Ast_tcptls_server_start

My Asterisk is not running with 443 port, while i have configured the https.conf file with below parameters.

/etc/asterisk/http.conf
[general]
enabled=no ; HTTP
tlsenable=yes ; HTTPS
tlsbindaddr=0.0.0.0:443

When i login to Asterisk CLI, then find the below error message on running the reload command.

Asterisk*CLI> reload
[2021-05-17 19:10:30] NOTICE[69341]: res_config_ldap.c:1830 parse_config: No directory user found, anonymous binding as default.
[2021-05-17 19:10:30] ERROR[69341]: res_config_ldap.c:1856 parse_config: No directory URL or host found.
[2021-05-17 19:10:30] NOTICE[69341]: res_config_ldap.c:1774 reload: Cannot reload LDAP RealTime driver.
[2021-05-17 19:10:30] WARNING[69341]: res_config_pgsql.c:1443 parse_config: PostgreSQL RealTime: Not connected
[2021-05-17 19:10:30] NOTICE[69341]: cdr.c:4508 cdr_toggle_runtime_options: CDR logging disabled.
[2021-05-17 19:10:30] ERROR[69341]: tcptls.c:793 ast_tcptls_server_start: Unable to bind https server to 0.0.0.0:443: Permission denied
[2021-05-17 19:10:30] WARNING[69341]: res_phoneprov.c:1232 get_defaults: Unable to find a valid server address or name.
[2021-05-17 19:10:30] NOTICE[69341]: chan_skinny.c:8451 config_load: Configuring skinny from skinny.conf
[2021-05-17 19:10:30] ERROR[69341]: ari/config.c:312 process_config: No configured users for ARI
[2021-05-17 19:10:31] NOTICE[69341]: app_queue.c:9155 reload_queue_rules: queuerules.conf has not changed since it was last loaded. Not taking any action.

I think i have some permission issues, as i bold the error line above. I have done my asterisk installation by using root user to avoid any permission issues, but unfortunately stuck on the same point. Please assist if anyone can do this. Thanks

Try using a port greater than 1024.

tlsbindaddr=0.0.0.0:4443
1 Like

This is the result of starting Asterisk from an account other than root.

I have tried it, it wass running previously with 2000 port but now its running with 4443 port. But i need to run it with 443 port as per your video.

I have followed your complete video to configure the webrtc on asterisk. such a nice video. :+1:

Who is “you”? This is a peer support forum. It is unlikely anyone here created the video to which you refer.

The simplest way of ensuring it doesn’t get permission denied is to make sure that you run it as root, and do not use the options to change user after it starts, although it may bind before it changes user.

More generally though, I’m told that successful implementation of WebRTC needs quite a detailed knowledge of the technologies used. If so, you should not be trying to implement it by following a video.

I was just appreciating the detailed video of Mr. InnovateAsterisk on YouTube channel, I apologize if i have violate any rule of Asterisk community, i am a new user here.

As per your reply, i have installed the asterisk with root user and also running it with root. Permission error has resolved by following the tlsbindaddr=0.0.0.0:4443. Now its running with 4443 port. But i need to run it with 443 port due to secure web socket connectivity.

Thanks :wink:

It can be tricky to track down this permission issue, like it could even be complaining about the ACL on the folder it uses to host the http MiniServer.

Either way… I would HIGHLY suggest NOT using 443 as it’s commonly known as a web hosting port, any scanner will pick you up quickly, especially if you are public (A big no-no). Please be careful of attempting to host any publicly accessible pages, using the Asterisk HTTP MiniServer.

My permission issue has resolved by changing the below value
tlsbindaddr=0.0.0.0:4443

I appreciate your suggestion regarding not to use 443 port as security, but if i use 4443 port than 443, may i able to create a secure connection of web socket because i want to configure the following Webrtc Browser base phone.

Yes, absolutely, you just specify 4443 in the “port” field in the settings window.

With javascript when the websocket connection is established it uses whatever port you specify in the URL, so long as you specify “wss://” as part of the URL, the connection will expect to perform an SSL handshake.

The only meaningful cause for EACCES in this context is:

EACCES The address is protected, and the user is not the
superuser

which means the only plausible explanation is that the process is not running as root when making the request.

It appears that SELINUX can also apply rules for privileged ports. If you are running on an OS that supports SELINUX, you could try disabling it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.