ostel.co Server Documentation¶
This document provides information to build a server side stack identical to what runs at ostel.co
ostel.co is primarily composed of a Session Initiation Protocol (SIP) server called Kamailio for voice/video connectivity services and a Ruby on Rails application to manage the database. End-to-end encryption is provided via ZRTP, which is a cryptographic key agreement protocol which uses the human voice to negotiate the keys for encryption between two end points. Ostel conforms to the Open Secure Telephony Network (OSTN) standards that were defined by the Guardian Project and countless others during conferences, summits and IRC sessions.
The full stack of open source software to create a service like ostel.co is complex and requires a server with a static IP address on the public Internet and a Fully Qualified Domain Name (FQDN). If you are familiar with a Ruby on Rails production stack, the process for the web front end should be straight forward. If you have worked with a SIP server like Asterisk, the process will be much different.
There is a project on Github to automate the full stack with Chef. Please check it out and contribute if you wish. The cookbook is under development. The Ruby on Rails application source code is hosted in another repository, though not under active development. If you can financially sponsor further development, please email lee [@a] seriesdigital.com
The reference used to build ostel.co was originally written by Daniel-Constantin Mierla <miconda [@t] gmail.com> at a company called Asipto
- Debian GNU/Linux -- The best Linux distribution!
- A VPS or dedicated hosting provider or a Raspberry Pi that respects your freedom! You cannot run Kamailio from behind a home network with NAT if you want to call anyone outside your home. Seriously, if you want to do this you are in for a world of advanced IP networking configuration and application code. It's possible but you really do not want to do this
- Kamailio -- A modular SIP router, user registration server, and NAT traversal utility...and so much more
- rtpproxy -- a small utility to proxy encrypted audio and video streams. Works with Kamailio to solve NAT traversal
- Freeswitch -- A SIP softswitch. Provides testing services like an echo test. Can also provide automated call services like voicemail.
- PostgreSQL -- The World's Most Advanced Open Source Database. Stores user account data and domain alias information
- nginx -- A small, fast HTTP(S) server. Functions as a reverse proxy for the app server and for HTTPS decryption
- Unicorn -- A fast Ruby application server
- Ruby on Rails -- A popular framework for building web applications
- Devise -- A modular user authentication framework for Ruby on Rails
- Monit -- A system for process supervision. Keeps programs running, forever
- Munin -- A system for collecting resource statistics and plotting them in time-series graphs
- runit -- A system for process supervision. Keeps programs running, forever. AN alternative to monit, though more complicated to operate
- Obtain a server with a public IP address that runs Debian stable (Wheezy). Here are some reviewed VPS providers.
- Obtain and register a domain name with a recommended commercial registrar.
- Add DNS records for your domain.
- Configure server to identify itself as your newly created FQDN.
- A signed SSL certificate from a commercial Certificate Authority.
Full Stack Install¶
Federation & Interoperability¶
Kamailio does federation by default such that a call originating from email@example.com (on server foo.com) can reach a user firstname.lastname@example.org (on a different server, bar.com). If you wish to use domain aliases (call to email@example.com will map to firstname.lastname@example.org), you need to create SRV records for your domain and configure Kamailio to accept aliased usernames via the ALIAS_DB module.
Join the Community¶
If you do run your own server, please let us know by joining the ostn-operators email list! We'll keep the information private, but do like to know that these instructions are helpful. Also if you have any confusion or suggestions, do reach out to us at <support [@t] guardianproject.info>