Enable Redirects or HSTS on asterisk

Good day,

I have https enabled on asterisk server, and I would like to redirect all http requests to https.
How do I configure, I assume the highlighted areas can be of you to what I want to achieve.

May you kindly assist


There is no such capability in the built-in HTTP server. It is extremely basic. For more features and control people run something else in front of it.

You can easily offload this to say Apache. The idea is that you rather make Asterisk an HTTP server, like this:

$ sudo nano /etc/asterisk/http.conf

enabled=yes ; HTTP 
tlsenable=no ; HTTPS 

Your Asterisk server is now not web facing (note the bind ip), and it doesn’t even need any certificates etc (tlsenable=no)

Then get Apache to host files and folders… Something its very good at! You can leave it at that, but now you may be thinking… what about WebRTC, right? how can the websockets connect directly to Asterisk (/ws). Well Apache has something call reverse proxy. Basically you pick a host, and you add a configuration to forward that request to (yourself) but on the http port (see http.conf)

Something like this:


        ServerName <enter_name_here>
        DocumentRoot /var/www/html

        SSLCertificateFile <enter_LE_cert_here>
        SSLCertificateKeyFile <enter_LE_cert_here>
        Include /etc/letsencrypt/options-ssl-apache.conf

        ProxyRequests off
        ProxyPreserveHost On
        ProxyPass /ws ws://
        ProxyPassReverse /ws ws://

See that the host above will accept TLS connections on the port 4443, then if you request a secure websocket (wss) to /ws/ it will reverse proxy that request to on port 8080 (so goes from WSS to WS), where Asterisk is waiting for your connections.

The nice thing about this is that now Asterisk operates independently without having to bother about serving non-voice related tasks like HTML, etc, and also you end your TLS connecting before Asterisk, so you don’t even need that extra complication.

By default Asterisk has a connection limit of 100, serving web pages off this service will eat them up quickly. This way the connections that are used, are only the WebRTC clients.

Also you can do all the redirect handing you would like as you get the full use of Apache.

On the downside… you need to know Apache.

we saw issues with apache at scale and eventually offloaded to haproxy with very good results …

btw Conrad im a fan of your webrtc phone… I use it quite often :slight_smile:

1 Like

gotta link for that webrtc phone? :wink:

1 Like

Thanks Mate!

Oh true! And now days everyone is using Nginx too, I believe they all have the reverse proxy option.

Also, because I do most of my work in the cloud, I found that AWS ALB does a fantastic job of this. Basically run a bunch of Asterisk servers behind the AWS Application Load Balancer, and forward your port to this Target Group and because it’s TLS based it can easily distribute the connections evenly between the servers. It even will do the same sort of things for you like redirect and WSS to WS. They even provide you with an ssl certificate for the ALB.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.