Https provisioning + client denied by server configuration


(John Satterfield) #1

FreePBX 14.0.16.4
SystemAdmin 14.0.39.11

Trying to set up a Polycom phone to provision over the internet using manually created configuration files, not EPM or OSS. Works perfectly on the LAN using TFTP. I could not get it to work correctly via TFTP on the server via the internet connection. The phone continuously times out the downloads and appears unable to upload the log files.

I am now trying HTTPS provisioning using the randomly generated passwords. It is clear the server is accepting the call over port 1443 and logs the attempt. The phone reports “unable to reach boot server”

The httpd error_log shows:
[Mon Feb 22 12:20:53.443699 2021] [authz_core:error] [pid 1386] [client 24.131.30.131:50038] AH01630: client denied by server configuration: /tftpboot/index.php

I checked the /tftproot folder and confirmed that the entire folder is owned by asterisk:asterisk.

There is no index.php file in this folder. If it is needed, what should it look like?

Thank you all for any guidance!
John


(Jared Busch) #2

You may want to read this
https://community.freepbx.org/t/polycom-phones-via-http-and-https/56767


#3

What exactly is serving port 1443 and how exactly is that service handling the Directory /tftboot defined ? You will need to open bidirectional access between the WAN and the LAN, on that port, and depending on your router, forward all 1443 traffic to your PBX.


(Jared Busch) #4

He said it was the /tftpboot folder owned by asterisk. So that implies it is a FreePBX install. Distro or not is a great question.

The web hooks for the SysAdmin specified ports are in place even if EPM is not installed.

So it should work just fine. I do not have a Poly phone handy, but I’ve done it this way more than once.


#5

If he came from most any background using tftpd /tftboot would exist and be owned by asterisk, that goes way back to the very early days of asterisk@home, so consider it legacy, cos’ I always wondered why FreePBX decided to leave it outside of /var/www/html

(FreePBX has no dependency on httpd/apache2 it will work as happily with most any webserver, many prefer nginx)


(Jared Busch) #6

Actually distro, because he said

Missed that a bit ago. So the post I linked from @xrobau will likely be helpful