G

GoPBXProduction Infrastructure Specification

Australian Hosted PBX Platform

Multi-tenant SIP infrastructure built to scale — 3,000 extensions · 800 tenants · 100 concurrent calls

3,000

Extensions

800

Tenants

100

Concurrent Calls

Production Topology

Coordinator VPS149.28.188.104 · Sydney

Kamailio 5.8 — primary SIP proxy / registrar
RTPEngine — host network, NAT traversal
PostgreSQL 16 — primary, WAL streaming enabled
pgBouncer — transaction mode, 40 pool / 500 clients
Redis 7 — sessions, rate limits, dialog sync
GoPBX API — Go/Gin, JWT, Vultr provisioner
Nginx + Let's Encrypt — HTTPS termination
Prometheus + Grafana + node/postgres/redis exporters

Secondary Kamailio VPSMelbourne · HA standby

Kamailio 5.8 — identical config to primary
Keepalived VRRP + Vultr Floating IP failover
Floating IP 103.43.75.51 → sip.gopbx.au
Automatic failover via Vultr API (~3 s)

Postgres Replica VPS

Streaming replica of coordinator Postgres
Promoted manually on primary failure

FreeSWITCH NodesAuto-provisioned Vultr VMs · separate from coordinator

FreeSWITCH only — no shared services
Bootstrapped via cloud-init (no git clone)
Self-registers to API on boot

SRTP optional (AES-128-CM / SHA1-80 & 32)
xml_curl for per-tenant config
event_socket for API control plane

Per-tenant call limits via limit app
Reads X-GoPBX-MaxCalls from Kamailio
Dispatcher set ID per tenant (sharding)

Docker Network — 172.28.0.0/24

IP	Service	Port	Notes
172.28.0.10	PostgreSQL 16	5432	WAL enabled, max_connections=100, shared_buffers=1 GB
172.28.0.11	Redis 7	6379	512 MB allkeys-lru
172.28.0.12	pgBouncer	5432	Transaction mode, 40 pool, 500 clients
172.28.0.13	Nginx	80 / 443	HTTPS termination, /grafana/ proxy, SSE buffering off
172.28.0.15	Kamailio 5.8	5060 / 5061	SIP UDP+TCP, TLS on :5061, XMLRPC :8080
172.28.0.30	GoPBX API	8080	Go/Gin, JWT, Vultr provisioner
172.28.0.40	Prometheus	9090	30-day retention
172.28.0.41	Grafana	3000	Served at /grafana/
172.28.0.42	node-exporter	9100	Host metrics
172.28.0.43	postgres-exporter	9187
172.28.0.44	redis-exporter	9121
host	RTPEngine	2223 (ng) · 16384–32768/udp (RTP)	Host network — binds public IP directly

SIP, TLS & Media

SIP Proxy (Kamailio)

SIP UDP+TCP on :5060
SIP TLS on :5061 — auto self-signed cert
auth_db — credentials in PostgreSQL
Dispatcher sharding per tenant set ID
pike flood protection
RTPEngine for NAT (ng at 172.28.0.1:2223)
X-GoPBX-MaxCalls stamped per tenant

Media (RTPEngine)

Host network — binds public IP directly
RTP port range: 16384–32768/udp
ng control protocol on :2223
SRTP optional (AES-128-CM/SHA1-80 & 32)
rtpengine_manage() called on INVITE/BYE

HTTPS (Nginx + certbot)

api.gopbx.au → GoPBX API :8080
api.gopbx.au/grafana/ → Grafana :3000
HTTP :80 → HTTPS redirect
Let's Encrypt via certbot sidecar
SSE buffering disabled for streaming endpoints

High Availability

Kamailio HA (Keepalived + Vultr)

Primary: Sydney coordinator VPS
Backup: Melbourne secondary VPS
VRRP virtual IP = Vultr Floating IP 103.43.75.51
sip.gopbx.au → floating IP (SRV records)
notify_master triggers vultr-failover.sh
Vultr API moves floating IP to the winner
Failover time: ~3 s VRRP dead interval

Postgres HA (streaming replica)

wal_level=replica, max_wal_senders=3
wal_keep_size=256 MB
Replica on separate Vultr VM
pg_basebackup bootstrap via setup-replica.sh
Promotion is manual (pg_ctl promote)

DNS (gopbx.au)

Record	Type	Value
api.gopbx.au	A	149.28.188.104
sip.gopbx.au	A	103.43.75.51 (floating IP)
_sip._udp.gopbx.au	SRV	10 10 5060 sip.gopbx.au
_sip._tcp.gopbx.au	SRV	10 10 5060 sip.gopbx.au
_sips._tcp.gopbx.au	SRV	10 10 5061 sip.gopbx.au

Firewall (UFW)

Port	Purpose
22/tcp	SSH
80/tcp	HTTP → HTTPS redirect / certbot challenge
443/tcp	HTTPS — API, Grafana
5060/udp+tcp	SIP
5061/tcp	SIP TLS
2223/udp	RTPEngine ng control
16384–32768/udp	RTP media

Expansion Roadmap

AUlive

Sydney coordinator · Melbourne HA Kamailio · Postgres replica

NZplanned

Replicate AU stack

UKplanned

London coordinator

USplanned

US-East coordinator

Admin Portal Tenant Portal