Changes in this guide include Asterisk 11 which requires at least FreePBX v2.11. Also cdr_mysql module has been deprecated so FreePBX 2.11 adds support for the ODBC method. This install guide adds configurations to enable the new method. You can continue to use the old method for as long as the cdr_mysql module is included in Asterisk and still functional. It's just no longer being maintained by the people at Asterisk. There are a lot of other little changes to this guide too numerous to mention.
Tested on CentOS 6.4
New dependency for Asterisk v11.5+
If upgrading from a previous version of Asterisk such as v11.4 you will need to install a new dependency otherwise
res_rtp_asterisk.so
module will not compile. This dependency has been added to the
required packages list below. This note has been added here in case you
are only recompiling a newer version of Asterisk and not installing
from scratch.
yum install libuuid-devel
Let's get started
If you are installing Linux from scratch using Anaconda via install CD select "basic server" group then proceed with the install. Skip down to the yum -y update part.Otherwise, it is assumed you already have a server with a base CentOS installation before you begin. Do NOT install a GUI such as Gnome or KDE. We only want to be running in console text mode not GUI graphics mode. If you already have a desktop or server GUI installed you will want to exit to console mode. You do that by typing init 3 from a terminal or console window. You will need to be logged in as root in order to do this so if not you can su root. All instructions in this guide are assuming you are always logged in as root.
Install Asterisk/FreePBX required packages, other useful packages, and their dependencies
yum -y update yum groupinstall core yum groupinstall base yum install gcc gcc-c++ wget bison mysql-devel mysql-server php \
php-mysql php-process php-pear php-mbstring tftp-server httpd make \
ncurses-devel libtermcap-devel sendmail sendmail-cf caching-nameserver \
sox newt-devel libxml2-devel libtiff-devel php-gd audiofile-devel gtk2-devel \
subversion nano kernel-devel selinux-policy sqlite-devel openssl-devel \
libuuid-devel tzdata
Install CDR ODBC required packages
yum install libtool-ltdl-devel unixODBC unixODBC-devel mysql-connector-odbc
Install optional packages
chan_gtalk
, chan_motif
, and res_xmpp
will not compile unless iksemel-devel
and it's dependencies are installed. For CentOS 6, iksemel is in the EPEL repository.rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
yum install iksemel-devel
Install pear DB
Don't worry about the warning message.
pear install db
Firewall
Check if the firewall (iptables) is enabled by default and if the RHEL v6 default configuration blocks the FreePBX web GUI. If you know what services/ports are required you can runsystem-config-firewall-tui
and configure the firewall as required.At a minimum, the following ports need to be opened:
TCP 80 (www)
TCP 4445 (Flash Operator Panel)
UDP 5060-5061 (SIP)
UDP 10,000 - 20,000 (RTP)
UDP 4569 (IAX)
Another option is to remove existing settings from the firewall and save.
iptables -P input accept
iptables -X
iptables -F
service iptables save
Alternatively, you can disable the firewall for now and prevent it from starting on reboot.service iptables stop
chkconfig iptables off
Selinux
Selinux is not required or recommended. This will create the required file if it does not already exist. If it already exists setSELINUX=disabled
.nano /etc/selinux/config
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted # SETLOCALDEFS= Check local definition changes SETLOCALDEFS=0Make sure selinux is turned off for this session
setenforce 0
TFTP
If you plan to use hardware SIP phones you will probably want to enable the tftp server.nano /etc/xinetd.d/tftp
change server_args = -s /var/lib/tftpboot
to
server_args = -s /tftpboot
change
disable=yes
to
disable=no
mkdir /tftpboot
chmod 777 /tftpboot
service xinetd restart
Set Timezone
Copy your timezone from this link or use tzselect
tzselect
System timezoneCreate a symbolic link to the appropriate timezone from
/etc/localtime
.Example:
ln -sf /usr/share/zoneinfo/America/Vancouver /etc/localtime
PHP Settings
PHP timezone (Optional)
If not set and using php v5.3+ (the version included with RHEL6) it will revert to the default timezone of the Operating System. FreePBX v2.9+ used to complain about this but FreePBX v2.11 does not seem to complain so I don't think this setting is necessary anymore and will not have any consequences.nano +946 /etc/php.ini
Uncomment (;) date.timezone =
and add your timezoneMemory Limit
The recommended setting is 128M otherwise you may get warnings in FreePBX.nano +457 /etc/php.ini
memory_limit = 128M
Restart apache for the changes to take effectservice httpd restart
Download and untar source files.
Get and install DAHDI
cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
tar zxvf dahdi-linux-complete*
cd /usr/src/dahdi-linux-complete*
make && make install && make config
Get FreePBX
Check if this is the latest released version.cd /usr/src wget http://mirror.freepbx.org/freepbx-2.11.0.tar.gz tar zxvf freepbx-2.11*
Get and Install Asterisk
Do NOT runmake samples
. If
you do it causes some problems you will have to clean up later on. If
you run make samples on an already running FreePBX system you are
upgrading it will break FreePBX. You will then have to manually change
back user/password in /etc/asterisk/manager.conf and probably some other
things to get it working again.cd /usr/src wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11-current.tar.gz tar zxvf asterisk-11-current.tar.gz cd /usr/src/asterisk-11*/ make clean && make distclean-------------------------------------
IMPORTANT 32 vs 64bit OS NOTE: Make sure to choose the correct version of the following command otherwise Asterisk v11 will not work properly even thought it may indicate it's running.
Use this ONLY for 32bit Operating Systems
./configure CFLAGS=-mtune=native && make menuselect
Use this ONLY for 64bit Operating Systems./configure CFLAGS=-mtune=native --libdir=/usr/lib64 && make menuselect
Asterisk v11 compiles with CFLAGS=-match=native
which appears to compile for CPU features that are not necessarily available on a virtual machine and can cause errors. CFLAGS=-mtune=native
appears to be more compatible across various configurations.If you want to be more precise and optimal for your cpu you can try
cat /proc/cpuinfo
Then find your cputype from the gcc cpu options manual.
And use
CFLAGS=-mtune=mycputype.
The downside is that it may not work if you move it to different hardware or if you are using a virtual machine.If none of those work try
CFLAGS=-mtune=generic
which is probably the least optimal but most compatible across different CPU types.---------------------------------------
Select
format_mp3
in addons
if you
are going to be doing anything with mp3 files. For backwards
compatibility and fall back in case ODBC doesn't work you may as well
install the deprecated cdr_mysql as well.FreePBX does not use Asterisk realtime but if you are thinking of using A2Billing then also select
res_config_mysql
. Select Core
and Extra
sounds. I suggest ulaw
as they sound better than gsm
especially if you are using ulaw as your default codec. I usually just check both. Then make sure to press the save
button afterwards.When you select
format_mp3
above as an addon you must run a script before going any further otherwise the install will fail../contrib/scripts/get_mp3_source.sh
You must also have subversion installed to run the above script and be in the root directory of the Asterisk source code.Now compile and install Asterisk. DO NOT run
make samples
even though the install script suggests you do. It will cause conflicts with FreePBX config files.make && make install
Create Asterisk user.adduser asterisk -M -d /var/lib/asterisk -s /sbin/nologin -c "Asterisk User"
Music on Hold
The Asterisk default moh directory is "/moh" and the Freepbx default moh directory is "/mohmp3". If we create a symbolic link everything is in one place and can still be found by both FreePBX and Asterisk.ln -s /var/lib/asterisk/moh /var/lib/asterisk/mohmp3
The recommended music on hold behaviour for Asterisk and Freepbx is to
only use wav files due to transcoding overhead and Asterisk stability
issues with mp3's. So we want to install mpg123 for converting uploaded
mp3's to wav automagically. If you won't be uploading mp3's or don't
want them converted then you probably don't need to install mpg123. If
not sure then install.cd /usr/src wget http://sourceforge.net/projects/mpg123/files/mpg123/1.15.4/mpg123-1.15.4.tar.bz2/download tar -xjvf mpg123-1.15* cd mpg123-1.15*/ ./configure && make && make installFreepbx php script cannot find mpg123 by default so we need to create a symbolic link.
ln -s /usr/local/bin/mpg123 /usr/bin/mpg123
Change Apache User
Change User apache and Group apache to User asterisk and Group asterisk.sed -i "s/User apache/User asterisk/" /etc/httpd/conf/httpd.conf
sed -i "s/Group apache/Group asterisk/" /etc/httpd/conf/httpd.conf
MySQL Setup
Before you can do anything to MySQL, you need to make sure it's running:NOTE: If running RHEL/CENTOS/SL 6 you may need to run this first.
mysql_install_db
Try without and see if it starts first.
service mysqld start
Initializing MySQL database: [ OK ]Starting MySQL: [ OK ]
Now, to configure the databases for freePBX:
Note: If mysql admin password is already configured, add "-p" after the command and enter password when asked. For example,
mysqladmin -p create asterisk
cd /usr/src/freepbx-2.11*/
mysqladmin create asterisk
mysqladmin create asteriskcdrdb
mysql asterisk < SQL/newinstall.sql
mysql asteriskcdrdb < SQL/cdr_mysql_table.sql
They also need to be secured. FreePBX will prompt you for a database
username/password when you do the install. You need to pick that now.
We'll assume that you've picked asteriskuser
and amp109
If you use these well know defaults and your server is not firewalled make sure to set bind-address = 127.0.0.1
further down in this procedure so that MySQL only listens to localhost.Security check: It's very important to check that
Allow Login With DB Credentials
is set to FALSE
in FreePBX Advanced Settings GUI. This is the default setting. If it were set to TRUE
and you were using the default credentials of asteriskuser
/amp109
and your FreePBX GUI were exposed to the internet (ie. the http port),
anyone could log into your FreePBX GUI as administrator using those
credentials.mysql
mysql> GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY 'amp109';
Query OK, 0 rows affected (0.00 sec)
mysql>
GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY 'amp109';
Query OK, 0 rows affected (0.00 sec)
mysql>
flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql>
\q
Bye
Now, after all of this, you need to pick a root 'mysql' password. We'll make it 'abcdef' just for this example. You should use a reasonably strong password. If you need to do anything else with mysql, you'll need to provide this password.
mysqladmin -u root password 'abcdef'
Install FreePBX
/usr/sbin/safe_asterisk cd /usr/src/freepbx-2.11*/IMPORTANT 64bit OS CHANGE For 64bit Operating systems and Asterisk v11 do the following. If you don't do this before running
install_amp
you can make 2 changes manually afterwards in /etc/asterisk/asterisk.conf
and in FreePBX advanced settings GUI as explained further down in this procedure:sed -i "s_/usr/lib_/usr/lib64_" asterisk.conf install_amp libfreepbx.install.php
Now run the FreePBX install script. Select all defaults for now by hitting the ENTER key at each prompt../install_amp
If you get any warnings or errors they're usually not traumatic.64bit OS Check: For 64bit Operating Systems and Asterisk v11 check that the following is true:
/etc/asterisk/asterisk.conf
contains astmoddir => /usr/lib64/asterisk/modules
and not astmoddir => /usr/lib/asterisk/modules
Default username is:
admin
Default pw is: admin
Or create your own which is the new default behaviour on FreePBX v1.11
set FreePBX to start on boot
echo /usr/local/sbin/amportal start >> /etc/rc.local
Enable Apache and MySQL to start on bootchkconfig httpd on
chkconfig mysqld on
Now reboot at which point you should be able to access FreePBX with your
web browser. The very first thing you need to do when you enter the FreePBX Admin GUI for the first time is Apply Configuration Changes
which
is a button or bar that shows up at the top of the GUI. This generates
all the *.conf files. It may also be necessary to reboot again or amportal restart
from command prompt.If you have pre-existing *.conf files in
/etc asterisk
because your ran make samples
or are upgrading from older versions of Asterisk/FreePBX you will get symlink fail
error messages in FreePBX system staus page. Just delete or rename those files. The next time you Apply Configuration Changes
in the FreePBX GUI the symlinks will be created and the errors should be gone.64bit OS Check:
If Asterisk v11 on 64bit go into FreePBX GUI>Advanced settings, enable
Display Readonly Settings
and Override Readonly Settings
. Make sure the Asterisk Modules Dir
setting is /usr/lib64/asterisk/modules
and NOT /usr/lib/asterisk/modules
.CDR ODBC
This is optional if you selected the deprecatedcdr_mysql
module in Asterisk menu at compile time. This is the new recommended
way of connecting to the CDR DB. Eventually this will be required when cdr_mysql
no longer works or is no longer included with Asterisk.nano /etc/odbc.ini
[MySQL-asteriskcdrdb]
Description = MySQL ODBC Driver
Driver = MySQL
Socket = /var/lib/mysql/mysql.sock
Server = localhost
Database = asteriskcdrdb
Option = 3
Test that the ODBC driver is working
odbcinst -s -q
should result in[MySQL-asteriskcdrdb]
Test that linux can connect to the DB
isql -v MySQL-asteriskcdrdb
should result in+---------------------------------------+
| Connected! |
| |
| sql-statement |
| help [tablename] |
| quit |
| |
+---------------------------------------+
SQL>
Type quit to exit
Lastly create or add the following so Asterisk can connect
nano /etc/asterisk/cdr_adaptive_odbc.conf
[first]
connection=asteriskcdrdb
table=cdr
alias start => calldate
-------------------------------------------------------------------------Misc. optional settings
Change the “upload_max_filesize” from 2M to 20M to allow larger music on hold filesRHEL 6.
nano +878 /etc/php.ini
Edit Apache web server for GUI access using a port other than 80:nano +134 /etc/httpd/conf/httpd.conf
change Listen 80
to Listen 8888
or whatever port you wantChange default Apache setting of AllowOverride None to All so that Apache obeys directives in .htaccess files which by default prevents viewing sensitive directories on Freepbx.
nano +338 /etc/httpd/conf/httpd.conf
AllowOverride All
And restart apache.service httpd restart
Instead of accessing FreePBX by http://xxx.xxx.xxx.xxx
You now access it by http://xxx.xxx.xxx.xxx:8888
Setup external sip extensions if going through NAT. Alternatively the new and improved way of doing this is using the
Asterisk SIP settings
modulenano /etc/asterisk/sip_nat.conf
nat=yes
externip= or
;externhost=yourdns.com
localnet=192.168.1.0/255.255.255.0
;change the above to whatever your local subnet is
externrefresh=10
When adding external SIP extensions in FreePBX, make sure to change the nat=no
default in the configuration to nat=yes
for the extension that will be external. Change that default globally in the Advanced Settings menu.Install FreePBX commercial module dependencies
If you want to install commercial modules you need zendguard and some additional dependencies found in schmoozecom commercial repo.Install schmoozecom repo
wget -P /etc/yum.repos.d/ -N http://yum.schmoozecom.net/schmooze-commercial/schmooze-commercial.repo
Install zendguard and commercial module dependencies.yum install php-5.3-zend-guard-loader incron prosody
Log Files Configuration
If you don't want to see a bunch of notices, warnings and errors each time you restart amportal from command line and you don't want your asterisk log files getting huge from constantly writing debug information do the following:nano /etc/asterisk/logger_logfiles_custom.conf
console =>
full => notice,warning,error
Also make sure freepbx debug logging is disabled in FreePBX GUI>Settings>Advanced Settings>Developer and Customization
logrotate setup
Set up configuration to rotate log files otherwise they get too big after a short while. Create the following file.nano /etc/logrotate.d/asterisk
Now add the following to make sure the asterisk log files are rotated weekly along with all the other log files./var/log/asterisk/messages /var/log/asterisk/*log /var/log/asterisk/full {
missingok
notifempty
sharedscripts
create 0640 asterisk asterisk
postrotate
/usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null
endscript
}
Do the same for freepbxnano /etc/logrotate.d/freepbx
/var/log/asterisk/freepbx_dbug /var/log/asterisk/freepbx_debug {
missingok
notifempty
sharedscripts
create 0640 asterisk asterisk
postrotate
/usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null
endscript
}
Configure voicemail to email templatenano etc/asterisk/vm_email.inc
Change the template to what you want the voicemail emails to look like. Check thathttp://ipaddress_of_Freepbx_server
is correctRoot alias
Edit/etc/aliases
file and add an email address to
forward ‘root’ messages to your personal email address. At the very
bottom you should see a commented example. Copy it and replace with
your email addressroot: some_email@somedomain.com
Then run/usr/bin/newaliases
after saving the file to rebuild the aliases database and have the change take effect.Test if you can receive emails via sendmail which we are assuming is installed and running as is standard on RHEL 5 and 6.
service sendmail status
sendmail is runningsm-client is running
echo testing | mail -s "test mail" root@localhostIf you get an email then you can stop here.
Replace Sendmail with Postfix (optional)
If you do not get an email because it is being blocked or filtered or you want to customize, you can replace sendmail with postfix which is generally easier to configure.yum install postfix
service sendmail stop
chkconfig sendmail off
chkconfig --add postfix
service postfix start
check if root alias email works or still worksecho testing | mail -s "test mail" root@localhostCustomize by editing or replacing /etc/postfix/main.cf. A sample file is shown below.
cp /etc/postfix/main.cf /etc/postfix/main.cf.original
nano /etc/postfix/main.cf
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8
home_mailbox = Maildir/
After editing reload the configuration.service postfix restart
MySQL performance tuning
This will reduce memory usage without affecting performance.nano /etc/my.cnf
[mysqld] . . . skip-innodbFrom command prompt:
service mysqld restart
MySQL security enhancement
This will prevent outside IP's from connecting to the MySQL portnano /etc/my.cnf
[mysqld] . . . bind-address = 127.0.0.1
Add Password Protection to Flash Operator Panel GUI
By default, flash operator panel GUI (/var/www/html/admin/modules/fw_fop
)
is visible to anyone who points a browser at your server unless port
4445 is blocked by a firewall. Here is one way to protect it.mkdir -p /usr/local/apache/passwd
htpasswd -c /usr/local/apache/passwd/wwwpasswd NewUserName
Apache will prompt you for a new password for the user name you've just indicatedNew password:
Apache will prompt you to retype your new password
Re-type new password:
Apache will then confirm the new user
Adding password for user NewUserName
Now you have to add the user name you've just created to the
httpd.conf
file. To edit that file in nano type:nano +587 /etc/httpd/conf/httpd.conf
Now do a CTRL-W to search for AuthUser
and you'll find the
area where all the users are listed (for example: "maint", your AMP
user). If you don't find any try around line 587 right after the
cgi-bin
Now add the following lines:
#Password protect the Flash Operator Panel Page /var/www/html/admin/modules/fw_fop
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require user NewUserName
To delete an Apache user, type in the following and then remove the user from the httpd.conf
file.htpasswd -D /usr/local/apache/passwd/wwwpasswd NewUserName
To change the password:htpasswd /usr/local/apache/passwd/wwwpasswd NewUserName
Then restart apache.service httpd restart
No comments:
Post a Comment