OpenSIPS v3 with GUI on Debian v10 MariaDB Apache install guide

Control panel screenshots

OpenSIPS is a multi-functional, multi-purpose SIP server used by carriers, telecoms or ITSPs for solutions like Class4/5 Platforms, Trunking / Wholesale, Enterprise / Virtual PBX Solutions, Session Border Controllers, Application Servers, Front-End Load Balancers, IMS Platforms, Call Centers, and many other things.

Tested on:

Debian v9 (Stretch) and v10 (Buster) x64 minimal install
OpenSips v3.0
OpenSips GUI v8.3.0
Apache v2.4
PHP v7.3
MariaDB v10

Prerequisites

Initial install

apt update && apt -y upgrade
apt -y install m4 git nano sudo curl dbus apache2 lsb-release dirmngr apt-transport-https ca-certificates

Monit

# If using Debian 10 add backports repo
echo "deb http://deb.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/buster-backports.list

apt update && apt -y install monit

PHP

# Add php v7.3 repository on Debian v9.  Optional for Debian v10 as v7.3 is included.
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > \
/etc/apt/sources.list.d/php.list

apt update && apt -y install php7.3 php7.3-gd php7.3-mysql php7.3-xmlrpc php-pear php7.3-cli php-apcu php7.3-curl php7.3-xml libapache2-mod-php7.3

pear install MDB2#mysql

sed -i "s#short_open_tag = Off#short_open_tag = On#g" /etc/php/7.3/apache2/php.ini

systemctl restart apache2

MariaDB

apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
apt update && apt -y install mariadb-server

# Debian 9
nano /etc/mysql/mariadb.cnf

# Debian 10
nano /etc/mysql/my.cnf

# Add the following lines under [mysqld] to disable strict mode and use opensips default latin1 charset
sql_mode=''
character-set-server = latin1

systemctl restart mariadb

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Timezone

## FIND YOUR TIMEZONE
tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE
​timedatectl status

systemctl restart rsyslog

Install

OpenSips

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 049AD65B 

echo "deb https://apt.opensips.org $(lsb_release -sc) 3.0-releases" >/etc/apt/sources.list.d/opensips.list
echo "deb https://apt.opensips.org $(lsb_release -sc) cli-nightly" >/etc/apt/sources.list.d/opensips-cli.list

apt update

Modules

apt -y install opensips opensips-cli opensips-mysql-module opensips-postgres-module opensips-unixodbc-module opensips-jabber-module opensips-cpl-module opensips-radius-modules opensips-presence-modules opensips-xmlrpc-module opensips-perl-modules opensips-snmpstats-module opensips-xmpp-module opensips-carrierroute-module opensips-berkeley-module opensips-ldap-modules opensips-geoip-module opensips-regex-module opensips-identity-module opensips-b2bua-module opensips-dbhttp-module opensips-dialplan-module opensips-http-modules opensips-tls-module opensips-cgrates-module

DB install

mysql -p
>
CREATE USER 'opensips'@'localhost' IDENTIFIED BY 'opensipsrw';
GRANT ALL PRIVILEGES ON opensips.* TO 'opensips'@'localhost';
FLUSH PRIVILEGES;
exit

opensips-cli -x database create

# Some users report requiring this command to prevent mysql errors
opensips-cli -x database add presence

Generate config file

/usr/sbin/osipsconfig

Navigate to Generate OpenSIPS Script > Residential Script > Configure Residential Script > Select everything except TLS with spacebar. Hit q key to go back to previous menu.  Select Generate Residential Script.  The tool will show the location and name of the generated script.

mv /etc/opensips/opensips.cfg /etc/opensips/opensips.cfg.orig
cp /etc/opensips/generated_script_name.cfg /etc/opensips/opensips.cfg
chmod 644 /etc/opensips/opensips.cfg

Addtional configs

nano /etc/opensips/opensips.cfg

## Replace the listen=xxp:127.0.0.1:5060 lines substituting in the IP of the server

listen=udp:x.x.x.x:5060
listen=tcp:x.x.x.x:5060

Check config file validity and show any errors

opensips -C /etc/opensips

If no errors, load config file

systemctl restart opensips

Control Panel 

git clone -b 8.3.0 https://github.com/OpenSIPS/opensips-cp.git /var/www/opensips-cp

Create OCP table

Before logging in as admin, you must first create the relevant table in the database and add admin user.

cd /var/www/opensips-cp/config
mysql -p opensips < db_schema.mysql

Statistics monitor cron

cd /var/www/opensips-cp/config
cp tools/system/smonitor/opensips_stats_cron /etc/cron.d/
systemctl restart cron

Monit config

echo -e "set httpd port 2812 and\nallow localhost" >> /etc/monit/monitrc
systemctl restart monit

Global config

nano +30 /var/www/opensips-cp/config/boxes.global.inc.php

// monit host:port
$boxes[$box_id]['monit']['conn']="127.0.0.1:2812";
$boxes[$box_id]['monit']['user']="admin";
$boxes[$box_id]['monit']['pass']="admin";
$boxes[$box_id]['monit']['has_ssl']=0; //Change to 0 if not using SSL

Apache config

cat >> /etc/apache2/sites-available/opensips.conf << EOF
<VirtualHost *:80>

DocumentRoot /var/www/opensips-cp

<Directory /var/www/opensips-cp/web>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Require all granted
</Directory>
<Directory /var/www/opensips-cp>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Require all denied
</Directory>
Alias /cp /var/www/opensips-cp/web

<DirectoryMatch "/var/www/opensips-cp/web/tools/.*/.*/(template|custom_actions|lib)/">
     Require all denied
</DirectoryMatch>

</VirtualHost>

EOF

a2dissite 000-default
a2ensite opensips
chown -R www-data. /var/www/opensips-cp
systemctl restart apache2

browse to http://x.x.x.x/cp

username: admin
password: opensips

Misc

Firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld

firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061}/udp
firewall-cmd --reload
firewall-cmd --list-all

Log file

To write OpenSips logs to a separate log file in addition to /var/log/syslog.

nano +69 /etc/rsyslog.conf

local0.*                        -/var/log/opensips.log

touch /var/log/opensips.log
systemctl restart rsyslog

Basic configuration

This shows a basic configuration consisting of local users and a SIP trunk provider. 

Create a local user

From OpenSIPS control panel:

 System > Domains > Add Domain > x.x.x.x
where x.x.x.x is the IP of the server.

Users > User Management > Add New User 
Create an extension number username (such as "1000"), and assign the above domain and a password.  You can also create a named username (such as "joe") and assign alias username (such as "1000") as extension number for dialing.

Point a SIP device at the server IP and add the user credentials above.  The SIP device should indicate it is registered.  Add a second device and you should be able to make extension to extension calls between them. 

Verify registration info by clicking on "Contacts" icon in User Management . 

Set up a SIP trunk

For inbound calling simply point the DID number to the IP of the OpenSIPS server and set the SIP Trunk to IP authentication on the SIP provider end. 

Add gateway source IP for inbound (DID) at Dynamic Routing > Gateways

GWID = SomeSipProvider
Type = 1 (Proxy)
Address = x.x.x.x # Where x.x.x.x is the IP address of calls coming from your Sip Provider.

Click on "Apply Changes to Server" in upper right of screen.

You can add IP authentication on the OpenSips end by using  is_from_gw("1") or loading Permissions Module, adding the IP to Permissions in the Menu,  and using check_source_address("1").   How that is implemented is beyond the scope of this document.

Inbound Calling

For dialing directly from the PSTN to a configured user via the configured SIP trunk.  This may vary depending on what DID format the SIP trunk provider sends.

Users > Alias Management

Username = someusername # This user name must exist in Users > User Management
Alias Username = 1NXXNXXXXXX # This is your DID phone number

You should now be able to make phone calls from the PSTN to your user by dialing the DID phone number.

Outbound Calling

For dialing directly to the PSTN from any configured user.  This may vary depending on what format the SIP trunk provider expects.

Around line 360 in opensips.cfg, replace

 if ($rU=~"^\+[1-9][0-9]+$") {

with

if (dp_translate("10","$rU/$rU") ) {

restart to load the change

systemctl restart opensips

From the GUI control panel System > Dialplan > Add New Rule for +E.164 dialing if this is what the SIP provider expects.

Dialplan ID = 10
Rule Priority = 1
Matching Regular Expression = ^\+[1-9][0-9]+$

Add new rule for E.164 North American dialing (1NXXNXXXXXX) if this is what the SIP trunk provider expects.

Dialplan ID = 10
Rule Priority = 2 
Matching Regular Expression = ^1[1-9][0-9]{9}+$

Click on "Apply Changes to Server" in upper right of screen.

System > Dynamic Routing > Rules > Add New

Group ID = 0 #Click the "Add" button below it to populate the "0"
Prefix = 1 #Dialed numbers that begin with 1
Gateways List = YourGatewayName #Click the "Add" button to populate Gateway List with your Gateway

Click on "Apply Changes to Server" in upper right of screen.

You should now be able to dial from any local user to the PSTN dialing 11 digit North American numbers which start with 1.