FreePBX Distro does not support https?

At some point we have to prioritize things we do. There are many open tickets. Is SSL in apache bigger than core being broken? You need to decide that for yourself.

I +1’d Navaismo’s post for this simple line, because I liked what it said:

Do I need to justify my likes for every post I like from here on out? There are posts that @dicko likes that I could assume are flipping me off as well, but I have to take a step back and think “@dicko is just liking a post, im looking too deeply into it”.

I am assuming you are doing the same.

Tony’s reply is simply talking about unsigned certs with phones. No where does he dismiss anything. He is just providing comments, the same thing you have done. I would think Tony’s first comment in that ticket actually stated what we are doing in regards to it. Tony might be short and to the point but he does not foo-foo it for political correctness. Note that I am not endorsing anything I am just saying maybe look at it in a different light?

I am fairly certain this is my only interaction with you so I can’t speak for others. However take:

You went through that thread and liked all of @dicko’s posts. Like almost all of them. Do you think at some level @AdHominem took offense at your liking them the same as you took offense at me liking @navaismo’s . Just something to consider when looking a the broader picture.

I went through your posts since around '12 (might have missed some to be honest) but I can only find a handful of times where Tony replied to you. Most of our team has never talked to you. So I suppose I am a little lost as to what you are referring to specifically?

Sure we at FreePBX have been assholes. I can agree with that. Do we want to be assholes? No I can tell you we don’t. We do strive to come off as decent human beings. We have conversations about our actions in the forums all day long and we don’t sit there making fun of everyone (I never said you said that, I suppose I am just trying to clarify where ‘we’ stand?).

Do we want to keep being assholes? No. Not at all. We want to be the nice, cool guys, but we can’t always reply with a nice message, sometimes it will be blunt. The worse part is, if we don’t reply at all people scream at us for ignoring them. The ways of the internet.

I’ve probably rambled on for too long but I stick up for the people at Schmooze, not because they pay my bills but because when I was learning about PBXs/VoIP and programming in my free time for FreePBX years ago my closest allies were Tony, Philippe and Bryan. Tony reached out to me first and got me access to the FreePBX resources well before I was hired, he, and the Schmooze team, made me feel welcome. So of course I see these guys in a totally different light than most people and most of the time I am the most blunt of all (but mainly on another forum, less often here) and maybe I do come off as rude and maybe most of us do.

But we are trying to work on it and improve our credibility towards the community.

FWIW- I see zero need for https and cannot imagine any valid case for spending the time enabling it.

Of course, you know my stance on opening ports and VPNs from another discussion. Since I’m only connecting to my network securely, https doesn’t do anything for me.

It’s in the nature of the written word that short comments appear terse/dismissive even when they are NOT intended that way.

Tony is horrendously busy and everyone should understand that his comments are always intended in a cooperative manner, even if it doesn’t read that way.

Just a little humor: “I really cannot sufficiently describe my level of shock” at the phrase:

Now i see the reality, well I’m not quite a developer but just a user is so sad.

Hehe, how did I get involved here, all I said is it is a good idea, easy to implement and I personally use it with the provisos generally accepted by all about self-certification, I have liked also posts with folks here that I know will never agree with me, that doesn’t mean anything but that, on those points of disagreement, we do exactly that.

Can I assume that your previous agreement to agree to disagree extends to my stance also?

It is with some irony that some might see your arguments here as in themselves “ad hominem”

(I am also just a user, sometimes blunt, sometimes right and sometimes wrong, but just as avid as any to keep FreePBX alive and secure, I just have to pay my own bills )

dicko,

I always enjoy a good argument, and I’m always willing to agree to disagree with those who share common interests.

I think you and I are in agreement that FreePBX is great and we all want to keep it going. I think we’re also in agreement that if you open port 80, you definitely want https enabled.

However, I think that almost everyone here would agree with me that even if you open port 5060 (which I advise against but others think is fine), you should never open port 80.

Port 80 is just too vulnerable, and https won’t protect you from exploits, it’ll just keep the data that is sent from/to the server secure - assuming your keys are secure.

I totally agree, with the exception of a few recalcitrant VSP’s I haven’t used UDP/5060 for years, I just noticed that I can’t find how to rebind SIP/PJSIP anywhere in the FreePBX 12 GUI though.

Personally I generally don’t have TCP/80 open on the servers except when I can’t work around it and even https runs on another port, but that’s another topic.

I do my best to keep my keys secure, I need them for postfix, srtp and other services apart from https.

I haven’t used 12, but if there’s still an Asterisk SIP Settings module, and you can still add your own additional settings at the end, this should do it:

bindport=5060

Change 5060 to whatever port you want…

Not so much, that bit has gone byebye, probably because of PJSIP which has no *custom.conf’s yet (luckily I can do it in /etc/asterisk still with a little machination )

It’s there. Go to SIP Settings and look for the “rnav” to the right. You will see selections for “chan SIP” and “chan PJSIP”.

If you still don’t see it here are two links that will get you where you need to be:

admin/config.php?display=sipsettings&category=chansip
admin/config.php?display=sipsettings&category=pjsip

We didn’t remove anything. We’ve only added.

You are the 20th user to think we removed this though. I guess the “rnav” is horribly placed. Time to work on a notice to show people where it’s at.

Thank you Andrew, I did the old resize thingy and it sprang up .

Heard about that. Also looking into it… bugs in the code

There are 10 sorts of people in the world, those that understand binary and those that don’t.

Ok, so this is more like it! I’ll chalk the whole sordid affair up to brief comments and misunderstandings. I hope you all can do the same for me.