Install FreePBX 17 on Debian 12 with Asterisk 21
Install FreePBX 17 on Debian 12 with Asterisk 21
Ref : https://sangomakb.atlassian.net/wiki/spaces/FP/pages/10682545/How+to+Install+FreePBX+17+on+Debian+12+with+Asterisk+21
โปรแกรมที่เกี่ยวข้อง
1.FreePBX17
2.Asterisk21
3.PHP 8.2
4.Maria DB (v10.11)
5.Node JS (v18.16)
6.64-bit Intel/AMD (x86_64) platform
7.Linux Debian12 6.1.112-1 (2024-09-30)
1.Prerequisite recommended OS update
root@fs:/home/tee# apt-get update
root@fs:/home/tee# apt-get upgrade
root@fs:/home/tee# apt -y install build-essential git curl wget libnewt-dev libssl-dev libncurses5-dev subversion libsqlite3-dev libjansson-dev libxml2-dev uuid-dev default-libmysqlclient-dev htop sngrep lame ffmpeg mpg123
root@fs:/home/tee# apt-get install -y locales
root@fs:/home/tee# sed -i ‘s/^# *\(en_US.UTF-8\)/\1/’ /etc/locale.gen
root@fs:/home/tee# locale-gen
Generating locales (this might take a while)…
en_US.UTF-8… done
Generation complete.
root@fs:/home/tee# echo “export LC_ALL=en_US.UTF-8” >> ~/.bashrc
root@fs:/home/tee# echo “export LANG=en_US.UTF-8” >> ~/.bashrc
root@fs:/home/tee# echo “export LANGUAGE=en_US.UTF-8” >> ~/.bashrc
root@fs:/home/tee# locale -a
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8): No such file or directory
root@fs:/home/tee# nano /etc/default/locale
LANG=C.UTF-8
LC_CTYPE=en_US.UTF-8
LC_ALL=en_US.UTF-8
root@fs:/home/tee# locale -a
root@fs:/home/tee# apt -y install git vim curl wget libnewt-dev libssl-dev libncurses5-dev subversion libsqlite3-dev build-essential libjansson-dev libxml2-dev uuid-dev expect
2.PHP 8.2 Installation
root@fs:/home/tee# apt-get install -y build-essential linux-headers-`uname -r` openssh-server apache2 mariadb-server mariadb-client bison flex php8.2 php8.2-curl php8.2-cli php8.2-common php8.2-mysql php8.2-gd php8.2-mbstring php8.2-intl php8.2-xml php-pear curl sox libncurses5-dev libssl-dev mpg123 libxml2-dev libnewt-dev sqlite3 libsqlite3-dev pkg-config automake libtool autoconf git unixodbc-dev uuid uuid-dev libasound2-dev libogg-dev libvorbis-dev libicu-dev libcurl4-openssl-dev odbc-mariadb libical-dev libneon27-dev libsrtp2-dev libspandsp-dev sudo subversion libtool-bin python-dev-is-python3 unixodbc vim wget libjansson-dev software-properties-common nodejs npm ipset iptables fail2ban php-soap
root@fs:/home/tee# php -v
PHP 8.2.26 (cli) (built: Nov 25 2024 17:21:51) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.26, Copyright (c) Zend Technologies
with Zend OPcache v8.2.26, Copyright (c), by Zend Technologies
3.Asterisk Installation
root@fs:/home/tee# cd /usr/src
root@fs:/usr/src# wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21-current.tar.gz
root@fs:/usr/src# tar xvf asterisk-21-current.tar.gz
root@fs:/usr/src# cd asterisk-21*/
root@fs:/usr/src/asterisk-21.6.0#
root@fs:/usr/src/asterisk-21.6.0# contrib/scripts/get_mp3_source.sh
A addons/mp3
A addons/mp3/layer3.c
A addons/mp3/interface.c
A addons/mp3/MPGLIB_TODO
A addons/mp3/mpg123.h
A addons/mp3/mpglib.h
A addons/mp3/decode_ntom.c
A addons/mp3/MPGLIB_README
A addons/mp3/common.c
A addons/mp3/huffman.h
A addons/mp3/tabinit.c
A addons/mp3/Makefile
A addons/mp3/README
A addons/mp3/decode_i386.c
A addons/mp3/dct64_i386.c
Exported revision 204.
root@fs:/usr/src/asterisk-21.6.0# contrib/scripts/install_prereq install
root@fs:/usr/src/asterisk-21.6.0# ./configure –libdir=/usr/lib64 –with-pjproject-bundled –with-jansson-bundled
root@fs:/usr/src/asterisk-21.6.0# make menuselect
root@fs:/usr/src/asterisk-21.6.0# make
root@fs:/usr/src/asterisk-21.6.0# make install
root@fs:/usr/src/asterisk-21.6.0# make samples
root@fs:/usr/src/asterisk-21.6.0# make config
root@fs:/usr/src/asterisk-21.6.0# ldconfig
Create asterisk user and give permission
root@fs:/usr/src/asterisk-21.6.0# groupadd asterisk
root@fs:/usr/src/asterisk-21.6.0# useradd -r -d /var/lib/asterisk -g asterisk asterisk
root@fs:/usr/src/asterisk-21.6.0# usermod -aG audio,dialout asterisk
root@fs:/usr/src/asterisk-21.6.0# chown -R asterisk:asterisk /etc/asterisk
root@fs:/usr/src/asterisk-21.6.0# chown -R asterisk:asterisk /var/{lib,log,spool}/asterisk
root@fs:/usr/src/asterisk-21.6.0# chown -R asterisk:asterisk /usr/lib64/asterisk
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s|#AST_USER|AST_USER|’ /etc/default/asterisk
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s|#AST_GROUP|AST_GROUP|’ /etc/default/asterisk
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s|;runuser|runuser|’ /etc/asterisk/asterisk.conf
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s|;rungroup|rungroup|’ /etc/asterisk/asterisk.conf
root@fs:/usr/src/asterisk-21.6.0# echo “/usr/lib64” >> /etc/ld.so.conf.d/x86_64-linux-gnu.conf
root@fs:/usr/src/asterisk-21.6.0# ldconfig
4.Configure Apache web server
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s/\(^upload_max_filesize = \).*/\120M/’ /etc/php/8.2/apache2/php.ini
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s/\(^memory_limit = \).*/\1256M/’ /etc/php/8.2/apache2/php.ini
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s/^\(User\|Group\).*/\1 asterisk/’ /etc/apache2/apache2.conf
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s/AllowOverride None/AllowOverride All/’ /etc/apache2/apache2.conf
root@fs:/usr/src/asterisk-21.6.0# a2enmod rewrite
Enabling module rewrite.
To activate the new configuration, you need to run:
systemctl restart apache2
root@fs:/usr/src/asterisk-21.6.0# systemctl restart apache2
root@fs:/usr/src/asterisk-21.6.0# rm /var/www/html/index.html
5.Configure ODBC
root@fs:/usr/src/asterisk-21.6.0# cat < /etc/odbcinst.ini
[MySQL]
Description = ODBC for MySQL (MariaDB)
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmaodbc.so
FileUsage = 1
EOF
root@fs:/usr/src/asterisk-21.6.0# cat /etc/odbcinst.ini
[MySQL]
Description = ODBC for MySQL (MariaDB)
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmaodbc.so
FileUsage = 1
root@fs:/usr/src/asterisk-21.6.0# cat < /etc/odbc.ini
[MySQL-asteriskcdrdb]
Description = MySQL connection to ‘asteriskcdrdb’ database
Driver = MySQL
Server = localhost
Database = asteriskcdrdb
Port = 3306
Socket = /var/run/mysqld/mysqld.sock
Option = 3
EOF
6.Install FreePBX
root@fs:/usr/src/asterisk-21.6.0# cd /usr/local/src
root@fs:/usr/local/src# wget http://mirror.freepbx.org/modules/packages/freepbx/freepbx-17.0-latest-EDGE.tgz
root@fs:/usr/local/src# tar zxvf freepbx-17.0-latest-EDGE.tgz
root@fs:/usr/local/src# cd /usr/local/src/freepbx/
root@fs:/usr/local/src/freepbx# ./start_asterisk start
STARTING ASTERISK
Asterisk Started
root@fs:/usr/local/src/freepbx# ./install -n
Generating default configurations…
Finished generating default configurations
You have successfully installed FreePBX
7.Get the rest of the modules
root@fs:/usr/local/src/freepbx# fwconsole ma installall
root@fs:/usr/local/src/freepbx# fwconsole reload
Reload Started
Reload Complete
root@fs:/usr/local/src/freepbx# fwconsole restart
Running FreePBX shutdown…
Running Asterisk pre from Core module
Stopping Call Transfer Monitoring Service
Core FastAGI Server is not running
Running Asterisk pre from Ucp module
Stopping UCP Node Server
[->————————–] 1 sec
Stopped UCP Node Server
Shutting down Asterisk Gracefully. Will forcefully kill after 30 seconds.
Press C to Cancel
Press N to shut down NOW
[============================] < 1 sec Running FreePBX startup… Starting Asterisk… [============================] 2 secs Asterisk Started Running Asterisk post from Core module Starting Call Transfer Monitoring Service Stopping Call Transfer Monitoring Service Restarting Call Transfer Monitoring Service Starting Core FastAGI Server…
[->————————–] 1 sec
Started Core FastAGI Server. PID is 95704
Running Asterisk post from Ucp module
Starting UCP Node Server…
[->————————–] < 1 sec
Started UCP Node Server. PID is 95803
8.Set up systemd (startup script)
root@fs:/usr/local/src/freepbx# cat < /etc/systemd/system/freepbx.service
[Unit]
Description=FreePBX VoIP Server
After=mariadb.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/fwconsole start -q
ExecStop=/usr/sbin/fwconsole stop -q
[Install]
WantedBy=multi-user.target
EOF
root@fs:/usr/local/src/freepbx# cat /etc/systemd/system/freepbx.service
[Unit]
Description=FreePBX VoIP Server
After=mariadb.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/fwconsole start -q
ExecStop=/usr/sbin/fwconsole stop -q
[Install]
WantedBy=multi-user.target
root@fs:/usr/local/src/freepbx# systemctl daemon-reload
root@fs:/usr/local/src/freepbx# systemctl enable freepbx
Created symlink /etc/systemd/system/multi-user.target.wants/freepbx.service → /etc/systemd/system/freepbx.service.
9.Goto URL Web Management
Username >
Password >
Email >
System name >
[Submit]
Firewall to Our IPPBX Server
root@fs:/usr/local/src/freepbx# iptables –version
iptables v1.8.9 (nf_tables)
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p tcp –dport 8088 -j ACCEPT # HTTP
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p tcp –dport 22 -j ACCEPT # SSH
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p tcp –dport 443 -j ACCEPT # HTTPS
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p udp –dport 5060 -j ACCEPT # SIP
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p udp –dport 5061 -j ACCEPT # PJSIP
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p udp –dport 10000:20000 -j ACCEPT # RTP
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p udp –dport 5038 -j ACCEPT # AMI
root@fs:/usr/local/src/freepbx# iptables -A INPUT -j DROP
root@fs:/usr/local/src/freepbx# mkdir /etc/iptables/
root@fs:/usr/local/src/freepbx# iptables-save > /etc/iptables/rules.v4
root@fs:/etc/iptables# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4 220 ACCEPT 6 — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
29 2012 ACCEPT 6 — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9696
0 0 ACCEPT 6 — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
892 531K ACCEPT 17 — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060
892 531K ACCEPT 17 — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5061
0 0 ACCEPT 17 — * * 0.0.0.0/0 0.0.0.0/0 udp dpts:10000:20000
0 0 ACCEPT 6 — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5038
2 104 DROP 0 — * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 906 packets, 482K bytes)
pkts bytes target prot opt in out source destination
บันทึกกฎ iptables:
เพื่อให้กฎยังคงอยู่หลังรีบูตระบบ คุณต้องบันทึกกฎ:
root@fs:/etc/fail2ban# apt-get install iptables-persistent -y
root@fs:/etc/iptables# sudo netfilter-persistent save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables save
root@fs:/etc/iptables# sudo netfilter-persistent reload
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
ติดตั้ง Fail2Ban เพื่อเพิ่มความปลอดภัย
Fail2Ban เป็นเครื่องมือช่วยป้องกันการโจมตี Brute Force และ DDoS ผ่านการบล็อก IP ที่ไม่ปลอดภัยอัตโนมัติ โดยเฉพาะกับการโจมตี SIP
root@fs:/etc/fail2ban# sudo nano /etc/fail2ban/jail.local
[DEFAULT]
bantime = 10m
findtime = 10m
maxretry = 5
[sshd]
enabled = true
port = 9696
logpath = /var/log/auth.log
maxretry = 3
[asterisk]
enabled = true
port = 5060,5061
protocol = udp
logpath = /var/log/asterisk/full
maxretry = 5
root@fs:/etc/iptables# systemctl status fail2ban