Initial revision.

.github/workflows/build.yml

@@ -0,0 +1,96 @@
+name: Build Docker image
+
+# Controls when the action will run.
+on:
+  # Triggers the workflow on all push or pull request events
+  push:
+  pull_request:
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+  schedule:
+    - cron: "0 0 * * *"
+
+# added using https://github.com/step-security/secure-repo
+permissions:
+  contents: read
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  Docker:
+    name: Build&Push to DockerHub
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_REPO: sippylabs/webrtc_phone
+      PLATFORMS: linux/amd64,linux/i386,linux/arm/v7,linux/arm64
+      BASE_IMAGE: sippylabs/rtpproxy:RFC5245_ICE
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        submodules: 'recursive'
+
+    - name: Checkout SIP.js repo
+      uses: actions/checkout@v4
+      with:
+        repository: 'onsip/SIP.js'
+        path: docker/SIP.js
+
+    - name: Checkout Sippy B2BUA repo
+      uses: actions/checkout@v4
+      with:
+        repository: 'sippy/b2bua'
+        path: docker/b2bua
+        ref: RFC7118
+
+    - name: Build SIP.js
+      run: sh -x build/SIP.js.sh
+
+    - name: Set up QEMU
+      id: qemu
+      uses: docker/setup-qemu-action@v3
+      with:
+        platforms: arm64,arm
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      if: github.event_name != 'pull_request'
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.DOCKER_REPO }}
+        tags: |
+          type=schedule
+          type=ref,event=branch
+          type=ref,event=tag
+          type=ref,event=pr
+          type=raw,value=latest,enable={{is_default_branch}}
+          type=sha
+
+    - name: Build Docker image
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        file: ./Dockerfile
+        build-args: BASE_IMAGE=${{ env.BASE_IMAGE }}
+        push: true
+        tags: |
+          ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        platforms: ${{ env.PLATFORMS }}
+
+    - name: Update DockerHub repo description
+      if: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+      env:
+        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+      run: sh -x docker/update_description.sh README.md

Dockerfile

@@ -0,0 +1,20 @@
+ARG BASE_IMAGE
+FROM --platform=$TARGETPLATFORM $BASE_IMAGE as build
+LABEL maintainer="Maksym Sobolyev <[email protected]>"
+
+USER root
+
+# Set Environment Variables
+ENV DEBIAN_FRONTEND=noninteractive
+
+WORKDIR /webrtc_phone
+COPY docker /webrtc_phone/
+
+# Build & install everything
+RUN /webrtc_phone/build.sh
+
+EXPOSE 443
+EXPOSE 9876
+EXPOSE 32000-34000/udp
+
+ENTRYPOINT [ "/webrtc_phone/run.sh" ]

README.md

@@ -0,0 +1,51 @@
+[![Build Docker image](https://github.com/sippy/webrtc_phone/actions/workflows/build.yml/badge.svg)](https://github.com/sippy/webrtc_phone/actions/workflows/build.yml)
+
+# What is it?
+
+This is a technology demo integrating Sippy RTPProxy and Sippy B2BUA with
+WebRTC-compatible clients. It includes four main components:
+
+1. Sippy B2BUA.
+2. Sippy RTPProxy.
+3. SIP.js demo application.
+4. Web server.
+
+The container starts RTPProxy and B2BUA listening on WSS port `9876/TCP`, and
+a web server on HTTPS port `443/TCP`. Both share the same self-signed TLS key
+generated during the container build process. This allows users to open the
+demo page and connect their browser to the B2BUA over WSS.
+
+When the user initiates a call, the B2BUA/RTPProxy sets up two RTP sessions
+(one encrypted and one plain) and initiates an outbound SIP call to the SIP
+destination controlled by the `OUTBOUND_ROUTE` environment variable.
+
+# Usage
+
+```bash
+docker pull sippylabs/webrtc_phone:latest
+docker run -it --name webrtc_phone -P --network=host -e OUTBOUND_ROUTE="[email protected];auth=foo:bar" -d sippylabs/webrtc_phone:latest
+```
+
+# Introspection
+
+The container produces various SIP/RTP/WSS logs that can be inspected using
+the `docker log` command. The amount of RTP logs can be controlled by the
+`RTPP_LOG_LEVEL` environment variable. Possible values are `DBUG`, `INFO`,
+`WARN`, `ERR`, and `CRIT` (in decreasing order of verbosity).
+
+# Caveats and Limitations
+
+- Connection to the WSS server will fail with error `1015` in Firefox. It
+  works in Chrome and Microsoft Edge as long as the user accepts the security
+  warning when opening the demo page. This is caused by the usage of the
+  self-signed certificate.
+- Only `Demo 1` works.
+- Due to the need for a range of UDP ports for RTP sessions (2,000 by default),
+  the usage of the `host` network is recommended.
+
+# Links and References
+
+- [RTPProxy @ GitHub](https://github.com/sippy/rtpproxy/)
+- [Sippy B2BUA @ GitHub](https://github.com/sippy/b2bua/)
+- [SIP.js @ GitHub](https://github.com/onsip/SIP.js/)
+- [Sources for this container @ GitHub](https://github.com/sippy/webrtc_phone/)

build/SIP.js.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -x
+set -e
+
+sudo apt-get -y update -qq
+sudo apt-get -y install npm
+
+SJDIR="docker/SIP.js"
+
+git -C "${SJDIR}" apply "`pwd`/patches/SIP.js.diff"
+cd "docker/SIP.js/demo"
+npm install
+npm run build-demo
+cd -
+
+openssl req -newkey rsa:2048 -nodes -keyout docker/server.key -x509 -days 365 \
+ -out docker/server.crt -config conf/openssl.cnf

conf/openssl.cnf

@@ -0,0 +1,22 @@
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+distinguished_name = dn
+x509_extensions = v3_req
+req_extensions = v3_req
+
+[dn]
+C = US
+ST = California
+L = San Francisco
+O = My Company
+OU = My Division
+CN = localhost
+emailAddress = [email protected]
+
+[v3_req]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = localhost

docker/build.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -x
+set -e
+
+DEV_PKGS="libc6-dev gcc"
+
+apt-get -y --no-install-recommends update -qq
+apt-get -y --no-install-recommends install python-is-python3 python3-pip npm \
+  ${DEV_PKGS}
+
+python3 -m pip install --break-system-packages -U -r b2bua/requirements.txt
+npm install http-server
+
+apt-get -y remove ${DEV_PKGS}
+apt-get -y autoremove
+apt-get -y clean
+
+rm -rf ~/.cache

docker/run.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/bash
+
+set -e
+set -x
+
+OUTBOUND_ROUTE="${OUTBOUND_ROUTE:-"[email protected];auth=nopass"}"
+RTPP_LOG_LEVEL="${RTPP_LOG_LEVEL:-"dbug"}"
+
+CFILE="/webrtc_phone/server.crt"
+KFILE="/webrtc_phone/server.key"
+WROOT="/webrtc_phone/SIP.js/demo"
+PNUM=443
+MIN_RTP_PORT=32000
+MAX_RTP_PORT=34000
+
+RSOCK="/webrtc_phone/rtpproxy.sock"
+RMODDIR="/usr/local/lib/rtpproxy"
+
+BDIR="/webrtc_phone/b2bua"
+
+npm exec -- http-server -S -C "${CFILE}" -K "${KFILE}" -p ${PNUM} "${WROOT}" &
+HSERV_PID="${!}"
+
+/usr/local/bin/rtpproxy_debug -f -F -s "${RSOCK}" \
+  --dso "${RMODDIR}/rtpp_ice_lite_debug.so" \
+  --dso "${RMODDIR}/rtpp_dtls_gw_debug.so" \
+  -d "${RTPP_LOG_LEVEL}" -m "${MIN_RTP_PORT}" -M "${MAX_RTP_PORT}" &
+RTPP_PID="${!}"
+
+PYTHONPATH="${BDIR}" python "${BDIR}/sippy/b2bua_radius.py" \
+ --auth_enable=off --acct_enable=off --static_route="${OUTBOUND_ROUTE}" \
+ -f --b2bua_socket=/tmp/b.sock --rtp_proxy_clients="${RSOCK}" \
+ --allowed_pts=0,8,9,126,101 --wss_socket="0.0.0.0:9876:${CFILE}:${KFILE}" &
+B2B_PID="${!}"
+
+wait -n

docker/update_description.sh

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+md5sum_q() {
+  md5sum "${@}" | awk '{print $1}'
+}
+
+# Get the JWT token
+TOKEN="$(curl -s -H "Content-Type: application/json" -X POST -d '{"username": "'${DOCKER_USERNAME}'", "password": "'${DOCKER_PASSWORD}'"}' https://hub.docker.com/v2/users/login/ | jq -r .token)"
+if [ -z "${TOKEN}" -o "${TOKEN}" = "null" ]
+then
+  echo "ERROR: Invalid or no JWT TOKEN returned!" 1>&2
+  exit 1
+fi
+
+BCSUM1="`jq -r .nonce < /dev/null | md5sum_q`"
+BCSUM2="`echo | md5sum_q`"
+
+API_URL="https://hub.docker.com/v2/repositories/${DOCKER_REPO}/"
+OLDCSUM="`curl -s -H "Authorization: JWT ${TOKEN}" "${API_URL}" | jq -r .full_description | md5sum_q`"
+NEWCSUM="`md5sum_q "${1}"`"
+if [ "${OLDCSUM}" = "${NEWCSUM}" ]
+then
+  # description is up to date already
+  exit 0
+fi
+if [ "${OLDCSUM}" = "${BCSUM1}" -o "${OLDCSUM}" = "${BCSUM2}" ]
+then
+  echo "ERROR: Empty description read!" 1>&2
+  exit 1
+fi
+
+MYNAME="`basename "${0}"`"
+DESCRIPTION_FILE="`mktemp -t ${MYNAME}.XXXXXXX`"
+echo '{"full_description": "' > "${DESCRIPTION_FILE}"
+perl -0777 -p -e 's|\n\z||' "${1}" | perl -p -e 's|\n|\\n\n| ; s|"|\\"|g' >> "${DESCRIPTION_FILE}"
+echo '"}' >> "${DESCRIPTION_FILE}"
+
+# Update the description on DockerHub
+curl -X PATCH -H "Content-Type: application/json" -H "Authorization: JWT ${TOKEN}" -d @"${DESCRIPTION_FILE}" "${API_URL}"
+rm "${DESCRIPTION_FILE}"

patches/SIP.js.diff

@@ -0,0 +1,13 @@
+diff --git a/demo/demo-1.ts b/demo/demo-1.ts
+index ffc09dbd..79ca0bae 100644
+--- a/demo/demo-1.ts
++++ b/demo/demo-1.ts
+@@ -16,7 +16,7 @@ const holdCheckbox = getInput("hold");
+ const muteCheckbox = getInput("mute");
+
+ // WebSocket Server URL
+-const webSocketServer = "wss://edge.sip.onsip.com";
++const webSocketServer = `wss://${window.location.hostname}:9876`;
+ serverSpan.innerHTML = webSocketServer;
+
+ // Destination URI