Freepbx Production Install Guide (RHEL v6, Asterisk v11+, Freepbx v2.11+)
Changes in this guide include Asterisk 11 which requires at least FreePBX v2.11. Also cdr_mysql module has been deprecated so FreePBX 2.11 adds support for the ODBC method. This install guide adds configurations to enable the new method. You can continue to use the old method for as long as the cdr_mysql module is included in Asterisk and still functional.
Tested on CentOS 6.4
Let's get started
We only want to be running in console text mode not GUI graphics mode. If you already have a desktop or server GUI installed typing init 3
from a terminal or console window as root user will exit the GUI. All instructions in this guide are assuming you are always logged in as root running in init 3 mode.
Install Asterisk/FreePBX required packages, other useful packages, and their dependencies
yum -y update yum groupinstall core yum groupinstall base yum install gcc gcc-c++ wget bison mysql-devel mysql-server php php-mysql php-process php-pear php-mbstring php-xml tftp-server httpd make ncurses-devel libtermcap-devel sendmail sendmail-cf caching-nameserver sox newt-devel libxml2-devel libtiff-devel php-gd audiofile-devel gtk2-devel subversion nano kernel-devel selinux-policy sqlite-devel openssl-devel libuuid-devel libcurl-devel tzdata
Install CDR ODBC required packages
yum install libtool-ltdl-devel unixODBC unixODBC-devel mysql-connector-odbc
Install optional packages
chan_gtalk
, chan_motif
, and res_xmpp
will not compile unless iksemel-devel
and it's dependencies are installed. res_fax_spandsp
will not compile unless spandsp-devel
dependency is installed. For CentOS 6, iksemel and spandsp are in the EPEL repository.
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm yum install iksemel-devel spandsp-devel
Install pear DB
Don't worry about the warning message.
pear install db-1.7.14
Firewall
Check if the firewall (iptables) is enabled by default and if the RHEL v6 default configuration blocks the FreePBX web GUI. If you know what services/ports are required you can run system-config-firewall-tui
and configure the firewall as required. At a minimum, the following ports need to be opened:
TCP 80 (www) TCP 4445 (Flash Operator Panel) UDP 5060-5061 (SIP) UDP 10,000 - 20,000 (RTP) ?UDP 4569 (IAX)
Another option is to remove existing settings from the firewall and save.
service iptables save service iptables stop chkconfig iptables off
After completing the entire procedure we can load the firewall rules again by running service iptables start
and have them load on boot by running chkconfig iptables on
.
Selinux
Check status
sestatus
If not disabled edit /etc/selinux/config
and reboot
SELINUX=disabled
TFTP
If you plan to use hardware SIP phones you will probably want to enable the tftp server.
nano /etc/xinetd.d/tftp
change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot
change disable=yes
to disable=no
mkdir /tftpboot chmod 777 /tftpboot service xinetd restart
Set Timezone
Copy your timezone from this link or use tzselect
tzselect
Create a symbolic link to the appropriate timezone from/etc/localtime
. Example:
ln -sf /usr/share/zoneinfo/America/Vancouver /etc/localtime
Download and untar source files.
Get and install DAHDI
Only required if using a physical server and installing telecom hardware.
cd /usr/src wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz tar zxvf dahdi-linux-complete* cd /usr/src/dahdi-linux-complete* make && make install && make config
Get FreePBX
Check if this is the latest released version.
cd /usr/src wget http://mirror.freepbx.org/freepbx-2.11.0.42.tgz tar zxvf freepbx-2.11*
Get and Install Asterisk
Do NOT run make samples
. It can cause some problems you will have to clean up later on.
cd /usr/src wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11-current.tar.gz tar zxvf asterisk-11-current.tar.gz cd /usr/src/asterisk-11*/ make clean && make distclean
ARCH=$(getconf LONG_BIT | grep "64") ./configure --libdir=/usr/lib${ARCH}
Asterisk v11+ compiles with CFLAGS=-match=native
which appears to compile for CPU features that are not necessarily available on a virtual machine and can cause errors. CFLAGS=-mtune=native
appears to be more compatible across various configurations.
So the above ./configure
command for a more compatible Asterisk on virtual machines would become ./configure CFLAGS='-g -O2 -mtune=native' --libdir=/usr/lib${ARCH}
If you want to be more precise and optimal for your cpu you can try cat /proc/cpuinfo
then find your cputype from the gcc cpu options manual and use CFLAGS=-mtune=mycputype.
If none of those work try CFLAGS=-mtune=generic
which is probably the least optimal but most compatible across different CPU types.
make menuselect
FreePBX does not use Asterisk realtime but if you are thinking of using A2Billing then also select res_config_mysql
. Select Core and Extra sounds. I suggest ulaw as they sound better than gsm especially if you are using ulaw as your default codec. I usually just check both. Then make sure to press the save button afterwards.
Select format_mp3
in addons
if you are going to be doing anything with mp3 files. For backwards compatibility and fall back in case ODBC doesn't work you may as well install the deprecated cdr_mysql
as well. When you select format_mp3
above as an addon you must run a script before going any further otherwise the install will fail.
./contrib/scripts/get_mp3_source.sh
Now compile and install Asterisk. DO NOT run make samples
even though the install script suggests you do. It will cause conflicts with FreePBX config files.
make && make install
Create Asterisk User
adduser asterisk -M -d /var/lib/asterisk -s /sbin/nologin -c "Asterisk User"
The recommended music on hold behaviour for Asterisk and Freepbx is to only use wav files due to transcoding overhead and Asterisk stability issues with mp3's. So we want to install mpg123 for converting uploaded mp3's to wav automagically. If you won't be uploading mp3's or don't want them converted then you probably don't need to install mpg123. If not sure then install.
cd /usr/src wget http://sourceforge.net/projects/mpg123/files/mpg123/1.21.0/mpg123-1.21.0.tar.bz2 tar -xjvf mpg123* cd mpg123*/ ARCH=$(getconf LONG_BIT | grep "64") ./configure --prefix=/usr --libdir=/usr/lib${ARCH} && make && make install && ldconfig
Change Apache User
Change User apache and Group apache to User asterisk and Group asterisk.
sed -i "s/User apache/User asterisk/" /etc/httpd/conf/httpd.conf sed -i "s/Group apache/Group asterisk/" /etc/httpd/conf/httpd.conf
MySQL Setup
Before you can do anything to MySQL, you need to make sure it's running: NOTE: If running RHEL/CENTOS/SL 6 you may need to run this first. mysql_install_db Try without and see if it starts first.
service mysqld start
Initializing MySQL database: [ OK ]
Starting MySQL: [ OK ]
Now, to configure the databases for freePBX: Note: If mysql admin password is already configured, add "-p" after the command and enter password when asked. For example, mysqladmin -p create asterisk
cd /usr/src/freepbx-2.11*/ mysqladmin create asterisk mysqladmin create asteriskcdrdb mysql asterisk < SQL/newinstall.sql mysql asteriskcdrdb < SQL/cdr_mysql_table.sql
They also need to be secured. FreePBX will prompt you for a database username/password when you do the install. You need to pick that now. We'll assume that you've picked asteriskuser
and amp109
If you use these well know defaults and your server is not firewalled make sure to set bind-address = 127.0.0.1
further down in this procedure so that MySQL only listens to localhost.
mysql
mysql> GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY 'amp109';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY 'amp109';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye
Now, after all of this, you need to pick a root 'mysql' password. We'll make it 'abcdef' just for this example. You should use a reasonably strong password. If you need to do anything else with mysql, you'll need to provide this password.
mysqladmin -u root password 'abcdef'
Install FreePBX
/usr/sbin/safe_asterisk cd /usr/src/freepbx-2.11*/
Now run the FreePBX install script. Select all defaults for now by hitting the ENTER key at each prompt.
./install_amp
If you get any warnings or errors they're usually not traumatic.
-----------------------------
64bit OS Check:
For 64bit Operating Systems check that the following is true: /etc/asterisk/asterisk.conf
contains astmoddir => /usr/lib64/asterisk/modules
and not astmoddir => /usr/lib/asterisk/modules
-----------------------------
Default username is: admin
Default pw is: admin
Or create your own which is the new default behaviour on FreePBX v1.11.
Set FreePBX to start on boot
echo /usr/local/sbin/amportal start >> /etc/rc.local
Enable Apache and MySQL to start on boot
chkconfig httpd on chkconfig mysqld on
Now reboot at which point you should be able to access FreePBX with your web browser. The very first thing you need to do when you enter the FreePBX Admin GUI for the first time is Apply Configuration Changes
which is a button or bar that shows up at the top of the GUI. This generates all the *.conf files.
It may also be necessary to reboot again or amportal restart
from command prompt.
If you have pre-existing *.conf files in /etc asterisk
because your ran make samples
or are upgrading from older versions of Asterisk/FreePBX you will get symlink fail
error messages in FreePBX system staus page. Just delete or rename those files. The next time you Apply Configuration Changes
in the FreePBX GUI the symlinks will be created and the errors should be gone.
CDR ODBC
This is optional if you selected the deprecated cdr_mysql
module in Asterisk menu at compile time. This is the new recommended way of connecting to the CDR DB. Eventually this will be required when cdr_mysql
no longer works or is no longer included with Asterisk.
nano /etc/odbc.ini
[MySQL-asteriskcdrdb] Description = MySQL ODBC Driver Driver = MySQL Socket = /var/lib/mysql/mysql.sock Server = localhost Database = asteriskcdrdb Option = 3
odbcinst -s -q
should result in[MySQL-asteriskcdrdb]
.
Check the asterisk odbc file, which Asterisk uses to connect to the CDR DB, contains the follow.
nano /etc/asterisk/res_odbc_additional.conf
[asteriskcdrdb] enabled=>yes dsn=>MySQL-asteriskcdrdb pooling=>no limit=>1 pre-connect=>yes username=>asteriskuser password=>amp109
Using the above information, test that it can can connect to the DB via odbc
isql -v MySQL-asteriskcdrdb asteriskuser amp109
should result in:
+---------------------------------------+ | Connected! | | | | sql-statement | | help [tablename] | | quit | | | +---------------------------------------+
SQL>
Lastly create or add the following. Note connection=asteriskcdrdb
matches [asteriskcdrdb]
in res_odbc_additional.conf.
Calldate does not exist any more in cdr_adaptive_odbc.so
. To have the behaviour the same as standard cdr functions we add the alias start line.
nano /etc/asterisk/cdr_adaptive_odbc.conf
[first] connection=asteriskcdrdb table=cdr alias start => calldate
If cdr-mysql
module is enabled at the same time as the cdr odbc
you will get double entries in the CDR DB. Therefore we need to disable cdr-mysql.
mv /etc/asterisk/ cdr_mysql.conf /etc/asterisk/cdr_mysql.conf.disabled amportal restart
-------------------------------------------------------------------------
Misc. optional settings
Change the “upload_max_filesize” from 2M to 20M to allow larger music on hold files RHEL 6.
nano +878 /etc/php.ini
Edit Apache web server for GUI access using a port other than 80:
nano +134 /etc/httpd/conf/httpd.conf
change Listen 80
to Listen 8888
or whatever port you want Change default Apache setting of AllowOverride None to All so that Apache obeys directives in .htaccess files which by default prevents viewing sensitive directories on Freepbx.
nano +338 /etc/httpd/conf/httpd.conf
AllowOverride All
And restart apache.
service httpd restart
Instead of accessing FreePBX by http://xxx.xxx.xxx.xxx
You now access it by http://xxx.xxx.xxx.xxx:8888
Asterisk SIP settings
modulenano /etc/asterisk/sip_nat.conf nat=yes externip= or ;externhost=yourdns.com localnet=192.168.1.0/255.255.255.0 ;change the above to whatever your local subnet is externrefresh=10
When adding external SIP extensions in FreePBX, make sure to change the nat=no
default in the configuration to nat=yes
for the extension that will be external. Change that default globally in the Advanced Settings menu.
Install FreePBX commercial module dependencies
If you want to install commercial modules you need zendguard and some additional dependencies found in schmoozecom commercial repo. Install schmoozecom repo
wget -P /etc/yum.repos.d/ -N http://yum.schmoozecom.net/schmooze-commercial/schmooze-commercial.repo
Install zendguard and commercial module dependencies.
yum install php-5.3-zend-guard-loader incron prosody sysadmin
logrotate setup
Set up configuration to rotate log files otherwise they get too big after a short while. Create the following file.
nano /etc/logrotate.d/asterisk
Now add the following to make sure the asterisk log files are rotated weekly.
/var/log/asterisk/queue_log { daily missingok rotate 7 notifempty sharedscripts create 0640 asterisk asterisk } /var/spool/mail/asterisk /var/log/asterisk/freepbx_debug.log /var/log/asterisk/messages /var/log/asterisk/event_log /var/log/asterisk/full /var/log/asterisk/dtmf /var/log/asterisk/fail2ban { daily missingok rotate 7 compress notifempty sharedscripts create 0640 asterisk asterisk postrotate /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null endscript }
Configure voicemail to email template
nano etc/asterisk/vm_email.inc
Change the template to what you want the voicemail emails to look like. Check thathttp://ipaddress_of_Freepbx_server
is correct
Root alias
Edit/etc/aliases
file and add an email address to forward ‘root’ messages to your personal email address. At the very bottom you should see a commented example. Copy it and replace with your email address
root: some_email@somedomain.com
Then run
/usr/bin/newaliases
after saving the file to rebuild the aliases database and have the change take effect. Test if you can receive emails via sendmail which we are assuming is installed and running as is standard on RHEL 5 and 6.
service sendmail status
sendmail is running sm-client is running
echo testing | mail -s "test mail" root@localhost
If you get an email then you can stop here.
Replace Sendmail with Postfix (optional)
If you do not get an email because it is being blocked or filtered or you want to customize, you can replace sendmail with postfix which is generally easier to configure.
yum install postfix service sendmail stop chkconfig sendmail off chkconfig --add postfix service postfix start
check if root alias email works or still works
echo testing | mail -s "test mail" root@localhost
Customize by editing or replacing /etc/postfix/main.cf. A sample file is shown below.
cp /etc/postfix/main.cf /etc/postfix/main.cf.original
nano /etc/postfix/main.cf
myhostname = mail.example.com mydomain = example.com myorigin = $mydomain inet_interfaces = localhost mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 127.0.0.0/8 home_mailbox = Maildir/
After editing reload the configuration.
service postfix restart
MySQL performance tuning
This will reduce memory usage without affecting performance.
nano /etc/my.cnf
[mysqld] . . . skip-innodb
From command prompt:
service mysqld restart
MySQL security enhancement
This will prevent outside IP's from connecting to the MySQL port
nano /etc/my.cnf
[mysqld] . . . bind-address = 127.0.0.1
Add Password Protection to Flash Operator Panel GUI
By default, flash operator panel GUI (/var/www/html/admin/modules/fw_fop
) is visible to anyone who points a browser at your server unless port 4445 is blocked by a firewall. Here is one way to protect it.
mkdir -p /usr/local/apache/passwd htpasswd -c /usr/local/apache/passwd/wwwpasswd NewUserName
Apache will prompt you for a new password for the user name you've just indicated New password: Apache will prompt you to retype your new password Re-type new password: Apache will then confirm the new user Adding password for user NewUserName Now you have to add the user name you've just created to the httpd.conf
file. To edit that file in nano type:
nano +587 /etc/httpd/conf/httpd.conf
Now do a CTRL-W to search for AuthUser
and you'll find the area where all the users are listed (for example: "maint", your AMP user). If you don't find any try around line 587 right after the cgi-bin
#Password protect the Flash Operator Panel Page /var/www/html/admin/modules/fw_fop <Directory /var/www/html/admin/modules/fw_fop> AuthType Basic AuthName "Restricted Area" AuthUserFile /usr/local/apache/passwd/wwwpasswd Require user NewUserName </Directory>
To delete an Apache user, type in the following and then remove the user from the httpd.conf
file.
htpasswd -D /usr/local/apache/passwd/wwwpasswd NewUserName
To change the password:
htpasswd /usr/local/apache/passwd/wwwpasswd NewUserName
Then restart apache.
service httpd restart