docker-cert-asterisk13-ubuntu: Docker image
You can find this image on the docker hub at: https://hub.docker.com/r/cleardevice/docker-cert-asterisk13-ubuntu/
Docker image with Certified Asterisk 13 LTS version and Fail2ban on Ubuntu 64bits (14.04.2 LTS)
This is the Docker Certified Asterisk 13.1-cert2 version on Ubuntu X86_64 with SIP and new PJSIP channels. Certified Asterisk 13 is the latest LTS version recommended for production systems with a release frequency of 2 - 4 times per year.
It includes:
- Certified Asterisk 13.1-cert2
- Sip and new pjsip channel enabled
- Only g729, alaw, ulaw english sounds and MOH
- Fail2ban (v0.8.11)
To pull it:
# docker pull cleardevice/docker-cert-asterisk13-ubuntu
For compile it on your own platform/server from the Dockerfile:
$ git clone https://github.com/cleardevice/docker-cert-asterisk13-ubuntu
$ cd docker-cert-asterisk13-ubuntu
$ docker build -t myrepository/asterisk01 .
To execute it:
Asterisk PBX needs to use a big range of ports, so it needs to be executed with docker version 1.5.0 or higher (available in docker ubuntu sources) for being able to launch the image specifying a range of ports. For example:
# docker run --restart=always --privileged --name asterisk01 -d -p 5060:5060 -p 5060:5060/udp -p 10000-10500:10000-10500/udp -v <path to host folder with asterisk confings>:/etc/asterisk cleardevice/docker-cert-asterisk13-ubuntu
and connect to asterisk CLI with:
# docker exec -it asterisk01 asterisk -rvvvvv
Notice:
Seems that opening too much ports in a docker images, consumes a lot of resources in your docker host and may fail to launch it. So giving that every SIP call can use up to 4 RTP ports, it is convenient to open only the necessary RTP ports for the expected calls. In this case we open 500 RTP ports for 125 expected concurrent calls. From 10000 to 10500. Don't forget to configure that RTP ports in the /etc/asterisk/rtp.conf file:
# rtpstart=10000
# rtpend=10500
Fail2ban
To manage Fail2ban, login to asterisk container:
# docker exec -it asterisk01 bash
Check Fail2ban status:
# service fail2ban status
Check Fail2ban Asterisk rules:
# fail2ban-client status asterisk-iptables
# fail2ban-client status asterisk-security-iptables
Show fail2ban iptables rules:
# iptables -nL fail2ban-ASTERISK
For example you can see:
Chain fail2ban-ASTERISK (1 references)
target prot opt source destination
REJECT all -- 1.2.3.4 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
To unblock IP address use:
# iptables -D fail2ban-ASTERISK -s 1.2.3.4 -j DROP
Thanks
- Gonzalo Marcote for idea (https://github.com/gonzalomarcote/docker-cert-asterisk13-centos7)
- Dave Beckett for install script idea (https://github.com/dajobe/docker-nghttp2)