Skip to main content

Network Port Settings

The ports page allows you to control which networking resources the system will utilize when communicating with the outside IP world. When specifying ports, list the ports that you may bind to, either specifying a port number or explicitly specifying the IP address and the port, separated by a colon (e.g., 192.168.1.2:8080). If you are binding to IPv6 addresses, you must put a square bracket around the IP address (e.g.,[2001:db8::4]:5060). If you are only specifying the port number, the system will bind to all IPv4 and IPv6 addresses on the system. If you want to bind only to IPv4 sockets, use the form 0.0.0.0:5060. If you want to bind only to IPv6 sockets, you can use [::]:5060. In general, you may bind to more than one socket; just separate the addresses by spaces. If you do not want to use the service, leave the field empty. If you change a port binding, you will need to restart the Vodia PBX service. We support the default SIP port.

HTTP (Hypertext Transfer Protocol)

These settings are located within Admin → Settings → Ports. The HTTP and HTTPS ports are used to communicate between the built-in web server and the web browser (the Vodia PBX does not rely on an external web server for its web interface). The HTTP port is used for insecure, but lightweight, communication. The HTTPS port is used for secure, but a bit more expensive, communication. If you cannot reach the system on any port, change the ip_http_port and ip_ https_port parameters in the global configuration file (the defaults are shown below). If you are running another service on your host or if you want to gain some additional security, you may change these ports to any other available port. The system will fail to start if it cannot bind to the port.

HTTP ports: The list of ports that the PBX shall set up for insecure web communications (seperated by space). The default HTTP port is 80.

(Need for HTTP)

Even when The system serves content using HTTPS, HTTP possibly still needs to be available for the renewal of the certificates or the provisioning of VoIP phones. In order to renew the certificate, the port must be 80 and it must be accessible from the whole internet.

HTTPS port: The list of ports that the PBX shall set up for secure web communications (seperated by space). The default HTTPS port is 443.

Redirect to HTTPS: In order to make sure that users use the secure HTTPS protocol, the PBX may ask the browser to switch to the secure protocol and provisions devices to use a secure connection. This works only if there is at least one HTTP socket available and accessible to the browser.

  • Automatic: The system will decide automatically. This is the default behavior. The algorithm is to check if the domain name in question is a FQDN and there is a certificate available for that domain name or a certificate for the system management address.
  • Off: This mode will disable the redirection.
  • On: This mode will force to use HTTPS without futher checking if there is a valid certificate or FQDN.

Use DNS names: This setting controls if the PBX should provision DNS names instead of IP addresses for provisioning phones and when creating links that point to the PBX. In automatic mode, the system will check if the domain name is a FQDN and then use that address when possible.

  • Automatic: The system will check if the tenant or the system has a valid DNS name and then decide if that address can be used.
  • Off: The system will always represent the PBX using an IP address.
  • On: The system will always represent the PBX using the DNS name of the tenant or when there is no tenant context, the system management address.

Strict-Transport-Security: This header (see Strict-Transport-Security) is used when the PBX sends content over a secure connection, especially when the browser is requesting a switch to HTTPS. The default is set a maximum age of 365 days.

Read content for global and domain files: This setting controls where the content for web-content is coming from.

  • Don't read from file system By default, the system will use only the content that is stored in the pbxctrl.dat file.
  • Read from file system When enabled, the system will first try to read content from the file system, and only if not available there, will read the content from the pbxctrl.dat file.
  • Attempt to read files from tenant-specific directory When this option is used, the system will first look for the tenant-specific file, and if that is not available, for the system-level file, and if that is not available from the pbxctrl.dat file.

The location for the files uses a three-tier approach. If there is a user context available, the system will try to read the path root/tenant/user/file, then root/tenant/file, then root/file with the following components:

  • root is pbxwebai by default, unless overridden by the --admin-dir command line option.
  • tenant is the primary DNS name for the tenant
  • user is the primary address for the user
  • file is the name of the file, e.g. welcome.htm.

SNMP (Simple Network Monitoring Protocol)

SNMP is used to poll the system for status information. The PBX supports only version 1 of the SNMP protocol based on UDP. The following settings are available:

SNMP port: The SNMP port setting defines the ports on which the system will listen for SNMP requests. The list must be separated by space and may include the IP address that the socket will be bound to. By default, the port is 161.

SNMP trusted addresses: This field lists the IP addresses that may send SNMP requests. The list is separated by space. If this setting is empty, the system will not accept any SNMP requests. Whenever a request is rejected, the system writes a log message. IPv4 and IPv6 addresses can be mixed. The PBX does not check the port numbers where the request comes from. This field does not support DNS addresses.

SNMP community: An SNMP community is the group to which devices and management stations running SNMP belong. If you would like to change the community, you can do so from the web interface. It does not require a restart of the service. SNMP default communities are private (write) and public (read). The system, by default, is set to "public".

Syslog port: The system can collect debugging information from VoIP phones using the syslog protocol (see the extension settings). The setting set the port that used on the PBX for collecting the information.

Number of syslog entries: When syslog is enabled on a device, this setting controls how many entries are kept in memory.

The available SNMP sensors are available on a seperate page .

TFTP (Trivial File Transfer Protocol)

The TFTP ports are used for provisioning purposes. Some SIP devices still use TFTP for automatic configuration, though most devices today use HTTP or HTTPS. In cloud installations TFTP is usually useless because it does work with devices behind NAT.

TFTP port: The TFTP port is on port 69 by default. If your machine has multiple network interface controllers (NICs), you may specify the IP address port to bind only to that port.

Allow TFTP write: Some devices write log files using TFTP, and this can be enabled with this feature; however, this feature makes it possible for users to write files that affect other devices, and this may introduce system instability and security concerns. Per the example above, you can also bind to a private IP address, which will make it more secure.

FTP (File Transfer Protocol)

Like with TFTP, there are some devices that require FTP to retrieve the configuration from the PBX. For example it is required for zero-touch Polycom device provisioning in the LAN. Like with the TFTP port it is recommended to close this port unless you need it, especially when operating the PBX on a public IP address.

FTP port: The FTP port is on port 21 by default. If your machine has multiple network interface controllers (NICs), you may specify the IP address port to bind only to that port.

NTP (Network Time Protocol)

When provisioning phones, the PBX must tell the phone where they can get their time from. The PBX includes a simple NTP server that can be used for this purpose; but the PBX can also provision the address of an external server. When using a local NTP server you need to make sure that the local PBX server has the correct time.

NTP Port: The port for the internal NTP server. By default, NTP uses port 123. If the setting is empty, the PBX will not open a NTP port and provision the address of the NTP server.

NTP Server: This setting contains the address of an external NTP server that should be provisioned. This can be a numeric IP address, but it can also be a DNS address.

LDAP (Lightweight Directory Access Protocol)

Many VoIP phones use the LDAP protocol to access the PBX address book. The PBX has a built-in LDAP server. The PBX will automatically provision those phones that use the ldap with the right address for accessing the LDAP server. Because there are many scanners searching for vulnerable Windows server LDAP ports, the default port setting for LDAP is a non-standard port. This is important if you manually set up LDAP.

LDAP Port (TCP, StartTLS): The port for the unencrypted LDAP server. As with the HTTP ports, you may specify multiple ports and bind to IPv4 and IPv6 addresses. The PBX supports the StartTLS command for LDAP, so that phones can start using the insecure LDAP and then switch protocols to TLS.

LDAP Port (TLS): Those devices that start with encrypted LDAP right from the beginning can use that port.

TCP Ports

Most of the ports of the PBX are using TCP. In order to deal with denial of service attacks, the PBX applies limits to opening ports:

Maximum number of HTTP connections per second: The PBX limits the number of connections that it accepts per second. This ensures that the PBX does not get flooded with too many HTTP or HTTPS requests, which might consume too much CPU and memory resources for a stable PBX operations. This setting controls how many of those connected are accepted per second.

Maximum number of HTTP connections (total): Similar to the previous setting, the PBX also limits the absolute number of HTTP connections that is may keep open at a time. Again, this is to make sure that the PBX does not run out of resources.