Olivier
2019-Nov-18 20:52 UTC
[asterisk-users] How to set http.conf for HTTPS support on Debian Buster ?
Hello, I've installed a new Asterisk 17.0.0 on a Debian Buster system. This Asterisk instance is run by asterisk user (and group). I've got: # ls -l /etc/asterisk total 68 -rw-r--r-- 1 asterisk asterisk 501 nov. 18 19:12 asterisk.conf -rw-r--r-- 1 asterisk asterisk 135 nov. 18 18:57 cdr.conf -rw-r--r-- 1 asterisk asterisk 684 nov. 18 18:57 cdr_custom.conf -rw-r--r-- 1 asterisk asterisk 103 nov. 18 18:57 confbridge.conf -rw-r--r-- 1 asterisk asterisk 6834 nov. 18 18:57 extensions.conf -rw-r--r-- 1 asterisk asterisk 138 nov. 18 21:42 http.conf -rw-r--r-- 1 asterisk asterisk 681 nov. 18 18:57 indications.conf drwxr-xr-x 2 root root 4096 nov. 18 20:47 keys -rw-r--r-- 1 asterisk asterisk 160 nov. 18 18:57 logger.conf -rw-r--r-- 1 asterisk asterisk 2769 nov. 18 18:57 modules.conf -rw-r--r-- 1 asterisk asterisk 50 nov. 18 18:57 musiconhold.conf -rw-r--r-- 1 asterisk asterisk 6360 nov. 18 18:57 pjsip.conf -rw-r--r-- 1 asterisk asterisk 790 nov. 18 18:57 pjsip_notify.conf -rw-r--r-- 1 asterisk asterisk 768 nov. 18 18:57 README -rw-r--r-- 1 asterisk asterisk 513 nov. 18 18:57 voicemail.conf # ls -l /etc/asterisk/keys/ total 32 -rw------- 1 root root 1224 nov. 18 20:47 asterisk.crt -rw------- 1 root root 578 nov. 18 20:46 asterisk.csr -rw------- 1 root root 887 nov. 18 20:46 asterisk.key -rw------- 1 root root 2111 nov. 18 20:47 asterisk.pem -rw------- 1 root root 161 nov. 18 20:46 ca.cfg -rw------- 1 root root 1781 nov. 18 20:46 ca.crt -rw------- 1 root root 3311 nov. 18 20:46 ca.key -rw------- 1 root root 124 nov. 18 20:46 tmp.cfg # cat /etc/asterisk/http.conf [general] enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089 tlscertfile=/etc/asterisk/keys/asterisk.pem But, still I don't have any HTTPS server running: # asterisk -rx "http show status" HTTP Server Status: Prefix: Server: Asterisk/17.0.0 Server Enabled and Bound to 0.0.0.0:8088 Enabled URI's: /httpstatus => Asterisk HTTP General Status /static/... => Asterisk HTTP Static Delivery Enabled Redirects: None. Can someone help me on this ? Is http;conf correct ? Am I mis-configuring files access rights or ownership ? Something else ? Best regards -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20191118/2cb8b4cc/attachment.html>
Richard Mudgett
2019-Nov-18 21:07 UTC
[asterisk-users] How to set http.conf for HTTPS support on Debian Buster ?
On Mon, Nov 18, 2019 at 2:53 PM Olivier <oza.4h07 at gmail.com> wrote:> Hello, > > I've installed a new Asterisk 17.0.0 on a Debian Buster system. > > This Asterisk instance is run by asterisk user (and group). > I've got: > > # ls -l /etc/asterisk > total 68 > -rw-r--r-- 1 asterisk asterisk 501 nov. 18 19:12 asterisk.conf > -rw-r--r-- 1 asterisk asterisk 135 nov. 18 18:57 cdr.conf > -rw-r--r-- 1 asterisk asterisk 684 nov. 18 18:57 cdr_custom.conf > -rw-r--r-- 1 asterisk asterisk 103 nov. 18 18:57 confbridge.conf > -rw-r--r-- 1 asterisk asterisk 6834 nov. 18 18:57 extensions.conf > -rw-r--r-- 1 asterisk asterisk 138 nov. 18 21:42 http.conf > -rw-r--r-- 1 asterisk asterisk 681 nov. 18 18:57 indications.conf > drwxr-xr-x 2 root root 4096 nov. 18 20:47 keys > -rw-r--r-- 1 asterisk asterisk 160 nov. 18 18:57 logger.conf > -rw-r--r-- 1 asterisk asterisk 2769 nov. 18 18:57 modules.conf > -rw-r--r-- 1 asterisk asterisk 50 nov. 18 18:57 musiconhold.conf > -rw-r--r-- 1 asterisk asterisk 6360 nov. 18 18:57 pjsip.conf > -rw-r--r-- 1 asterisk asterisk 790 nov. 18 18:57 pjsip_notify.conf > -rw-r--r-- 1 asterisk asterisk 768 nov. 18 18:57 README > -rw-r--r-- 1 asterisk asterisk 513 nov. 18 18:57 voicemail.conf > > # ls -l /etc/asterisk/keys/ > total 32 > -rw------- 1 root root 1224 nov. 18 20:47 asterisk.crt > -rw------- 1 root root 578 nov. 18 20:46 asterisk.csr > -rw------- 1 root root 887 nov. 18 20:46 asterisk.key > -rw------- 1 root root 2111 nov. 18 20:47 asterisk.pem >I'd say that asterisk running as the asterisk user has no permission to see the .pem file as only root can see it. Richard> -rw------- 1 root root 161 nov. 18 20:46 ca.cfg > -rw------- 1 root root 1781 nov. 18 20:46 ca.crt > -rw------- 1 root root 3311 nov. 18 20:46 ca.key > -rw------- 1 root root 124 nov. 18 20:46 tmp.cfg > > # cat /etc/asterisk/http.conf > [general] > enabled=yes > bindaddr=0.0.0.0 > bindport=8088 > tlsenable=yes > tlsbindaddr=0.0.0.0:8089 > tlscertfile=/etc/asterisk/keys/asterisk.pem > > But, still I don't have any HTTPS server running: > > # asterisk -rx "http show status" > HTTP Server Status: > Prefix: > Server: Asterisk/17.0.0 > Server Enabled and Bound to 0.0.0.0:8088 > > Enabled URI's: > /httpstatus => Asterisk HTTP General Status > /static/... => Asterisk HTTP Static Delivery > > Enabled Redirects: > None. > > > > Can someone help me on this ? > Is http;conf correct ? > Am I mis-configuring files access rights or ownership ? > Something else ? > > Best regards > > > > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20191118/09cf1f58/attachment.html>
Olivier
2019-Nov-18 21:18 UTC
[asterisk-users] How to set http.conf for HTTPS support on Debian Buster ?
Unfortunately, changing ownership did not solve the issue: # ls -al keys/ total 40 drwxr-xr-x 2 asterisk asterisk 4096 nov. 18 20:47 . drwxr-x--- 3 asterisk asterisk 4096 nov. 18 20:53 .. -rw------- 1 asterisk asterisk 1224 nov. 18 20:47 asterisk.crt -rw------- 1 asterisk asterisk 578 nov. 18 20:46 asterisk.csr -rw------- 1 asterisk asterisk 887 nov. 18 20:46 asterisk.key -rw------- 1 asterisk asterisk 2111 nov. 18 20:47 asterisk.pem -rw------- 1 asterisk asterisk 161 nov. 18 20:46 ca.cfg -rw------- 1 asterisk asterisk 1781 nov. 18 20:46 ca.crt -rw------- 1 asterisk asterisk 3311 nov. 18 20:46 ca.key -rw------- 1 asterisk asterisk 124 nov. 18 20:46 tmp.cfg # service asterisk stop # service asterisk start # asterisk -rx "http show status" HTTP Server Status: Prefix: Server: Asterisk/17.0.0 Server Enabled and Bound to 0.0.0.0:8088 Enabled URI's: /httpstatus => Asterisk HTTP General Status /static/... => Asterisk HTTP Static Delivery Enabled Redirects: Le lun. 18 nov. 2019 à 22:08, Richard Mudgett <rmudgett at digium.com> a écrit :> > > On Mon, Nov 18, 2019 at 2:53 PM Olivier <oza.4h07 at gmail.com> wrote: > >> Hello, >> >> I've installed a new Asterisk 17.0.0 on a Debian Buster system. >> >> This Asterisk instance is run by asterisk user (and group). >> I've got: >> >> # ls -l /etc/asterisk >> total 68 >> -rw-r--r-- 1 asterisk asterisk 501 nov. 18 19:12 asterisk.conf >> -rw-r--r-- 1 asterisk asterisk 135 nov. 18 18:57 cdr.conf >> -rw-r--r-- 1 asterisk asterisk 684 nov. 18 18:57 cdr_custom.conf >> -rw-r--r-- 1 asterisk asterisk 103 nov. 18 18:57 confbridge.conf >> -rw-r--r-- 1 asterisk asterisk 6834 nov. 18 18:57 extensions.conf >> -rw-r--r-- 1 asterisk asterisk 138 nov. 18 21:42 http.conf >> -rw-r--r-- 1 asterisk asterisk 681 nov. 18 18:57 indications.conf >> drwxr-xr-x 2 root root 4096 nov. 18 20:47 keys >> -rw-r--r-- 1 asterisk asterisk 160 nov. 18 18:57 logger.conf >> -rw-r--r-- 1 asterisk asterisk 2769 nov. 18 18:57 modules.conf >> -rw-r--r-- 1 asterisk asterisk 50 nov. 18 18:57 musiconhold.conf >> -rw-r--r-- 1 asterisk asterisk 6360 nov. 18 18:57 pjsip.conf >> -rw-r--r-- 1 asterisk asterisk 790 nov. 18 18:57 pjsip_notify.conf >> -rw-r--r-- 1 asterisk asterisk 768 nov. 18 18:57 README >> -rw-r--r-- 1 asterisk asterisk 513 nov. 18 18:57 voicemail.conf >> >> # ls -l /etc/asterisk/keys/ >> total 32 >> -rw------- 1 root root 1224 nov. 18 20:47 asterisk.crt >> -rw------- 1 root root 578 nov. 18 20:46 asterisk.csr >> -rw------- 1 root root 887 nov. 18 20:46 asterisk.key >> -rw------- 1 root root 2111 nov. 18 20:47 asterisk.pem >> > > I'd say that asterisk running as the asterisk user has no permission to > see the .pem file as only root can see it. > > Richard > > >> -rw------- 1 root root 161 nov. 18 20:46 ca.cfg >> -rw------- 1 root root 1781 nov. 18 20:46 ca.crt >> -rw------- 1 root root 3311 nov. 18 20:46 ca.key >> -rw------- 1 root root 124 nov. 18 20:46 tmp.cfg >> >> # cat /etc/asterisk/http.conf >> [general] >> enabled=yes >> bindaddr=0.0.0.0 >> bindport=8088 >> tlsenable=yes >> tlsbindaddr=0.0.0.0:8089 >> tlscertfile=/etc/asterisk/keys/asterisk.pem >> >> But, still I don't have any HTTPS server running: >> >> # asterisk -rx "http show status" >> HTTP Server Status: >> Prefix: >> Server: Asterisk/17.0.0 >> Server Enabled and Bound to 0.0.0.0:8088 >> >> Enabled URI's: >> /httpstatus => Asterisk HTTP General Status >> /static/... => Asterisk HTTP Static Delivery >> >> Enabled Redirects: >> None. >> >> >> >> Can someone help me on this ? >> Is http;conf correct ? >> Am I mis-configuring files access rights or ownership ? >> Something else ? >> >> Best regards >> >> >> >> >> >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> Check out the new Asterisk community forum at: >> https://community.asterisk.org/ >> >> New to Asterisk? Start here: >> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20191118/b689fd1b/attachment.html>