I have a working setup of FreePBX, now I like to place the provisioning of the telephones behind the firewall so I can use GeoIP and Spamhouse IP filters etc to keep out the bad guys…
Original Setup:
Phones ← https + auth :1443 → https://FreePBX.wanside.
- Using SSL + Auth
All provisioning works fine… I use employee home IP filter which is intensive to maintain…
New Setup
Phones ← https offloading by HAproxy <–> http://FreePBX.lanside:84 (using plain http to the backend)
Using curl
curl -u /cfg0705.cfg <–> haproxy
Works, no errors… same with Chrome and Safari all working fine… the cfg files gets downloaded…
I apply a factory reset at S7xx phone, and the phone is registered in the Sangoma Portal to the new provisioning url…
First hurdle…
However if the phone is connecting it fails with a: SSL handshake failure…
Doing a side by side comparison of the headers I made them identical of directly to the FreePBX https provisioning port and the response of the HAproxy… … still no cigar…
Now the S7xx phone fetches 2 config files but stays in an endless loop downloading the files and then again and again… it fetches the “cfg0705.xml” and the “cfg.xml” file, and just stops there… no additional config files are loaded (like vpn etc) it just starts over again… and loads the file again. No error on the display of the phone (can’t reach any logging since the web interface is not yet activated in this stage of booting)
Backend webserver of FreePBX:
10.0.1.1 - [13/Oct/2022:14:55:33 +0200] “GET /cfg0050xxxxxxxx.xml HTTP/1.1” 200 63932 “-” “Sangoma S705 3.0.4.78 00:50:xx:xx:xx:xx”
10.0.1.1 - [13/Oct/2022:14:57:04 +0200] “GET /cfg0705.xml HTTP/1.1” 200 738 “-” “Sangoma S705 3.0.4.78 00:50:xx:xx:xx:xx”
Anybody has this setup working or hints what the Sangoma S7xx phone needs to feel safe enough to continue load its config through HAproxy ?
Many thanks for any hints to break out this