How to install Vicidial Webphone in Scratch Install with Lets encrypt SSL

Vicidial Scratch installtion in centos7 with webphone support Install with Lets encrypt SSL

Topic: How to install Vicidial Webphone in Scratch Install with Lets encrypt SSL

Overview: Vicidial Webphone with Lets encrypt SSL

    This article all about step by step guide for vicidial webphone configuration in scratch installed vicidial with noip free domain  and letsencrypt free ssl certificates.

    Vicidial is the most popular Open-Source Contact Center Solution in the world, that incorporates a predictive dialer to enable the blended handling of inbound / outbound calls alongside inbound emails and customer website chat.
  VICIphone is an Open Source Project. VICIphone was built with WebRTC Technology. WebRTC provides browsers and mobile applications with Real-Time Communications (RTC) capabilities. This enables your users to use VICIphone without having to install or configure anything. Asterisk 13 and later can handle WebRTC connections

  Major Components of Vicidial

Asterisk – Telephony server
Mariadb – Database
Apache – Webserver

  Pre-Requisites

Before proceeding with installation steps , we must have below pre-requisites ready

• Centos 7 installed either full DVD or minimal OS installation
• Console access to the server or SSH access via putty .
• Root access or other user with necessary permission
• Internet access in the server to download softwares.
• Basic knowledge of linux commands like vi or nano editor, copy ,paste.

  Installation Steps :

Step 1: Vicidial Scratch install with asterisk 13 or 16

Step 2: webphone Pre-Requisites

Step 3: Registring Free Domain from NoIP/DynDns

Step 4: Generating Free SSL from Letsenrypt

Step 5: Enabling SSL option in apache / httpd

Step 6: Asterisk Config to support Webrtc / webphone /viciphone

Step 7: Viciphone Installation and configuration

  Step 1: Vicidial Scratch Install

    I have a separate blog article for the vicidial scratch install, follow the instruction mentioned in the below link, followed to that proceed with Step 2 for the webpphone configuration

Vicidial scratch install Guide

Step 2: webphone Pre-Requisites

For the webrtc support in vicidial ,you must meet below pre-requisites

• asterisk 13 and above version 
• vicidial server should be accessed via FQDN (domain name)
• Vicidial server should be accessed via SSL ie: https://domain/
• Trusted SSL certifcate and key from vendor like letencrypt,norton etc.

note: if you are one like me to use all free, i use  no-ip for a free domain and letsencrypt for free ssl certificates.

Refer this link if you want to use with self signed certificate.
Follow the below steps to configure webrtc with no-ip domain, Letencrypt SSL certificate and Viciphone webrtc webphone.

  Step 3: Registring Free Domain from LetsEncrypt

NoIP: No-IP which is a dynamic DNS provider for paid and free services.
NoIP offering free dynamic DNS and URL redirection. Users were able to create a free sub-domain under a few domains owned by No-IP

If you have your own domain ,you can skip this step.

• goto https://www.noip.com
• Signup a new account
• Create your own domain from there existing top level domain
• for eg: seoxoom.ddns.net

• Next Modify your domain and enter your server public ip

• Now you have your own domain and pointed to your server
• Try to access your server via domain http://xyz.ddns.net/

Step 4: Free Trusted SSL from Letsenrypt 

LetsEncrypt is a Certificate Authority (CA) that provides free certificates for Transport Layer Security (TLS) encryption, thereby enabling encrypted HTTPS on web servers. It simplifies the process of creation, validation, signing, installation, and renewal of certificates by providing a software client that automates most of the steps—Certbot.

To generate the letsencrypt SSL certificate follow below steps.

Step 4-1: Installing Certbot and Dependencies

yum install certbot python2-certbot-apache mod_ssl

Step 4-2: Generate SSL certificate with Certbot Client 

certbot certonly --webroot-path /var/www/html -d seoxoom.ddns.net --register-unsafely-without-email
<note: replace seoxoom.ddns.net with your domain>
<enter 3 for webroot location.

How would you like to authenticate with the ACME CA?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 3

Once the process is successful ,you will get the successful message and the certificates and key will be saved in below mentioned folder

note: enter you domain after /live folder

cd /etc/letsencrypt/live/seoxoom.ddns.net/

ls

cert.pem chain.pem fullchain.pem privkey.pem README

Step 5: Apache /Httpd configuration to support SSL/Https 

You need to point your new ssl certificate and key path in the ssl.conf so that your server will be accessed via new Letsencrypt  certificates.

yum  install mod_ssl

edit vi /etc/httd/conf.d/ssl.conf

search the below lines and update with your certificate file with path as show below
SSLCertificateFile
SSLCertificateKeyFile

SSLCertificateChainFile 

SSLCertificateFile /etc/letsencrypt/live/seoxoom.ddns.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/seoxoom.ddns.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/seoxoom.ddns.net/fullchain.pem

restart httpd service to update the changes

systemctl restart httpd

 Check your SSL 

 Check your ssl by checking your website in https://www.sslshopper.com/ssl-checker.html

Also access you dialer in  a browser and make sure it is accessible via https and without any ssl error eg : https://seoxoom.dyndns.com
if Yes you are good to go next steps.

Redirect All HTTP request to HTTPS request

We need to force the dialer access only via https , in order to avoid agents login to dialer via http which leads to failure of webrtc support.

edit httpd.conf

vi /etc/httpd/conf/httpd.conf

add the below entry after the last line

replace seoxoom.ddns.net with your domain.

<VirtualHost *:80>
    ServerName seoxoom.ddns.net
    DocumentRoot /var/www/html
    ErrorLog /var/www/error.log
    CustomLog /var/www/requests.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =seoxoom.ddns.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

restart the httpd service

systemctl restart httpd

Now access your dialer with http://domain/  it should auto redirect to https://domain.

  updating Vicidial Recordings link with https

By default the vicidial recordings links are update with http extension in DB,
in order to update the recording link to https extension you need edit your cronjob.

Just add –HTTPS label in  AST_CRON_audio_2_compress.pl followed my –MP3 as shown below

crontab -e

/usr/share/astguiclient/AST_CRON_audio_2_compress.pl --MP3 --HTTPS

  Step 6: Asterisk Configuration To support webrtc

In order to asterisk support webrtc you need to edit below files

1. /etc/asterisk/http.conf

2. /etc/asterisk/modules.conf

3. /etc/asterisk/rtp.conf

4./etc/asterisk/sip.conf

vi /etc/asterisk/http.conf

and or enable below settings

enabled=yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/letsencrypt/live/seoxoom.ddns.net/cert.pem
tlsprivatekey=/etc/letsencrypt/live/seoxoom.ddns.net/privkey.pem

NOTE: replace seoxoom.ddns.net with your domain name

vi /etc/asterisk/modules.conf

Add the below entry after the last line ,save the file and reboot to take effect the changes.

load => res_http_websocket.so

Reboot the server once, so the asterisk startup with http_websocket loaded,

to confirm websocket is loaded , run the below command 

asterisk -rx 'http show status'

make sure it says “HTTPS Server Enabled and Bound to 0.0.0.0:8089”

[root@centos~]# asterisk -rx "http show status"

HTTP Server Status:

Prefix:

Server: Asterisk/13.29.2

Server Enabled and Bound to 0.0.0.0:8088

HTTPS Server Enabled and Bound to 0.0.0.0:8089

Enabled URI’s:

/httpstatus => Asterisk HTTP General Status
/phoneprov/... => Asterisk HTTP Phone Provisioning Tool
/static/... => Asterisk HTTP Static Delivery
/ari/... => Asterisk RESTful API
/ws => Asterisk HTTP WebSocket

Enabled Redirects:

  None.

vi /etc/asterisk/rtp.conf

rtpstart=10000
rtpend=20000
icesupport=yes
stunaddr=stun.counterpath.com:3478

vi /etc/asterisk/res_stun_monitor.conf

stunaddr=stun.counterpath.com:3478
stunrefresh = 30

go to asterisk cli ,reload once and check stun updates similar like below

asterisk -vvvvvr
asterisk-CLI> stun show status
Hostname                  Port  Period  Retries  Status  ExternAddr       ExternPort
stun.counterpath.com      3478  30      3        OK      xx.xxx.xx.xx   32997
centos-s-4vcpu-8gb-intel-nyc1-01*CLI>

vi /etc/asterisk/sip.conf

update below entry

realm=your-domain or publicip

externaddr=your-publicip

Step 7: Downloading and installing Viciphone

you can download the official viciphone or enhanced version from below links, i prefer the enhanced version.

official link : https://viciphone.com  

githublink : https://github.com/vicimikec/ViciPhone.git

enhanced link : https://github.com/ccabrerar/ViciPhone.git

download the file to a temp directory

cd /var/tmp
git clone https://github.com/ccabrerar/ViciPhone.git

• copy the file to vicidial agc folder and provide permission

cd /var/tmp
cp -r ViciPhone /var/www/html/agc/viciphone
chmod -R 755 /var/www/html/agc/viciphone

Step 7-1: Vicidial Settings for webphone

• Set webphone as default phone .

Navigate in admin

ADMIN > SYSTEM SETTINGS >

Default Webphone: 1

Entering the Webphone URL 

Navigate in Admin

ADMIN > SYSTEM SETTINGS > Webphone URL:  

Webphone URL: viciphone/viciphone.php

Settubg websocket URL

Navigate in Admin

ADMIN > SERVERS > Modify > Web Socket URL: 

wss://seoxoom.ddns.net:8089/ws

  Step 7-2 Vicidial webrtc TEMPLATE

     Now we need to create webrtc sip template which we will assign to each phone created in vicidial.

Go to Admin -> Templates

Create a new Template by name webrtc

copy paste the below settings, make to point to your ssl certificate path

type=friend
host=dynamic
encryption=yes
avpf=yes
icesupport=yes
directmedia=no
transport=wss
force_avp=yes
dtlsenable=yes
dtlsverify=no
dtlscertfile=/etc/letsencrypt/live/seoxoom.ddns.net/cert.pem
dtlsprivatekey=/etc/letsencrypt/live/seoxoom.ddns.net/privkey.pem
dtlssetup=actpass
rtcp_mux=yes

  Step 7-3: Creating Vicidial Phone with webphone support

GotoADMIN > PHONES

either add new phone or modify your existing phone and enable the below settings

Set As Webphone:  Y

Webphone Dialpad:Y

Webphone Auto-Answer: Y

Webphone Dialbox: Y

Webphone Mute: Y

Webphone Volume:Y

at Last line under TEMPLATE ID select the webrtc template created in step 27

 

  Step 7-4 : Delaying the webphone login call by 10 sec.

    By default as soon you login as agent, the vicidial will initiate the first login call and play the message “you are the only person in conference”

You might miss this sound or call because of browser loading speed and time the webphone registering time.

To avoid this we will delay the call by 10 sec.

Follow the steps 

cd /var/www/html/agc
cp options-example.php options.php

Now edit the options.php file and set 10 for $webphone_call_seconds  

cd /var/www/html/agc
vi +64 /var/www/html/agc/options.php

search for below line and enter 10

$webphone_call_seconds  = '10';

  we have Completed, time to test.

    Use your Favourite browser to access your dialer, 

I would prefer to use Firefox as my Favorite browser .

URL: https://FQDN/agc/admin.php

you should be now able to login as agent with webphone/webrtc as shown below

Note : while logging in , the browser will ask permission to use MIC , Press ALLOW

Finally you can see your agent panel with Webphone.

  Conclusion

Note for NOIP

• you need regularly update your noip domain either manualy in there website or you can use the noip update client to automate the same

Letsencrypt

• Let’s Encrypt certificates are valid for 90 days, but it’s recommended that you renew the certificates every 60 , you can renew by running the command “certbot renew –dry-run”
• either run manually or automate via cronjob 

  0 2 30 * * /usr/bin/certbot renew --dry-run > /dev/null 2>&1

Post installation configuration

access your dialer via browser http://serverip/vicidial/admin.php

login with username 6666 and password 1234

The initial setup will force to change password, Timezone,GTM offset

once done logout

relogin with 6666 and new password.

1. modify the user 6666 and set 1 for all the admin interface options
2. Modify the ADMIN>SERVERS>Asterisk Version : 13.X
3. ADMIN>SERVERS>Local GMT: select to GMT
4. press submit two times, to rebuild conf files.
5. Modify-ADMIN>SYSTEMSETTINGS>ActiveVoicemailServer: serverip
6. ADMIN>SYSTEM SETTINGS> Default Local GMT: select to GMT

Final installation confirmation

run screen -list  to make sure all the background vicidial scripts are running

you should get below output

• How to Renew Let’s Encrypt SSL Certificate Google Cloud Bitnami
• Vicidial scratch installation in Centos7 Asterisk-13
• How to – Scratch install Vicidial on RockyLinux 8.5
• How to Install Vicidial on Centos 8 Asterisk 13
• 20 Big Search Engines You Can Use Instead of Google