SIPIS in Docker

Due to popular demand we decided to provide Docker images for SIPIS and supporting services. However, you should consider installing SIPIS using Debian packages.

This guide expects you to be familiar with Docker and Docker compose.

Registry login

To use images referenced in this document you need to log in to our docker registry:

docker login -u customer -p Aen1ieB5sh docker.acrobits.net

Quickstart

Create a directory sipis and inside it create a file called docker-compose.yml with the following content:

---
version: "2"
networks:
    sipisnet:

services:
    lb2:
        image: docker.acrobits.net/releases/lb2
        volumes:
            - /sipisdata/certs:/certs
        ports:
            - 24998:24998
            - 4998:4998/udp
            - 4998:4998/tcp
        networks:
            sipisnet:
                aliases:
                    - lb2
        logging:
            driver: "json-file"
            options:
                max-size: 20m

    dbsipis:
        image: docker.acrobits.net/releases/dbsipis
        volumes:
            - /sipisdata/db:/var/lib/postgresql/data
        networks:
            sipisnet:
                aliases:
                    - dbsipis
        logging:
            driver: "json-file"
            options:
                max-size: 20m
    sipis:
        depends_on:
            - dbsipis
        image: docker.acrobits.net/releases/sipis
        volumes:
            - /sipisdata/settings:/etc/sipis
        restart: on-failure
        networks:
            sipisnet:
                aliases:
                    - sipis
        logging:
            driver: "json-file"
            options:
                max-size: 20m
        ulimits:
            nofile: 65535
    stunnelsipis:
        depends_on:
            - sipis
        image: docker.acrobits.net/releases/stunnelsipis
        volumes:
            - /sipisdata/certs:/certs
        ports:
            - 443:443
        networks:
            sipisnet:
                aliases:
                    - stunnelsipis
        logging:
            driver: "json-file"
            options:
                max-size: 20m

Then run

docker-compose up -d

This will start all components of SIPIS and the running SIPIS is fully functional and can be used for testing. For production use, you may want to do some configuration.

Components and their settings

The whole stack consists of four components: database, SIPIS, LB2 frontend and stunnel.

Database

SIPIS uses Postgresql database server. SIPIS expects a database with certain structure of tables, triggers and functions. The provided docker image is based on the official postgres image where needed database is created on the first run. Provided docker-compose file mounts directory /sipisdata/db as a persistent storage for the database.

If you already have Postgresql server and wish to use it as SIPIS database, you need to do the following steps:

  1. Extract file /docker-entrypoint-initdb.d/create-sipis-db.sql form the image (for example using docker create and docker cp commands)

  2. The first three lines of the file create the user and the database and connect to it. The rest creates the database structure. You may wish to edit the beginning of the file (for example to set the user’s password) before running it against your database server.

  3. Set the database information in Settings.xml in SIPIS container (described below).

Note

Postgresql container does not require a password by default and therefore should not be accessible over the Internet.

LB2

LB2 (or LoadBalancer2) is SIPIS frontend. It accepts connections from the devices and forwards data to one or more SIPISes. The devices connect to it on ports 4998 UDP and 4998 TCP or 24998 TCP (in case the SIP transport is configured to use TLS).

When the container with LB2 is run, it expects TLS key and certificates in files /certs/privkey.pem and /certs/fullchain.pem respectively. If they are not present, a key and self-signed scertificate is generated. Provided docker-compose file mounts a directory /sipisdata/certs to /certs in the container so you may providethe certificates there.

SIPIS

This is the backend of SIPIS solution. It communicates with PBX directly and with the devices over its frontend containers: LB2 and stunnel.

The provided docker-compose file mounts directory /sipisdata/settings into /etc/sipis inside the container. SIPIS expects two files there: Settings.xml and sipis.key. Both are created on the first run if they are missing. sipis.key is used to encrypt users’ passwords in the database. Settings.xml is SIPIS configuration file which you may edit if you wish. The administrator password for SIPIS HTTP interface is generated randomly.

Note

If you wish to use your database server, you will have to change PostgreSQL connection string in Settings.xml

You may see that SIPIS has restart policy set to on-failure. SIPIS needs database already running when it starts. If database container is not fully started when SIPIS starts SIPIS cannot connect to it and will exit with an Error. This will keep SIPIS retrying after such an error.

stunnel

Stunnel is a TLS proxy that exposes SIPIS HTTP interface over TLS. It uses TLS certificate and key in the same way as LB2 container (and generates self signed ones if none are found).

You can replace this container with your own HTTPS/TLS proxy. You should forward traffic HTTPS traffic to the port 5000 of SIPIS container (you may need to publish port 5000 of SIPIS container).

Note

To make SIPIS work properly, users need to be able to contact https://yoursipis/sipis/register URL. Make sure that this HTTPS endpoint is forwarded to SIPIS container (to http://sipis:5000/sipis/register).

Logging

The provided docker-compose file sets up logging to default Docker logging driver (json-file) and limits the output to 20 MB. You can use any logging driver you prefer. You should however be wary that LB2 container creates a lot of log output which is useful only for debugging and can be usually discarded.