root 2111 nov.  18 20:47 asterisk.pem
>>>
>>
>> I'd say that asterisk running as the asterisk user has no permission to
>> see the .pem file as only root can see it.
>>
>> Richard
>>
>>
>>> -rw------- 1 root root  161 nov.  18 20:46 ca.cfg
>>> -rw------- 1 root root 1781 nov.  18 20:46 ca.crt
>>> -rw------- 1 root root 3311 nov.  18 20:46 ca.key
>>> -rw------- 1 root root  124 nov.  18 20:46 tmp.cfg
>>>
>>> # cat /etc/asterisk/http.conf
>>> [general]
>>> enabled=yes
>>> bindaddr=0.0.0.0
>>> bindport=8088
>>> tlsenable=yes
>>> tlsbindaddr=0.0.0.0:8089
>>> tlscertfile=/etc/asterisk/keys/asterisk.pem
>>>
>>> But, still I don't have any HTTPS server running:
>>>
>>> # asterisk -rx "http show status"
>>> HTTP Server Status:
>>> Prefix:
>>> Server: Asterisk/17.0.0
>>> Server Enabled and Bound to 0.0.0.0:8088
>>>
>>> Enabled URI's:
>>> /httpstatus => Asterisk HTTP General Status
>>> /static/... => Asterisk HTTP Static Delivery
>>>
>>> Enabled Redirects:
>>>   None.
>>>
>>>
>>>
>>> Can someone help me on this ?
>>> Is http;conf correct ?
>>> Am I mis-configuring files access rights or ownership ?
>>> Something else ?
>>>
>>> Best regards
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> _____________________________________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>
>>> Check out the new Asterisk community forum at:
>>> https://community.asterisk.org/
>>>
>>> New to Asterisk? Start here:
>>>       https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> Check out the new Asterisk community forum at:
>> https://community.asterisk.org/
>>
>> New to Asterisk? Start here:
>>       https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20191119/646159e5/attachment.html>

More information about the asterisk-users mailing list