Hi, I’d like to provide UCP to some of my users but wouldn’t like to expose the server IP address.
Is it going to work well if I provide them with a domain behind Cloudflare for UCP purposes, while I access the admin panel and extensions (port 5060 and so on) directly with the server IP to work around the CDN?
Or if you guys have any other suggestions to accomplish the same thing.
I’m testing this right now in real-time and there are some bugs with her. First, when I use proxy (orange cloud) on my subdomain ipcom-1, all traffic gets blocked on my sip protocol. all endpoints drop.
In cloudflare you have to set up firewall rules, srv records and etc. I’m currently troubleshooting connectivity between my endpoints and the pbx because when you use CF you have to use their nameservers.
And in my experience with CF, correct SRV records will help prevent arbitrary attempts against you IP, on your asterisk end reject all sip connections to your IP address. That way only SIP requests against your domain name will return anything useful (and of course your endpoints will be set to contact to your name not your address). (It works well for me)
hehe, there you go, so far for me also chan_sip works fine for trunking. Any number of folks will scream at you that it is “depreciated/deprecated” and will imminently stop working, but so is PHP 5.6, they will likely both be there for years though
Either way, you need to inform asterisk that you are expecting SRV lookups.
Yes. May have to reload. I’m using 12.7.6-1910-1.sng7 and set Enable SRV Lookup to Yes in chan_sip settings plus added srvlookup=yes under Other SIP Settings.