Running an ICE Telephony Gateway using TLS/SRTP

Admin Guide > Configuration > Managing ICE Gateway > Running an ICE Telephony Gateway using TLS/SRTP

Use the following code to create the SIP TLS Telephony Docker connection.

Prerequisite: Ensure you have completed all steps in Running an ICE Gateway in a Docker Container.

To deploy and run a Telephony Gateway

Use the commands below after replacing the highlighted <code> blocks with the data from the Required Gateway Deployment Data list (previous section).

Note: The GATEWAY_TLS_CERT_FILE_PATH is only required in support of TLS/SRTP. If you are setting -e GATEWAY_TLS_ENABLED= to N, then you may omit both of the GATEWAY_TLS_KEY_FILE_PATH lines as there is no cert file path needed.

Ensure you are in the working directory specified in the Organizing Directories section.

Ensure you replace the angle brackets <> as well as the text.

To run the Gateway

1. Copy and paste the following code into a text editor:

docker run --detach --restart always \

--net=host \

--name <gateway_type> \

-e ICE_GATEWAY_COAST='<coast>' \

-e ICE_GATEWAY_HOME='/home/gateway/ice' \

-e ICE_GATEWAY_PREFERRED_INTERFACE='<preferred_nic>' \

-e ICE_AGENT_CLIENT_BRIDGE='<server_address>' \

-e ICE_GATEWAY_GROUP_CODE='<group_code>' \

-e ICE_AGENT_API_KEY='<api_key>' \

-e ICE_GATEWAY='<gateway_type>' \

-e ICE_GATEWAY_TLS_ENABLED='<tls_enabled>' \

-e ICE_GATEWAY_TLS_CERT_FILE_PATH='<tls_cert_file_path>' \

-e ICE_GATEWAY_TLS_KEY_FILE_PATH='<tls_private_key_file_path>' \

--volume $(pwd):/home/gateway/ice/logs \

--volume $(pwd):/home/gateway/ice/agent/log \

instantconnect/gateway-<MARKETING_VERSION>:<build_number>

2. Replace the highlighted sections with the data from the Required Gateway Deployment Data list.

3. Paste and run the command.

Note: To manage, monitor, and stop an ICE Gateway, see Commanding and Monitoring an ICE Telephony Gateway.

As shown above, the values for the certFile and privKeyFile attributes are the files created in the Generating a Self-Signed Certificate File (.pem) section above using the OpenSL command tool. If a password was used while creating the certificate (private key) file, then that password should be set here in the password attribute.