<proxy>

USECALLMANAGER.nz

</proxy>

HTTP Provisioning and Services

HTTP is used by the phone to download its configuration, background image and ring-tone and also for providing XML services.

Provisioning link

The phone will use HTTP to download files from port 6970 on the server specified as the tftp-server-name in the DHCP response first before falling-back to TFTP on failure. A sample tftpboot directory containing templates for SEPMAC.cnf.xml, Softkeys.xml, FeaturePolicy.xml, DialTemplate.xml, AppDialRules.xml, background images and ring-tones can be downloaded from the URL below.

file_download tftpboot-1.6.tar.gz (123K) event 11/03/2024 security SHA256:7faf3400df73e91572c2952208933c92878e5a7b8954c134dd7e6660136bbfe4.

Listen 6970 <Virtualhost *:6970> # HTTP Provisioning DocumentRoot /var/lib/tftpboot <Directory /var/lib/tftpboot> Options +FollowSymlinks Require all granted </Directory> </Virtualhost>

Secure Provisioning link

If the ITLFile.tlv has a version of 1.1 the phone will use HTTPS to download SEPMAC.cnf.xml from port 6971 on the server before falling back to HTTP on failure. The SSL certificate used by server must use an EC (Elliptic Curve) key and be included in ITLFile.tlv with the TFTP function or available via the Trust Verification Service. The remaining provisioning files like soft keys, dial template and ring-tones will be downloaded on port 6970.

When the EC key is included in ITLFile.tlv then the remaining provisioning files need to be signed using an RSA key with the TFTP role, see Device Security for more information. If the phone requests it's configuration file on port 6971 with a .sgn extension the response must contain an unsigned file.

Listen 6971 <Virtualhost *:6971> # HTTPS Provisioning DocumentRoot /var/lib/tftpboot <Directory /var/lib/tftpboot> Options +FollowSymlinks Require all granted </Directory> <IfModule ssl_module> SSLEngine on # Must be a certificate that uses an EC key SSLCertificateFile /etc/apache2/ssl-certs/apache-ec.pem </IfModule> <IfModule rewrite_module> RewriteEngine on # Phone requests a .sgn file but actually wants an unsigned file RewriteRule ^/(SEP.+\.xml)\.sgn$ /$1 [last] </IfModule> </Virtualhost>

XML Services link

Example configuration for a WSGI application providing phone XML services on port 6972, any port can be used. See Phone Services for more information.

Listen 6972 <Virtualhost *:6972> # For <servicesURL>, <directoryURL> and <authenticationURL> DocumentRoot /var/www/services <Directory /var/www/services> Require all granted </Directory> <IfModule wsgi_module> WSGIDaemonProcess services user=www-data group=www-data home=/var/www/services threads=5 WSGIProcessGroup services WSGIScriptAlias / /var/www/services/application.wsgi </IfModule> </Virtualhost>

Secure XML Services link

Example configuration for a WSGI application providing phone XML services on port 6973, any port can be used. The certificate used needs to be included in ITLFile.tlv with the APP-SERVER role or verifiable via TVS. See Device Security for more information.

Listen 6973 <Virtualhost *:6973> # For <secureServicesURL>, <secureDirectoryURL> and <secureAuthenticationURL> DocumentRoot /var/www/services <Directory /var/www/services> Require all granted </Directory> <IfModule ssl_module> SSLEngine on SSLCertificateFile /etc/apache2/ssl-certs/apache.pem </IfModule> <IfModule wsgi_module> WSGIDaemonProcess services-ssl user=www-data group=www-data home=/var/www/services threads=5 WSGIProcessGroup services-ssl WSGIScriptAlias / /var/www/services/application.wsgi </IfModule> </Virtualhost>