-
mentax
mc_: could you please tell me iff I could import 1 user from old cluster to the new cluster with clone_tool?
-
mc_
i don't know off-hand, haven't used clone_tool in ages
-
mentax
ok
-
mentax
mc_ another question - how did you guys deal with TLS for kamailio for different resellers? In tls.cfg you can only specify one certificate and if you have 2 resellers with different domains that could be an issue?
-
mentax
and the same with HAProxy...
-
mentax
Just found how to do that for kamailio TLS. But not for HAProxy web sockets
-
mc_
mentax: good question
-
mc_
i assume of we can't do multiple certs per kamailio, if an account needed a custom cert, we would stand up a kam instance specifically for them
-
mc_
but afaik we don't have a big need for this
-
mc_
but i don't have insight into that
-
mentax
mc_ for TLS you can specify multiple domains.
-
mentax
I just done that. But for a websocket browser most likely will complain about cert
-
mentax
mc_ I did it ;-)
-
Ysean
do share :)
-
mentax
bind 0.0.0.0:7777 ssl crt /etc/SSL/domain1.com/HAProxy_cert_key.pem crt /etc/SSL/domain2.com/HAProxy_cert_key.pem
-
Ysean
gotcha
-
mentax
Now there is another things - In kamailio local.conf you specify #!substdef "!MY_WEBSOCKET_DOMAIN!domain1!g"
-
mentax
how can I add second domain over there...
-
mentax
mayve mc_ know more about websockets )))
-
mc_
mentax: if the websocket domain is cancelled out, any host can connect to it
-
mc_
if defined, only connections from that host are allowed
-
mentax
mc_ so, if I will specify #!substdef "!MY_WEBSOCKET_DOMAIN!127.0.0.1!g" in this case only local server will be able to connect to the websocket?
-
mentax
and no one else?
-
mentax
I mean if I will point HAProxy to to 127.0.0.1:5555 it will work with any domains from kamailio side?
-
mc_
mentax: from what i recall, if you define the domain, only websocket connectiosn from domain will be accepted (meaning the web page will have to be loaded from that domain)
-
mc_
undefined means any web page can initiate a connection
-
mc_
kamailio won't check the Host header
-
mentax
but if I need to use 2 different domains what should be done in this case?
-
mentax
You have whole bunch of resellers with their own domains, how did it work them?
-
mentax
Should I use WEBSOCKET_NO_ORIGIN_RESTRICTION in this case?
-
mc_
comment out MY_WEBSOCKET_DOMAIN i think
-
mc_
and no_origin_restriction, sounds reasonable