Archive for the ‘VOIP’ Category
Install freeswitch 1.10.12 on debian12
root@san:~# apt-get update && sudo apt upgrade -y
root@san:~# apt-get install -y git build-essential autoconf automake libtool-bin g++ python3-dev uuid-dev zlib1g-dev libjpeg-dev libncurses5-dev libssl-dev libpcre3-dev libdb-dev libsndfile1-dev libedit-dev libldns-dev libcurl4-openssl-dev libpq-dev libspeex-dev libspeexdsp-dev libsqlite3-dev libopus-dev libsndfile1-dev libtiff-dev libavformat-dev libswscale-dev liblua5.2-dev liblua5.3-dev libmpg123-dev libpq-dev libvpx-dev libopusfile-dev libshout3-dev libfreeimage-dev libyuv-dev libx264-dev cmake pkg-config libbroadvoice16-dev libsilk-dev libflite1-dev libilbc-dev libgsm1-dev libopenh264-dev unzip wget libswresample-dev
E: Package ‘libavresample-dev’ has no installation candidate
แพ็กเกจ libavresample-dev ถูกลบออกจาก Debian 12 (Bookworm) เนื่องจาก FFmpeg ได้เลิกใช้ libavresample แล้ว
apt install libswresample-dev
Download Freeswitch
https://files.freeswitch.org/freeswitch-releases/
root@san:~# cd /usr/src
root@san:/usr/src# wget https://files.freeswitch.org/freeswitch-releases/freeswitch-1.10.12.-release.tar.gz
root@san:/usr/src# tar xvf freeswitch-1.10.12.-release.tar.gz
root@san:/usr/src# cd freeswitch-1.10.12.-release
root@san:/usr/src/freeswitch-1.10.12.-release# ./rebootstrap.sh
เปืด Modules ที่ต้องการที่จะใช้งาน
root@san:/usr/src/freeswitch-1.10.12.-release# nano modules.conf
say/mod_say_th
databases/mod_mariadb
root@san:/usr/src/freeswitch-1.10.12.-release# ./configure –prefix=/usr/local/freeswitch –enable-core-pgsql-support
root@san:/usr/src/freeswitch-1.10.12.-release# make -j$(nproc)
make[4]: Entering directory ‘/usr/src/freeswitch-1.10.12.-release/src/mod/applications/mod_spandsp’
CC mod_spandsp_la-mod_spandsp.lo
CC mod_spandsp_la-udptl.lo
CC mod_spandsp_la-mod_spandsp_fax.lo
CC mod_spandsp_la-mod_spandsp_dsp.lo
mod_spandsp_dsp.c: In function ‘get_v18_mode’:
mod_spandsp_dsp.c:159:17: error: ‘V18_MODE_5BIT_4545’ undeclared (first use in this function)
159 | int r = V18_MODE_5BIT_4545;
| ^~~~~~~~~~~~~~~~~~
mod_spandsp_dsp.c:159:17: note: each undeclared identifier is reported only once for each function it appears in
mod_spandsp_dsp.c:165:29: error: ‘V18_MODE_5BIT_50’ undeclared (first use in this function)
165 | r = V18_MODE_5BIT_50;
| ^~~~~~~~~~~~~~~~
mod_spandsp_dsp.c: In function ‘spandsp_tdd_send_session’:
mod_spandsp_dsp.c:216:21: error: too few arguments to function ‘v18_init’
216 | tdd_state = v18_init(NULL, TRUE, get_v18_mode(session), V18_AUTOMODING_GLOBAL, put_text_msg, NULL);
| ^~~~~~~~
In file included from /usr/local/include/spandsp.h:114,
from mod_spandsp.h:50,
from mod_spandsp_dsp.c:36:
/usr/local/include/spandsp/v18.h:138:29: note: declared here
138 | SPAN_DECLARE(v18_state_t *) v18_init(v18_state_t *s,
| ^~~~~~~~
mod_spandsp_dsp.c: In function ‘spandsp_tdd_encode_session’:
mod_spandsp_dsp.c:263:26: error: too few arguments to function ‘v18_init’
263 | pvt->tdd_state = v18_init(NULL, TRUE, get_v18_mode(session), V18_AUTOMODING_GLOBAL, put_text_msg, NULL);
| ^~~~~~~~
/usr/local/include/spandsp/v18.h:138:29: note: declared here
138 | SPAN_DECLARE(v18_state_t *) v18_init(v18_state_t *s,
| ^~~~~~~~
mod_spandsp_dsp.c: In function ‘spandsp_tdd_decode_session’:
mod_spandsp_dsp.c:341:26: error: too few arguments to function ‘v18_init’
341 | pvt->tdd_state = v18_init(NULL, FALSE, get_v18_mode(session), V18_AUTOMODING_GLOBAL, put_text_msg, pvt);
| ^~~~~~~~
/usr/local/include/spandsp/v18.h:138:29: note: declared here
138 | SPAN_DECLARE(v18_state_t *) v18_init(v18_state_t *s,
ที่เป็นแบบนี้เพราะ Module mod_spandsp มี BUG ที่แก้ไขแล้วแต่ไม่ได้แก้ไขที่ Code Release จะต้องทำการ patch ก่อน
https://github.com/zenthangplus/ansible-role-fsmrf/blob/9a73a47bfa19a485ddfc10f496bfc2041594f552/files/mod_spandsp_dsp.c.patch
root@san:/usr/src/freeswitch-1.10.12.-release# cd src/mod/applications/mod_spandsp/
root@san:/usr/src/freeswitch-1.10.12.-release/src/mod/applications/mod_spandsp# wget https://raw.githubusercontent.com/zenthangplus/ansible-role-fsmrf/9a73a47bfa19a485ddfc10f496bfc2041594f552/files/mod_spandsp_dsp.c.patch
root@san:/usr/src/freeswitch-1.10.12.-release/src/mod/applications/mod_spandsp# root@san:/usr/src/freeswitch-1.10.12.-release/src/mod/applications/mod_spandsp# patch -p0 < mod_spandsp_dsp.c.patch ลอง make ดู root@san:/usr/src/freeswitch-1.10.12.-release/src/mod/applications/mod_spandsp# make ถ้าไม่มี error ก็กลับไปลอง สั่ง make freeswitch ใหม่ root@san:/usr/src/freeswitch-1.10.12.-release/src/mod/applications/mod_spandsp# cd /usr/src/freeswitch-1.10.12.-release root@san:/usr/src/freeswitch-1.10.12.-release# make clean ปรับแต่ง Banner root@san:/usr/src/freeswitch-1.10.12.-release# cd libs/esl/ root@san:/usr/src/freeswitch-1.10.12.-release/libs/esl/ee fs_cli.c static const char *banner =”YOUR BANNER email@mydomain.com”; root@san:/usr/src/freeswitch-1.10.12.-release/libs/esl# cd /usr/src/freeswitch-1.10.12.-release/src/include/ root@san:/usr/src/freeswitch-1.10.12.-release/src/include# mv cc.h cc.bak root@san:/usr/src/freeswitch-1.10.12.-release/src/include# nano cc.h const char *cc = “”; const char *cc_s = “”; root@san:/usr/src/freeswitch-1.10.12.-release/src/include# cd ../../ root@san:/usr/src/freeswitch-1.10.12.-release# ./configure –prefix=/usr/local/freeswitch –enable-core-pgsql-support root@san:/usr/src/freeswitch-1.10.12.-release# make install tab >q. กด Y
root@san:/usr/src/freeswitch-1.10.12.-release# make cd-sounds-install && make cd-moh-install && make uhd-sounds-install && make uhd-moh-install && make hd-sounds-install && make hd-moh-install && make sounds-install && make moh-install
root@san:/usr/src/freeswitch# make samples
root@san:/usr/local/freeswitch/conf/autoload_configs# cp event_socket.conf.xml event_socket.conf.orig
root@san:/usr/local/freeswitch/conf/autoload_configs# nano event_socket.conf.xml
<configuration name=”event_socket.conf” description=”Socket Client”>
<settings>
<param name=”listen-ip” value=”0.0.0.0″/>
<param name=”listen-port” value=”8021″/>
<param name=”password” value=”(YourPass)”/>
<!–<param name=”apply-inbound-acl” value=”loopback.auto”/>–>
<!–<param name=”stop-on-bind-error” value=”true”/>–>
</settings>
</configuration>
root@san:/etc# nano /etc/fs_cli.conf
[default]
; Put me in /etc/fs_cli.conf or ~/.fs_cli_conf
key_f1 => help
key_f2 => status
key_f3 => show channels
key_f4 => show calls
key_f5 => sofia status
key_f6 => reloadxml
key_f7 => /log console
key_f8 => /log debug
key_f9 => sofia status profile internal
key_f10 => fsctl pause
key_f11 => fsctl resume
key_f12 => version
[default]
profile => (Your Profile Name)
host => 127.0.0.1
port => 8021
password => (YourPass)
debug => 2
loglevel => debug
root@san:/etc# cd /usr/local/freeswitch/bin
root@san:/usr/local/freeswitch/bin# ln -s /usr/local/freeswitch/bin/freeswitch /bin/freeswitch
root@san:/usr/local/freeswitch/bin# ln -s /usr/local/freeswitch/bin/fs_cli /bin/fs_cli
root@san:/usr/local/freeswitch/bin# cd /usr/local/freeswitch/conf/
root@san:/usr/local/freeswitch/conf# cp vars.xml vars.orig
root@san:/usr/local/freeswitch/conf# nano vars.xml
<X-PRE-PROCESS cmd=”set” data=”ChangeDefaultPasswordToYourPassword”/>
Goto
FreeSWICH will default to $${local_ip_v4} unless changed. Changing this setting does
affect the sip authentication. Please review conf/directory/default.xml for more
information on this topic.
<!– Specific Macro Variables for Networking –>
<X-PRE-PROCESS cmd=”set” data=”domain=yourdomain.com”/>
<X-PRE-PROCESS cmd=”set” data=”local_ip_v4=(Your_IP_Address)”/>
<X-PRE-PROCESS cmd=”set” data=”local_mask_v4=(Your_Netmask)”/>
<X-PRE-PROCESS cmd=”set” data=”internet_public_ip_v4=(Your_Public_IP_Address)”/>
<X-PRE-PROCESS cmd=”set” data=”hostname=PBX”/>
<X-PRE-PROCESS cmd=”set” data=”session_name=PBX”/
<X-PRE-PROCESS cmd=”stun-set” data=”external_rtp_ip=(Your_Public_IP_Address)”/>
<X-PRE-PROCESS cmd=”stun-set” data=”external_sip_ip=(Your_Public_IP_Address)”/>
<X-PRE-PROCESS cmd=”set” data=”outbound_caller_name=(Your_Outbound_Number)”/>
<X-PRE-PROCESS cmd=”set” data=”outbound_caller_id=(Your_Outbound_Number)”/>
Save:Exit
ถ้ายังไม่มี freeswitch Start Script ให้ลอง Start ด้วย Command นี้ดู
root@san:# freeswitch -nonat -nc &
และลอง ใช้คำสั่ง netstat -lntup เพื่อดู freeswitch process
ลองใช้ fs_cli เพื่อเข้า console ดู
root@san:/usr/local/freeswitch/conf/autoload_configs# fs_cli
pbx.omtel.ltd teee@khun-teee.com
Type /help to see a list of commands
[This app Best viewed at 160×60 or more..]
+OK log level [7]
root@san:/usr/local/freeswitch/conf# nano /etc/systemd/system/freeswitch.service
[Unit]
Description=FreeSWITCH
After=network.target
[Service]
User=root
Group=root
WorkingDirectory=/usr/local/freeswitch
ExecStart=/usr/local/freeswitch/bin/freeswitch -u root -g root -nonat -nc
Restart=always
LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
LimitSTACK=24000000
LimitRTPRIO=99
LimitRTTIME=7000000
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUQuota=80%
CPUSchedulingPolicy=rr
CPUSchedulingPriority=89
[Install]
WantedBy=multi-user.target
root@san:/usr/local/freeswitch/conf# sudo systemctl enable freeswitch
Install FreePBX 17 on Debian 12 with Asterisk 21
Install FreePBX 17 on Debian 12 with Asterisk 21
Ref : https://sangomakb.atlassian.net/wiki/spaces/FP/pages/10682545/How+to+Install+FreePBX+17+on+Debian+12+with+Asterisk+21
โปรแกรมที่เกี่ยวข้อง
1.FreePBX17
2.Asterisk21
3.PHP 8.2
4.Maria DB (v10.11)
5.Node JS (v18.16)
6.64-bit Intel/AMD (x86_64) platform
7.Linux Debian12 6.1.112-1 (2024-09-30)
1.Prerequisite recommended OS update
root@fs:/home/tee# apt-get update
root@fs:/home/tee# apt-get upgrade
root@fs:/home/tee# apt -y install build-essential git curl wget libnewt-dev libssl-dev libncurses5-dev subversion libsqlite3-dev libjansson-dev libxml2-dev uuid-dev default-libmysqlclient-dev htop sngrep lame ffmpeg mpg123
root@fs:/home/tee# apt-get install -y locales
root@fs:/home/tee# sed -i ‘s/^# *\(en_US.UTF-8\)/\1/’ /etc/locale.gen
root@fs:/home/tee# locale-gen
Generating locales (this might take a while)…
en_US.UTF-8… done
Generation complete.
root@fs:/home/tee# echo “export LC_ALL=en_US.UTF-8” >> ~/.bashrc
root@fs:/home/tee# echo “export LANG=en_US.UTF-8” >> ~/.bashrc
root@fs:/home/tee# echo “export LANGUAGE=en_US.UTF-8” >> ~/.bashrc
root@fs:/home/tee# locale -a
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8): No such file or directory
root@fs:/home/tee# nano /etc/default/locale
LANG=C.UTF-8
LC_CTYPE=en_US.UTF-8
LC_ALL=en_US.UTF-8
root@fs:/home/tee# locale -a
root@fs:/home/tee# apt -y install git vim curl wget libnewt-dev libssl-dev libncurses5-dev subversion libsqlite3-dev build-essential libjansson-dev libxml2-dev uuid-dev expect
2.PHP 8.2 Installation
root@fs:/home/tee# apt-get install -y build-essential linux-headers-`uname -r` openssh-server apache2 mariadb-server mariadb-client bison flex php8.2 php8.2-curl php8.2-cli php8.2-common php8.2-mysql php8.2-gd php8.2-mbstring php8.2-intl php8.2-xml php-pear curl sox libncurses5-dev libssl-dev mpg123 libxml2-dev libnewt-dev sqlite3 libsqlite3-dev pkg-config automake libtool autoconf git unixodbc-dev uuid uuid-dev libasound2-dev libogg-dev libvorbis-dev libicu-dev libcurl4-openssl-dev odbc-mariadb libical-dev libneon27-dev libsrtp2-dev libspandsp-dev sudo subversion libtool-bin python-dev-is-python3 unixodbc vim wget libjansson-dev software-properties-common nodejs npm ipset iptables fail2ban php-soap
root@fs:/home/tee# php -v
PHP 8.2.26 (cli) (built: Nov 25 2024 17:21:51) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.26, Copyright (c) Zend Technologies
with Zend OPcache v8.2.26, Copyright (c), by Zend Technologies
3.Asterisk Installation
root@fs:/home/tee# cd /usr/src
root@fs:/usr/src# wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21-current.tar.gz
root@fs:/usr/src# tar xvf asterisk-21-current.tar.gz
root@fs:/usr/src# cd asterisk-21*/
root@fs:/usr/src/asterisk-21.6.0#
root@fs:/usr/src/asterisk-21.6.0# contrib/scripts/get_mp3_source.sh
A addons/mp3
A addons/mp3/layer3.c
A addons/mp3/interface.c
A addons/mp3/MPGLIB_TODO
A addons/mp3/mpg123.h
A addons/mp3/mpglib.h
A addons/mp3/decode_ntom.c
A addons/mp3/MPGLIB_README
A addons/mp3/common.c
A addons/mp3/huffman.h
A addons/mp3/tabinit.c
A addons/mp3/Makefile
A addons/mp3/README
A addons/mp3/decode_i386.c
A addons/mp3/dct64_i386.c
Exported revision 204.
root@fs:/usr/src/asterisk-21.6.0# contrib/scripts/install_prereq install
root@fs:/usr/src/asterisk-21.6.0# ./configure –libdir=/usr/lib64 –with-pjproject-bundled –with-jansson-bundled
root@fs:/usr/src/asterisk-21.6.0# make menuselect
root@fs:/usr/src/asterisk-21.6.0# make
root@fs:/usr/src/asterisk-21.6.0# make install
root@fs:/usr/src/asterisk-21.6.0# make samples
root@fs:/usr/src/asterisk-21.6.0# make config
root@fs:/usr/src/asterisk-21.6.0# ldconfig
Create asterisk user and give permission
root@fs:/usr/src/asterisk-21.6.0# groupadd asterisk
root@fs:/usr/src/asterisk-21.6.0# useradd -r -d /var/lib/asterisk -g asterisk asterisk
root@fs:/usr/src/asterisk-21.6.0# usermod -aG audio,dialout asterisk
root@fs:/usr/src/asterisk-21.6.0# chown -R asterisk:asterisk /etc/asterisk
root@fs:/usr/src/asterisk-21.6.0# chown -R asterisk:asterisk /var/{lib,log,spool}/asterisk
root@fs:/usr/src/asterisk-21.6.0# chown -R asterisk:asterisk /usr/lib64/asterisk
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s|#AST_USER|AST_USER|’ /etc/default/asterisk
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s|#AST_GROUP|AST_GROUP|’ /etc/default/asterisk
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s|;runuser|runuser|’ /etc/asterisk/asterisk.conf
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s|;rungroup|rungroup|’ /etc/asterisk/asterisk.conf
root@fs:/usr/src/asterisk-21.6.0# echo “/usr/lib64” >> /etc/ld.so.conf.d/x86_64-linux-gnu.conf
root@fs:/usr/src/asterisk-21.6.0# ldconfig
4.Configure Apache web server
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s/\(^upload_max_filesize = \).*/\120M/’ /etc/php/8.2/apache2/php.ini
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s/\(^memory_limit = \).*/\1256M/’ /etc/php/8.2/apache2/php.ini
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s/^\(User\|Group\).*/\1 asterisk/’ /etc/apache2/apache2.conf
root@fs:/usr/src/asterisk-21.6.0# sed -i ‘s/AllowOverride None/AllowOverride All/’ /etc/apache2/apache2.conf
root@fs:/usr/src/asterisk-21.6.0# a2enmod rewrite
Enabling module rewrite.
To activate the new configuration, you need to run:
systemctl restart apache2
root@fs:/usr/src/asterisk-21.6.0# systemctl restart apache2
root@fs:/usr/src/asterisk-21.6.0# rm /var/www/html/index.html
5.Configure ODBC
root@fs:/usr/src/asterisk-21.6.0# cat < /etc/odbcinst.ini
[MySQL]
Description = ODBC for MySQL (MariaDB)
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmaodbc.so
FileUsage = 1
EOF
root@fs:/usr/src/asterisk-21.6.0# cat /etc/odbcinst.ini
[MySQL]
Description = ODBC for MySQL (MariaDB)
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmaodbc.so
FileUsage = 1
root@fs:/usr/src/asterisk-21.6.0# cat < /etc/odbc.ini
[MySQL-asteriskcdrdb]
Description = MySQL connection to ‘asteriskcdrdb’ database
Driver = MySQL
Server = localhost
Database = asteriskcdrdb
Port = 3306
Socket = /var/run/mysqld/mysqld.sock
Option = 3
EOF
6.Install FreePBX
root@fs:/usr/src/asterisk-21.6.0# cd /usr/local/src
root@fs:/usr/local/src# wget http://mirror.freepbx.org/modules/packages/freepbx/freepbx-17.0-latest-EDGE.tgz
root@fs:/usr/local/src# tar zxvf freepbx-17.0-latest-EDGE.tgz
root@fs:/usr/local/src# cd /usr/local/src/freepbx/
root@fs:/usr/local/src/freepbx# ./start_asterisk start
STARTING ASTERISK
Asterisk Started
root@fs:/usr/local/src/freepbx# ./install -n
Generating default configurations…
Finished generating default configurations
You have successfully installed FreePBX
7.Get the rest of the modules
root@fs:/usr/local/src/freepbx# fwconsole ma installall
root@fs:/usr/local/src/freepbx# fwconsole reload
Reload Started
Reload Complete
root@fs:/usr/local/src/freepbx# fwconsole restart
Running FreePBX shutdown…
Running Asterisk pre from Core module
Stopping Call Transfer Monitoring Service
Core FastAGI Server is not running
Running Asterisk pre from Ucp module
Stopping UCP Node Server
[->————————–] 1 sec
Stopped UCP Node Server
Shutting down Asterisk Gracefully. Will forcefully kill after 30 seconds.
Press C to Cancel
Press N to shut down NOW
[============================] < 1 sec Running FreePBX startup… Starting Asterisk… [============================] 2 secs Asterisk Started Running Asterisk post from Core module Starting Call Transfer Monitoring Service Stopping Call Transfer Monitoring Service Restarting Call Transfer Monitoring Service Starting Core FastAGI Server…
[->————————–] 1 sec
Started Core FastAGI Server. PID is 95704
Running Asterisk post from Ucp module
Starting UCP Node Server…
[->————————–] < 1 sec
Started UCP Node Server. PID is 95803
8.Set up systemd (startup script)
root@fs:/usr/local/src/freepbx# cat < /etc/systemd/system/freepbx.service
[Unit]
Description=FreePBX VoIP Server
After=mariadb.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/fwconsole start -q
ExecStop=/usr/sbin/fwconsole stop -q
[Install]
WantedBy=multi-user.target
EOF
root@fs:/usr/local/src/freepbx# cat /etc/systemd/system/freepbx.service
[Unit]
Description=FreePBX VoIP Server
After=mariadb.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/fwconsole start -q
ExecStop=/usr/sbin/fwconsole stop -q
[Install]
WantedBy=multi-user.target
root@fs:/usr/local/src/freepbx# systemctl daemon-reload
root@fs:/usr/local/src/freepbx# systemctl enable freepbx
Created symlink /etc/systemd/system/multi-user.target.wants/freepbx.service → /etc/systemd/system/freepbx.service.
9.Goto URL Web Management
Username >
Password >
Email >
System name >
[Submit]
Firewall to Our IPPBX Server
root@fs:/usr/local/src/freepbx# iptables –version
iptables v1.8.9 (nf_tables)
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p tcp –dport 8088 -j ACCEPT # HTTP
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p tcp –dport 22 -j ACCEPT # SSH
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p tcp –dport 443 -j ACCEPT # HTTPS
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p udp –dport 5060 -j ACCEPT # SIP
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p udp –dport 5061 -j ACCEPT # PJSIP
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p udp –dport 10000:20000 -j ACCEPT # RTP
root@fs:/usr/local/src/freepbx# iptables -A INPUT -p udp –dport 5038 -j ACCEPT # AMI
root@fs:/usr/local/src/freepbx# iptables -A INPUT -j DROP
root@fs:/usr/local/src/freepbx# mkdir /etc/iptables/
root@fs:/usr/local/src/freepbx# iptables-save > /etc/iptables/rules.v4
root@fs:/etc/iptables# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4 220 ACCEPT 6 — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
29 2012 ACCEPT 6 — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9696
0 0 ACCEPT 6 — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
892 531K ACCEPT 17 — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060
892 531K ACCEPT 17 — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5061
0 0 ACCEPT 17 — * * 0.0.0.0/0 0.0.0.0/0 udp dpts:10000:20000
0 0 ACCEPT 6 — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5038
2 104 DROP 0 — * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 906 packets, 482K bytes)
pkts bytes target prot opt in out source destination
บันทึกกฎ iptables:
เพื่อให้กฎยังคงอยู่หลังรีบูตระบบ คุณต้องบันทึกกฎ:
root@fs:/etc/fail2ban# apt-get install iptables-persistent -y
root@fs:/etc/iptables# sudo netfilter-persistent save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables save
root@fs:/etc/iptables# sudo netfilter-persistent reload
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
ติดตั้ง Fail2Ban เพื่อเพิ่มความปลอดภัย
Fail2Ban เป็นเครื่องมือช่วยป้องกันการโจมตี Brute Force และ DDoS ผ่านการบล็อก IP ที่ไม่ปลอดภัยอัตโนมัติ โดยเฉพาะกับการโจมตี SIP
root@fs:/etc/fail2ban# sudo nano /etc/fail2ban/jail.local
[DEFAULT]
bantime = 10m
findtime = 10m
maxretry = 5
[sshd]
enabled = true
port = 9696
logpath = /var/log/auth.log
maxretry = 3
[asterisk]
enabled = true
port = 5060,5061
protocol = udp
logpath = /var/log/asterisk/full
maxretry = 5
root@fs:/etc/iptables# systemctl status fail2ban
Install FreePBX 15 on CentOS 7
Ref. https://wiki.freepbx.org/display/FOP/Installing+FreePBX+14+on+CentOS+7
1.Disable SELinux
sed -i ‘s/(^SELINUX=).*/\SELINUX=disabled/’ /etc/sysconfig/selinux
sed -i ‘s/(^SELINUX=).*/\SELINUX=disabled/’ /etc/selinux/config
[root@ippbx selinux]# sestatus
SELinux status: disabled
2.CentOS system and Install Development Tools
[root@ippbx ~]# yum -y groupinstall core base “Development Tools”
[root@ippbx ~]# adduser asterisk -m -c “Asterisk User”
[root@ippbx ~]#yum -y install firewalld
[root@ippbx ~]# systemctl unmask firewalld
[root@ippbx ~]# vi /etc/firewalld/zones/public.xml
[root@ippbx selinux]# firewall-cmd –reload
success
[root@ippbx selinux]# systemctl start firewalld
3.Install other required dependencies
[root@ippbx selinux]# yum -y install dnf lynx tftp-server unixODBC mariadb-server mariadb mysql-connector-odbc httpd ncurses-devel sendmail sendmail-cf newt-devel libxml2-devel libtiff-devel gtk2-devel subversion git wget vim uuid-devel sqlite-devel net-tools gnutls-devel texinfo libuuid-devel libedit-devel
[root@ippbx selinux]# dnf install -y epel-release
[root@ippbx ~]# dnf install -y python3-devel
4.Install MariaDB Database server
[root@ippbx ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@ippbx ~]# systemctl start mariadb
Enter current password for root (enter for none):Enter
Set root password? [Y/n] y
New password:xxxxx
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n]y
Remove test database and access to it? [Y/n]y
Reload privilege tables now? [Y/n] y
[root@ippbx ~]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9696 0.0.0.0:* LISTEN 30039/sshd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 31088/mysqld
tcp6 0 0 :::9696 :::* LISTEN 30039/sshd
5.Installing Node.js
[root@ippbx ~]# curl -sL https://rpm.nodesource.com/setup_12.x | bash –
[root@ippbx ~]# dnf install -y nodejs
[root@ippbx ~]# node -v
v12.22.11
6.Install and configure Apache Web Server
[root@ippbx ~]# yum -y install httpd
[root@ippbx ~]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@ippbx ~]# systemctl start httpd.service
change Apache user to asterisk and turn on AllowOverride option :
[root@ippbx ~]# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_orig
[root@ippbx ~]# sed -i ‘s/^(User|Group).*/\1 asterisk/’ /etc/httpd/conf/httpd.conf
[root@ippbx ~]# sed -i ‘s/AllowOverride None/AllowOverride All/’ /etc/httpd/conf/httpd.conf
[root@ippbx src]# systemctl restart httpd.service
Remove default index.html page
[root@ippbx ~]# rm -f /var/www/html/index.html
7.Install PHP and required extensions
[root@ippbx ~]# yum -y install wget php php-pear php-cgi php-common php-curl php-mbstring php-gd php-mysql php-gettext php-bcmath php-zip php-xml php-imap php-json php-process php-snmp
[root@ippbx ~]# pear install Console_Getopt
8.Download Source
[root@ippbx ~]# cd /usr/src/
[root@ippbx src]# wget http://mirror.freepbx.org/modules/packages/freepbx/freepbx-15.0-latest.tgz
[root@ippbx src]# wget https://ftpmirror.gnu.org/libtool/libtool-2.4.6.tar.gz
[root@ippbx src]# wget http://digip.org/jansson/releases/jansson-2.13.tar.gz
[root@ippbx src]# wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
[root@ippbx src]# wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-current.tar.gz
Install Libtools
[root@ippbx src]# tar xvf libtool-2.4.6.tar.gz
[root@ippbx src]# cd libtool-2.4.6
[root@ippbx libtool-2.4.6]# ./configure
[root@ippbx libtool-2.4.6]# make install
9.Compile and install DAHDI
If you don’t have any physical PSTN hardware attached to this machine, you don’t need to install DAHDI (For example, a T1 or E1 card, or a USB device). Most smaller setups will not have DAHDI hardware, and this step can be safely skipped.
http://downloads.asterisk.org/pub/telephony/
[root@ippbx src]# tar xvf dahdi-linux-complete-current.tar.gz
[root@ippbx src]# cd dahdi-linux-complete-*
[root@ippbx dahdi-linux-complete-3.1.0+3.1.0]# make
make -C linux all
make[1]: Entering directory /usr/src/dahdi-linux-complete-3.1.0+3.1.0/linux' make -C drivers/dahdi/firmware firmware-loaders make[2]: Entering directory
/usr/src/dahdi-linux-complete-3.1.0+3.1.0/linux/drivers/dahdi/firmware’
make[2]: Leaving directory /usr/src/dahdi-linux-complete-3.1.0+3.1.0/linux/drivers/dahdi/firmware' You do not appear to have the sources for the 3.10.0-1160.53.1.el7.x86_64 kernel installed. make[1]: *** [modules] Error 1 make[1]: Leaving directory
/usr/src/dahdi-linux-complete-3.1.0+3.1.0/linux’
make: *** [all] Error 2
Install Development package for building kernel modules to match the kernel
[root@ippbx dahdi-linux-complete-3.1.0+3.1.0]# yum search kernel-*
[root@ippbx dahdi-linux-complete-3.1.0+3.1.0]#reboot
[root@ippbx]# cd /usr/src/dahdi-linux-complete-*
[root@ippbx dahdi-linux-complete-3.1.0+3.1.0]# make install
[root@ippbx dahdi-linux-complete-3.1.0+3.1.0]# make install-config
[root@ippbx dahdi-linux-complete-3.1.0+3.1.0]# cd /usr/src/libpri-1.6.0/
[root@ippbx src]# tar xvf libpri-current.tar.gz
[root@ippbx src]# cd libpri-1.6.0/
[root@ippbx libpri-1.6.0]# make
[root@ippbx libpri-1.6.0]# make install
10.Compile and Install jansson
[root@ippbx libpri-1.6.0]# cd /usr/src
[root@ippbx src]# tar xvf jansson-2.13.tar.gz
[root@ippbx src]# cd jansson-2.13/
[root@ippbx jansson-2.13]# autoreconf -i
[root@ippbx jansson-2.13]# ./configure –libdir=/usr/lib64
[root@ippbx jansson-2.13]# make
make all-recursive
make[1]: Entering directory /usr/src/jansson-2.13' Making all in doc make[2]: Entering directory
/usr/src/jansson-2.13/doc’
make[2]: Nothing to be done for all'. make[2]: Leaving directory
/usr/src/jansson-2.13/doc’
Making all in src
make[2]: Entering directory /usr/src/jansson-2.13/src' /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -Wall -Wextra -Wdeclaration-after-statement -Wshadow -Wno-format-truncation -g -O2 -MT dump.lo -MD -MP -MF .deps/dump.Tpo -c -o dump.lo dump.c libtool: Version mismatch error. This is libtool 2.4.6.42-b88ce-dirty, but the libtool: definition of this LT_INIT comes from libtool 2.4.2. libtool: You should recreate aclocal.m4 with macros from libtool 2.4.6.42-b88ce-dirty libtool: and run autoconf again. make[2]: *** [dump.lo] Error 63 make[2]: Leaving directory
/usr/src/jansson-2.13/src’
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/jansson-2.13′
make: *** [all] Error 2
[root@ippbx jansson-2.13]# autoreconf -fvi
autoreconf: Entering directory .' autoreconf: configure.ac: not using Gettext autoreconf: running: aclocal --force autoreconf: configure.ac: tracing autoreconf: running: libtoolize --copy --force libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR,
.’.
libtoolize: copying file ./ltmain.sh' libtoolize: Consider adding
AC_CONFIG_MACRO_DIR([m4])’ to configure.ac and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding -I m4' to ACLOCAL_AMFLAGS in Makefile.am. autoreconf: running: /usr/bin/autoconf --force autoreconf: running: /usr/bin/autoheader --force autoreconf: running: automake --add-missing --copy --force-missing autoreconf: Leaving directory
.’
[root@ippbx jansson-2.13]# autoreconf -i
libtoolize: Consider adding AC_CONFIG_MACRO_DIR([m4])' to configure.ac and libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree. libtoolize: Consider adding
-I m4′ to ACLOCAL_AMFLAGS in Makefile.am.
[root@ippbx jansson-2.13]# vi configure.ac
AC_CONFIG_MACRO_DIR([m4]) <–Add this line
(save)
[root@ippbx jansson-2.13]# vi Makefile.am
EXTRA_DIST = CHANGES LICENSE README.rst CMakeLists.txt cmake android examples
SUBDIRS = doc src test
ACLOCAL_AMFLAGS = -I m4 <–Add this line
(save)
[root@ippbx jansson-2.13]# autoreconf -i
[root@ippbx jansson-2.13]# ./configure –libdir=/usr/lib64
[root@ippbx jansson-2.13]# make
[root@ippbx jansson-2.13]# make install
[root@ippbx jansson-2.13]# ls /usr/lib64/libjansson.
libjansson.a libjansson.la libjansson.so libjansson.so.4 libjansson.so.4.10.0 libjansson.so.4.12.0
- Compile and install Asterisk
[root@ippbx src]# tar xvf asterisk-16-current.tar.gz
[root@ippbx src]# cd asterisk-*
[root@ippbx asterisk-16.24.1]# contrib/scripts/install_prereq install
[root@ippbx asterisk-16.24.1]# ./configure –libdir=/usr/lib64 –with-pjproject-bundled –with-crypto –with-ssl=ssl –with-srtp
configure: Menuselect build configuration successfully completed.
[root@ippbx asterisk-16.24.1]# make menuselect
Add-On
[x]format_mp3
Applications
[x]app_macro
[Save&Exit]
[root@ippbx asterisk-16.24.1]# make
[root@ippbx asterisk-16.24.1]# contrib/scripts/get_mp3_source.sh
[root@ippbx asterisk-16.24.1]# make install
[root@ippbx asterisk-16.24.1]# make config
[root@ippbx asterisk-16.24.1]# ldconfig
[root@ippbx asterisk-16.24.1]# chkconfig asterisk off
Set Asterisk ownership permissions.
[root@ippbx asterisk-16.24.1]# chown asterisk. /var/run/asterisk
[root@ippbx asterisk-16.24.1]# chown -R asterisk. /etc/asterisk
[root@ippbx asterisk-16.24.1]# chown -R asterisk. /var/{lib,log,spool}/asterisk
[root@ippbx asterisk-16.24.1]# chown -R asterisk. /usr/lib64/asterisk
[root@ippbx asterisk-16.24.1]# chown -R asterisk. /var/www/
Install and Configure FreePBX
Change php maximum file upload size:
[root@ippbx asterisk-16.24.1]# sed -i ‘s/(^upload_max_filesize = )./\120M/’ /etc/php.ini [root@ippbx asterisk-16.24.1]# sed -i ‘s/^(User|Group)./\1 asterisk/’ /etc/httpd/conf/httpd.conf
[root@ippbx asterisk-16.24.1]# sed -i ‘s/AllowOverride None/AllowOverride All/’ /etc/httpd/conf/httpd.conf
[root@ippbx asterisk-16.24.1]# systemctl restart httpd.service
- Install FreePBX.
[root@ippbx asterisk-16.24.1]# cd /usr/src
[root@ippbx src]# tar xvf freepbx-15.0-latest.tgz
[root@ippbx src]# cd freepbx
[root@ippbx freepbx]# ./start_asterisk start
STARTING ASTERISK
Asterisk Started
[root@ippbx freepbx]#netstat -lntup
Show Asterisk Process must started
Check If Asterisk not start
[root@ippbx freepbx]# asterisk -cvvvvv
[Mar 22 03:23:23] ERROR[1954]: logger.c:1985 init_logger: Errors detected in logger.conf. Default console logging is being used.
Asterisk Dynamic Loader Starting:
[Mar 22 03:23:23] WARNING[1954]: loader.c:2224 loader_config_init: ‘modules.conf’ invalid or missing.
[Mar 22 03:23:23] ERROR[1954]: asterisk.c:3935 check_init: Module initialization failed. ASTERISK EXITING!
[root@ippbx asterisk-16.24.1]# cd configs/samples/
[root@ippbx samples]# cp modules.conf.sample /etc/asterisk/modules.conf
[root@ippbx samples]# cp logger.conf.sample /etc/asterisk/logger.conf
[root@ippbx samples]# chown -R asterisk. /etc/asterisk/*
[root@ippbx samples]# asterisk -cvvvvv
Asterisk already running on /var/run/asterisk/asterisk.ctl. Use ‘asterisk -r’ to connect.
[root@ippbx freepbx]# ./install -n –dbuser root –dbpass (YourPassword)
FreePBX Requires PHP Version 5.6 or Higher, you have: 5.4.16
[root@ippbx freepbx]# yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
[root@ippbx freepbx]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
[root@ippbx freepbx]# yum install yum-utils
[root@ippbx freepbx]# yum-config-manager –enable remi-php56
[root@ippbx freepbx]# yum remove php*
[root@ippbx freepbx]# yum install php56w php56w-pdo php56w-mysql php56w-mbstring php56w-pear php56w-process php56w-xml php56w-opcache php56w-ldap php56w-intl php56w-soap Loaded plugins: fastestmirror, langpacks, product-id, search-disabled-repos, subscription-manager
[root@ippbx freepbx]# php -v
[root@ippbx freepbx]# netstat -lntup
IF You have successfully installed FreePBX
Open Web Browser and config your administrator password
http://IPADDRESS/admin/config.php
[root@ippbx modprobe.d]# ee /etc/php.ini
memory_limit = 256M
[root@freepbx freepbx]# fwconsole restart
Install ISSABEL PBX on CENTOS 7
- #yum update
#yum -y install wget
#wget http://repo.issabel.org/issabel4-netinstall.sh - #chmod +x issabel4-netinstall.sh
- #./ issabel4-netinstall.sh