FreePBX

fwconsole

Tutorials
Help
fwconsole help

# lists all commands
php /usr/sbin/fwconsole list
Service Start/Stop
# Start Asterisk and run other needed FreePBX commands
fwconsole start

# Stop Asterisk and run other needed FreePBX commands
fwconsole stop
Module Admin
# Check Online Repository
fwconsole ma listonline

# Install a module
fwconsole ma download ivr
fwconsole ma install ivr

# Installing specific module versions with multiple modules
fwconsole ma install foomodule:15.1.3 barmodule:15.0.9

# Upgrade all modules
fwconsole ma listonline | grep "upgrade"
fwconsole ma upgradeall

# Apply the settings changed
fwconsole reload
Database

連線資料庫 asterisk (自動從 /etc/freepbx.conf 取得連線資訊)

fwconsole m

Post-Installation

Set root's password for MySQL
mysql_secure_installation
Log File Rotation

If this is not done the log files will keep growing indefinitely.
Edit /etc/logrotate.d/asterisk

/var/spool/mail/asterisk
/var/log/asterisk/*log
/var/log/asterisk/full
/var/log/asterisk/dtmf
/var/log/asterisk/freepbx_dbug
/var/log/asterisk/fail2ban {
 weekly
 missingok
 rotate 4
 #compress
 notifempty
 sharedscripts
 create 0640 asterisk asterisk
 postrotate
 /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null || true
 endscript
 su root root
}
TFTP

If you plan to use hardware SIP phones you will probably want to set up TFTP.

yum -y install tftp-server
nano /etc/xinetd.d/tftp
change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot
change disable=yes
to disable=no
mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd
firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload
MPG123

This is used in combination with sox to convert uploaded mp3 files to Asterisk compatible wav files.

cd /usr/src
wget http://ufpr.dl.sourceforge.net/project/mpg123/mpg123/1.22.4/mpg123-1.22.4.tar.bz2
tar -xjvf mpg123*
cd mpg123*/
./configure --prefix=/usr --libdir=/usr/lib64 && make && make install && ldconfig
Digum addons

To register digium® licenses.

cd /usr/src
wget http://downloads.digium.com/pub/register/linux/register
chmod +x register
./register

To install the individual addons refer to the README files and ignore the register instructions.

Password protect http access

A simple way to block scanners looking for exploits on apache web servers.

mkdir -p /usr/local/apache/passwd
htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername
htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername
nano /var/www/html/.htaccess
# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user

Alternatively, the above .htaccess config can be added to /etc/httpd/conf/httpd.conf or as a separate file in /etc/httpd/conf.d/ as follows.

<Directory /var/www/html>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
</Directory>
Whitelist protect http access

If http access is only required from certain IP addresses.
NOTE: Apache 2.4 以後才支援這功能
Edit /etc/httpd/conf.d/whitelist.conf

<Location />
 <RequireAny>
 ## Uncomment the following line to disable the whitelist
 #Require all granted
 Require ip x.x.x.x
 Require ip x.x.x.x x.x.x.x x.x.x.x
 Require ip x.x
 Require ip x.x.x.0/255.255.255.0
 Require host somedomain.com
 #
 ## See http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html for more examples
 #
 </RequireAny>
</Location>

舊版 Apache 設定
NOTE:確定網站目錄有 AllowOverride All 設定
.htaccess:

order deny,allow
deny from all
# Alang's IPs
allow from 123.123.123.1
allow from 111.222.222.2
allow from 192.168.99.
G.729 Codec

OSS Endpoint Manager

Installation

Incredible PBX 2027

cd /var/www/html/admin/modules
wget http://incrediblepbx.com/ossepm16.tgz
tar zxvf ossepm16.tgz
rm -f ossepm16.tgz
rm -f /tmp/*
fwconsole ma install endpointman
fwconsole reload

ossepm-module.png

Configuration

Package Server

FreePBX GUI > Settings > OSS Endpoint Manager > Settings 

FreePBX GUI > Settings > OSS Endpoint Manager > Package Manager

如果沒出現更新視窗,檢查網路狀態或稍後再試。

ossepm-update_package.png

Additional brands (Grandstream & Yeallink V80)

FreePBX GUI > Settings > OSS Endpoint Manager > Settings > Package Import/Export

ossepm-yealinkV80.png

IP & NTP & Type

FreePBX GUI > Settings > OSS Endpoint Manager > Settings

如果以後有修改 Settings 的內容,或者 Template Editor,完成變更後,還要到 Extension Mapping,選擇 Selected Phone Options 或者 Global Phone Options,按下 Rebuild,這樣才會套用更新到所有裝置的佈署檔。

Extension Provisioning

Add Device: Linksys PAP2T

FreePBX GUI > Settings > OSS Endpoint Manager > Package Manager

Create Template: my-pap2t

注意:預設的部署檔會將 PAP2T 的管理網頁界面關閉,新增一個部署設定檔 my-pap2t。

技巧:如果 template 內容如果有修改過,必須到 Extension Mapping 選擇分機後,重新執行一次 Save,這樣新的設定才會被套用。

FreePBX GUI > Settings > OSS Endpoint Manager > Template Manager

Edit the template: my-pap2t

注意:編輯 template 時,不要使用 Edit Global Setting Overrides,這個可能會弄壞 template。如果不小心 弄壞 template,只要將 template 移除後重建即可。

技巧:template 或者原始設定檔 (spa$mac.xml) 有修改過參數,要如何在設備部署前做驗證?以 HTTP 為例,瀏覽這段網址 http://freepbx-ip-addr/provisioning/p.php/spaxxxxxxx.xml,xxxxxxx 是設備的 MAC address (必須是小寫),可以下載部署設定檔。 

Extension Mapping

FreePBX GUI > Settings > OSS Endpoint Manager > Extension Mapping

PAP2T 設置

登入 PAP2T 管理界面 (advanced view) > Provisioning

須重啟電源才會重新部署新設定。

Provisioning Template Files

SPA-3102/PAP2T

File: spa$mac.xml

將檔案複製到目錄 /var/www/html/admin/modules/_ep_phone_modules/endpoint/cisco/linksysata/ 

修正內容:

  1. 移除日光節約的時間設定
  2. 移除 LAN 關閉 DHCP(SPA3102 必須啟用)
  3. 移除部署主機位址的設定(目前只能支援 tftp 方式)