Asterisk Freepbx Install Guide (CentOS v6, Asterisk v13, Freepbx v12)
This guide covers the installation of Asterisk® from source on CentOS. Changes in this guide compared to previous guides include the use of Asterisk v12 & v13, Freepbx v12, and the addition of the pjsip library.
Tested on:
CentOS v6 32 bit & 64 bit
Asterisk v12 & v13
Freepbx v12
Assumptions:
Console text mode (init 3)
Installation done as root user (#)
Install Prerequisites
Ensure all required packages are installed.
yum -y update && yum -y groupinstall core && yum -y groupinstall base && yum -y install epel-release
yum -y install automake gcc gcc-c++ ncurses-devel openssl-devel libxml2-devel unixODBC-devel libcurl-devel libogg-devel libvorbis-devel speex-devel spandsp-devel freetds-devel net-snmp-devel iksemel-devel corosynclib-devel newt-devel popt-devel libtool-ltdl-devel lua-devel sqlite-devel radiusclient-ng-devel portaudio-devel libresample-devel neon-devel libical-devel openldap-devel gmime-devel mysql-devel bluez-libs-devel jack-audio-connection-kit-devel gsm-devel libedit-devel libuuid-devel jansson-devel libsrtp-devel git subversion libxslt-devel kernel-devel audiofile-devel gtk2-devel libtiff-devel libtermcap-devel bison php php-mysql php-process php-pear php-mbstring php-xml php-gd tftp-server httpd sox tzdata mysql-connector-odbc mysql-server fail2ban xmlstarlet
Disable firewall
The following commands save any running firewall rules, flush the rules from running memory, and prevent rules from loading on boot.
service iptables save service iptables stop chkconfig iptables off
After completing the entire procedure we can load the firewall rules again by running service iptables start
and have them load on boot by running chkconfig iptables on
.
Disable Selinux
Check status
sestatus
If not disabled edit /etc/selinux/config
and reboot
SELINUX=disabled
Reboot
To ensure any changes/additions up until now such as updated kernel, selinux disable, email etc. are active.
reboot
Set Timezone
Enable ntpd to syncronize time with public time servers so that it is always exactly correct.
chkconfig ntpd on service ntpd start
Copy timezone from this link or use tzselect.
tzselect
Example:
ln -sf /usr/share/zoneinfo/America/Vancouver /etc/localtime
nano /etc/sysconfig/clock
ZONE="America/Vancouver" UTC=false ARC=false
Download and install source files
DAHDI
Only required if using a physical server and installing telecom hardware.
cd /usr/src wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz tar zxvf dahdi-linux-complete* cd /usr/src/dahdi-linux-complete*/ make && make install && make config service dahdi start
PJSIP
cd /usr/src wget http://www.pjsip.org/release/2.4.5/pjproject-2.4.5.tar.bz2 tar -xjvf pjproject-2.4.5* cd /usr/src/pjproject-2.4.5*/ #If this is a new source install the following command won't do anything make distclean
# libdir will be automatically selected # /usr/lib for 32bit OS # /usr/lib64 for 64bit OS ARCH=$(getconf LONG_BIT | grep "64") ./configure --prefix=/usr --libdir=/usr/lib${ARCH} --enable-shared --disable-sound --disable-resample \ --disable-video --disable-opencore-amr CFLAGS='-O2 -DNDEBUG'
make uninstall && make dep && make && make install && ldconfig
ldconfig -p | grep pj
which should show several linked *.so files in /usr/lib or /usr/lib64 depending on OS architecture.Asterisk
cd /usr/src wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz tar zxvf asterisk-13-current.tar.gz cd /usr/src/asterisk-13*/ make distclean
ARCH=$(getconf LONG_BIT | grep "64") ./configure --libdir=/usr/lib${ARCH}
To verify type nano -v config.log
.
cd /usr/src/asterisk-13*/ make menuselect.makeopts #To select compile options manually run make menuselect instead of the following command #To list command line options run menuselect/menuselect --list-options #If Asterisk fails to run on a virtual machine try add "--disable BUILD_NATIVE" #To add asterisk realtime for applications such as A2billing add "--enable res_config_mysql" menuselect/menuselect --enable cdr_mysql --enable EXTRA-SOUNDS-EN-GSM menuselect.makeopts
Create Asterisk user, compile, install, and set ownership.
adduser asterisk -M -d /var/lib/asterisk -s /sbin/nologin -c "Asterisk User" make && make install && chown -R asterisk. /var/lib/asterisk
Freepbx GUI
pear install db-1.7.14
VERSION=12.0 USERNAME=asteriskuser PASSWORD=amp109 service mysqld start mysqladmin create asterisk mysqladmin create asteriskcdrdb mysql -e "GRANT ALL PRIVILEGES ON asterisk.* TO $USERNAME@localhost IDENTIFIED BY '$PASSWORD';" mysql -e "GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO $USERNAME@localhost IDENTIFIED BY '$PASSWORD';" mysql -e "flush privileges;" cd /usr/src git clone -b release/$VERSION https://github.com/FreePBX/framework.git freepbx cd /usr/src/freepbx ./start_asterisk start mv /var/www/html /var/www/html_orig ./install_amp --installdb --skip-module-install --username $USERNAME --password $PASSWORD # Press ENTER for all the questions including the incorrect IP address.
Do not be concerned by the warning messages.
# Minimal module install amportal a ma upgrade framework amportal a ma upgrade core amportal a ma upgrade voicemail amportal a ma upgrade sipsettings amportal a ma upgrade infoservices amportal a ma upgrade featurecodeadmin amportal a ma upgrade logfiles amportal a ma upgrade callrecording amportal a ma upgrade cdr amportal a ma upgrade dashboard # Optionally install all standard modules amportal a ma upgrade manager amportal a ma installall
amportal restart amportal a reload amportal chown
If the GUI complains about problems with the framework module or a missing /usr/sbin/amportal file try amportal a ma delete framework
followed by amportal a ma upgrade framework
.
Post install tasks are mandatory.
Post-install tasks
Setting a mysql root password is recommended.
MYSQL_ROOT_PW=abcdef mysqladmin -u root password "$MYSQL_ROOT_PW"
You will need to provide this password for any further mysql configuration. So instead of using mysql
and mysqladmin
use mysql -p
and mysqladmin -p
.
Change webserver default user and group from apache to asterisk.
sed -i 's/User apache/User asterisk/' /etc/httpd/conf/httpd.conf sed -i 's/Group apache/Group asterisk/' /etc/httpd/conf/httpd.conf
Enable .htaccess files to protect sensitive webserver directories.
sed -i ':a;N;$!ba;s/AllowOverride None/AllowOverride All/2' /etc/httpd/conf/httpd.conf
Prevent external MySQL access.
sed -i '2i bind-address=127.0.0.1' /etc/my.cnf
Set mysql and http servers to start on boot.
chkconfig mysqld on chkconfig httpd on
Change default “upload_max_filesize” to 20M to allow larger music on hold files.
sed -i 's/upload_max_filesize = .*/upload_max_filesize = 20M/' /etc/php.ini
Set Freepbx to start on boot.
echo '/usr/local/sbin/amportal start' >> /etc/rc.local
Finally reboot for all changes to take effect.
reboot
Optional
Log File Rotation
If this is not done the log files will keep growing indefinitely.
nano /etc/logrotate.d/asterisk
/var/log/asterisk/queue_log /var/spool/mail/asterisk /var/log/asterisk/freepbx_debug.log /var/log/asterisk/messages /var/log/asterisk/event_log /var/log/asterisk/full /var/log/asterisk/dtmf /var/log/asterisk/fail2ban { weekly missingok rotate 5 #compress notifempty sharedscripts create 0640 asterisk asterisk postrotate /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null || true endscript }
TFTP
If you plan to use hardware SIP phones you will probably want to set up the tftpboot
directory and enable the tftp server.
yum -y install tftp-server nano /etc/xinetd.d/tftp
change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot
change disable=yes
to disable=no
mkdir /tftpboot chmod 777 /tftpboot service xinetd restart
MPG123
This is used in combination with sox
to convert uploaded mp3 music on hold files to Asterisk compatible wav files.
cd /usr/src wget http://ufpr.dl.sourceforge.net/project/mpg123/mpg123/1.21.0/mpg123-1.21.0.tar.bz2 tar -xjvf mpg123* cd mpg123*/ ARCH=$(getconf LONG_BIT | grep "64") ./configure --prefix=/usr --libdir=/usr/lib${ARCH} && make && make install && ldconfig
Digum addons
To register digium® licenses. Although there is a freepbx module for this it did not appear to be working properly at the time this procedure was written.
cd /usr/src wget http://downloads.digium.com/pub/register/linux/register chmod +x register ./register
To install the individual addons refer to the README files and ignore the register instructions.
http://downloads.digium.com/pub/telephony/codec_g729/README
http://downloads.digium.com/pub/telephony/res_digium_phone/README
http://downloads.digium.com/pub/telephony/fax/README
http://downloads.digium.com/pub/telephony/hpec/README
Password protect http access
A simple way to block scanners looking for exploits on apache web servers. This assumes the GUI does not need anonymous access. Also prevents any added load on the server as a result of scanning.
mkdir -p /usr/local/apache/passwd htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername
nano /var/www/html/.htaccess
# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf AuthType Basic AuthName "Restricted Access" AuthUserFile /usr/local/apache/passwd/wwwpasswd Require valid-user
Alternatively, the above can be added in /etc/httpd/conf/httpd.conf
as follows.
<Directory /var/www/html> AuthType Basic AuthName "Restricted Area" AuthUserFile /usr/local/apache/passwd/wwwpasswd Require valid-user </Directory>
Whitelist protect http access
If http access is only required from certain IP addresses.
nano /etc/httpd/conf.d/whitelist.conf
<Location /> Order Deny,Allow Deny from all # Allow from x.x.x.x Allow from x.x.x.x x.x.x.x x.x.x.x Allow from somedomain.com Allow from x.x Allow from x.x.x.0/255.255.255.0 # #See http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html for more examples # </Location>
A friendly request
These install instructions show up in many different places around the internet and also inside some install scripts. Link backs and/or acknowledgements of our efforts in other ways would be appreciated.