Skip to main content

Things to do after FreePBX installation

Set root's password for MySQL
Log File Rotation

If this is not done the log files will keep growing indefinitely.
Edit /etc/logrotate.d/asterisk

/var/log/asterisk/fail2ban {
 rotate 4
 create 0640 asterisk asterisk
 /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null || true
 su root root

If you plan to use hardware SIP phones you will probably want to set up TFTP.

yum -y install tftp-server
nano /etc/xinetd.d/tftp
change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot
change disable=yes
to disable=no
mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd
firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload

This is used in combination with sox to convert uploaded mp3 files to Asterisk compatible wav files.

cd /usr/src
tar -xjvf mpg123*
cd mpg123*/
./configure --prefix=/usr --libdir=/usr/lib64 && make && make install && ldconfig
Digum addons

To register digium® licenses.

cd /usr/src
chmod +x register

To install the individual addons refer to the README files and ignore the register instructions.

Password protect http access

A simple way to block scanners looking for exploits on apache web servers.

mkdir -p /usr/local/apache/passwd
htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername
htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername
nano /var/www/html/.htaccess
# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user

Alternatively, the above .htaccess config can be added to /etc/httpd/conf/httpd.conf or as a separate file in /etc/httpd/conf.d/ as follows.

<Directory /var/www/html>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
Whitelist protect http access

If http access is only required from certain IP addresses.
NOTE: Apache 2.4 以後才支援這功能
Edit /etc/httpd/conf.d/whitelist.conf

<Location />
 ## Uncomment the following line to disable the whitelist
 #Require all granted
 Require ip x.x.x.x
 Require ip x.x.x.x x.x.x.x x.x.x.x
 Require ip x.x
 Require ip x.x.x.0/
 Require host
 ## See for more examples

舊版 Apache 設定
NOTE:確定網站目錄有 AllowOverride All 設定

order deny,allow
deny from all
# Alang's IPs
allow from
allow from
allow from 192.168.99.