OpenGate Containers es el módulo encargado de gestionar las conexiones VoIP de un entorno OpenGate, así como la configuración de extensiones, trunks, etc. En esta guía, se explica cómo realizar una instalación rápida.
To complete a successful installation and ensure a proper operation as described in this guide, the following must be met:
Have a “host” machine with a recent version of Docker Engine and Docker Compose installed.
The “host” machine must have the network properly configured.
In case of a Master node configured with a SIP Registrar, two IPs are required.
The “host” machine should not execute other services which may clash with the ports used in your services.
Exception: The Master node should have an MTA installed, such as “postfix” to send emails from mailboxes.
When a “SMTP relay" server is being used, it must be configured as detailed in this /wiki/spaces/PRSPS/pages/177045505.
The “host” machine must not limit the connection to your services through a firewall.
Containers allow that any operating system can be used as a “host”. However, not all operating systems can be tested and supported. The Presence R+D team recommends Rocky Linux 9. Rocky Linux 9 requires only the following steps:
|
There are different types of environments which require different services to be started (Master, Node, WebRTC, and combinations of these), and therefore a help script is provided that automates the following steps: Creating the docker-compose.yml and .env files, creating the secrets, connecting to the registry and pulling the images. This script can be launched directly using the following command:
bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" MODE |
Replace MODE with one of the following:
master: Installs postgresql, ssh-server, webservices, kamailio and asterisk.
masterwebrtc: Same as master, but adds freeswitch to use as WebRTC Gateway.
masteronlywebrtc: Does not include kamailio,, which allows you to use it in environments with a single IP with WebRTC phones. However, no Agent/SIP user extensions can be registered.
node: Installs asterisk and ssh-server.
nodewebrtc: Same as node, but adds freeswitch to use as WebRTC Gateway.
webrtc: Installs freeswitch and ssh-server.
After executing this command, the following screen will prompt you to configure the environments in the.env file, and will also show the instructions to create secrets. Something like this:
Please edit .env file with the appropriate values. Current .env contents:
TZ=Europe/Madrid
SSH_USERNAME=opengate
DATA_BINDADDR=10.X.X.X
VOICE_BINDADDR=10.X.X.X
SIP_REGISTRAR_IP=10.X.X.X
WSS_BINDADDR=10.X.X.X
WSS_EXTERNAL_IP=99.X.X.X
# DB_NAME MUST be opengate (hardcoded at OpenGate Proxy)
DB_NAME=opengate
DB_USER=opengaterw
RECORDING_SHARE=//X.X.X.X/recording
RECORDING_SHARE_USER=Administrator
RECORDING_SHARE_PASSWORD=PASSWORD
RECORDING_MOUNT_POINT=/recordings
# set to true to restore from a backup
RESTORE_MODE=false
Generate the secrets using the following commands and instructions:
- DB password: echo "MYPASSWORD" > secrets/db_password.txt
- SSH Key: ssh-keygen -f secrets/ssh_key
- TLS certificates (generate self-signed): openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650
or copy your own to the apropriate files:
cat key.pem cert.pem > secrets/asterisk.pem
cat key.pem cert.pem > secrets/freeswitch.pem
When done, start the environment by executing: docker compose up -d |
Finally, start with the command below:
docker compose up -d |
Edit the docker-compose.yml file and check tags from all images.
Tags pointing to :latest will automatically download the latest version.
Alternatively, indicate a specific version.
Run the following commands to update and start the environment again:
docker compose pull docker compose up -d |
The above commands will cause that containers with changes (and also depending containers) to restart.
Once the environment is up and running, old images can be cleared using docker image prune.
This restore process may be used for backup copies of versions 11.0 to 13.0 in order to migrate an environment previously installed from the old softappliance with CentOS 7. |
Edit the .env file in the Master node to set the variable RESTORE_MODE=true.
Stop Presence OpenGate Proxy Server and any other applications that may be using the database. Apply the changes using the following command: docker compose up -d.
Wait for the environment to get started again. Then, access the Master node IP from a web browser.
Load the backup copy and follow the steps.
If the restore process is performed using a backup copy generated with another database user (e.g., for 12.3 or 13.0 updates), you may expect many changes related to permissions in the above first step.
When all the steps are completed, edit the .env file in the Master node. Set the variable RESTORE_MODE=false and apply using the following command: docker compose up -d.
Certain technical details are important to keep in mind:
You MUST NOT change the database username once the environment has been started for the first time. The PostgreSQL official container creates the database for the user specified in the first boot. If you subsequently change that user, the database will not start successfully.
Docker compose does not update the configuration of CIFS volumes (such as the recordings volume of Presence Recording). If you wish to modify this configuration once the volume has been created, you must first delete the volume using the following command: docker volume rm VOLUME_NAME.
If you make a change that results in the creation of a new container (e.g. a change to the image, one environment variable or volume), then the previous trace logs will be lost.
In case of a core dump in a service that is running in a container, the kernel configuration of the host machine is inherited, which means that this configuration will be saved in the host as specified. For Rocky Linux 9, these are stored in /var/lib/systemd/coredumps.
Because of the change made to set absolute paths, it is important to update the configuration of Presence Recording Server so that the new absolute paths will be used as shown below:
First, verify the containers using the following command: docker ps -a . This will show a list similar to this:
[opengate@localhost ~]$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 15b0c01516eb devopengate.azurecr.io/dev/kamailio:latest "/bin/sh -c 'kamaili…" 11 days ago Up 11 days kamailio_og c999ff8ac61f devopengate.azurecr.io/dev/webservices:latest "/setup/entrypoint.sh" 11 days ago Up 11 days (healthy) webservices_og ab7e655d73fe devopengate.azurecr.io/dev/freeswitch:latest "/docker-entrypoint.…" 11 days ago Up 11 days (healthy) freeswitch_og 4d4230f3d3c4 devopengate.azurecr.io/dev/asterisk:latest "/entrypoint.sh" 11 days ago Up 11 days asterisk_og 204aa182b9e8 devopengate.azurecr.io/dev/postgres:latest "docker-entrypoint.s…" 11 days ago Up 11 days 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp postgres_og 3c716da20711 devopengate.azurecr.io/dev/ssh-server:latest "/init" 11 days ago Up 11 days 0.0.0.0:2222->2222/tcp, :::2222->2222/tcp ssh_og |
To connect to each container, use the following command: docker exec -it CONTAINER_NAME bash. This runs bash and shows a console inside the container where you can execute the standard commands (asterisk -rvvv, fs_cli, kamctl, etc.). However, you must be careful when changing files as you might modify their permissions (please, check this with the ls -ln command, and restore the original permissions if required).
A special scenario: When you reuse an IP address from a Node or WebRTC Gateway, the SSH connection will fail because their fingerprint will have changed. As a result, you will be warned of a possible security failure (a connection against a known host is expected, but instead the found host is another). You can see an error in the trace logs of Presence OpenGate web services. To fix this problem, connect to this module and clear the entry which causes this conflict in the |
Variables allow you to customize the configuration of containers. Many variables are commonly used in the docker-compose.yml and .env files to configure the environment, but some of them have a very specific use only. Below is the full list of variables:
PostgreSQL: Check the official documentation at https://github.com/docker-library/docs/blob/master/postgres/README.md#environment-variables.
SSH Server: Check the official documentation at https://github.com/linuxserver/docker-openssh-server?tab=readme-ov-file#parameters.
Web services:
DB_HOST=localhost Used to set the IP or hostname of the database.
DB_NAME=opengate Used to set the database name.
DB_USER=opengate Used to set the database user.
DB_PASSWORD_FILE=/run/secrets/db_password Used to set the “secret” path, which contains the database connection password.
SIP_REGISTRAR_IP=127.0.0.1 Used to set the IP address used to configure the SIP Registrar.
MASTER_ASTERISK_IP=127.0.0.1 Used to set the IP address of the interface connected to the data network of the Master node. This must match the DATA_BINDADDR value of the master Asterisk.
RECORDING_MOUNT_POINT Used to set the mount point of Presence Recording. This information is required to generate the configuration that Asterisk uses to record user extensions.
LOG_TO_DEFAULT=True Used to set the traces to be logged in the standard location. If set to “False”, traces will be logged in a file.
SSH_USERNAME=opengate Used to set the username of SSH. This must match the username configured in the SSH host. All Nodes and WebRTC Gateways of an environment must also have the same.
SSH_PORT=2222 Used to set the SSH port. This must match the port configured in the SSH host. All Nodes and WebRTC Gateways of an environment must also have the same.
SSH_KEY_FILE=/run/secrets/ssh_key Used to set the “secret” path, which contains the SSH private key.
SSH_KEY_PUB_FILE=/run/secrets/ssh_key.pub Used to set the “secret” path, which contains the SSH public key.
RESTORE_MODE=False Allows you to enable the restore mode to load a previous backup copy when the value is set to “True”.
Asterisk:
DATA_BINDADDR="0.0.0.0" Used to set the IP address of the data network.
SIP_BINDADDR="0.0.0.0" Used to set the IP address of the SIP server.
LOG_TO_DEFAULT=True Used to set that traces to be logged in the standard location. If set to “False”, traces will be logged in a file.
RUN_CONVERTER=False Used to set whether or not the audio format converter is to run. This is only set to “True” in the Master node.
SIP_TLS_PEM_FILE=/run/secrets/tls_pem Used to set the “secret” path, which contains the TLS certificate for SIP.
ASTERISK_ARGS="-fpvvvg" Used to set the parameters that are used to launch the Asterisk exec file.
CHECK_FILE="/etc/asterisk/presence-scripts/create_conf_files.sh" Used to set the file that is to be checked before you start Asterisk. This check is to make sure that the Unified Administration has successfully loaded the configuration prior to the Asterisk startup.
FreeSWITCH:
FS_EXTIP=127.0.0.1 Used to set the external IP address of FreeSWITCH (public IP).
FS_PRIVIP=127.0.0.1 Used to set the IP address of the network interface connected to the private network. This network is used to connect to the nodes and to the rest of the OpenGate system.
FS_DMZIP=$FS_PRIVIP Used to set the IP address of the network interface connected to the DMZ network. If there is no separation between the private / DMZ networks, then the network is the same and there is no need to be specified.
FS_UA_ACL=$FS_PRIVIP/24 Used to set an ACL (Access Control List) of IPs from which Presence OpenGate web services can connect to FreeSWITCH (to make change in the configuration). By default, let’s assume this is the private network in a subnetwork /24. If the Master node falls outside this range, you have to update this variable to match the network address of OpenGate web services.
FS_WSSPORT=7443 Used to set the WSS Port (WebSocket Secure) used to establish the WebRTC connections.
FS_RTPSTARTPORT=22000 and FS_RTPENDPORT=24600 Used to set the range of ports used for RTP.
FS_CODEC=PCMA Used to set the codec to establish the WebRTC connection. The values are the following: PCMA, PCMU, OPUS.
FS_TLS_PEM_FILE=/run/secrets/tls_pem Used to set the “secret” path, which contains the TLS certificate for WSS and SRTP.
Enghouse Interactive (www.enghouseinteractive.com) delivers technology and expertise to maximize the value of every customer interaction. The company develops a comprehensive portfolio of customer interaction management solutions. Core technologies include contact center, attendant console, predictive outbound dialer, knowledge management, IVR and call recording solutions that support any telephony environment, on premise or in the cloud. Enghouse Interactive has tens of thousands of customers worldwide, supported by a global network of partners and more than 1,000 dedicated staff across the Company’s international operations.
Enghouse Interactive is a subsidiary of Enghouse Systems Limited, a software and services company traded on the Toronto Stock Exchange (TSX) under the symbol “ENGH.” Founded in 1984, Enghouse Systems is a consistently profitable company, which has grown both organically and through the acquisition of well-regarded specialists including AndTek, Arc, CosmoCom, Datapulse, IAT, IT Sonix, Presence Technology, , Reitek, Safeharbor, Survox, Syntellect, Telrex, Trio, Voxtron and Zeacom. Learn more at: http://www.enghouseinteractive.es/