Asterisk Freepbx Install Guide (CentOS v6, Asterisk v13, Freepbx v12)





This guide covers the installation of Asterisk® from source on CentOS. Changes in this guide compared to previous guides include the use of Asterisk v12 & v13, Freepbx v12, and the addition of the pjsip library.

Tested on:

CentOS v6 32 bit & 64 bit
Asterisk v12 & v13
Freepbx v12


Console text mode (init 3)
Installation done as root user (#)

Install Prerequisites

Ensure all required packages are installed. 

yum -y update && yum -y groupinstall core && yum -y groupinstall base && yum -y install epel-release
yum -y install automake gcc gcc-c++ ncurses-devel openssl-devel libxml2-devel unixODBC-devel libcurl-devel libogg-devel libvorbis-devel speex-devel spandsp-devel freetds-devel net-snmp-devel iksemel-devel corosynclib-devel newt-devel popt-devel libtool-ltdl-devel lua-devel sqlite-devel radiusclient-ng-devel portaudio-devel libresample-devel neon-devel libical-devel openldap-devel gmime-devel mysql-devel bluez-libs-devel jack-audio-connection-kit-devel gsm-devel libedit-devel libuuid-devel jansson-devel libsrtp-devel git subversion libxslt-devel kernel-devel audiofile-devel gtk2-devel libtiff-devel libtermcap-devel bison php php-mysql php-process php-pear php-mbstring php-xml php-gd tftp-server httpd sox tzdata mysql-connector-odbc mysql-server fail2ban xmlstarlet

Disable firewall

The following commands save any running firewall rules,  flush the rules from running memory, and prevent rules from loading on boot.

service iptables save
service iptables stop
chkconfig iptables off

After completing the entire procedure we can load the firewall rules again by running service iptables startand have them load on boot by running chkconfig iptables on .

Disable Selinux

Check status


If not disabled edit /etc/selinux/config and reboot



To ensure any changes/additions up until now such as updated kernel, selinux disable, email etc. are active.


Set Timezone

Enable ntpd to syncronize time with public time servers so that it is always exactly correct.

chkconfig ntpd on
​service ntpd start

Copy timezone from this link or use tzselect.



ln -sf /usr/share/zoneinfo/America/Vancouver /etc/localtime
nano /etc/sysconfig/clock

Download and install source files


Only required if using a physical server and installing telecom hardware.

cd /usr/src
tar zxvf dahdi-linux-complete*
cd /usr/src/dahdi-linux-complete*/
make && make install && make config
service dahdi start


cd /usr/src
tar -xjvf pjproject-2.4.5*
cd /usr/src/pjproject-2.4.5*/

#If this is a new source install the following command won't do anything
make distclean
# libdir will be automatically selected
# /usr/lib for 32bit OS 
# /usr/lib64 for 64bit OS

ARCH=$(getconf LONG_BIT | grep "64")
./configure --prefix=/usr --libdir=/usr/lib${ARCH} --enable-shared --disable-sound --disable-resample \
--disable-video --disable-opencore-amr CFLAGS='-O2 -DNDEBUG'
make uninstall && make dep && make && make install && ldconfig
To verify type ldconfig -p | grep pj which should show several linked *.so files in /usr/lib or /usr/lib64 depending on OS architecture.


cd /usr/src
tar zxvf asterisk-13-current.tar.gz
cd /usr/src/asterisk-13*/
make distclean
ARCH=$(getconf LONG_BIT | grep "64")
./configure --libdir=/usr/lib${ARCH}

To verify type nano -v config.log.

cd /usr/src/asterisk-13*/
make menuselect.makeopts

#To select compile options manually run make menuselect instead of the following command
#To list command line options run menuselect/menuselect --list-options
#If Asterisk fails to run on a virtual machine try add "--disable BUILD_NATIVE"
#To add asterisk realtime for applications such as A2billing add "--enable res_config_mysql"

menuselect/menuselect --enable cdr_mysql --enable EXTRA-SOUNDS-EN-GSM menuselect.makeopts

Create Asterisk user, compile, install, and set ownership.

adduser asterisk -M -d /var/lib/asterisk -s /sbin/nologin -c "Asterisk User"
make && make install && chown -R asterisk. /var/lib/asterisk

Freepbx GUI

pear install db-1.7.14

service mysqld start
mysqladmin create asterisk
mysqladmin create asteriskcdrdb
mysql -e "GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO $USERNAME@localhost IDENTIFIED BY '$PASSWORD';"
mysql -e "flush privileges;"

cd /usr/src
git clone -b release/$VERSION freepbx

cd /usr/src/freepbx
./start_asterisk start
mv /var/www/html /var/www/html_orig
./install_amp --installdb --skip-module-install --username $USERNAME --password $PASSWORD
# Press ENTER for all the questions including the incorrect IP address.

Do not be concerned by the warning messages.

# Minimal module install
amportal a ma upgrade framework
amportal a ma upgrade core
amportal a ma upgrade voicemail
amportal a ma upgrade sipsettings
amportal a ma upgrade infoservices
amportal a ma upgrade featurecodeadmin
amportal a ma upgrade logfiles
amportal a ma upgrade callrecording
amportal a ma upgrade cdr
amportal a ma upgrade dashboard

# Optionally install all standard modules
amportal a ma upgrade manager
amportal a ma installall
amportal restart
amportal a reload
amportal chown

If the GUI complains about problems with the framework module or a missing /usr/sbin/amportal file try amportal a ma delete framework followed by amportal a ma upgrade framework.

Post install tasks are mandatory.

Post-install tasks

Setting a mysql root password is recommended.  

mysqladmin -u root password "$MYSQL_ROOT_PW"

You will need to provide this password for any further mysql configuration.   So instead of using mysql and mysqladmin use  mysql -p and mysqladmin -p.

Change webserver default user and group from apache to asterisk.

sed -i 's/User apache/User asterisk/' /etc/httpd/conf/httpd.conf
sed -i 's/Group apache/Group asterisk/' /etc/httpd/conf/httpd.conf

Enable .htaccess files to protect sensitive webserver directories.

sed -i ':a;N;$!ba;s/AllowOverride None/AllowOverride All/2' /etc/httpd/conf/httpd.conf

Prevent external MySQL access.

sed -i '2i bind-address=' /etc/my.cnf

Set mysql and http servers to start on boot.

chkconfig mysqld on
chkconfig httpd on

Change default “upload_max_filesize” to 20M to allow larger music on hold files.

sed -i 's/upload_max_filesize = .*/upload_max_filesize = 20M/' /etc/php.ini

Set Freepbx to start on boot.

echo '/usr/local/sbin/amportal start' >> /etc/rc.local

Finally reboot for all changes to take effect.




Log File Rotation

If this is not done the log files will keep growing indefinitely.

nano /etc/logrotate.d/asterisk
/var/log/asterisk/fail2ban {
        rotate 5
        create 0640 asterisk asterisk
        /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null || true


If you plan to use hardware SIP phones you will probably want to set up the tftpboot directory and enable the tftp server.

yum -y install tftp-server
nano /etc/xinetd.d/tftp

change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot

change disable=yes
to disable=no

mkdir /tftpboot
chmod 777 /tftpboot
service xinetd restart


This is used in combination with sox to convert uploaded mp3 music on hold files to Asterisk compatible wav files.

cd /usr/src
tar -xjvf mpg123*

cd mpg123*/
ARCH=$(getconf LONG_BIT | grep "64")
./configure --prefix=/usr --libdir=/usr/lib${ARCH} && make && make install && ldconfig

Digum addons

To register digium® licenses.  Although there is a freepbx module for this it did not appear to be working properly at the time this procedure was written.

cd /usr/src
chmod +x register

To install the individual addons refer to the README files and ignore the register instructions.

Password protect http access

A simple way to block scanners looking for exploits on apache web servers.  This assumes the GUI does not need anonymous access.  Also prevents any added load on the server as a result of scanning.

mkdir -p /usr/local/apache/passwd
htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername
htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername
nano /var/www/html/.htaccess
# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user

Alternatively, the above can be added in /etc/httpd/conf/httpd.conf as follows.

<Directory /var/www/html>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user

Whitelist protect http access

If http access is only required from certain IP addresses.

nano /etc/httpd/conf.d/whitelist.conf
<Location />
Order Deny,Allow
Deny from all
Allow from x.x.x.x
Allow from x.x.x.x x.x.x.x x.x.x.x
Allow from
Allow from x.x
Allow from x.x.x.0/
#See for more examples

A friendly request

These install instructions show up in many different places around the internet and also inside some install scripts.  Link backs and/or acknowledgements of our efforts in other ways would be appreciated.