SIPIS in Docker¶
Due to popular demand we decided to provide Docker images for SIPIS and supporting services. However, you should consider installing SIPIS using Debian packages.
This guide expects you to be familiar with Docker and Docker compose.
To use images referenced in this document you need to log in to our docker registry:
docker login -u customer -p Aen1ieB5sh docker.acrobits.net
Create a directory
sipis and inside it create a file called
docker-compose.yml with the following content:
--- version: "2" networks: sipisnet: services: lb2: image: docker.acrobits.net/releases/lb2 volumes: - /sipisdata/certs:/certs ports: - 24998:24998 - 4998:4998/udp - 4998:4998/tcp networks: sipisnet: aliases: - lb2 logging: driver: "json-file" options: max-size: 20m dbsipis: image: docker.acrobits.net/releases/dbsipis volumes: - /sipisdata/db:/var/lib/postgresql/data networks: sipisnet: aliases: - dbsipis logging: driver: "json-file" options: max-size: 20m sipis: depends_on: - dbsipis image: docker.acrobits.net/releases/sipis volumes: - /sipisdata/settings:/etc/sipis restart: on-failure networks: sipisnet: aliases: - sipis logging: driver: "json-file" options: max-size: 20m ulimits: nofile: 65535 stunnelsipis: depends_on: - sipis image: docker.acrobits.net/releases/stunnelsipis volumes: - /sipisdata/certs:/certs ports: - 443:443 networks: sipisnet: aliases: - stunnelsipis logging: driver: "json-file" options: max-size: 20m
docker-compose up -d
This will start all components of SIPIS and the running SIPIS is fully functional and can be used for testing. For production use, you may want to do some configuration.
Components and their settings¶
The whole stack consists of four components: database, SIPIS, LB2 frontend and stunnel.
SIPIS uses Postgresql database server. SIPIS expects a database with certain structure of tables, triggers and functions. The provided docker image is based on the official postgres image where needed database is created on the first run. Provided docker-compose file mounts directory /sipisdata/db as a persistent storage for the database.
If you already have Postgresql server and wish to use it as SIPIS database, you need to do the following steps:
Extract file /docker-entrypoint-initdb.d/create-sipis-db.sql form the image (for example using
The first three lines of the file create the user and the database and connect to it. The rest creates the database structure. You may wish to edit the beginning of the file (for example to set the user’s password) before running it against your database server.
Set the database information in Settings.xml in SIPIS container (described below).
Postgresql container does not require a password by default and therefore should not be accessible over the Internet.
LB2 (or LoadBalancer2) is SIPIS frontend. It accepts connections from the devices and forwards data to one or more SIPISes. The devices connect to it on ports 4998 UDP and 4998 TCP or 24998 TCP (in case the SIP transport is configured to use TLS).
When the container with LB2 is run, it expects TLS key and certificates in files
/certs/fullchain.pem respectively. If they are not present, a key and self-signed scertificate is generated. Provided docker-compose file mounts a directory
/certs in the container so you may providethe certificates there.
This is the backend of SIPIS solution. It communicates with PBX directly and with the devices over its frontend containers: LB2 and stunnel.
The provided docker-compose file mounts directory
/etc/sipis inside the container. SIPIS expects two files there:
sipis.key. Both are created on the first run if they are missing.
sipis.key is used to encrypt users’ passwords in the database.
Settings.xml is SIPIS configuration file which you may edit if you wish. The administrator password for SIPIS HTTP interface is generated randomly.
If you wish to use your database server, you will have to change PostgreSQL connection string in Settings.xml
You may see that SIPIS has restart policy set to
on-failure. SIPIS needs database already running when it starts. If database container is not fully started when SIPIS starts SIPIS cannot connect to it and will exit with an Error. This will keep SIPIS retrying after such an error.
You can replace this container with your own HTTPS/TLS proxy. You should forward traffic HTTPS traffic to the port 5000 of SIPIS container (you may need to publish port 5000 of SIPIS container).
The provided docker-compose file sets up logging to default Docker logging driver (json-file) and limits the output to 20 MB. You can use any logging driver you prefer. You should however be wary that LB2 container creates a lot of log output which is useful only for debugging and can be usually discarded.