SIPIS in Docker¶
Due to popular demand we decided to provide Docker images for SIPIS and supporting services. However, you should consider installing SIPIS using Debian packages.
This guide expects you to be familiar with Docker and Docker compose.
Registry login¶
To use images referenced in this document you need to log in to our docker registry:
docker login -u customer -p Aen1ieB5sh docker.acrobits.net
Quickstart¶
Create a directory sipis
and inside it create a file called docker-compose.yml
with the following content:
---
version: "2"
networks:
sipisnet:
services:
lb2:
image: docker.acrobits.net/releases/lb2
volumes:
- /sipisdata/certs:/certs
ports:
- 24998:24998
- 4998:4998/udp
- 4998:4998/tcp
networks:
sipisnet:
aliases:
- lb2
logging:
driver: "json-file"
options:
max-size: 20m
dbsipis:
image: docker.acrobits.net/releases/dbsipis
volumes:
- /sipisdata/db:/var/lib/postgresql/data
networks:
sipisnet:
aliases:
- dbsipis
logging:
driver: "json-file"
options:
max-size: 20m
sipis:
depends_on:
- dbsipis
image: docker.acrobits.net/releases/sipis
volumes:
- /sipisdata/settings:/etc/sipis
restart: on-failure
networks:
sipisnet:
aliases:
- sipis
logging:
driver: "json-file"
options:
max-size: 20m
ulimits:
nofile: 65535
stunnelsipis:
depends_on:
- sipis
image: docker.acrobits.net/releases/stunnelsipis
volumes:
- /sipisdata/certs:/certs
ports:
- 443:443
networks:
sipisnet:
aliases:
- stunnelsipis
logging:
driver: "json-file"
options:
max-size: 20m
Then run
docker-compose up -d
This will start all components of SIPIS and the running SIPIS is fully functional and can be used for testing. For production use, you may want to do some configuration.
Components and their settings¶
The whole stack consists of four components: database, SIPIS, LB2 frontend and stunnel.
Database¶
SIPIS uses Postgresql database server. SIPIS expects a database with certain structure of tables, triggers and functions. The provided docker image is based on the official postgres image where needed database is created on the first run. Provided docker-compose file mounts directory /sipisdata/db as a persistent storage for the database.
If you already have Postgresql server and wish to use it as SIPIS database, you need to do the following steps:
Extract file /docker-entrypoint-initdb.d/create-sipis-db.sql form the image (for example using
docker create
anddocker cp
commands)The first three lines of the file create the user and the database and connect to it. The rest creates the database structure. You may wish to edit the beginning of the file (for example to set the user’s password) before running it against your database server.
Set the database information in Settings.xml in SIPIS container (described below).
Note
Postgresql container does not require a password by default and therefore should not be accessible over the Internet.
LB2¶
LB2 (or LoadBalancer2) is SIPIS frontend. It accepts connections from the devices and forwards data to one or more SIPISes. The devices connect to it on ports 4998 UDP and 4998 TCP or 24998 TCP (in case the SIP transport is configured to use TLS).
When the container with LB2 is run, it expects TLS key and certificates in files /certs/privkey.pem
and /certs/fullchain.pem
respectively. If they are not present, a key and self-signed scertificate is generated. Provided docker-compose file mounts a directory /sipisdata/certs
to /certs
in the container so you may providethe certificates there.
SIPIS¶
This is the backend of SIPIS solution. It communicates with PBX directly and with the devices over its frontend containers: LB2 and stunnel.
The provided docker-compose file mounts directory /sipisdata/settings
into /etc/sipis
inside the container. SIPIS expects two files there: Settings.xml
and sipis.key
. Both are created on the first run if they are missing. sipis.key
is used to encrypt users’ passwords in the database. Settings.xml
is SIPIS configuration file which you may edit if you wish. The administrator password for SIPIS HTTP interface is generated randomly.
Note
If you wish to use your database server, you will have to change PostgreSQL connection string in Settings.xml
You may see that SIPIS has restart policy set to on-failure
. SIPIS needs database already running when it starts. If database container is not fully started when SIPIS starts SIPIS cannot connect to it and will exit with an Error. This will keep SIPIS retrying after such an error.
stunnel¶
Stunnel is a TLS proxy that exposes SIPIS HTTP interface over TLS. It uses TLS certificate and key in the same way as LB2 container (and generates self signed ones if none are found).
You can replace this container with your own HTTPS/TLS proxy. You should forward traffic HTTPS traffic to the port 5000 of SIPIS container (you may need to publish port 5000 of SIPIS container).
Note
To make SIPIS work properly, users need to be able to contact https://yoursipis/sipis/register URL. Make sure that this HTTPS endpoint is forwarded to SIPIS container (to http://sipis:5000/sipis/register).
Logging¶
The provided docker-compose file sets up logging to default Docker logging driver (json-file) and limits the output to 20 MB. You can use any logging driver you prefer. You should however be wary that LB2 container creates a lot of log output which is useful only for debugging and can be usually discarded.