Differences

This shows you the differences between two versions of the page.

--- voice:pbx:freepbx_scratch [2012/06/04 12:11]
gcooper
+++ — (current)
@@ Line 1: / Line 1: @@
-====== Build a PBX from Scratch Using CentOS 6, Asterisk and FreePBX ======
-http://www.powerpbx.org/content/rhel-asterisk-freepbx-install-guide-rhel-v6-asterisk-v18-freepbx-v29
-===== Minimal CentOS 6 Install =====
-Do a [[computing:linux:minimal_centos_install|Minimal Install]] of Centos 6.
-After the reboot:
-<file>
-yum update -y
-</file>
-then reboot again.
-===== XenServer Tools =====
-If installing on XenServer (skip otherwise):
-  - Mount the XenServer Tools virtual CD into the VM
-  - <file>mount /dev/xvdd /mnt/</file>
-  - <file>/mnt/Linux/install.sh</file>
-  - <file>reboot</file>
-===== Install Prerequisites =====
-<file>
-yum -y groupinstall base core
-yum -y install gcc gcc-c++ wget bison mysql-devel mysql-server php php-mysql php-pear php-pear-DB php-mbstring php-process nano tftp-server httpd make ncurses-devel libtermcap-devel sendmail sendmail-cf caching-nameserver sox newt-devel libxml2-devel libtiff-devel php-gd audiofile-devel gtk2-devel subversion nano kernel-devel
-yum clean all
-</file>
-===== Firewall =====
-Disable the built-in firewall for now.  We assume your PBX is in a protected, private environment.
-:!: See Security section below.
-<file>
-service iptables stop
-chkconfig iptables off
-service ip6tables stop
-chkconfig ip6tables off
-</file>
-===== selinux =====
-Disable selinux:
-<file>
-vim /etc/selinux/config
-SELINUX=disabled
-</file>
-<file>
-setenforce 0
-</file>
-===== Time Zone =====
-http://www.php.net/manual/en/timezones.php
-<file>
-ln -sf /usr/share/zoneinfo/America/Phoenix /etc/localtime
-</file>
-===== PHP Settings =====
-==== Time Zone ====
-<file>
-vim -c 946 /etc/php.ini
-</file>
-Uncomment and set PHP timezone:
-<file>
-date.timezone = America/Phoenix
-</file>
-==== Upload File Size ====
-<file>
-vim -c 878 /etc/php.ini
-upload_max_filesize = 20M
-</file>
-===== Install PBX Software =====
-==== Asterisk v1.8 ====
-<file>
-wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.8-current.tar.gz
-tar zxvf asterisk-1.8-current.tar.gz
-cd /usr/src/asterisk-1.8*
-make clean
-./configure && make menuselect
-</file>
-Select all addons.  I believe these are all needed or recommended for FreePBX.  Select base and addon sounds.  I suggest ulaw as they sound better than gsm especially if you are using ulaw as your default codec.  I usually just check both.  Then make sure to press the "save" button afterwards.
-:!: If upgrading Asterisk on an already running FreePBX system do NOT run make samples.
-<file>
-make && make install && make samples
-</file>
-Create an 'asterisk' user.  The user may already exist but this won't hurt:
-<file>
-useradd -c "Asterisk PBX" -d /var/lib/asterisk asterisk
-</file>
-The following directory may already exist but just to make sure:
-<file>
-mkdir /var/run/asterisk
-</file>
-Set ownership of various folders:
-<file>
-chown -R asterisk /var/run/asterisk
-chown -R asterisk /var/log/asterisk
-chown -R asterisk /var/lib/asterisk/moh
-chown -R asterisk /var/lib/php/session
-</file>
-Adjust the manager interface username and password:
-<file>
-vim /etc/asterisk/manager.conf
-</file>
-Add a stanza like:
-<file>
-[admin]
-secret = your-manager-password
-deny=0.0.0.0/0.0.0.0
-permit=127.0.0.1/255.255.255.0
-read = system,call,log,verbose,command,agent,user
-write = system,call,log,verbose,command,agent,user
-</file>
-==== Music on Hold ====
-Here we create a symbolic link so that both FreePBX and Asterisk will find and store MOH files in the same place:
-<file>
-ln -s /var/lib/asterisk/moh /var/lib/asterisk/mohmp3
-</file>
-Asterisk and FreePBX now only use .wav files for MOH so install mpg123 for converting uploaded mp3's to wav's:
-<file>
-cd /usr/src
-wget http://sourceforge.net/projects/mpg123/files/mpg123/1.13.4/mpg123-1.13.4.tar.bz2/download
-tar -xjvf mpg123-1.13.4.tar.bz2
-cd mpg123-1.13.4
-./configure && make && make install
-ln -s /usr/local/bin/mpg123 /usr/bin/mpg123
-</file>
-==== Web Server ====
-Here we set the web server to run as the user 'asterisk' and group 'asterisk'.
-<file>
-sed -i "s/User apache/User asterisk/" /etc/httpd/conf/httpd.conf
-sed -i "s/Group apache/Group asterisk/" /etc/httpd/conf/httpd.conf
-</file>
-==== MySQL Configuration ====
-=== Start MySQL ===
-<file>
-service mysqld start
-</file>
-=== Create Databases and Tables ===
-<file>
-cd /usr/src/freepbx-2.10.0                       # adjust version if necessary
-mysqladmin create asterisk
-mysqladmin create asteriskcdrdb
-mysql asterisk < SQL/newinstall.sql
-mysql asteriskcdrdb < SQL/cdr_mysql_table.sql
-</file>
-=== Configure MySQL Security ===
-<file>
-mysql
-</file>
-Run these MySQL commands and adjust for your own password:
-<file>
-GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY 'your-password';
-GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY 'your-password';
-flush privileges;
-exit
-</file>
-Finally, we set the MySQL root password.  **Don't forget it!**
-<file>
-mysqladmin -u root password 'your-mysql-root-password'
-</file>
-==== Install FreePBX ====
-Get the latest released version.
-<file>
-cd /usr/src
-wget http://mirror.freepbx.org/freepbx-2.10.0.tar.gz     # adjust version if necessary
-tar zxvf freepbx-2.10.0.tar.gz
-</file>
-:!: MySQL should still be running...
-Start asterisk.  You can ignore warnings, errors, and notices for now:
-<file>
-/usr/sbin/safe_asterisk
-cd /usr/src/freepbx-2.10.0
-./install_amp
-</file>
-You will be asked various questions which will be used to populate /etc/amportal.conf.
-Use the defaults, mostly, but change:
-^Variable^Value^
-|AMPMGRUSER|admin|
-|AMPMGRPASS|password you set when editing manager.conf above|
-|AMPDBPASS|password you chose when configuring MySQL security above|
-|AMPWEBADDRESS|the IP address of your PBX|
-Now we delete a few configuration files that may interfere with FreePBX:
-<file>
-rm -f /etc/asterisk/{sip_notify.conf,iax.conf,logger.conf,features.conf,sip.conf,extensions.conf,ccss.conf,chan_dahdi.conf}
-</file>
-==== MySQL CDR Configuration ====
-<file>
-vim /etc/asterisk/cdr_mysql.conf
-loguniqueid=yes             # add to [Global] section which you may need to also un-comment
-</file>
-==== Log Rotation ====
-<file>
-cat << EOF >> /etc/logrotate.d/asterisk
-/var/log/asterisk/messages /var/log/asterisk/*log /var/log/asterisk/full {
-   missingok
-   notifempty
-   sharedscripts
-   create 0640 asterisk asterisk
-   postrotate
-   /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null
-   endscript
-}
-EOF
-kill -HUP $(pidof rsyslogd)
-</file>
-==== Services Startup ====
-Enable Apache, MySQL and FreePBX to autostart on boot:
-<file>
-chkconfig httpd on
-chkconfig mysqld on
-echo /usr/local/sbin/amportal start >> /etc/rc.local
-</file>
-:!: Reboot now!
-===== Using FreePBX =====
-:!: Before using FreePBX, you have to visit the configuration page at: http://IP.of.PBX
-:!: Click "Apply Configuration Changes"
-:!: Reboot again
-==== Defailt Credentials ====
-^Function^Username^Password^Comment^
-|FreePBX|admin|admin| |
-|Voicemail & Recordings (ARI)|<none>|<none>|Use the FreePBX admin console to enable|
-==== Configuration ====
-The FreePBX administration console: http://IP.of.PBX
-=== Enable ARI Administration ===
-//FreePBX -> Settings -> Advanced System Setup ->//
-  * User Portal Admin Username -> your-ari-admin-username
-  * User Portal Admin Password -> your-ari-admin-password
-Save each change and click Apply Configuration.
-:!: See **[[voice:pbx:freepbx_config|FreePBX Configuration]]** and **[[voice:pbx:gene_home_pbx|Family Cooper iPBX]]**.
-===== Security =====
-==== Firewall ====
-The following ports may need to be opened:
-^Protocol^Ports^Description^
-|TCP|80|HTTP|
-|TCP|443|HTTPS|
-|TCP|4445|Flash Operator Panel|
-|UDP|5060-5061|SIP|
-|UDP|10000-20000|RTP|
-|UDP|4569|IAX|
-Firewall options:
-=== iptables ===
-<file>
-system-config-firewall-tui
-</file>
-=== Arno's Firewall ===
-**[[networking:firewall:arno_s_firewall|Arno's Firewall]]**
-==== Fail2Ban ====
-See **[[networking:linux:fail2ban|Fail2Ban]]**.
-<file>
-cat << EOF >> /etc/fail2ban/fail2ban.local
-# Fail2Ban local configuration file
-#
-# This file overrides the fail2ban.conf file
-[Definition]
-logtarget = /var/log/fail2ban.log
-EOF
-cat << EOF >> /etc/fail2ban/jail.local
-# Fail2Ban local configuration file
-#
-# This file overrides the jail.conf file
-[DEFAULT]
-ignoreip = 127.0.0.1 209.193.64.0/24 70.176.57.141
-bantime  = 600
-findtime  = 600
-maxretry = 3
-backend = auto
-[asterisk-iptables]
-enabled  = true
-filter   = asterisk
-action   = iptables-allports[name=SIP, protocol=all]
-#           sendmail-whois[name=SIP, dest=none@yourpbx.com, sender=none@yourpbx.com]
-logpath  = /var/log/asterisk/fail2ban
-maxretry = 5
-bantime = 600
-[ssh-iptables]
-enabled  = true
-filter   = sshd
-action   = iptables[name=SSH, port=ssh, protocol=tcp]
-#           sendmail-whois[name=SSH, dest=none@yourpbx.com, sender=none@yourpbx.com]
-logpath  = /var/log/secure
-maxretry = 3
-[apache-tcpwrapper]
-enabled  = true
-filter   = apache-auth
-action   = iptables-allports[name=PBX-GUI, port=http, protocol=tcp]
-#           sendmail-whois[name=PBX-GUI, dest=none@yourpbx.com, sender=none@yourpbx.com]
-logpath  = /var/log/httpd/error_log
-maxretry = 3
-[vsftpd-iptables]
-enabled  = true
-filter   = vsftpd
-action   = iptables[name=FTP, port=ftp, protocol=tcp]
-#           sendmail-whois[name=FTP, dest=none@yourpbx.com, sender=none@yourpbx.com]
-logpath  = /var/log/vsftpd.log
-maxretry = 3
-bantime  = 600
-[apache-badbots]
-enabled  = true
-filter   = apache-badbots
-action   = iptables-multiport[name=BadBots, port="http,https"]
-#           sendmail-whois[name=PBX GUI, dest=none@yourpbx.com, sender=none@yourpbx.com]
-logpath  = /var/log/httpd/*access_log
-bantime  = 600
-maxretry = 1
-EOF
-cat << EOF >> /etc/fail2ban/filter.d/asterisk.conf
-# Fail2Ban configuration file
-#
-# Asterisk Filter - /etc/fail2ban/filter.d/asterisk.conf
-[INCLUDES]
-# Read common prefixes. If any customizations available -- read them from
-# common.local
-#before = common.conf
-[Definition]
-#_daemon = asterisk
-# Option:  failregex
-# Notes.:  regex to match the password failures messages in the logfile. The
-#          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
-# Values:  TEXT
-#
-failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
-	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found
-	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL
-	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch
-	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register
-	    NOTICE.* <HOST> failed to authenticate as '.*'$
-	    NOTICE.* .*: No registration for peer '.*' (from <HOST>)
-	    NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
-	    VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')
-# Option:  ignoreregex
-# Notes.:  regex to ignore. If this regex matches, the line is ignored.
-# Values:  TEXT
-#
-ignoreregex =
-EOF
-service fail2ban restart
-</file>
-===== Troubleshooting =====
-==== Asterisk Manager Interface ====
-Verify that the username and password in /etc/asterisk/manager.conf and /etc/amportal.conf match.
-http://www.freepbx.org/support/documentation/faq/changing-the-asterisk-manager-password
-==== Pear DB ====
-If you see an error during FreePBX installation like:
-<file>
-Checking for PEAR DB..FAILED
-</file>
-try:
-<file>
-pear install DB
-</file>
-then re-run:
-<file>
-./install_amp
-</file>
-==== Remote Extensions ====
-:!: If you enable remote access to your PBX, **secure it!**
-:!: NAT is a real hurdle for SIP.  The best way to deal with NAT issues is to not use NAT if at all possible.  NAT on both ends may not be worth attempting if using SIP, it's just not a NAT-friendly protocol like IAX.
-=== IAX Protocol ===
-:!: Using phones with IAX protocol support is a good alternative if the PBX is behind NAT.
-:!: IAX protocol is pretty much Asterisk-specific.
-If your PBX is behind NAT, forward the single UDP port 4569 from your NAT firewall in to the PBX.
-=== SIP Protocol ===
-http://www.freepbx.org/support/documentation/howtos/howto-setup-a-remote-sip-extension
-If your PBX is behind NAT and you'd still like to try getting remote SIP extensions to work:
-<file>
-vim /etc/asterisk/sip_nat.conf
-localnet=192.168.1.0/255.255.255.0      #your local network
-externhost=your.fqdn.hostname           #your resolvable host name
-fromdomain=your.fqdn.domain.name        #your domain mane
-nat=yes
-qualify=yes
-externrefresh=10
-canreinvite=no
-asterisk -rx reload                     #reload Asterisk configuration
-</file>
-==== PHP Memory Limit ====
-This should be the default:
-<file>
-vim -c 457 /etc/php.ini
-</file>
-<file>
-memory_limit = 128M
-</file>
-==== Re-Install Just FreePBX ====
-<file>
-amportal stop
-rm -f /etc/asterisk/{sip_notify.conf,iax.conf,logger.conf,features.conf,sip.conf,extensions.conf,ccss.conf,chan_dahdi.conf}
-/usr/sbin/safe_asterisk
-cd /usr/src/freepbx-2.10.0
-./install_amp
-</file>
-Visit the configuration page at: http://IP.of.PBX
-Click “Apply Settings”
-Reboot

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools