11.8. Real-Time Communication Services

Real-Time Communication (RTC) services include voice, video/webcam, instant messaging (IM) and desktop sharing. This chapter gives a brief introduction to three of the services required to operate RTC, including a TURN server, SIP server and XMPP server. Comprehensive details of how to plan, install and manage these services are available in the Real-Time Communications Quick Start Guide which includes examples specific to Debian.

https://rtcquickstart.org

Both SIP and XMPP can provide the same functionality. SIP is slightly more well known for voice and video while XMPP is traditionally regarded as an IM protocol. In fact, they can both be used for any of these purposes. To maximize connectivity options, it is recommended to run both in parallel.

These services rely on X.509 certificates both for authentication and confidentiality purposes. See 第 10.2 节 “X.509 certificates” for more information.

11.8.1. DNS settings for RTC services

RTC services require DNS SRV and NAPTR records. A sample configuration that can be placed in the zone file for falcot.com:

  1. ; the server where everything will run
  2. server1 IN A 198.51.100.19
  3. server1 IN AAAA 2001:DB8:1000:2000::19
  4.  
  5. ; IPv4 only for TURN for now, some clients are buggy with IPv6
  6. turn-server IN A 198.51.100.19
  7.  
  8. ; IPv4 and IPv6 addresses for SIP
  9. sip-proxy IN A 198.51.100.19
  10. sip-proxy IN AAAA 2001:DB8:1000:2000::19
  11.  
  12. ; IPv4 and IPv6 addresses for XMPP
  13. xmpp-gw IN A 198.51.100.19
  14. xmpp-gw IN AAAA 2001:DB8:1000:2000::19
  15.  
  16. ; DNS SRV and NAPTR for STUN / TURN
  17. _stun._udp IN SRV 0 1 3467 turn-server.falcot.com.
  18. _turn._udp IN SRV 0 1 3467 turn-server.falcot.com.
  19. @ IN NAPTR 10 0 "s" "RELAY:turn.udp" "" _turn._udp.falcot.com.
  20.  
  21. ; DNS SRV and NAPTR records for SIP
  22. _sips._tcp IN SRV 0 1 5061 sip-proxy.falcot.com.
  23. @ IN NAPTR 10 0 "s" "SIPS+D2T" "" _sips._tcp.falcot.com.
  24.  
  25. ; DNS SRV records for XMPP Server and Client modes:
  26. _xmpp-client._tcp IN SRV 5 0 5222 xmpp-gw.falcot.com.
  27. _xmpp-server._tcp IN SRV 5 0 5269 xmpp-gw.falcot.com.

11.8.2. TURN Server

TURN is a service that helps clients behind NAT routers and firewalls to discover the most efficient way to communicate with other clients and to relay the media streams if no direct media path can be found. It is highly recommended that the TURN server is installed before any of the other RTC services are offered to end users.

TURN and the related ICE protocol are open standards. To benefit from these protocols, maximizing connectivity and minimizing user frustration, it is important to ensure that all client software supports ICE and TURN.

For the ICE algorithm to work effectively, the server must have two public IPv4 addresses.

Install the coturn package and edit the /etc/turnserver.conf configuration file. By default, a SQLite database is configured in /var/db/turndb for user account settings, but PostgreSQL, MySQL or Redis can be set up instead if preferred. The most important thing to do is insert the IP addresses of the server.

The server can be started running /usr/bin/turnserver. We want the server to be an an automatically started system service, so we edit the /etc/default/coturn file like this:

  1. #
  2. # Uncomment it if you want to have the turnserver running as
  3. # an automatic system service daemon
  4. #
  5. TURNSERVER_ENABLED=1

By default, the TURN server uses anonymous access. We have to add the users we want to use:

  1. #

We use the argument -a to add a normal user and -A to add an admin user.

11.8.3. SIP Proxy Server

A SIP proxy server manages the incoming and outgoing SIP connections between other organizations, SIP trunking providers, SIP PBXes such as Asterisk, SIP phones, SIP-based softphones and WebRTC applications.

It is strongly recommended to install and configure the SIP proxy before attempting a SIP PBX setup. The SIP proxy normalizes a lot of the traffic reaching the PBX and provides greater connectivity and resilience.

11.8.3.1. Install the SIP proxy

Install the kamailio package and the package for the database backend, the Falcot administrators chose MySQL, so they install mariadb-server. /etc/kamailio/kamctlrc is the configuration file for the control tools kamctl and kamdbctl. You need to edit and set the SIP_DOMAIN to your SIP service domain and set the DBENGINE to MySQL, another database backend can be used.

  1. [...]
  2. ## your SIP domain
  3. SIP_DOMAIN=sip.falcot.com
  4.  
  5. ## chrooted directory
  6. # $CHROOT_DIR="/path/to/chrooted/directory"
  7.  
  8. ## database type: MYSQL, PGSQL, ORACLE, DB_BERKELEY, DBTEXT, or SQLITE
  9. # by default none is loaded
  10. #
  11. # If you want to setup a database with kamdbctl, you must at least specify
  12. # this parameter.
  13. DBENGINE=MYSQL
  14. [...]

Now we focus on the configuration file /etc/kamailio/kamailio.cfg. Falcot needs user authentication and persistent user location, so they add the following #!define directives at the top of that file:

  1. #!KAMAILIO
  2. #
  3. # Kamailio (OpenSER) SIP Server v5.2 - default configuration script
  4. # - web: https://www.kamailio.org
  5. # - git: https://github.com/kamailio/kamailio
  6. #!define WITH_MYSQL
  7. #!define WITH_AUTH
  8. #!define WITH_USRLOCDB
  9. [...]

Kamailio needs a database structure that we can create running kamdbctl create as root.

Finally, we can add some users with kamctl.

  1. #

Once everything is properly configured you can start or restart the service with systemctl restart kamailio, you can connect with a SIP client providing the ip address and the port (5090 is the default port). The users have the following id: *roland*@*sip.falcot.com*, and they can login using a client (see 第 13.10 节 “Real-Time Communications software”)

11.8.4. XMPP Server

An XMPP server manages connectivity between local XMPP users and XMPP users in other domains on the public Internet.

VOCABULARY XMPP or Jabber?

XMPP is sometimes referred to as Jabber. In fact, Jabber is a trademark and XMPP is the official name of the standard.

Prosody is a popular XMPP server that operates reliably on Debian servers.

11.8.4.1. Install the XMPP server

Install the prosody package.

Review the /etc/prosody/prosody.cfg.lua configuration file. The most important thing to do is insert JIDs of the users who are permitted to manage the server.

  1. admins = { "joe@falcot.com" }

An individual configuration file is also needed for each domain. Copy the sample from /etc/prosody/conf.avail/example.com.cfg.lua and use it as a starting point. Here is falcot.com.cfg.lua:

  1. VirtualHost "falcot.com"
  2. enabled = true
  3. ssl = {
  4. key = "/etc/ssl/private/falcot.com-key.pem";
  5. certificate = "/etc/ssl/public/falcot.com.pem";
  6. }
  7.  
  8. -- Set up a MUC (multi-user chat) room server on conference.example.com:
  9. Component "conference.falcot.com" "muc"

To enable the domain, there must be a symlink from /etc/prosody/conf.d/. Create it that way:

  1. #

Restart the service to use the new configuration.

11.8.4.2. Managing the XMPP server

Some management operations can be performed using the prosodyctl command line utility. For example, to add the administrator account specified in /etc/prosody/prosody.cfg.lua:

  1. # prosodyctl adduser joe@falcot.com

See the Prosody online documentation for more details about how to customize the configuration.

11.8.5. Running services on port 443

Some administrators prefer to run all of their RTC services on port 443. This helps users to connect from remote locations such as hotels and airports where other ports may be blocked or Internet traffic is routed through HTTP proxy servers.

To use this strategy, each service (SIP, XMPP and TURN) needs a different IP address. All the services can still be on the same host as Linux supports multiple IP addresses on a single host. The port number, 443, must be specified in the configuration files for each process and also in the DNS SRV records.

11.8.6. Adding WebRTC

Falcot wants to let customers make phone calls directly from the web site. The Falcot administrators also want to use WebRTC as part of their disaster recovery plan, so staff can use web browsers at home to log in to the company phone system and work normally in an emergency.

IN PRACTICE Try WebRTC

If you have not tried WebRTC before, there are various sites that give an online demonstration and test facilities.

https://www.sip5060.net/test-calls

WebRTC is a rapidly evolving technology and it is essential to use packages from the Testing distribution. Another option is to compile the software.

WebRTC uses a simple API to provide browsers and mobile applications with RTC, it is free software and it is being developed by Google.

https://webrtc.org

A very flexible approach is using GStreamer’s WebRTC implementation. It enables pipeline-based multimedia applications, which allows developing interesting and highly efficient applications. A good starting point is the following demo by Centricular, the main company that is developing it:

https://github.com/centricular/gstwebrtc-demos

More advanced click-to-call web sites typically use server-side scripting to generate the config.js file dynamically. The DruCall source code demonstrates how to do this with PHP.

This chapter sampled only a fraction of the available server software; however, most of the common network services were described. Now it is time for an even more technical chapter: we’ll go into deeper detail for some concepts, describe massive deployments and virtualization.