Add these lines to /etc/apt/sources.list:
# AG Projects software deb http://ag-projects.com/debian unstable main deb-src http://ag-projects.com/debian unstable main
Install the AG Projects debian software signing key:
sudo wget -O /etc/apt/trusted.gpg.d/agp-debian-key.gpg http://download.ag-projects.com/agp-debian-key.gpg
After that, run:
sudo apt-get update sudo apt-get install mrsprelay
If you have installed the debian package you can skip forward to the Configure the server section.
Ubuntu notes
There is a known compatibility issue with Ubuntu shipped libgcrypt11 library. If you have configured AG Projects debian repository, install this version instead:
sudo apt-get install libgcrypt11=1.5.0-3ubuntu1+agp
Configure the server
A sample configuration file is provided as config.ini.sample. All configuration options are documented in this file.
Configure the MSRP Relay by copying config.ini.sample to config.ini and editing it. At the very least the certificates need to be provided and the authentication backend needs to be configured.
Generate a TLS certificate/key pair. For documentation on how to do this, see the "tls" directory.
Typically, both TLS certificate/key pair and configuration file would be i nstalled in /etc/msrprelay. This is not needed however, as MSRP Relay looks for the configuration file in its local directory. Alternatively, the configuration filename and location may be specified on the command line using the --config-file option.
If you don't have a running user database to connect to you can test using the in-memory backend as described.
The software will reload its configuration file when it receives the HUP signal. All of the already established sessions will continue to operate using the old settings until a disconnection occurs within this session. This allows for changes in the configuration without disruption of service.
NOTE: at this moment the backend configurations are not re-read.
Configure DNS
For each domain served by the relay the following DNS record must be added to the name servers authoritative for the domain:
_msrps._tcp.example.com. IN SRV 0 0 2855 msrprelay.example.com. msrprelay.example.com. IN A 10.0.0.1
Replace the domain name, hostname and IP address with the real ones.
Multiple relays per domain
For allowing multiple relays for each domain you must either:
- Create multiple SRV DNS records pointing to multiple hostnames or
- Create one SRV record that point to one hostname and add multiple A records for that hostname pointing to multiple IP addesses. When doing so it is important that each relay is configured with a hostname that is resolvable in the DNS to his own IP address.
Running the server
Start the MSRPRelay, either by executing:
./msrprelay --no-fork
or as a daemon, which is the default behaviour.
This can also be done using the init.d script:
/etc/init.d/msrprelay start
When started as a deamon MSRPRelay will log its messages to syslog.
Example config file:
; MSRP Relay example configuration file
;
; This configuration file consists of two subsections:
;
; - a global configuration section under the "Relay" heading
; - a configuration section per username/password retrieval backend
; Global configuration
[Relay]
; mandatory setting
; The X509 certificate file to use during the TLS handshake. A path that
; does not start with / is relative to /etc/msrprelay/ folder
certificate = tls/msrprelay.crt
; mandatory setting
; The X509 private key file to use during the TLS handshake. A path that
; does not start with / is relative to /etc/msrprelay/ folder
key = tls/msrprelay.key
; Local IP address and port to listen on. Default is to listen on all addresses
; for this host on port 2855, the default IANA MSRP port.
address = msrp.example.com:9000
; Allow other methods besides the standard (SEND, REPORT, NICKNAME) to be forwarded through the relay
; allow_other_methods = Yes
; Disable TLS and use TCP only for this MSRP Relay. As this breaks with
; specifications, only use it for debugging purposes.
debug_notls = Yes
; Log failed AUTH attempts to the syslog or console.
; log_failed_auth = No
; Maximum ammount of times a newly connected client can re-try an AUTH before
; it gets disconnected.
; max_auth_attempts = 3
; The number of seconds a AUTH challenge, once issued, remains valid
; auth_challenge_expiration_time = 15
; mandatory setting
; The default backend to use for username/password retrieval. Backend names
; refer to modules in the backend package.
backend = database
;backend = memory
; The hostname to present in Use-Path MSRP URIs. Normally this need not be
; specified, as it is fetched automatically from the subject alternative name
; of the TLS certificate. If TLS is disabled and the hostname value is not
; specified, the IP address on which the relay is listening will be used.
hostname = msrp.example.com
; If this value is not specified, the domain part of the authentication is
; taken to be the host part of the URI in the To-Path of the AUTH request. As
; this requires provisioning of SRV records, the value can be manually
; overridden here. Note that this implies that all users are authenticated in
; this, and only this, domain.
default_domain = msrp.example.com
; The logging level can be one of CRITICAL, ERROR, WARNING, INFO and DEBUG,
; in increasing order of verbosity. The default value is DEBUG
; log_level = DEBUG
;
; Backend configuration
;
[Database]
; The Database backend does username/password retrieval from a database
; accessible my SQLObject. By default this is configured to access an
; OpenSIPS database. As the table and column names are configurable this
; could be any database.
; The URI used to access the database, including username and password. Check
; the SQLObject documentation for syntax.
uri = mysql://kamailio:kamailiorw@localhost/kamailio
; If this option is set the database will be queried for literal passwords.
; Otherwise, the "ha1" digest hash will be requested.
cleartext_passwords = No
; The name of the database table to consult.
subscriber_table = subscriber
; The username column.
username_col = username
; The domain column.
domain_col = domain
; The password column, consulted if cleartext_passwords is set
;password_col = ha1
; The ha1 column, consulted if cleartext_passwords is not set
ha1_col = ha1
[Memory]
; A simple to use memory backend useful for testing purposes. Each entry is
; a username/password pair.
alice@example.com = 1234
bob@example.com = 1234