2 PBX - 1 Public IP - Same signaling port

Hi folks,

I’m playing with docker contenaiser and Feepbx, and it’s working nice for me.

I start 2 PBX in the same docker host and I respect each signaling and RTP port for both. It work fine.

The issue is that the Trunk provider send me the invite to 5060 port, it work well for one PBX, but the other one, that have the 5160 SIP port, don’t work

There’s a way that I can have a SIP proxy or SBC that handle the packet in the same 5060 port and them, for example, filter by a domain or other thing, redirect the traffic to the correct PBX?

This problem is only with Trunks, because I can manually configure sip port in the telephone.

Okay a few things here:

  1. Running FreePBX in docker is not recommended and will probably give you a “Bad Time” at some point in the future. FreePBX just simply wasn’t built to run in docker and fundamental changes will need to be made to the Core of FreePBX for it work correctly. You’re better off running it in a VM.

  2. I wouldn’t recommend running two PBXs on the same IP. It can be done, but the setup will be rather complex. At a minimum you’re probably looking at having to setup a proxy for the signaling (Kamalio) and a proxy for RTP (RTPProxy). At this point you’re probably pushing the limits of what FreePBX can do for you.

Thanks for your replay @mbrooks.

And what about this docker? https://hub.docker.com/r/tiredofit/freepbx

Basically I change the docker network config to get separate networking for both container. Any hope on this setup?

My Idea is to maximize the use of hosted VM running multiple Freepbx.

Open to any other better ideas…

@hunteralberto A lot of my thoughts on that project can be found here:

I’ll also note that using docker networking with asterisk is NOT recommend at all. The ONLY configuration option I would recommend would be that docker networking is disabled and only the host network is used. This is mainly due to the fact that docker launches one proxy instance per port and for RTP, which has a range of 16384 to 32767, that’s a lot of proxies to launch and will consume a lot of memory and resources.

Thoughts on containerized asterisk.

I have used lxd/lxc to multiplex one ip. But you will need to proxy your https ports (easy with nginx) and if using SIP, both signalling and media will need a proxy, which will probably lead to kamailio or such in another container, ( IAX2 is a much simpler route, ) Does it work? yes, is it worth the effort? in my case ‘no’ with do/vultr/whatever selling IP space and room for FreePBX for $5/month

The compromise might be getting an additional IP from the hosting service. Save a buck or two vs an additional VM, and avoid the headaches of sharing a single IP.

Who is this provider?

If you are using registration, the INVITE should come to the address and port in the Contact header you send out with REGISTER.

With IP authentication (set on the provider portal), you can usually specify a port number, for example

I know of only one provider Vitelity that won’t accept this format.

If you specify a domain name on the provider portal, with DNS SRV records you include a port number.

As Dicko told: you need to use a proxy in front of pbx.

btw: Hey Dicko how are you man :slight_smile:

ca va Franck, Still vertical and pumping air.

Hahaha :smiley:

If you imagine an instant what “Pumping air” wanna say in French… LOL

I agree with Stewart. If your provider does username/pass auth its no problem using 2 pbxs on same ip with different ports.

If they do IP auth only. You will need to change the port they send to. Some will alternatively let you set a custom sip uri with the port. Vitelity cant do this but username/pass auth works fine.

I run a trunk from a cloud freepbx to 2 different avaya PBX’s on the same public IP. We just changed the rtp and sip ports on the avaya and freepbx sends calls to the different sip ports. So totally possible.

But like dicko said vultr boxes are $5 and come with a public IP.

Dicko You can run https on different ports. Its a pbx not a web server. I dont run much at all on standard ports if its publically accessible. Sometimes customers need to be able to access UCP from anywhere. They are going to have to scan all 65000 tcp ports before finding it and checking to see if theres a vulnerability. It is what it is but Im not going to make everyone vpn in to change follow me rules.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.