WebRTC Deployment Guide
Prerequisites
Follow the guides here to deploy the components for CX Voice.
Once CX Voice is deployed below are the following points to follow:
Cisco Jabber device (UCCX - SU3) is required to set-up WebRTC Secure link deployment.
A Cisco CUBE is needed for integration between Jabber extensions and EFSwitch.
Secure Link Component Deployment
Step 1: Clone the repository
git clone -b main https://efcx:RecRpsuH34yqp56YRFUb@gitlab.expertflow.com/cti/securelinkgenreation_deployment.git
cd securelinkgenreation_deployment
Step 2: Update configMap
FQDN and Widgetidentifier must be the same as the EFCX WebRTC widget.
Open securelinkgenreation_deployment/ConfigMaps/ef-securelinkgeneration-configmap.yaml file and add the following parameters
CODESPRING_DATASOURCE_URL : jdbc:postgresql://ef-postgresql.ef-external.svc.cluster.local:5432/securelinkgeneration_db SPRING_DATASOURCE_USERNAME : "sa" SPRING_DATASOURCE_PASSWORD : "Expertflow123" ENCRYPTION_KEY: "1234567890123456" webwidgetfqdn : https://cim.expertflow.com/customer-widget/#/widget source : "SLG" linktimeout : "30" widgetIdentifier : "webrtc-widget"
Step 3: Update FQDN
Expertflow CX should be accessible by a fully qualified domain name. Assign the FQDN that resolves to the control plane node or KubeVIP.
Replace <FQDN> with your FQDN for Expertflow CX and run this command.
sed -i 's/devops[0-9]*.ef.com/<FQDN>/g' ConfigMaps/* Ingresses/nginx/* Ingresses/traefik/*
Step 4: Pull Image Mannualy
CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock /var/lib/rancher/rke2/bin/ctr -n k8s.io i pull -u saifullah:saifullah96 gitimages.expertflow.com/cti/securelinkgeneration:1.6
Step 5: Update Deployment
kubectl apply -f ConfigMaps/ef-securelinkgeneration-configmap.yaml
kubectl apply -f Services/ef-securelinkgeneration-service.yaml
kubectl apply -f Deployments/ef-securelinkgeneration-deployment.yaml
#Apply Ingresses
#for RKE
kubectl apply -f Ingresses/nginx/ef-securelinkgeneration-ingress.yaml
#or
#for Traefik
kubectl apply -f Ingresses/traefik/ef-securelinkgeneration-ingress.yaml
Customer Widget Configuration
Open cim-solution/kubernetes/cim/ConfigMaps/ef-customer-widget-configmap.yaml file and add the following parameter
CODEAUTHENTICATOR_URL : https://<FQDN>/secure-link
Run the following commands to update the configMaps of the customer widget
kubectl delete -f ef-customer-widget-configmaps.yaml -n expertflow
kubectl apply -f ef-customer-widget-configmaps.yaml -n expertflow
Open cim-solution/kubernetes/cim/Deployments/ef-customer-widget-deployment.yaml file and add the following parameter
CODE- name: AUTHENTICATOR_URL valueFrom: configMapKeyRef: key: AUTHENTICATOR_URL name: ef-customer-widget-cm
Run the following commands to update the Deployments of the customer widget
CODEkubectl delete -f ef-customer-widget-deployments.yaml -n expertflow kubectl apply -f ef-customer-widget-deployments.yaml -n expertflow
Unified Agent Configuration
Open cim-solution/kubernetes/cim/ConfigMaps/ef-unified-agent-configmap.yaml file and add the following parameter
CODESECURE_LINK_URL : https://<FQDN>/secure-link ENABLE_SECURE_LINK : "true"
Run the following commands to update the configMaps of the customer widget
kubectl delete -f ef-unified-agent-configmaps.yaml -n expertflow
kubectl apply -f ef-unified-agent-configmaps.yaml -n expertflow
Open cim-solution/kubernetes/cim/Deployments/ef-unified-agent-deployment.yaml file and add the following parameter
CODE- name: SECURE_LINK_URL valueFrom: configMapKeyRef: key: SECURE_LINK_URL name: ef-unified-agent-cm - name: ENABLE_SECURE_LINK valueFrom: configMapKeyRef: key: ENABLE_SECURE_LINK name: ef-unified-agent-cm
EFSwitch Configurations
Configure SIP Trunk for outbound calls
Note: The SIP trunk in this case will be the Cisco CUBE gateway.
Open in browser: https://IP-addr, where IP-addr is the IP address of the server that EFSwitch is deployed on.
Add the username and password that was shown upon installation of EFSwitch and press LOGIN.
Press the IP address in the top right and select the Domain created in the Domain creation section of the EFSwitch configuration document.
Open the Gateways section under the Accounts tab.
Press the ADD button in the top right.
Set the following fields:
Gateway: A name of your choice e.g. MySipTrunk
Username: The username of the SIP Trunk. Not needed for IP-based SIP trunks.
Password: The password of the SIP Trunk. Not needed for IP-based SIP trunks.
Proxy: The IP address and port of the SIP trunk e.g. 192.168.25.35:5060.
Register: Set to True. Set to False for IP-based SIP trunks.
Press the SAVE button on the top right.
Open this newly created gateway and note the URL opened in the browser.
From this URL note the gateway ID , i.e. :
For the URL https://192.168.1.201/app/gateways/gateway_edit.php?id=becc1f43-68b9-459a-908d-bbac57d042d5
The gateway ID is becc1f43-68b9-459a-908d-bbac57d042d5 (everything after ?id=)
Add the IP address of the SIP trunk to the EFSwitch ACL:
Open SIP Profiles under the Advanced tab.
Open the external profile and note the value of the apply-register-acl field.
Open Access controls under the Advanced tab.
Open the entry that matches the aforementioned apply-register-acl field.
At the bottom add an entry where the the Type is set to ‘allow’ and the CIDR field contains the address of the SIP Trunk.
Press the SAVE button on the top right.
Open SIP Status under the Status tab.
Press the Reload ACL button at the top right.
Open SIP Profiles under the Advanced tab.
Open the external profile and note the value of the sip-port field.
Back out via the BACK button on the top right.
Open the internal profile and note the value of the sip-port field.
Open a terminal and SSH into the EFSwitch machine via the command
- CODE
ssh EFSwitch-Server-Username@EFSwitch-Server-IP-Address
Enter the EFSwitch server SSH password when prompted.
Enter and run the command
- CODE
su
And enter the EFSwitch server root password.
Run the command
- CODE
sudo iptables -A INPUT -p tcp -m tcp --dport PORT -j ACCEPT
Where PORT is the port noted down in the previous steps. Run the command once for each port.
Run the command
- CODE
sudo iptables-save
Contact the SIP Trunk provider and have all traffic from the EFSwitch machine public IP address allowed.
Configuring Call Dialplan
Open Unified Admin via the link https://CX-FQDN/unified-admin
Where CX-FQDN is the fully qualified domain name of the EF CX.
Open the Web Widget section.
Open the Widget created for video calling, via the Edit option.
Scroll down and note the value of the Dialing URI field.
Open in browser: https://IP-addr, where IP-addr is the IP address of the server that EFSwitch is deployed on.
Add the username and password that was shown upon installation of EFSwitch and press LOGIN.
Press the IP address in the top right and select the Domain created in the Domain creation section of the EFSwitch configuration document.
Open the Dialplan Manager section under the Dialplans tab.
Press the ADD button in the top right.
Fill the form with following details :
Name = WebRTC Video Call
Condition 1 = Select destination_number from list and set the value to the value of the Dialing URI noted in the previous steps.
Action 1 = Select first item from the list
Press the SAVE button on top right Corner.
Re-open the WebRTC Video Call dialplan.
Set the Context field to the value of the Domain set in the Domain creation section of the EFSwitch configuration document.
Set the Domain field to the value of the Domain set in the Domain creation section of the EFSwitch configuration document.
Change the value of the Type column in the Action row to bridge and the Data field to sofia/gateway/GATEWAY-ID/55${sip_h_X-Agent-Extension}@DOMAIN
Where GATEWAY-ID is the SIP Trunk gateway ID noted in the previous section.
And DOMAIN is the value of the Proxy set in the Gateway creation section.
Press the SAVE button on top right Corner.