jssip、sipML5以wss方式通过Nginx wss代理连接FreeSwitch的ws端口

chrome浏览器需要https访问才能获取话筒及摄像头权限

如果是http，需要在浏览器地址栏输入chrome://flags，选择 Insecure origins treated as secure 项添加 你们的ip:端口

https需要wss进行websocket连接。这时有两个选择

• 一个是freeswitch 开通wss服务。
• 另一个是freeswitch侧保持不变，依然是5066的ws服务，用Nginx代理成wss

先在nginx 的http下配置如下：

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}
upstream freeswitch{
	server 10.0.8.23:5066  weight=10 max_fails=2 fail_timeout=6s;
}

再在配置一个server

server {
     listen 443 ssl; # 监听9000端口
    server_name    xxx.xxx.xxx.xxx;
    ssl_certificate /data/nginx/server.crt;  # 局域网里面需要证书的话用mkcert，很不错。
    ssl_certificate_key /data/nginx/server.key;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;
    ssl_verify_client off;
    add_header Access-Control-Allow-Origin *;
  
    location / {
        #添加wensocket代理
       proxy_pass https://freeswitch;  # websocket服务器。不用管 ws://
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_connect_timeout 1800s;  # 注意这3个设置避免前端wss 连接超60S没有通信自动端口
        proxy_send_timeout 1800s;
        proxy_read_timeout 1800s;
    }
}

还有一点就是，这边只是用nginx去代理wss，实际上送到freeswitch那边的还得是ws的标志，所以在

• jssip.xxx.js里查找SIP/2.0 后面直接写死加上WS

via = 'SIP/2.0/' + 'WS';//transport.via_transport;

• 如果是sipML5 则在XX\sipml5-master\src\tinySIP\src\transports\tsip_transport.js里找到以下代码

                this.s_scheme = "sips";
                this.s_protocol = "wss";
                this.s_via_protocol = "WSS";
                this.s_service = "SIPS+D2W";

修改为

                this.s_scheme = "sip";
                this.s_protocol = "ws";
                this.s_via_protocol = "WS";
                this.s_service = "SIP+D2W";

局域网生成证书可参考：使用mkcert工具生成受信任的本地SSL证书
生成证书也在使用的机器上安装。