Installation Guide

Requirements

Hardware

To run SIPIS without problems, your hardware should meet the following requirements depending on the number of expected users.

Up to 5000 users

  1. Any modern 64 bit CPU
  2. 4 GB RAM
  3. 30 GB of disk space

Up to 30000 users

  1. Any modern 64 bit CPU
  2. 8 GB RAM
  3. 80 GB of disk space

Over 30000 users

Contact us for multiple server options. The limiting resource is not hardware but the number of sockets that can be used for connections.

Other requirements

  1. An installation of 64 bit Debian Jessie. We recommend a clean installation.
  2. A valid (HTTPS) certificate for your SIPIS server.

Adding Repository

Add our key and repository to Debian:

  1. Execute the following command to install our public key:
wget -O - https://dist.acrobits.cz/debian/acrobits.gpg.key | apt-key add -

The fingerprint for our key is 1DB8 E683 A6F4 919B BFF1 6A7C FFCC BAF7 9FF5 CF45

  1. Create a new file /etc/apt/sources.list.d/Acrobits.list with the following content:

    deb http://username:password@dist.acrobits.cz/debian jessie main
    

Note

You will get a username and password from Acrobits representative.

  1. Run aptitude update

Installing SIPIS

Installing SIPIS is as simple as running:

aptitude install sipis

This will install our packages sipis, sipis-user and bridgetcpudp and their dependencies (mainly postgresql).

Configuring SIPIS

After installation your SIPIS needs to be properly configured.

Setting up the database

Choose a database password. Edit the script /usr/share/sipis/installdb, put your password there and run it. This script will create user sipis in your database, database sipis and will populate your database with required tables.

Configuring bridgetcpudp

No configuration should be necessary for now.

Note

bridgetcpudp connects to sipis on 127.0.0.1. If you change SIPIS listening address from the default one it might be necessary to change its configuration file /etc/bridgetcpudp/bridge.conf to reflect this change.

Configuring SIPIS

Edit file /etc/sipis/Settings.xml. You can find full documentation here.

For the impatient

The only thing that needs to be set is the database password in the attribute OpenString of the Database element. Insert the password you used for the database. We also recommend you set Administrator password and set an appropriate Name for your SIPIS.

Common options

In Server section choose a name to your SIPIS server. If you want more than one SIPIS servers sharing the database each of them must have a unique name. Change of this parameter will mean that SIPIS will not load its database entries (because it would think they belong to different SIPIS instace).

Address shows address where SIPIS listens to requests. We recommend keeping it 0.0.0.0 so that SIPIS listens on all interfaces. If you decide to change it, you will have to change the file /etc/bridgetcpudp/bridge.conf and replace address 127.0.0.1 with your chosen address. Change of this parameter requires restart of SIPIS.

HttpServer is a built in HTTP server. It is by default accessible on http://your_server:5000/stats. If you want it to listen only on localhost, change 0.0.0.0 to 127.0.0.1. You can also change the port (in that case adjust the configuration when setting up HTTPS registrations – see the following section).

With password set in Administrator section you can use the HTTP interface to execute actions.

You can change the lock file name in Lock section to match the name of your server if you wish.

Setting up HTTPS registration

The device sends the SIP registration information to SIPIS using HTTPS. This uses SIPIS HTTP interface. To make this communication encrypted it is necessary to place either stunnel or HTTPS proxy (or equivalent) in front of SIPIS. Here we describe two options: stunnel and nginx. If you do not know which one to choose, use nginx method.

stunnel method

  1. Install stunnel

    aptitude install stunnel
    
  2. Copy file /usr/share/doc/sipis/snippets/stunnel_sipis.conf to /etc/stunnel directory.

  3. Edit the file and set path to the key and certificate file for your server.

  4. Edit /etc/default/stunnel4 and set ENABLED=1

  5. Start stunnel

    systemctl restart stunnel4.service
    

nginx method

  1. Install nginx
aptitude install nginx
  1. Copy /usr/share/doc/sipis/snippets/nginx_sipis.conf into /etc/nginx/sites-enabled directory.

  2. Edit the file and set path to the key and certificate file for your server.

  3. Reload nginx configuration

    systemctl reload nginx
    

Control and Maintenance

To start SIPIS run
systemctl start sipis.service

Note

To make SIPIS run automatically when your computer starts run systemctl enable sipis.service

To stop SIPIS run

systemctl stop sipis.service

to reload it after configuration change run

systemctl reload sipis.service

SIPIS produces a lot of log output. We provide logrotate configuration file so that logs are properly rotated. Debian has logrotate installed by default.

Using stunnel

If you want to use TLS between devices and SIPIS, you should configure stunnel in front of bridgetcpudp. In that case your stunnel should listen on TCP port 24998 and transfer incoming connections to localhost, port 4998.

If you used stunnel method for SIPIS registrations you already did some of the following steps.

  1. Install stunnel
aptitude install stunnel
  1. Edit the file /etc/stunnel/tcpudpbridge.conf and set paths to key and certificate files for your server.
  2. Edit /etc/default/stunnel4 and set ENABLED=1
  3. Start stunnel
systemctl restart stunnel4.service

Firewall configuration

Your SIPIS installation should be reachable from your customer’s devices on the following ports:

  • 443/tcp
  • 4998/udp
  • 4998/tcp
  • 24998/tcp

Your SIPIS should be able to connect to your SIP server on the port you use (typically 5060 or 5061 for TLS) and to pnm.cloudsoftphone.com on port 6552 (see note).