Encryption for manager.conf

letsencrypt
Tags: #<Tag:0x00007f702ff19798>

#1

Hello together,

i want to setup a PBX which is reachable from the internet.
I already setup everything with IDS and TLS/SRTP, working fine!

But now it comes to TAPI or manager.conf access. I read that i can enable encryption for that here

But how do I do that? I think i have to edit the manager.conf file over console/ssh access right?
But what happens when i install some updates, does the manager.conf gets overwritten than?


(Itzik) #2

There isn’t a manager custom file?


#3

It is
But can I modify the [general] part there?


(Itzik) #4

In the custom file, put something like:

[general](+)
your_setting = true

But I am not sure if enabling encryption under the general settings might break FreePBX


#5

That first link is from 2008, tls is the new ssl and from

we see secure connections by default would be ovrr port 5039, FreePBX only uses 127.0.0.1:5038

IMHO anyone that allows port 5038 through your firewall is exposing a long standing but ubiquitous security risk with FreePBX


#6

Yeah saw that thanks :slight_smile:

Soo…

When i manually edit the manager.conf with
tlsenable = yes
tlsbindport = 5039

Its working over tls

Will try it now with [general] (+)


#7

Working :slight_smile:
Thanks


#8

Looks like that now

[general] (+)
tlsenable = yes
tlsbindport = 5039
tlsbindaddr = 0.0.0.0
tlscertfile = /etc/asterisk/keys/LE.pem
tlsprivatekey = /etc/asterisk/keys/LE.key


#9

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)