[Freeswitch-users] FreeSWITCH behind an Nginx proxy

Dan Edwards DEdwards at vertical.com
Tue Nov 3 00:56:12 MSK 2015


Thank you for your response, Michael.

Pardon my ignorance on ACL's, but I'm unclear how that works in this scenario. When I read the Confluence page regarding ACL's, I read their application to be allowing access to the system. In my case, I'm trying to convince FS to offer up the external IP, regardless of what the actual IP address is.

Is there more doc than https://freeswitch.org/confluence/display/FREESWITCH/ACLhttps://freeswitch.org/confluence/display/FREESWITCH/ACL that I can refer to?

Again, thank you for your help and sorry if these are dumb questions.

Dan


________________________________
From: freeswitch-users-bounces at lists.freeswitch.org [freeswitch-users-bounces at lists.freeswitch.org] on behalf of Michael Jerris [mike at jerris.com]
Sent: Monday, November 02, 2015 4:36 PM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] FreeSWITCH behind an Nginx proxy

there are acls for this yes.  check out the ones that refer to nat

On Monday, November 2, 2015, Dan Edwards <DEdwards at vertical.com<mailto:DEdwards at vertical.com>> wrote:
We're trying to build a system that allows WebSocket SIP traffic through an Nginx proxy to FreeSWITCH and I'm having trouble getting the proper IP address offered in the SDP.

I added ext-rtp-ip and ext-sip-ip to the profile, but if I come in via the Nginx proxy, FS always offers the local address. I made some code changes to FS to catch the X-Forwarded-For header on the initial WebSocket connect, thinking I could substitute the forwarded-for IP address for the Nginx address, but this did not correct the problem.

To be clear, if I run Nginx on 172.1.1.1 and FS on 172.1.1.2, when I come in via Nginx, FS sees the SIP IP as 172.1.1.1 and offers 172.1.1.2 as the RTP address. If I come in via a port-forward, FS offers what I have in 'ext-rtp-ip' as the IP address.

Is there a way to force FS to always offer ext-rtp-ip, even if the address is local or does this require a code change? If it requires a code change, where does this logic exist?

Thank you,
Dan


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151102/c7f1220d/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list