[SR-Users] Kamailio Dockerization
Sergey Safarov
s.safarov at gmail.com
Mon Jul 27 09:41:32 CEST 2020
Issue documented here
https://github.com/moby/libnetwork/issues/2423
you can use
/usr/bin/docker run --net=host --privileged --rm
claesjonsson/conntrack -D --proto udp
On Mon, Jul 27, 2020 at 10:28 AM Edward Romanenco <edward at telemessage.com>
wrote:
> Hi,
>
> I am working on a project involving Kamailio dockerezation, which is meant
> to run alongside Freeswitch and RTPEngine containers, on the basis of a
> Docker-Compose file which is launched on top of a CentOS 7.7 host system.
> I was able to create and run the containers successfully, they are
> starting and listening to the correct ports, but for some unexplained
> reason - the incoming SIP traffic is not getting picked up by Kamailio. I
> can easily trace the traffic from the host, but when SSHing the container
> and running a test from within, no traffic goes by.
> I've used netcat to generate plain UDP traffic to the container, and it
> was logged into the Kamailio log files, but real-life traffic doesn't seem
> to work.
> I've tried moving to host mode (from bridge), but it didn't make any
> difference. All required firewall rules were opened obviously, I've also
> tried shutting the firewall off completely but it didn't help.
>
> Does anyone experienced anything similar while running Kamailio in
> Dockers, and could provide me a go-through on what steps did he take to fix
> it?
>
> EXCERPT FROM MY DOCKERFILE
>
> # Getting Kamailio source code from GIT
> RUN mkdir -p /usr/local/src/kamailio-5.3
> WORKDIR /usr/local/src/kamailio-5.3
> RUN git clone --depth 1 --no-single-branch https://github.com/kamailio/kamailio
> WORKDIR /usr/local/src/kamailio-5.3/kamailio
> RUN git checkout -b 5.3.2
>
> # Compile the source code and install Kamailio
> RUN make include_modules="phonenum db_mysql xmlrpc http_async_client jansson auth_db nathelper websocket tls outbound topoh http_client" cfg && \
> make all && make install
>
> # Default setting is to run Kamailio as user “kamailio” and group “kamailio”
> RUN adduser --quiet --system --group --disabled-password \
> --shell /bin/false --gecos "Kamailio" \
> --home /var/run/kamailio kamailio
>
> # To use init.d script for starting/stopping the Kamailio server
> COPY Init/kamailio /etc/init.d/
> RUN chmod 755 /etc/init.d/kamailio
> COPY Default/kamailio /etc/default/
> COPY kamailio.service /etc/systemd/system/
> RUN mkdir -p /var/run/kamailio
> RUN chown kamailio:kamailio /var/run/kamailio
>
> COMPOSE (BRIDGE NETWORK VERSION)
>
> kamailioegress:
> build: kamailio_egress
> image: kamailioegress:latest
> container_name: kamailioegress
> restart: always
> environment:
> - DATABASE=kamailioe
> - SIP_DOMAIN=XXX
> - DBHOST=kamailiodb
> - DBROOTUSER=root
> - DBROOTPASS=XXX
> - PUBLIC_IPV4=XXX
> depends_on:
> - Kamailio-Base
> - kmdb
> - freeswitch
> - rtpengine
> expose:
> - "5060/udp"
> - "5060/tcp"
> ports:
> - "XXX:5060:5060/udp"
> networks:
> private-net:
> ipv4_address: "172.18.0.30"
> deploy:
> mode: replicated
> replicas: 1
> restart_policy:
> condition: always
> delay: 5s
> max_attempts: 3
> window: 120s
>
> networks:
> private-net:
> driver: bridge
> ipam:
> config:
> - subnet: 172.18.0.0/16
> driver_opts:
> com.docker.network.bridge.name: wrtcpriv
> public-net:
> external:
> name: host
>
> COMPOSE (HOST MODE VERSION)
>
> kamailioegress:
> build: kamailio_egress
> image: kamailioegress:latest
> container_name: kamailioegress
> network_mode: host
> restart: always
> environment:
> - DATABASE=kamailioe
> - SIP_DOMAIN=XXX
> - DBHOST=172.18.0.10
> - DBROOTUSER=root
> - DBROOTPASS=XXX
> - PUBLIC_IPV4=XXX
> - EGPORT=5060
> - LINTE=ens224
> - LINTI=ens192
> - RTPENGINE=localhost
> depends_on:
> - Kamailio-Base
> - kmdb
> - freeswitch
> - rtpengine
> expose:
> - "5060/udp"
> ports:
> - "213.8.76.13:5060:5060/udp"
> deploy:
> mode: replicated
> replicas: 1
> restart_policy:
> condition: always
> delay: 5s
> max_attempts: 3
> window: 120s
>
> CONFIG FILE
>
> /* uncomment and configure the following line if you want Kamailio to
> * bind on a specific interface/port/proto (default bind on all available) */
> listen=udp:0.0.0.0:LPORT advertise PUBLIC_IP:LPORT
>
> KAMAILIO-LOCALE
>
> #!define DBURL "mysql://root:XXX@DBHOST/kamailioe"
> #!substdef "!MY_DBURL!mysql://root:XXX@DBHOST/kamailioe!g"
> #!substdef "!RTPENGINE!MY_RTPENGINE!g"
> #!substdef "!SIP_DOMAIN!MY_SIP_DOMAIN!g"
> #!substdef "!PUBLIC_IP!MY_PUBLIC_IP!g"
> #!substdef "!PRIVATE_IP!MY_PRIVATE_IP!g"
> #!substdef "!LPORT!MY_LPORT!g"
> #!substdef "!LINT!MY_LINT!g"
> #!substdef "!HOMER_IP!10.1.0.100!g"
> #!substdef "!API_URL!http://localhost:3000/v1/mock!g"
> #!substdef "/CCODES/972|380/"
> #!substdef "/NUM_TRANSLATE_OUT_RE/\\\\+?(CCODES)([0-9]+)/"
> #!substdef "/NUM_TRANSLATE_IN_RE/0([0-9]+)/"
>
> FIREWALL RULES
>
> -bash-4.2# firewall-cmd --list-all
> public (active)
> target: default
> icmp-block-inversion: no
> interfaces: ens192 ens224
> sources: 192.168.1.39
> services: dhcpv6-client http https sip ssh
> ports: 9323/tcp 9323/udp
> protocols:
> masquerade: no
> forward-ports:
> source-ports:
> icmp-blocks:
> rich rules:
> rule family="ipv4" destination address="XXX" port port="5060" protocol="udp" accept
> rule family="ipv4" destination address="XXX" port port="5060" protocol="tcp" accept
>
> NETSTAT OUTPUT
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
> udp 0 0 XXX:5060 0.0.0.0:* 22479/kamailio
>
> Edward
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200727/eb057a80/attachment.htm>
More information about the sr-users
mailing list