.. |sipisimage| replace:: https://docker.acrobits.net/releases/sipis .. |lb2image| replace:: https://docker.acrobits.net/releases/lb2 .. |dbsipisimage| replace:: https://docker.acrobits.net/releases/dbsipis .. |stunnelsipisimage| replace:: https://docker.acrobits.net/releases/stunnelsipis SIPIS in Docker =============== Due to popular demand we decided to provide Docker images for SIPIS and supporting services. However, you should consider :doc:`installing` SIPIS using Debian packages. This guide expects you to be familiar with Docker and Docker compose. Registry login --------------- To use images referenced in this document you need to log in to our docker registry: .. code-block:: bash docker login -u customer -p Aen1ieB5sh docker.acrobits.net Quickstart ---------- Create a directory ``sipis`` and inside it create a file called ``docker-compose.yml`` with the following content: .. code-block:: yaml --- version: "2" networks: sipisnet: services: lb2: image: docker.acrobits.net/releases/lb2 volumes: - /sipisdata/certs:/certs ports: - 24998:24998 - 4998:4998/udp - 4998:4998/tcp networks: sipisnet: aliases: - lb2 logging: driver: "json-file" options: max-size: 20m dbsipis: image: docker.acrobits.net/releases/dbsipis volumes: - /sipisdata/db:/var/lib/postgresql/data networks: sipisnet: aliases: - dbsipis logging: driver: "json-file" options: max-size: 20m sipis: depends_on: - dbsipis image: docker.acrobits.net/releases/sipis volumes: - /sipisdata/settings:/etc/sipis restart: on-failure networks: sipisnet: aliases: - sipis logging: driver: "json-file" options: max-size: 20m ulimits: nofile: 65535 stunnelsipis: depends_on: - sipis image: docker.acrobits.net/releases/stunnelsipis volumes: - /sipisdata/certs:/certs ports: - 443:443 networks: sipisnet: aliases: - stunnelsipis logging: driver: "json-file" options: max-size: 20m Then run .. code-block:: bash docker-compose up -d This will start all components of SIPIS and the running SIPIS is fully functional and can be used for testing. For production use, you may want to do some configuration. Components and their settings ----------------------------- The whole stack consists of four components: database, SIPIS, LB2 frontend and stunnel. Database ~~~~~~~~ SIPIS uses Postgresql database server. SIPIS expects a database with certain structure of tables, triggers and functions. The provided docker image is based on the official *postgres* image where needed database is created on the first run. Provided docker-compose file mounts directory /sipisdata/db as a persistent storage for the database. If you already have Postgresql server and wish to use it as SIPIS database, you need to do the following steps: 1. Extract file /docker-entrypoint-initdb.d/create-sipis-db.sql form the image (for example using ``docker create`` and ``docker cp`` commands) 2. The first three lines of the file create the user and the database and connect to it. The rest creates the database structure. You may wish to edit the beginning of the file (for example to set the user's password) before running it against your database server. 3. Set the database information in Settings.xml in SIPIS container (described below). .. note:: Postgresql container does not require a password by default and therefore should not be accessible over the Internet. LB2 ~~~ LB2 (or LoadBalancer2) is SIPIS frontend. It accepts connections from the devices and forwards data to one or more SIPISes. The devices connect to it on ports 4998 UDP and 4998 TCP or 24998 TCP (in case the SIP transport is configured to use TLS). When the container with LB2 is run, it expects TLS key and certificates in files ``/certs/privkey.pem`` and ``/certs/fullchain.pem`` respectively. If they are not present, a key and self-signed scertificate is generated. Provided docker-compose file mounts a directory ``/sipisdata/certs`` to ``/certs`` in the container so you may providethe certificates there. SIPIS ~~~~~ This is the backend of SIPIS solution. It communicates with PBX directly and with the devices over its frontend containers: LB2 and stunnel. The provided docker-compose file mounts directory ``/sipisdata/settings`` into ``/etc/sipis`` inside the container. SIPIS expects two files there: ``Settings.xml`` and ``sipis.key``. Both are created on the first run if they are missing. ``sipis.key`` is used to encrypt users' passwords in the database. ``Settings.xml`` is :doc:`SIPIS configuration file` which you may edit if you wish. The administrator password for SIPIS :doc:`HTTP interface` is generated randomly. .. note:: If you wish to use your database server, you will have to change PostgreSQL connection string in Settings.xml You may see that SIPIS has restart policy set to ``on-failure``. SIPIS needs database already running when it starts. If database container is not fully started when SIPIS starts SIPIS cannot connect to it and will exit with an Error. This will keep SIPIS retrying after such an error. stunnel ~~~~~~~ Stunnel is a TLS proxy that exposes SIPIS :doc:`HTTP interface` over TLS. It uses TLS certificate and key in the same way as `LB2`_ container (and generates self signed ones if none are found). You can replace this container with your own HTTPS/TLS proxy. You should forward traffic HTTPS traffic to the port 5000 of SIPIS container (you may need to publish port 5000 of SIPIS container). .. note:: To make SIPIS work properly, users need to be able to contact https://yoursipis/sipis/register URL. Make sure that this HTTPS endpoint is forwarded to SIPIS container (to http://sipis:5000/sipis/register). Logging ~~~~~~~ The provided docker-compose file sets up logging to default Docker logging driver (json-file) and limits the output to 20 MB. You can use any logging driver you prefer. You should however be wary that LB2 container creates a lot of log output which is useful only for debugging and can be usually discarded.