From 420d868bc17518a68c39050a18ceb98a509bd2e5 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 27 Feb 2026 22:24:58 +0000 Subject: [PATCH 1/7] Add IAX2 RSA key generation and re-enable encryption - Generate IAX2 RSA keys at container startup if not present - Uses astgenkey with fallback to openssl - Re-enable encryption=yes in iax.conf template - Keys stored in /var/lib/asterisk/keys/ (can be mounted for persistence) - Logs instructions for public key exchange with remote PBX https://claude.ai/code/session_01M7DJEAxrReANcMZ6SjChaG --- docker/configs/iax.conf.template | 2 +- docker/entrypoint.sh | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/docker/configs/iax.conf.template b/docker/configs/iax.conf.template index 469b945a..3a9dc8ce 100644 --- a/docker/configs/iax.conf.template +++ b/docker/configs/iax.conf.template @@ -15,7 +15,7 @@ disallow=all allow=alaw allow=ulaw allow=g722 -encryption=no +encryption=yes ; ── Trunk definition ────────────────────────────────────────────────────── [trunk] diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 592d1ed4..72ca1fb3 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -69,6 +69,24 @@ else echo ">> Using existing TLS certificate: $TLS_DIR/asterisk.pem" fi +# ── Generate IAX2 RSA keys if not present ──────────────────────────────────── +KEYS_DIR="/var/lib/asterisk/keys" +if [ ! -f "$KEYS_DIR/iax.key" ]; then + echo ">> No IAX2 RSA keys found, generating..." + astgenkey -n iax 2>/dev/null || { + # astgenkey may not be available; fall back to openssl + openssl genrsa -out "$KEYS_DIR/iax.key" 1024 2>/dev/null + openssl rsa -in "$KEYS_DIR/iax.key" -pubout -out "$KEYS_DIR/iax.pub" 2>/dev/null + } + chmod 600 "$KEYS_DIR/iax.key" + echo " IAX2 RSA keys generated in $KEYS_DIR" + echo " To enable IAX2 encryption, exchange public keys with your PBX:" + echo " - Copy $KEYS_DIR/iax.pub to the remote Asterisk /var/lib/asterisk/keys/" + echo " - Copy the remote iax.pub to this container's $KEYS_DIR/" +else + echo ">> Using existing IAX2 RSA keys: $KEYS_DIR/iax.key" +fi + # ── Generate Asterisk configs from templates ──────────────────────────────── echo ">> Generating Asterisk configs..." echo " Protocol : $TRUNK_PROTO" From 4d6bb0e9c15f9133761583b28c97649c3f264781 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 27 Feb 2026 22:35:28 +0000 Subject: [PATCH 2/7] Fix IAX2 key generation to use traditional RSA format Asterisk's res_crypto requires traditional RSA PEM format: - Private key: BEGIN RSA PRIVATE KEY (not BEGIN PRIVATE KEY) - Public key: BEGIN RSA PUBLIC KEY (not BEGIN PUBLIC KEY) Use -traditional and -RSAPublicKey_out flags in openssl fallback. Also pass output path to astgenkey so keys go directly to keys dir. https://claude.ai/code/session_01M7DJEAxrReANcMZ6SjChaG --- docker/entrypoint.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 72ca1fb3..a5b88be3 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -73,10 +73,11 @@ fi KEYS_DIR="/var/lib/asterisk/keys" if [ ! -f "$KEYS_DIR/iax.key" ]; then echo ">> No IAX2 RSA keys found, generating..." - astgenkey -n iax 2>/dev/null || { + astgenkey -n -q "$KEYS_DIR/iax" 2>/dev/null || { # astgenkey may not be available; fall back to openssl - openssl genrsa -out "$KEYS_DIR/iax.key" 1024 2>/dev/null - openssl rsa -in "$KEYS_DIR/iax.key" -pubout -out "$KEYS_DIR/iax.pub" 2>/dev/null + # Asterisk requires traditional RSA format (not PKCS#8) + openssl genrsa -traditional -out "$KEYS_DIR/iax.key" 1024 2>/dev/null + openssl rsa -in "$KEYS_DIR/iax.key" -RSAPublicKey_out -out "$KEYS_DIR/iax.pub" 2>/dev/null } chmod 600 "$KEYS_DIR/iax.key" echo " IAX2 RSA keys generated in $KEYS_DIR" From f1dd0ae300e6beb001ae8582a3428b67168bf14f Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 27 Feb 2026 22:36:02 +0000 Subject: [PATCH 3/7] Add persistent volume for IAX2/TLS keys Keys in /var/lib/asterisk/keys/ are now stored in a named Docker volume so they survive container rebuilds and recreates. This is essential for IAX2 encryption since both sides need stable key pairs. https://claude.ai/code/session_01M7DJEAxrReANcMZ6SjChaG --- docker-compose.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index bd6951b2..69fcd05e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,6 +16,8 @@ services: network_mode: host volumes: - /dev/bus/usb:/dev/bus/usb + # Persist IAX2/TLS keys across container recreates + - asterisk-keys:/var/lib/asterisk/keys # Optional: drop .conf files here to override generated configs # - ./configs:/etc/asterisk/custom:ro # Optional: mount your own TLS certs (self-signed generated if absent) @@ -33,3 +35,6 @@ services: - /dev/ttyUSB1:/dev/ttyUSB1 - /dev/ttyUSB2:/dev/ttyUSB2 - /dev/ttyUSB3:/dev/ttyUSB3 + +volumes: + asterisk-keys: From fe7786e6ce64d865bcbf38e5cf93bf239dda33af Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 27 Feb 2026 22:45:18 +0000 Subject: [PATCH 4/7] Fix pubkey format: use PKCS#8 for Asterisk 20+ compatibility Asterisk 20+ uses PEM_read_PUBKEY() which expects BEGIN PUBLIC KEY (PKCS#8 SubjectPublicKeyInfo), not BEGIN RSA PUBLIC KEY (PKCS#1). Use -pubout instead of -RSAPublicKey_out for openssl fallback. https://claude.ai/code/session_01M7DJEAxrReANcMZ6SjChaG --- docker/entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index a5b88be3..733ecada 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -75,9 +75,9 @@ if [ ! -f "$KEYS_DIR/iax.key" ]; then echo ">> No IAX2 RSA keys found, generating..." astgenkey -n -q "$KEYS_DIR/iax" 2>/dev/null || { # astgenkey may not be available; fall back to openssl - # Asterisk requires traditional RSA format (not PKCS#8) + # Asterisk 20+ uses PEM_read_PUBKEY (PKCS#8 SubjectPublicKeyInfo format) openssl genrsa -traditional -out "$KEYS_DIR/iax.key" 1024 2>/dev/null - openssl rsa -in "$KEYS_DIR/iax.key" -RSAPublicKey_out -out "$KEYS_DIR/iax.pub" 2>/dev/null + openssl rsa -in "$KEYS_DIR/iax.key" -pubout -out "$KEYS_DIR/iax.pub" 2>/dev/null } chmod 600 "$KEYS_DIR/iax.key" echo " IAX2 RSA keys generated in $KEYS_DIR" From ac55b381363ad85a447f593b5e05545729902aa6 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 27 Feb 2026 22:46:57 +0000 Subject: [PATCH 5/7] =?UTF-8?q?Remove=20RSA=20key=20generation=20=E2=80=94?= =?UTF-8?q?=20IAX2=20encryption=20uses=20shared=20secret?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit IAX2 encryption=yes uses AES-128 with keys derived from the registration password (MD5 auth digest). RSA keys are only needed for auth=rsa, which we don't use. Removed unnecessary key generation from entrypoint and keys volume from docker-compose. https://claude.ai/code/session_01M7DJEAxrReANcMZ6SjChaG --- docker-compose.yml | 5 ----- docker/entrypoint.sh | 19 ------------------- 2 files changed, 24 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 69fcd05e..bd6951b2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,8 +16,6 @@ services: network_mode: host volumes: - /dev/bus/usb:/dev/bus/usb - # Persist IAX2/TLS keys across container recreates - - asterisk-keys:/var/lib/asterisk/keys # Optional: drop .conf files here to override generated configs # - ./configs:/etc/asterisk/custom:ro # Optional: mount your own TLS certs (self-signed generated if absent) @@ -35,6 +33,3 @@ services: - /dev/ttyUSB1:/dev/ttyUSB1 - /dev/ttyUSB2:/dev/ttyUSB2 - /dev/ttyUSB3:/dev/ttyUSB3 - -volumes: - asterisk-keys: diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 733ecada..592d1ed4 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -69,25 +69,6 @@ else echo ">> Using existing TLS certificate: $TLS_DIR/asterisk.pem" fi -# ── Generate IAX2 RSA keys if not present ──────────────────────────────────── -KEYS_DIR="/var/lib/asterisk/keys" -if [ ! -f "$KEYS_DIR/iax.key" ]; then - echo ">> No IAX2 RSA keys found, generating..." - astgenkey -n -q "$KEYS_DIR/iax" 2>/dev/null || { - # astgenkey may not be available; fall back to openssl - # Asterisk 20+ uses PEM_read_PUBKEY (PKCS#8 SubjectPublicKeyInfo format) - openssl genrsa -traditional -out "$KEYS_DIR/iax.key" 1024 2>/dev/null - openssl rsa -in "$KEYS_DIR/iax.key" -pubout -out "$KEYS_DIR/iax.pub" 2>/dev/null - } - chmod 600 "$KEYS_DIR/iax.key" - echo " IAX2 RSA keys generated in $KEYS_DIR" - echo " To enable IAX2 encryption, exchange public keys with your PBX:" - echo " - Copy $KEYS_DIR/iax.pub to the remote Asterisk /var/lib/asterisk/keys/" - echo " - Copy the remote iax.pub to this container's $KEYS_DIR/" -else - echo ">> Using existing IAX2 RSA keys: $KEYS_DIR/iax.key" -fi - # ── Generate Asterisk configs from templates ──────────────────────────────── echo ">> Generating Asterisk configs..." echo " Protocol : $TRUNK_PROTO" From 05f785119da0dcd12117b5194822a62871a7fef8 Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 28 Feb 2026 00:08:12 +0000 Subject: [PATCH 6/7] Add Docker installation instructions for Armbian to README Most Armbian images don't include Docker pre-installed. Added a section with step-by-step commands to install Docker CE from the official Docker repository on Debian-based Armbian systems. https://claude.ai/code/session_01M7DJEAxrReANcMZ6SjChaG --- README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/README.md b/README.md index d3925b96..f62b7c86 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,33 @@ Supported features: --- +## Installing Docker on Armbian + +Most Armbian images ship without Docker. Install it from the official Docker repository: + +```bash +# Remove old versions (if any) +apt-get remove docker docker-engine docker.io containerd runc + +# Install prerequisites +apt-get install ca-certificates curl gnupg lsb-release + +# Add Docker GPG key +mkdir -p /etc/apt/keyrings +curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + +# Add Docker repository +echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \ + https://download.docker.com/linux/debian $(lsb_release -cs) stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + +# Install Docker +apt update +apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin +``` + +--- + ## Docker Quick Start Plug in your Huawei dongle, then: From 172284b50c727b1b7649800bb9df3786ffc6edda Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 28 Feb 2026 00:08:42 +0000 Subject: [PATCH 7/7] Add install-docker.sh script for Armbian users Moved Docker installation steps into docker/install-docker.sh and referenced it from the README. Most Armbian images don't ship with Docker pre-installed, so this gives users a one-liner to set it up. https://claude.ai/code/session_01M7DJEAxrReANcMZ6SjChaG --- README.md | 21 ++------------------- docker/install-docker.sh | 29 +++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 19 deletions(-) create mode 100755 docker/install-docker.sh diff --git a/README.md b/README.md index f62b7c86..2cee2f35 100644 --- a/README.md +++ b/README.md @@ -35,27 +35,10 @@ Supported features: ## Installing Docker on Armbian -Most Armbian images ship without Docker. Install it from the official Docker repository: +Most Armbian images ship without Docker. Run the included install script: ```bash -# Remove old versions (if any) -apt-get remove docker docker-engine docker.io containerd runc - -# Install prerequisites -apt-get install ca-certificates curl gnupg lsb-release - -# Add Docker GPG key -mkdir -p /etc/apt/keyrings -curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg - -# Add Docker repository -echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \ - https://download.docker.com/linux/debian $(lsb_release -cs) stable" | \ - sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - -# Install Docker -apt update -apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin +sudo bash docker/install-docker.sh ``` --- diff --git a/docker/install-docker.sh b/docker/install-docker.sh new file mode 100755 index 00000000..25253739 --- /dev/null +++ b/docker/install-docker.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# Install Docker CE on Armbian (Debian-based) +# Usage: sudo bash install-docker.sh + +set -e + +echo "=== Removing old Docker packages (if any) ===" +apt-get remove -y docker docker-engine docker.io containerd runc 2>/dev/null || true + +echo "=== Installing prerequisites ===" +apt-get update +apt-get install -y ca-certificates curl gnupg lsb-release + +echo "=== Adding Docker GPG key ===" +mkdir -p /etc/apt/keyrings +curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg + +echo "=== Adding Docker repository ===" +echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \ +https://download.docker.com/linux/debian $(lsb_release -cs) stable" | \ +tee /etc/apt/sources.list.d/docker.list > /dev/null + +echo "=== Installing Docker CE ===" +apt-get update +apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin + +echo "=== Docker installed successfully ===" +docker --version +docker compose version