Asterisk & FreePBX

Asterisk 是第一套以開放原始碼軟體實作的 用戶交換機 系統。Asterisk 由 Digium 的創辦人馬克·史賓瑟於1999年他還在奧本大學念書時所開發。與其他的用戶交換機系統相同,Asterisk 同樣支援電話撥打另一隻分機,和撥打到公共交換電話網與IP電話系統。 FreePBX is a web-based open-source graphical user interface (GUI) that manages Asterisk, a voice over IP and telephony server.


Install Asterisk and FreePBX


Install FreePBX 15 with Asterisk 16 on Debian 10

Install Asterisk 16

Step 1: Update system
sudo apt update && sudo apt upgrade
sudo reboot
Step 2: Install Asterisk 16 LTS dependencies
sudo apt install git curl wget libnewt-dev libssl-dev libncurses5-dev subversion libsqlite3-dev build-essential libjansson-dev libxml2-dev uuid-dev
Step 3: Download Asterisk 16 LTS tarball
cd /usr/src/
sudo curl -O

sudo tar xvf asterisk-16-current.tar.gz
cd asterisk-16*/

# download the mp3 decoder library into the source tree
sudo contrib/scripts/

# Ensure all dependencies are resolved
sudo contrib/scripts/install_prereq install
Step 4: Build and Install Asterisk 16
sudo ./configure
sudo make menuselect
sudo make
sudo make install
sudo make progdocs
sudo make samples
sudo make config
sudo ldconfig

Create Asterisk User

sudo groupadd asterisk
sudo useradd -r -d /var/lib/asterisk -g asterisk asterisk
sudo usermod -aG audio,dialout asterisk
sudo chown -R asterisk.asterisk /etc/asterisk
sudo chown -R asterisk.asterisk /var/{lib,log,spool}/asterisk
sudo chown -R asterisk.asterisk /usr/lib/asterisk

Set Asterisk default user to asterisk

$ sudo vim /etc/default/asterisk

$ sudo vim /etc/asterisk/asterisk.conf
runuser = asterisk ; The user to run as.
rungroup = asterisk ; The group to run as.

Restart asterisk service

sudo systemctl restart asterisk

# Enable asterisk service to start on system boot
sudo systemctl enable asterisk

# Test to see if you can connect to Asterisk CLI
sudo asterisk -rvv

Install FreePBX 15

Step 1:  Install MariaDB Database server
sudo apt update
sudo apt install mariadb-server mariadb-client

# Initial DB setup and set root's password for DB
sudo /usr/bin/mysql_secure_installation
Step 2: Installing Node.js 10 LTS
sudo apt install curl dirmngr apt-transport-https lsb-release ca-certificates
curl -sL | sudo bash
sudo apt update
sudo apt install gcc g++ make
sudo apt install nodejs
Step 3: Install and configure Apache Web Server
sudo apt install apache2

# change Apache user to asterisk and turn on AllowOverride option
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf_orig
sudo sed -i 's/^\(User\|Group\).*/\1 asterisk/' /etc/apache2/apache2.conf
sudo sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf

# Remove default index.html page
sudo rm -f /var/www/html/index.html
Step 4: Install PHP and required extensions
sudo apt install wget php php-pear php-cgi php-common php-curl php-mbstring php-gd php-mysql \
php-gettext php-bcmath php-zip php-xml php-imap php-json php-snmp php-fpm libapache2-mod-php

Change php maximum file upload size

sudo sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php/7.3/apache2/php.ini
sudo sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php/7.3/cli/php.ini
Step 5: Install FreePBX 15
sudo apt install wget
cd /usr/src

tar xfz freepbx-15.0-latest.tgz
rm -f freepbx-15.0-latest.tgz

cd freepbx
sudo ./start_asterisk start
sudo ./install -n --dbuser root --dbpass "yourpassword"

# Enable Apache Rewrite engine 
sudo a2enmod rewrite
sudo systemctl restart apache2
Step 6: Access FreePBX 15 Web Interface

Create the first admin account.

Q & A

Q: Online modules are not available.


Warning: Error retrieving updates from online repository(s) ( 35). Online modules are not available.

A: Change the DNS to

vi /etc/resolv.conf







Install FreePBX 15 with Docker


FreePBX: fwconsole

fwconsole help

# lists all commands
php /usr/sbin/fwconsole list
Service Start/Stop
# Start Asterisk and run other needed FreePBX commands
fwconsole start

# Stop Asterisk and run other needed FreePBX commands
fwconsole stop
Module Admin
# Check Online Repository
fwconsole ma listonline

# Install a module
fwconsole ma download ivr
fwconsole ma install ivr

# Installing specific module versions with multiple modules
fwconsole ma install foomodule:15.1.3 barmodule:15.0.9

# Upgrade all modules
fwconsole ma listonline | grep "upgrade"
fwconsole ma upgradeall

# Apply the settings changed
fwconsole reload

Things to do after FreePBX installation

Set root's password for MySQL
Log File Rotation

If this is not done the log files will keep growing indefinitely.
Edit /etc/logrotate.d/asterisk

/var/log/asterisk/fail2ban {
 rotate 4
 create 0640 asterisk asterisk
 /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null || true
 su root root

If you plan to use hardware SIP phones you will probably want to set up TFTP.

yum -y install tftp-server
nano /etc/xinetd.d/tftp
change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot
change disable=yes
to disable=no
mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd
firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload

This is used in combination with sox to convert uploaded mp3 files to Asterisk compatible wav files.

cd /usr/src
tar -xjvf mpg123*
cd mpg123*/
./configure --prefix=/usr --libdir=/usr/lib64 && make && make install && ldconfig
Digum addons

To register digium® licenses.

cd /usr/src
chmod +x register

To install the individual addons refer to the README files and ignore the register instructions.

Password protect http access

A simple way to block scanners looking for exploits on apache web servers.

mkdir -p /usr/local/apache/passwd
htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername
htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername
nano /var/www/html/.htaccess
# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user

Alternatively, the above .htaccess config can be added to /etc/httpd/conf/httpd.conf or as a separate file in /etc/httpd/conf.d/ as follows.

<Directory /var/www/html>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
Whitelist protect http access

If http access is only required from certain IP addresses.
NOTE: Apache 2.4 以後才支援這功能
Edit /etc/httpd/conf.d/whitelist.conf

<Location />
 ## Uncomment the following line to disable the whitelist
 #Require all granted
 Require ip x.x.x.x
 Require ip x.x.x.x x.x.x.x x.x.x.x
 Require ip x.x
 Require ip x.x.x.0/
 Require host
 ## See for more examples

舊版 Apache 設定
NOTE:確定網站目錄有 AllowOverride All 設定

order deny,allow
deny from all
# Alang's IPs
allow from
allow from
allow from 192.168.99.