Hi,
I am working on a project involving Kamailio dockerezation, which is meant to run alongside Freeswitch and RTPEngine containers, on the basis of a Docker-Compose file which is launched on top of a CentOS 7.7 host system.
I was able to create and run the containers successfully, they are starting and listening to the correct ports, but for some unexplained reason - the incoming SIP traffic is not getting picked up by Kamailio. I can easily trace the traffic from the host, but
when SSHing the container and running a test from within, no traffic goes by.
I've used netcat to generate plain UDP traffic to the container, and it was logged into the Kamailio log files, but real-life traffic doesn't seem to work.
I've tried moving to host mode (from bridge), but it didn't make any difference. All required firewall rules were opened obviously, I've also tried shutting the firewall off completely but it didn't help.
Does anyone experienced anything similar while running Kamailio in Dockers, and could provide me a go-through on what steps did he take to fix it?
EXCERPT FROM MY DOCKERFILE
# Getting Kamailio source code from GIT
RUN mkdir -p /usr/local/src/kamailio-5.3
WORKDIR /usr/local/src/kamailio-5.3
RUN git clone --depth 1 --no-single-branch https://github.com/kamailio/kamailio
WORKDIR /usr/local/src/kamailio-5.3/kamailio
RUN git checkout -b 5.3.2
# Compile the source code and install Kamailio
RUN make include_modules="phonenum db_mysql xmlrpc http_async_client jansson auth_db nathelper websocket tls outbound topoh http_client" cfg && \
make all && make install
# Default setting is to run Kamailio as user “kamailio” and group “kamailio”
RUN adduser --quiet --system --group --disabled-password \
--shell /bin/false --gecos "Kamailio" \
--home /var/run/kamailio kamailio
# To use init.d script for starting/stopping the Kamailio server
COPY Init/kamailio /etc/init.d/
RUN chmod 755 /etc/init.d/kamailio
COPY Default/kamailio /etc/default/
COPY kamailio.service /etc/systemd/system/
RUN mkdir -p /var/run/kamailio
RUN chown kamailio:kamailio /var/run/kamailio
COMPOSE (BRIDGE NETWORK VERSION)
kamailioegress:
build: kamailio_egress
image: kamailioegress:latest
container_name: kamailioegress
restart: always
environment:
- DATABASE=kamailioe
- SIP_DOMAIN=XXX
- DBHOST=kamailiodb
- DBROOTUSER=root
- DBROOTPASS=XXX
- PUBLIC_IPV4=XXX
depends_on:
- Kamailio-Base
- kmdb
- freeswitch
- rtpengine
expose:
- "5060/udp"
- "5060/tcp"
ports:
- "XXX:5060:5060/udp"
networks:
private-net:
ipv4_address: "172.18.0.30"
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: always
delay: 5s
max_attempts: 3
window: 120s
networks:
private-net:
driver: bridge
ipam:
config:
- subnet: 172.18.0.0/16
driver_opts:
com.docker.network.bridge.name: wrtcpriv
public-net:
external:
name: host
COMPOSE (HOST MODE VERSION)
kamailioegress:
build: kamailio_egress
image: kamailioegress:latest
container_name: kamailioegress
network_mode: host
restart: always
environment:
- DATABASE=kamailioe
- SIP_DOMAIN=XXX
- DBHOST=172.18.0.10
- DBROOTUSER=root
- DBROOTPASS=XXX
- PUBLIC_IPV4=XXX
- EGPORT=5060
- LINTE=ens224
- LINTI=ens192
- RTPENGINE=localhost
depends_on:
- Kamailio-Base
- kmdb
- freeswitch
- rtpengine
expose:
- "5060/udp"
ports:
- "213.8.76.13:5060:5060/udp"
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: always
delay: 5s
max_attempts: 3
window: 120s
CONFIG FILE
/* uncomment and configure the following line if you want Kamailio to
* bind on a specific interface/port/proto (default bind on all available) */
listen=udp:0.0.0.0:LPORT advertise PUBLIC_IP:LPORT
KAMAILIO-LOCALE
#!define DBURL "mysql://root:XXX@DBHOST/kamailioe"
#!substdef "!MY_DBURL!mysql://root:XXX@DBHOST/kamailioe!g"
#!substdef "!RTPENGINE!MY_RTPENGINE!g"
#!substdef "!SIP_DOMAIN!MY_SIP_DOMAIN!g"
#!substdef "!PUBLIC_IP!MY_PUBLIC_IP!g"
#!substdef "!PRIVATE_IP!MY_PRIVATE_IP!g"
#!substdef "!LPORT!MY_LPORT!g"
#!substdef "!LINT!MY_LINT!g"
#!substdef "!HOMER_IP!10.1.0.100!g"
#!substdef "!API_URL!http://localhost:3000/v1/mock!g"
#!substdef "/CCODES/972|380/"
#!substdef "/NUM_TRANSLATE_OUT_RE/\\\\+?(CCODES)([0-9]+)/"
#!substdef "/NUM_TRANSLATE_IN_RE/0([0-9]+)/"
FIREWALL RULES
-bash-4.2# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192 ens224
sources: 192.168.1.39
services: dhcpv6-client http https sip ssh
ports: 9323/tcp 9323/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" destination address="XXX" port port="5060" protocol="udp" accept
rule family="ipv4" destination address="XXX" port port="5060" protocol="tcp" accept
NETSTAT OUTPUT
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 XXX:5060 0.0.0.0:* 22479/kamailio
Edward
_______________________________________________