Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Crazy Hack to Provision spa50x

Discussion in '3CX Phone System - General' started by DaveSD, Mar 24, 2018.

Thread Status:
Not open for further replies.
  1. DaveSD

    Joined:
    Mar 23, 2018
    Messages:
    17
    Likes Received:
    1
    For whatever the reason, the 3cx web server will not render an http page on win2012r2, the server responds with 403-forbidden. Using https... the 3cx web server renders fine:
    https://xxxx.ca.3cx.us:5001/provisioning/e23fe4rkay7i/2c86d210ebea.xml
    The problem is all the links in the xml document are to the http version so the phone cannot provision; dead links.

    Here is the hack: I took the output from the https provisioning xml for the mac, edited the xml updating http://xxxx.ca.3cx.us:5000... to https://xxxx.ca.3cx.us:5001... then had IIS render the new xml doc with the https referenced xml doc and the phone provisions as expected.

    Is there a way to get the 3cx webserver to gen the xml doc using https://xxxx.ca.3cx.us:5001 instead of http://xxx.ca.3cx.us:5000 -or- get the 3cx webserver to render http...

    Thanks much,

    ~Dave
     
  2. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    7,452
    Likes Received:
    541
    Hello @DaveSD

    Please note that the Nginx webserver will not allow http requests that originate from a remote location or if your IP range is not defined in RFC1918 for security reasons. As Cisco phone do not like https links they are only supported for local provisioning with Http.
     
  3. DaveSD

    Joined:
    Mar 23, 2018
    Messages:
    17
    Likes Received:
    1
    The solution for this is simple:

    in C:\Program Files\3CX Phone System\Bin\nginx\conf
    edit nginx.conf

    in the section:
    server {
    add_header X-Frame-Options "SAMEORIGIN";
    listen 5000;
    listen [::]:5000;
    server_name zuzu.ca.3cx.us;
    server_tokens off;

    access_log off;
    error_log nul crit;

    allow 192.168.0.0/16;
    allow 172.16.0.0/12;
    allow 10.0.0.0/8;
    allow 127.0.0.1;

    add your static IP's for your IP Addresses

    For our installation, we did not want the phone server inside our local network. The 3cx server has a static IP outside the local network. Agree or now, this is what we thought was best practice.
     
Thread Status:
Not open for further replies.