Asterisk & FreePBX

Asterisk 是第一套以開放原始碼軟體實作的 用戶交換機 系統。Asterisk 由 Digium 的創辦人馬克·史賓瑟於1999年他還在奧本大學念書時所開發。與其他的用戶交換機系統相同,Asterisk 同樣支援電話撥打另一隻分機,和撥打到公共交換電話網與IP電話系統。 FreePBX is a web-based open-source graphical user interface (GUI) that manages Asterisk, a voice over IP and telephony server.

Installation

Install Asterisk and FreePBX

Installation

Install FreePBX 15 with Asterisk 16 on Debian 10

Install Asterisk 16

Step 1: Update system
sudo apt update && sudo apt upgrade
sudo reboot
Step 2: Install Asterisk 16 LTS dependencies
sudo apt install git curl wget libnewt-dev libssl-dev libncurses5-dev subversion libsqlite3-dev build-essential libjansson-dev libxml2-dev uuid-dev
Step 3: Download Asterisk 16 LTS tarball
cd /usr/src/
sudo curl -O http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-16-current.tar.gz

sudo tar xvf asterisk-16-current.tar.gz
cd asterisk-16*/

# download the mp3 decoder library into the source tree
sudo contrib/scripts/get_mp3_source.sh

# Ensure all dependencies are resolved
sudo contrib/scripts/install_prereq install
Step 4: Build and Install Asterisk 16
sudo ./configure
sudo make menuselect
sudo make
sudo make install
sudo make progdocs
sudo make samples
sudo make config
sudo ldconfig

Create Asterisk User

sudo groupadd asterisk
sudo useradd -r -d /var/lib/asterisk -g asterisk asterisk
sudo usermod -aG audio,dialout asterisk
sudo chown -R asterisk.asterisk /etc/asterisk
sudo chown -R asterisk.asterisk /var/{lib,log,spool}/asterisk
sudo chown -R asterisk.asterisk /usr/lib/asterisk

Set Asterisk default user to asterisk

$ sudo vim /etc/default/asterisk
AST_USER="asterisk"
AST_GROUP="asterisk"

$ sudo vim /etc/asterisk/asterisk.conf
runuser = asterisk ; The user to run as.
rungroup = asterisk ; The group to run as.

Restart asterisk service

sudo systemctl restart asterisk

# Enable asterisk service to start on system boot
sudo systemctl enable asterisk

# Test to see if you can connect to Asterisk CLI
sudo asterisk -rvv

Install FreePBX 15

Step 1:  Install MariaDB Database server
sudo apt update
sudo apt install mariadb-server mariadb-client

# Initial DB setup and set root's password for DB
sudo /usr/bin/mysql_secure_installation
Step 2: Installing Node.js 10 LTS
sudo apt install curl dirmngr apt-transport-https lsb-release ca-certificates
curl -sL https://deb.nodesource.com/setup_10.x | sudo bash
sudo apt update
sudo apt install gcc g++ make
sudo apt install nodejs
Step 3: Install and configure Apache Web Server
sudo apt install apache2

# change Apache user to asterisk and turn on AllowOverride option
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf_orig
sudo sed -i 's/^\(User\|Group\).*/\1 asterisk/' /etc/apache2/apache2.conf
sudo sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf

# Remove default index.html page
sudo rm -f /var/www/html/index.html
Step 4: Install PHP and required extensions
sudo apt install wget php php-pear php-cgi php-common php-curl php-mbstring php-gd php-mysql \
php-gettext php-bcmath php-zip php-xml php-imap php-json php-snmp php-fpm libapache2-mod-php

Change php maximum file upload size

sudo sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php/7.3/apache2/php.ini
sudo sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php/7.3/cli/php.ini
Step 5: Install FreePBX 15
sudo apt install wget
cd /usr/src
wget http://mirror.freepbx.org/modules/packages/freepbx/freepbx-15.0-latest.tgz

tar xfz freepbx-15.0-latest.tgz
rm -f freepbx-15.0-latest.tgz

cd freepbx
sudo ./start_asterisk start
sudo ./install -n --dbuser root --dbpass "yourpassword"

# Enable Apache Rewrite engine 
sudo a2enmod rewrite
sudo systemctl restart apache2
Step 6: Access FreePBX 15 Web Interface

Create the first admin account.

Q & A

Q: Online modules are not available.

Error:

Warning: Error retrieving updates from online repository(s) (https://mirror.freepbx.org 35). Online modules are not available.

A: Change the DNS to 8.8.8.8

vi /etc/resolv.conf

nameserver 8.8.8.8
#nameserver 67.207.67.3
#nameserver 67.207.67.2

 

Reference

 

 

Installation

Install FreePBX 15 with Docker

Reference

FreePBX: fwconsole

Tutorials
Help
fwconsole help

# lists all commands
php /usr/sbin/fwconsole list
Service Start/Stop
# Start Asterisk and run other needed FreePBX commands
fwconsole start

# Stop Asterisk and run other needed FreePBX commands
fwconsole stop
Module Admin
# Check Online Repository
fwconsole ma listonline

# Install a module
fwconsole ma download ivr
fwconsole ma install ivr

# Installing specific module versions with multiple modules
fwconsole ma install foomodule:15.1.3 barmodule:15.0.9

# Upgrade all modules
fwconsole ma listonline | grep "upgrade"
fwconsole ma upgradeall

# Apply the settings changed
fwconsole reload

Things to do after FreePBX installation

Set root's password for MySQL
mysql_secure_installation
Log File Rotation

If this is not done the log files will keep growing indefinitely.
Edit /etc/logrotate.d/asterisk

/var/spool/mail/asterisk
/var/log/asterisk/*log
/var/log/asterisk/full
/var/log/asterisk/dtmf
/var/log/asterisk/freepbx_dbug
/var/log/asterisk/fail2ban {
 weekly
 missingok
 rotate 4
 #compress
 notifempty
 sharedscripts
 create 0640 asterisk asterisk
 postrotate
 /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null || true
 endscript
 su root root
}
TFTP

If you plan to use hardware SIP phones you will probably want to set up TFTP.

yum -y install tftp-server
nano /etc/xinetd.d/tftp
change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot
change disable=yes
to disable=no
mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd
firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload
MPG123

This is used in combination with sox to convert uploaded mp3 files to Asterisk compatible wav files.

cd /usr/src
wget http://ufpr.dl.sourceforge.net/project/mpg123/mpg123/1.22.4/mpg123-1.22.4.tar.bz2
tar -xjvf mpg123*
cd mpg123*/
./configure --prefix=/usr --libdir=/usr/lib64 && make && make install && ldconfig
Digum addons

To register digium® licenses.

cd /usr/src
wget http://downloads.digium.com/pub/register/linux/register
chmod +x register
./register

To install the individual addons refer to the README files and ignore the register instructions.

Password protect http access

A simple way to block scanners looking for exploits on apache web servers.

mkdir -p /usr/local/apache/passwd
htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername
htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername
nano /var/www/html/.htaccess
# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user

Alternatively, the above .htaccess config can be added to /etc/httpd/conf/httpd.conf or as a separate file in /etc/httpd/conf.d/ as follows.

<Directory /var/www/html>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
</Directory>
Whitelist protect http access

If http access is only required from certain IP addresses.
NOTE: Apache 2.4 以後才支援這功能
Edit /etc/httpd/conf.d/whitelist.conf

<Location />
 <RequireAny>
 ## Uncomment the following line to disable the whitelist
 #Require all granted
 Require ip x.x.x.x
 Require ip x.x.x.x x.x.x.x x.x.x.x
 Require ip x.x
 Require ip x.x.x.0/255.255.255.0
 Require host somedomain.com
 #
 ## See http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html for more examples
 #
 </RequireAny>
</Location>

舊版 Apache 設定
NOTE:確定網站目錄有 AllowOverride All 設定
.htaccess:

order deny,allow
deny from all
# Alang's IPs
allow from 123.123.123.1
allow from 111.222.222.2
allow from 192.168.99.