This message comprises 2 sections.
- Sharing my experience with SIP webrtc (Freepbx based) and nextcloud integration with external link
- Calling the community to develop a nextcloud module in order to avoid exposing the freepbx to the external internet
– to start with point 1–
after installing the freepbx 13 with Asterisk 13 , you need to install the webrtc module of freepbx
create extensions (they can be either SIP or PJSIP) I personally prefer the PJSIP for many reasons that are beyond the scope of this post.
All stated above should be straight forward with no complication until!!! trying to access the webrtc throughout the navigator.
The following are mandatory prerequisites
- Navigator option 1 is firefox (latest release) , it also works with Chrome but I do not have good memories so to speak.
- FQDN for the freepbx instance
- Letsencrypt certificates for the freepbx FQDN
- Access to Freepbx should be with https without any errors
Should all above are met some more work to be done on the main firewall (of your company or home)
Port forwarding TCP 8089 and 443 (provided you did not change any of those ports during installation)
To be clear port 8089 can be verified under /etc/asterisk/ http_additional.conf
or from the GUI under settings—> advanced settings
Now webrtc can be accessed with the following link format : https://yourfqdn:443/ucp
failing to do so your webrtc may show that extension is registered but you will never be able to receive or establish a call.
Should your webrtc displaying a red bar on top with xml message then you need to disable the following 2 modules from freepbx
XMPP and conference pro
To be honest I did not have time to figure out what ports these 2 apps use in order to include them on my port forwarding but since my aim is to minimize my PBX exposure to the net I just disabled them.
In Nextcloud you just need to add an external link https://yourfqdn:443/ucp and try it.
Mine is perfectly working no voice issues no nating problems and the best part of it my PBX is not much exposed
I advise to change the port 443 to port say 8351 so on your firewall you forward external port 8351 to internal port 443 .
Drawback of this solution
Once the tab is closed or the focus is moved to another functionality into nextcloud then the phone will become offline
Open another Tab for the rest of nextcloud functionalities
Now to point number 2 of my post…
I am not a developer hence I wish to call for developers in this community to help me out creating a module that can be integrated into nextcloud.
The reason for that is to eliminate the need to open ports on the main firewall.
Below are few examples already achieved that task
- Rainloop email module
- XMPP module
These modules call internal ip addresses without the need to forward ports on the main firewall
they use proxy ngix
Our desired module is necessary in order to eliminate the need to type username and password.
No need to make it so complex and link it to the LDAP, you just look at rainloop how it functions and implement the same for the webrtc Nextcloud module.
Please avoid the drawback experienced with the step 1 solution.
Finally hope someone can put together a plan for this nice feature.