1.- Introduction

WebRTC (Web Real-Time Communication) is a free, open-source, project providing web browsers and mobile applications with real-time communications (RTC) via simple application programming interfaces (APIs). It allows audio and video communication to work inside web pages by allowing direct peer-to-peer communication, eliminating the need to install plugins or download native apps. Supported by Apple, Google, Microsoft, Mozilla, and Opera, WebRTC specifications have been published by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF).

This tutorial will walk you through configuring Asterisk to service WebRTC clients.

• Modify or create an Asterisk HTTPS TLS server.
• Create a PJSIP WebSocket transport.
• Create PJSIP Endpoint, AOR and Authentication objects that represent a WebRTC client.

2.- Installation

2.1.- Preparing our server

First, we update our CentOS 7 installation and install some dependencies.

Disable SELinux on CentOS

Next, Install the Firewall

Enable required ports

Now, we enable extra security for ssh access. We change the port by doing the following steps. (Optional)

Uncomment the line #Port 22 and change the port to one of your preference.

Now add the new rule with the new port and restart the sshd service and log in with the new port.

2.2.- Installing Asterisk 18

Now we start the install process of Asterisk 18

At the end of the Asterisk compilation the following appears

Then, we proceed to make menuselect

We make sure that on the codec “codec_opus” is selected. After selecting everything we need, we proceed to Save & Exit.

Now we will proceed to install Asterisk, wait about 10 minutes.

Create a separate user and group to run asterisk services, and assign correct permissions:

Set Asterisk default user to asterisk:

Restart asterisk service after making the changes:

CONGRATULATIONS! You have successfully installed Asterisk 18.

2.3.- Installing Apache

Install Apache to enable web access to our servers.

We create a temporary website with our domain (Our example is: wrtc.new.vitalpbx.org).

Throughout this tutorial you should substitute the domain wrtc.new.vitalpbx.org for yours.

We restart our Apache

2.4.- Creating our Certificate

First, we have to ensure that our domain or subdomain points to the IP address of our server, for this we go to the configuration of our DNS and add a type A record.

Now we will proceed to install our certificate by first installing the dependencies.

Now we create our LetsEncrypt certificate.

Provide an email to be notified of the expiration of the certificate.

Answer Y to proceed

Answer Y to proceed

At the end we see the following message confirming that all is correct.

We write down the path of both certificates, since we are going to use them later.

We modify the file /etc/httpd/conf.d/ssl.conf

Disable other sites

Reload Apache service

Set Up Auto-Renewal

Now that certbot is installed and working, we need to have it check for expiring certificates automatically. As root, we first open the crontab for our server:

Press Insert

In this instance, I’ve added a cron to our example server that looks like this:

Save with Esc, :wq

This cron will, at 3:45 AM every Saturday, run the certbot renew function to renew any already-installed certificates that are due to expire, and then reload the Apache configuration. Save the crontab after you add this line, and it will be in effect immediately.

2.5.- Asterisk Configuration

You should have a working chan_pjsip based Asterisk installation. Either install Asterisk from your distribution’s packages or, preferably, install Asterisk from source. Either way, there are a few modules over and above the standard ones that must be present for WebSockets and WebRTC to work:

• res_crypto
• res_http_websocket
• res_pjsip_transport_websocket
• codec_opus (optional but highly recommended for high quality audio)

We recommend installing Asterisk from source because it’s easy to make sure these modules are built and installed.

2.5.1.- Certificates

Technically, a client can use WebRTC over an insecure WebSocket to connect to Asterisk. In practice though, most browsers will require a TLS based WebSocket to be used. You can use self-signed certificates to set up the Asterisk TLS server but getting browsers to accept them is tricky. So if you’re able, we highly recommend getting trusted certificates from an organization such as LetsEncrypt.

As the objective of this presentation is not to teach how to install a certificate with LetsEncrypt, we recommend the following link to do it yourself.

https://www.tecmint.com/install-lets-encrypt-ssl-certificate-to-secure-apache-on-rhel-centos/

2.5.2.- Configure Asterisk’s built-in HTTP server

To communicate with WebSocket clients, Asterisk uses its built-in HTTP server. So we configure the following:

2.5.3.- PJSIP WSS Transport

Although the HTTP server does the heavy lifting for WebSockets, we still need to define a basic PJSIP Transport:

Replace local_net, external_media_address and external_signaling_address with their respective IPs.

2.5.4.- PJSIP Endpoint, AOR and Auth

We now need to create the basic PJSIP objects that represent the client. In this example, we’ll call the client webrtc_client, but you can use any name you like, such as an extension number. Only the minimum options needed for a working configuration are shown. NOTE: It’s normal for multiple objects in pjsip.conf to have the same name as long as the types differ. Add the following content to the end of the file.

We change the owner of the file to be asterisk

2.5.5.- Configure extensions.conf

Update the /etc/asterisk/extensions.conf to the following:

We change the owner of the file to be asterisk

Restart Asterisk to pick up the changes and if you have a firewall, don’t forget to allow TCP port 8089 through so your client can connect.

Verify that the certificate is properly applied

2.5.6.- Wrap Up

At this point, your WebRTC client should be able to register and make calls. If you’ve used self-signed certificates however, your browser may not allow the connection and because the attempt is not from a normal URI supplied by the user, the user might not even be notified that there’s an issue.  You may be able to get the browser to accept the certificate by visiting “https://pbx.example.com:8089/ws” directly.  This will usually result in a warning from the browser and may give you the opportunity to accept the self-signed certificate and/or create an exception. If you generated your certificate from a pre-existing local Certificate Authority, you could also import that Certificate Authority’s certificate into your trusted store but that procedure is beyond the scope of this document.

**Information Source:

3.- WebRTC Client

For this presentation we decided to use Browser Phone that our criteria is one of the best and most complete open source projects of WebRTC Client.

3.1.- Browser Phone

This web application is designed to work with Asterisk PBX (v13, v16 & v18). Once loaded application will connect to Asterisk PBX on its web socket, and register an extension. Calls are made between contacts, and a full call detail is saved. Audio Calls can be recorded. Video Calls can be recorded, and can be saved with 5 different recording layouts and 3 different quality settings. This application does not use any cloud systems or services, and is designed to be stand-alone. Additional libraries will be downloaded at run time (but can also be saved to the web server for a complete off-line solution).

3.2.- Server Requires

Asterisk PBX version 13|16|17|18 (with Websockets and Text Messaging, chan_sip or chan_pjsip).

Copy the project to the previously created folder.

Give the permissions

3.3.- Enter the Browser with the following url:

https://mydomain/Browser-Phone/Phone/

We enter the following data and we give it Save. Make sure to write all the data including the /ws value in WebSocket Path.

After pressing Save, your registered account should appear at the top left.

Below we show an image of how extension 100 registered with a call in progress should look like.