VoIP Powering Your Office: Installing SipX
Last week we took the bird's-eye view of SipX, the open-source SIP proxy server and iPBX. Today we're going to download and install it and run through setting it up.
Pingtel, the sponsors of SipX, offers several different download options. There is the usual LiveCD, which I think is the greatest thing since chocolate itself, nightly source builds from the Subversion repository, source RPMs, and then the installation image we're going to talk about todaythe shiny new sipX-InstallCD-3.7.5-8790.iso. It's a 376-megabyte download, which isn't too bad by modern standards, that installs to about 1.5 gigabytes.
Thankfully, they don't call it a software appliance, even though that's what it is. This .iso has everything you need to get up and running fast: the Fedora Linux operating system and SipX.
The installer completely overwrites your hard drive, and is hands-off until after the first reboot; then a setup wizard walks you through some basic configurations. It also includes services such as DNS, DHCP, NTP, FTP, HTTP, and TFTP. A nice feature is you can set up a redundant system that consists of two servers with a mouse click. Once the setup wizard is finished, point a Web browser at the newly installed machine and you're ready to rock.
To get started, just burn your .iso to a CD, then boot the CD. The installer uses a ncurses interface, which might appear a bit strange to some folks. It does not support using a mouse, so you have to navigate with the keyboard. Use the tab and arrow keys to move around, and the spacebar to select or de-select things.
If your network already has a DNS or DHCP server, do not install them on your SipX server, because this will cause mass confusion.
The setup wizard is fussy and won't let you get away with sloppiness. When you configure networking, it wants a fully qualified domain name, like server1.alrac.net. You won't get away with specifying just the hostname. Then it wants a full admin e-mail address, like firstname.lastname@example.org can't just give it a local username like admin. It makes you change the root password, which is a very good thing.
When you get to the screen for the SSL certificate settings, you can use anything you want for Organization Name, Section Name, and Locality. Country Code should be a two-letter code. Don't leave any blank lines. This creates a self-signed certificate, so it doesn't matter what you say here.
The screen for setting the time has a small glitch- you can't tell which field you are in without hitting the up or down arrow keys. Doubtless this will be fixed in a future release.
The system will reboot and stop at a console prompt. Go to a neighboring PC, fire up a Web browser, and navigate to the IP address of your SipX server. On my test system that is http://192.168.1.55. First you will get a warning about the SSL certificate. Go ahead and view it, just to see what it looks like. Then accept it. You'll see a rather plain page that says
Welcome to sipXpbx
When you click either Configuration or Voice Mail it switches to https, and you are prompted to create a password for the superadmin user. This is the Web interface administrator.
As you click on the different tabs, you'll see that you can control everything on your SipX server from the Web interface. When I clicked on the Help button, it gave me a 404 error. Ahem. The page it should go to is http://sipx-wiki.calivia.com/index.php/SipX_Configuration_Server, though locally cached pages would be better, since you can't always count on having Internet access.
An SSH server runs by default, so you can log in remotely like this:
# ssh email@example.com
Go ahead and do this, just for fun. Your SipX server can be run headless, so when you're satisfied with the installation and can log in and out remotely, feel free to disconnect the monitor and keyboard.
A simple safety measure that adds a useful layer of security is to create an ordinary, unprivileged user:
# # useradd carla
# passwd carla
Then disable root SSH logins, and change the port number by adding these two lines to /etc/ssh/sshd_config:
Any unused port over 1024 will do. Check in /etc/services first, because you don't want duplicates. Then add your chosen port number to /etc/services like this:
Then you'll login like this:
# ssh firstname.lastname@example.org -p 2222
There are more ways to lock down SSH logins, but this is a simple one that stops a lot of attacks.
While you're logged in, run the ps ax command to see what services are running. SipX installs cleanly, without any unnecessary services running. You'll see PostgreSQL, the HTTP server, Sendmail, and various SipX services. (Sendmail seems rather quaintis this not 2007?)
Next week we'll start setting up our server, set up a softphone, and start making calls.