Jigasi on Cloud; PBX in my basement - configuration

I have created a Jitsi install on a cloud VPS - wow, I’m really impressed.
I have a FreePBX-based distro (not the FreePBX Distro) running in my basement at home working perfectly. I have a working DID which will be used strictly for Jitsi conferences.

My PBX is behind my home router/firewall. I’m forwarding SIP, RTP, IAX and some portknocker ports to it - no web ports. The PBX does not have https capabilities (nor do I have the mental energy to figure out how to retrofit letsencrypt into the working system).

Any suggestions on how to get Jigasi running correctly between these two systems with posted dialin/pin codes?

All the directions I’ve seen assume https connections to the PBX, and that’s not happening.

Help, and thanks in advance.

Andrew

Nope, the PBX needs to do https queries.
This is not for asterisk but explains what needs to be done and you just need to convert the js used for vox to an asterisk IVR: Guide for setting up Jigasi with Voximplant

OK, if I get an LE cert running on my basement dwelling PBX, what ports do I need to forward from the FIOS device to my router to my PBX for jigasi/jitsi to be happily configured?

I can block access to the PBX from the forwarded ports by adding the Jitsi server to my PBX whitelist.

Are any of these forwarded ports ports that I need for anything else? I don’t have any other machines that have ports forwarded to them.

Thanks.

Andrew

Sorry, I cannot understand your topology. For jitsi-meet you need TCP port 443 and for the bridge you need udp 10000. For jigasi to connect to the jitsi-meet you can use just bosh and port 443, to connect to the sip nothing, jigasi relays on latching will send media to the address and port from the sdp and the server will start sending media to the address/port it receives it from. Jigasi acts like the common sip clients.

Sorry if I was unclear. I don’t yet understand the jitsi/jigasi nomenclature yet.

Jitsi is running on a cloud VPS - it works fine.

I have a PBX running in my basement which has remote extensions already; it runs iptables and blocks everything that isn’t whitelisted and only allows SIP, IAX2, RTP (10K-20K). I’m trying to install an ssl cert and will add the json and dialplan info.

I have FIOS coming into the house; they gave me a box which controls internet. The FIOS device connects to my router running OpenWRT. My router connects (duh!) to my PBX and other devices.

The FIOS and OpenWRT boxes both forward ports to the PBX (sip, rpt, IAX2, etc.) so that outside extensions can connect (it’s been working for years).

Do I only need to (also) forward 443 from FIOS to OpenWRT to PBX to get this whole thing working (assuming I get the letsencrypt certificate to work and get the dialplan, etc. correct)?

If not, what other actions do I need to take on the PBX (after otherwise following the directions) to make all this awesome voodoo work?

Andrew

If you want jigasi to connect to PBX from somewhere internet and you already have extensions doing that, jigasi is not different from normal sip clients. It registers to your sip PBX and when you handle the call in the dialplan you just dial the jigasi extension and let it do its job.
So if you have sip clients already connecting to your PBX over Internet you don’t need anything, other than configuring jigasi using a sip account you had setup for it (make sure nat=yes is enabled, or its newer equivalent in latest asterisk versions).

I was under the impression that I need the PBX to be able to receive/interpret info (hence https) in order to allow for meeting room names and pin numbers.

Nope, it needs to execute https request to convert the conference id(the id entered with dtmf tones in the IVR) to a conference name

Color me confused.

I thought the whole point of enabling the https on the PBX was so that the jitsi server can send the pbx the conference ID and PIN and the dialplan can send the caller to the correct meeting (as opposed to the jitsi server in general). Or one of several current meetings.

Looking at directions here (for example): Tutorial - Jitsi / Jigasi & FreePBX integration. Along with Asterisk IVR to use Jitsi conference mapper API and specifically starting at Section 8 (Custom IVR), I thought this allowed the dial in to be used for multiple meetings depending on how the host set the Pin and meeting name.

So, assuming that I’m not wrong, what do I need to do to allow a:
PBX without an ssl cert located on a private IP subnet to interact with the jitsi server and hand out connections to multiple meetings on my public facing jitsi server? The PBX presently gets port forwards for SIP, RTP, IAX2 and has Apache (without ssl) running.

Thanks so much, and apologies for how seemingly dense I am this week.

Andrew

Can you elaborate on this?

What I understood is that you have a working jitsi-meet deployment and a working SIP PBX and you want to make a dial-in works for jitsi-meet, this means that let’s say you are in a meeting and someone can dial in through a PSTN number or a sip address something that will land on your PBX and you want to interconnect that SIP call in a jitsi-meet meeting, is this correct?

I have a working jitsi server running on a Digital Ocean machine.
I have a working PBX in my basement which, while it has Apache running, does not has an ssl cert (http only). It lives behind NAT and whitelists valid extensions and SIP providers (this is not a problem, just a fact - I can configure the jigasi extension).

I’d like, if I have 1 or 2 (or more) meetings on the jitsi server, to offer up the ability for phone-only participants to dial in and be offered the correct meeting. So if I have meeting A and Meeting B, I’d like the same phone # to be used to offer them acces to whichever meeting they have the pin for.

I think I need to get ssl certs on the PBX per my reading/your earlier comments. I think I need to open at least port 443 to the PBX whitelisted from the jitsi machine.

I’m not really ready for trial and error since the PBX is used 24/7 and if I ‘blow it up’ I’ll have to be down to undo/restore. Additionally, if I blow up the jitsi server I’ll have to start over since I can’t make a backup of that machine at present.

So, if the second block of text (I’d like, if I have 1 or 2 (or more) meetings on the jitsi server …) is possible in my situation, I’d like to know what I need to change to get it running. Is it just jigasi, get an ssl cert and open 443 to the PBX from the jitsi server, or more? (along with getting the extension and dialplan info which is part of the jigasi install in my mind).

Help? Your turn, and thanks.

Andrew

So I think it is more clear now. So if you want to implement the conference mapper on your Apache server … yep, but for start you can skip this part and use the conference mapper as shown on the voximplant doc, the one that meet.jit.si uses, that one is open everyone to use it.
This is a simple service to which if you pass a meeting name it returns a generated id, if you pass the id, returns a meeting name to be send to jigasi and stores the data for 30 or 60 days if not accessed, the moment you enter the meeting the data is requested and the period is restarted.
Following the doc you will need:

  • install jigasi and configure it to use your sip account you had prepared for it
  • configure jitsi-meet for the confmapper
  • develop an IVR on the asterisk side to handle incoming calls, get the conf id as DTMFs, query conference mapper, set custom sip headers and call jigasi
    And that’s it, on your PBX you need just the IVR and the sip account used by jigasi.

OK,

I have a jitsi cloud server set up with a letsencrypt ssl - meet.MYJITSISERVER.com
I have a PBX (Asterisk based) running in the basement (no ssl) running Asterisk/FreePBX
I have a mail server (iredmail) running in the cloud - mail.MAILSERVER.com

I have extension 4444 registering with the jitsi server. using meeting room siptest, dialing 4444 on a phone joins the meeting and audio is two way.

I have the .json and .php files living on my mail server (mail.MAILSERVER.com)

From my work machine if I enter in a browser: mail.MAILSERVER.com/jitsiNumberList.php
I get back:

{“message”:“Phone numbers available.”,“numbers”:{“US”:["+1.609.XXX.YYYY"],“US Alternate”:["+1.609.XXX.YYYY"]},“numbersEnabled”:true}

However, I have no clue on how to add CORS to my nginx on the email server. My nginx.conf reads:

user nginx;
worker_processes 1;
pid /var/run/nginx.pid;

# ASB attempt to get CORS for Jitsi/Jigasi
#include /etc/nginx/cors-settings.conf;


events {
    worker_connections 1024;
}

http {
    include /etc/nginx/conf-enabled/*.conf;
    include /etc/nginx/sites-enabled/*.conf;
}

and cors-settings.conf reads:

if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '"https://meet.MYJITSISERVER.com"';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
     }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
    }
}

If I enable my commented out line for CORS, nginx doesn’t start.
More importantly, since my dial in lines are static, why can’t I stick a file/the answer for the phone numbers on the jitsi server?

The cors-settings.conf was pulled from the internet.

So, what might I be doing wrong, and what’s the easiest way to fix it?

Thanks again and still.

Andrew

I guess I lost the interest of the experts here …

Andrew

I would say to add a location for your file and do something like https://github.com/jitsi/jitsi-meet/blob/9815b633fc63640d0728d4d0e7172537684e5290/doc/debian/jitsi-meet/jitsi-meet.example#L64

The problem ended up being the location of the URL lines in /etc/jitsi/meet/meet.myjitsi.com-config.js.

I had the two directives after the domain and anonymousdomain lines. This apparently won’t work.

Moving them down to just above the ‘makeJasonParserHappy:’ line allowed everything to work.

Does ‘stuff’ need to happen before these lines can be correctly interpreted?

It works now - posting here in case anyone else is having troubles.

Andrew