Asterisk Freepbx Install Guide (CentOS v6, Asterisk v13, Freepbx v12)

Sections: 

CentOS

 

 

This guide covers the installation of Asterisk® from source on CentOS. Changes in this guide compared to previous guides include the use of Asterisk v12 & v13, Freepbx v12, and the addition of the pjsip library.

Tested on:

CentOS v6 32 bit & 64 bit
Asterisk v12 & v13
Freepbx v12

Assumptions:

Console text mode (init 3)
Installation done as root user (#)

Install Prerequisites

Ensure all required packages are installed. 

yum -y update && yum -y groupinstall core && yum -y groupinstall base && yum -y install epel-release
yum -y install automake gcc gcc-c++ ncurses-devel openssl-devel libxml2-devel unixODBC-devel libcurl-devel libogg-devel libvorbis-devel speex-devel spandsp-devel freetds-devel net-snmp-devel iksemel-devel corosynclib-devel newt-devel popt-devel libtool-ltdl-devel lua-devel sqlite-devel radiusclient-ng-devel portaudio-devel libresample-devel neon-devel libical-devel openldap-devel gmime-devel mysql-devel bluez-libs-devel jack-audio-connection-kit-devel gsm-devel libedit-devel libuuid-devel jansson-devel libsrtp-devel git subversion libxslt-devel kernel-devel audiofile-devel gtk2-devel libtiff-devel libtermcap-devel bison php php-mysql php-process php-pear php-mbstring php-xml php-gd tftp-server httpd sox tzdata mysql-connector-odbc mysql-server fail2ban xmlstarlet

Disable firewall

The following commands save any running firewall rules,  flush the rules from running memory, and prevent rules from loading on boot.

service iptables save
service iptables stop
chkconfig iptables off

After completing the entire procedure we can load the firewall rules again by running service iptables startand have them load on boot by running chkconfig iptables on .

Disable Selinux

Check status

sestatus

If not disabled edit /etc/selinux/config and reboot

SELINUX=disabled

Reboot

To ensure any changes/additions up until now such as updated kernel, selinux disable, email etc. are active.

reboot

Set Timezone

Enable ntpd to syncronize time with public time servers so that it is always exactly correct.

chkconfig ntpd on
​service ntpd start

Copy timezone from this link or use tzselect.

tzselect

Example:

ln -sf /usr/share/zoneinfo/America/Vancouver /etc/localtime
nano /etc/sysconfig/clock
ZONE="America/Vancouver"
UTC=false
ARC=false

Download and install source files

DAHDI

Only required if using a physical server and installing telecom hardware.

cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
tar zxvf dahdi-linux-complete*
cd /usr/src/dahdi-linux-complete*/
make && make install && make config
service dahdi start

PJSIP

cd /usr/src
wget http://www.pjsip.org/release/2.4.5/pjproject-2.4.5.tar.bz2
tar -xjvf pjproject-2.4.5*
cd /usr/src/pjproject-2.4.5*/

#If this is a new source install the following command won't do anything
make distclean
# libdir will be automatically selected
# /usr/lib for 32bit OS 
# /usr/lib64 for 64bit OS

ARCH=$(getconf LONG_BIT | grep "64")
./configure --prefix=/usr --libdir=/usr/lib${ARCH} --enable-shared --disable-sound --disable-resample \
--disable-video --disable-opencore-amr CFLAGS='-O2 -DNDEBUG'
make uninstall && make dep && make && make install && ldconfig
To verify type ldconfig -p | grep pj which should show several linked *.so files in /usr/lib or /usr/lib64 depending on OS architecture.

Asterisk

cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar zxvf asterisk-13-current.tar.gz
cd /usr/src/asterisk-13*/
make distclean
ARCH=$(getconf LONG_BIT | grep "64")
./configure --libdir=/usr/lib${ARCH}

To verify type nano -v config.log.

cd /usr/src/asterisk-13*/
make menuselect.makeopts

#To select compile options manually run make menuselect instead of the following command
#To list command line options run menuselect/menuselect --list-options
#If Asterisk fails to run on a virtual machine try add "--disable BUILD_NATIVE"
#To add asterisk realtime for applications such as A2billing add "--enable res_config_mysql"

menuselect/menuselect --enable cdr_mysql --enable EXTRA-SOUNDS-EN-GSM menuselect.makeopts

Create Asterisk user, compile, install, and set ownership.

adduser asterisk -M -d /var/lib/asterisk -s /sbin/nologin -c "Asterisk User"
make && make install && chown -R asterisk. /var/lib/asterisk

Freepbx GUI

pear install db-1.7.14
VERSION=12.0
USERNAME=asteriskuser
PASSWORD=amp109

service mysqld start
mysqladmin create asterisk
mysqladmin create asteriskcdrdb
mysql -e "GRANT ALL PRIVILEGES ON asterisk.* TO $USERNAME@localhost IDENTIFIED BY '$PASSWORD';"
mysql -e "GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO $USERNAME@localhost IDENTIFIED BY '$PASSWORD';"
mysql -e "flush privileges;"

cd /usr/src
git clone -b release/$VERSION https://github.com/FreePBX/framework.git freepbx

cd /usr/src/freepbx
./start_asterisk start
mv /var/www/html /var/www/html_orig
./install_amp --installdb --skip-module-install --username $USERNAME --password $PASSWORD
# Press ENTER for all the questions including the incorrect IP address.

Do not be concerned by the warning messages.

# Minimal module install
amportal a ma upgrade framework
amportal a ma upgrade core
amportal a ma upgrade voicemail
amportal a ma upgrade sipsettings
amportal a ma upgrade infoservices
amportal a ma upgrade featurecodeadmin
amportal a ma upgrade logfiles
amportal a ma upgrade callrecording
amportal a ma upgrade cdr
amportal a ma upgrade dashboard

# Optionally install all standard modules
amportal a ma upgrade manager
amportal a ma installall
amportal restart
amportal a reload
amportal chown

If the GUI complains about problems with the framework module or a missing /usr/sbin/amportal file try amportal a ma delete framework followed by amportal a ma upgrade framework.

Post install tasks are mandatory.

Post-install tasks

Setting a mysql root password is recommended.  

MYSQL_ROOT_PW=abcdef
mysqladmin -u root password "$MYSQL_ROOT_PW"

You will need to provide this password for any further mysql configuration.   So instead of using mysql and mysqladmin use  mysql -p and mysqladmin -p.

Change webserver default user and group from apache to asterisk.

sed -i 's/User apache/User asterisk/' /etc/httpd/conf/httpd.conf
sed -i 's/Group apache/Group asterisk/' /etc/httpd/conf/httpd.conf

Enable .htaccess files to protect sensitive webserver directories.

sed -i ':a;N;$!ba;s/AllowOverride None/AllowOverride All/2' /etc/httpd/conf/httpd.conf

Prevent external MySQL access.

sed -i '2i bind-address=127.0.0.1' /etc/my.cnf

Set mysql and http servers to start on boot.

chkconfig mysqld on
chkconfig httpd on

Change default “upload_max_filesize” to 20M to allow larger music on hold files.

sed -i 's/upload_max_filesize = .*/upload_max_filesize = 20M/' /etc/php.ini

Set Freepbx to start on boot.

echo '/usr/local/sbin/amportal start' >> /etc/rc.local

Finally reboot for all changes to take effect.

reboot

 

Optional

Log File Rotation

If this is not done the log files will keep growing indefinitely.

nano /etc/logrotate.d/asterisk
/var/log/asterisk/queue_log
/var/spool/mail/asterisk
/var/log/asterisk/freepbx_debug.log
/var/log/asterisk/messages
/var/log/asterisk/event_log
/var/log/asterisk/full
/var/log/asterisk/dtmf
/var/log/asterisk/fail2ban {
        weekly
        missingok
        rotate 5
        #compress
        notifempty
        sharedscripts
        create 0640 asterisk asterisk
        postrotate
        /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null || true
        endscript
}

TFTP

If you plan to use hardware SIP phones you will probably want to set up the tftpboot directory and enable the tftp server.

yum -y install tftp-server
nano /etc/xinetd.d/tftp

change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot

change disable=yes
to disable=no

mkdir /tftpboot
chmod 777 /tftpboot
service xinetd restart

MPG123

This is used in combination with sox to convert uploaded mp3 music on hold files to Asterisk compatible wav files.

cd /usr/src
wget http://ufpr.dl.sourceforge.net/project/mpg123/mpg123/1.21.0/mpg123-1.21.0.tar.bz2
tar -xjvf mpg123*

cd mpg123*/
ARCH=$(getconf LONG_BIT | grep "64")
./configure --prefix=/usr --libdir=/usr/lib${ARCH} && make && make install && ldconfig

Digum addons

To register digium® licenses.  Although there is a freepbx module for this it did not appear to be working properly at the time this procedure was written.

cd /usr/src
wget http://downloads.digium.com/pub/register/linux/register
chmod +x register
./register

To install the individual addons refer to the README files and ignore the register instructions.

http://downloads.digium.com/pub/telephony/codec_g729/README
http://downloads.digium.com/pub/telephony/res_digium_phone/README
http://downloads.digium.com/pub/telephony/fax/README
http://downloads.digium.com/pub/telephony/hpec/README

Password protect http access

A simple way to block scanners looking for exploits on apache web servers.  This assumes the GUI does not need anonymous access.  Also prevents any added load on the server as a result of scanning.

mkdir -p /usr/local/apache/passwd
htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername
htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername
nano /var/www/html/.htaccess
# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user

Alternatively, the above can be added in /etc/httpd/conf/httpd.conf as follows.

<Directory /var/www/html>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
</Directory>

Whitelist protect http access

If http access is only required from certain IP addresses.

nano /etc/httpd/conf.d/whitelist.conf
<Location />
Order Deny,Allow
Deny from all
#
Allow from x.x.x.x
Allow from x.x.x.x x.x.x.x x.x.x.x
Allow from somedomain.com
Allow from x.x
Allow from x.x.x.0/255.255.255.0
#
#See http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html for more examples
#
</Location>

A friendly request

These install instructions show up in many different places around the internet and also inside some install scripts.  Link backs and/or acknowledgements of our efforts in other ways would be appreciated.