<proxy>

USECALLMANAGER.nz

</proxy>

HTTP Provisioning and Services

HTTP is used by the phone to download its configuration, background image and ring-tone and also for providing XML services.

Provisioning

The phone will use HTTP to download files from port 6970 on the server specified as the tftp-server-name in the DHCP response first before falling-back to TFTP on failure. A sample tftpboot directory containing templates for SEPMAC.cnf.xml, Softkeys.xml, FeaturePolicy.xml, DialTemplate.xml, AppDialRules.xml, background images and ring-tones can be downloaded from the URL below.

file_download tftpboot-1.1.tar.gz (122K) event 16/08/2020 security SHA256:51e0524a74bdf135242c5555dd3f7bf056eae4f9f002139c29ed3dca324f5129.

Listen 6970 <Virtualhost *:6970> DocumentRoot /var/lib/tftpboot <Directory /var/lib/tftpboot> Options +FollowSymlinks Require all granted </Directory> </Virtualhost>

Secure Provisioning

If the ITLFile.tlv has a version of 1.1 the phone will use HTTPS to download SEPMAC.cnf.xml from port 6971 on the server before falling back to HTTP on failure. The SSL certificate used by server must use an EC (Elliptic Curve) key and be included in ITLFile.tlv with the tftp function.

While the phone requests its configuration file with a .sgn extension the response must contain an unsigned file. All remaining provisioning files like soft keys, dial template and ring-tones will be downloaded on port 6970 and must be signed with a certificate that uses an RSA key an be included in ITLFile.tlv with the tftp function. See Device Security for more information.

<Virtualhost *:6971> DocumentRoot /var/lib/tftpboot <Directory /var/lib/tftpboot> Options +FollowSymlinks Require all granted </Directory> <IfModule ssl_module> SSLEngine on # Must be a certificate that uses an EC key SSLCertificateFile /etc/apache2/ssl-certs/apache-ec.pem </IfModule> <IfModule rewrite_module> RewriteEngine on # Phone requests a .sgn file but actually wants an unsigned file RewriteRule ^/(SEP.+\.xml)\.sgn$ /$1 [last,nocase] </IfModule> </Virtualhost>

XML Services

Example configuration for a WSGI application providing phone XML services. There are two <VirtualHost> below, one for services using HTTP on 6972 and the other for secure services using HTTPS on 6973. Any ports can be used. See Phone Services for more information.

# For <servicesURL>, <directoryURL> and <authenticationURL> <Virtualhost *:6972> DocumentRoot /var/www/services <Directory /var/www/services> Require all granted </Directory> <IfModule wsgi_module> WSGIDaemonProcess services user=www-data group=www-data home=/var/www/services threads=5 WSGIProcessGroup services WSGIScriptAlias / /var/www/services/application.wsgi </IfModule> </Virtualhost> # For <secureServicesURL>, <secureDirectoryURL> and <secureAuthenticationURL> <Virtualhost *:6973> DocumentRoot /var/www/services <Directory /var/www/services> Require all granted </Directory> <IfModule ssl_module> SSLEngine on SSLCertificateFile /etc/apache2/ssl-certs/apache.pem </IfModule> <IfModule wsgi_module> WSGIDaemonProcess services-ssl user=www-data group=www-data home=/var/www/services threads=5 WSGIProcessGroup services-ssl WSGIScriptAlias / /var/www/services/application.wsgi </IfModule> </Virtualhost>