Пошаговая инструкция для установки программной PBX Asterisk 16.5.1 и панели управления FreePBX версии 14 на CentOS 7.6.1810

Условия:

Система CentOS установлена и имеет доступ в интернет.

Подготовка

1. # yum -y update

2. Выключить SELinux:

   # sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/sysconfig/selinux
   # sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config
   

3. # reboot

   Дополнительные репозитарии:

   # yum -y install epel-release

4. # yum -y install net-tools mc make gcc kernel-devel kernel-headers gcc-c++ ncurses-devel jansson-devel libuuid-devel wget httpd fail2ban mariadb-server mariadb mariadb-devel php gnutls-devel crypto-utils openssl-devel gmime gmime-devel spandsp spandsp-devel openldap openldap-devel popt-devel  speex speex-devel libcurl-devel speex-tools svn sqlite-devel mod_ssl php-mysql php-pear-MDB2-Driver-mysqli php-mbstring php-gd php-mcrypt libxml2-devel lame bison audiofile-devel sox php-pear-DB php-posix atop htop telnet mpg123 bzip2 unixODBC unixODBC-devel libtool-ltdl libtool-ltdl-devel git patch libedit-devel autoconf mariadb-connector-odbc
   # yum install https://dl.fedoraproject.org/pub/epel/6/x86_64/Packages/l/libresample-0.1.3-12.el6.x86_64.rpm https://dl.fedoraproject.org/pub/epel/6/x86_64/Packages/l/libresample-devel-0.1.3-12.el6.x86_64.rpm
   # rpm -Uvh http://springdale.math.ias.edu/data/puias/unsupported/7/x86_64//iksemel-1.4-6.sdl7.x86_64.rpm
   # rpm -Uvh http://springdale.math.ias.edu/data/puias/unsupported/7/x86_64//iksemel-devel-1.4-6.sdl7.x86_64.rpm
   

5. # yum -y groupinstall "Development Tools"
   # cd /root
   

6. # wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-16-current.tar.gz
   # tar -zxf asterisk-16-current.tar.gz

7. # wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-current.tar.gz
   # tar -zxf libpri-current.tar.gz
   # wget https://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-2.11.1+2.11.1.tar.gz
   # tar -zxf dahdi-linux-complete-2.11.1+2.11.1.tar.gz

Установка DAHDI, libPRI и Asterisk

1. # cd dahdi-linux-complete-2.11.1+2.11.1
   # make all
   # make install
   # make config
   # cp tools/dahdi.init /etc/init.d/dahdi 
   
   

2. # cd ../libpri-1.6.0
   # make
   # make install
   

3. # cd ../asterisk-16.5.1
   # ./configure --prefix=/usr --exec-prefix=/usr --with-crypto --with-dahdi --with-iconv -with-libcurl --with-gmime --with-iksemel --with-mysqlclient --disable-xmldoc --with-pri --with-spandsp --with-ldap --with-libcurl --with-popt --with-resample --with-speex --with-unixodbc --with-jansson-bundled

   # make menuselect 
   # ./contrib/scripts/get_mp3_source.sh 
   # make 
   # make install 
   # make samples

4. # ln -s /usr/lib/libpri.so.1.4 /usr/lib64/libpri.so.1.4
   # cat contrib/init.d/rc.redhat.asterisk | sed 's/__ASTERISK_SBIN_DIR__/\/usr\/sbin/' > /etc/init.d/asterisk
   # chmod 755 /etc/rc.d/init.d/asterisk
   # systemctl enable asterisk.service
   

5. # groupadd asterisk 
   # useradd -c "asterisk PBX" -d /var/lib/asterisk -s /sbin/nologin -g asterisk asterisk

6. # systemctl enable dahdi
   # cat /etc/dahdi/system.conf.sample > /etc/dahdi/system.conf
   # systemctl start dahdi
   # chown -R asterisk:asterisk /var/{lib,log,spool,run}/asterisk /etc/asterisk
   # systemctl start asterisk
   

7. Включаем fail2ban:

   # vi /etc/fail2ban/jail.local
   # cat /etc/fail2ban/jail.local
   [sshd]
   enabled = true
   
   [asterisk] 
   enabled = true
   filter = asterisk
   logpath  = /var/log/asterisk/messages tail
   bantime = 86400
   
   # cd /etc/fail2ban/filter.d/
   # mv asterisk.conf asterisk.conf.orig
   # wget http://www.adminhelp.pro/wp-content/uploads/fail2ban/asterisk.conf
   # systemctl enable fail2ban.service
   # systemctl restart fail2ban.service
   

Установка FreePBX

1. Установка php 5.6: 

   # rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
   # yum install yum-plugin-replace
   # yum replace php-common --replace-with=php56w-common
   # yum install php56w-opcache
   

2. в /etc/hosts добавить:

   [IP PBX] pbx.example.com
   

3. в конфиг /etc/httpd/conf.d/ssl.conf добавить в секцию <VirtualHost _default_:443>:

   DocumentRoot "/var/www/html"
   ServerName pbx.example.com:443
   
   <Directory "/var/www/html">
   Order allow,deny
   Allow from [Admin IP]
   AllowOverride All
   </Directory>

4. # systemctl enable httpd
   # systemctl start httpd
   

5. В /etc/firewalld/zones/public.xml добавить:

   <service name="https"/>
   

   в секцию так же как и ssh

    # systemctl restart firewalld

6. # systemctl enable mariadb
   # systemctl start mariadb
   # /usr/bin/mysql_secure_installation
   

   Установить пароль root для MySQL

7. # cd /usr/src
   # wget http://mirror.freepbx.org/modules/packages/freepbx/freepbx-13.0-latest.tgz
   # tar -zxf freepbx-13.0-latest.tgz
   # cd freepbx

8. Отредактировать /etc/php.ini:

   # vi /etc/php.ini (или /etc/php4/apache2/php.ini)
   upload_max_filesize=20M
   

9. # mysqladmin create asteriskcdrdb -p
   # mysql -p asteriskcdrdb < installlib/SQL/cdr.sql
   # mysqladmin create asterisk -p
   # mysql -p 
   mysql> GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY '[ваш пароль]';
   mysql> GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY '[ваш пароль]';
   mysql> flush privileges;
   

10. Отредактировать:

    # vi /etc/httpd/conf/httpd.conf (или /etc/apache2/apache2.conf):
    User asterisk
    Group asterisk
    

11. # chown asterisk /var/lib/php/session

12. # rm -rf /var/www/html

13. # ./install

14. Заменить в базе asterisk в таблице freepbx_settings пароль для астериск манагера:

    # mysql -p
    mysql> UPDATE `asterisk`.`freepbx_settings` SET `value` = '[ваш пароль 2]' WHERE `freepbx_settings`.`keyword` = 'AMPMGRPASS';

15. # systemctl restart httpd

16. Войти в freepbx и завершить установку
17. В /etc/firewalld положить файл direct.xml :

    <?xml version="1.0" encoding="utf-8"?>
     <direct>
     <rule ipv="ipv4" table="filter" chain="INPUT" priority="90">-m udp -p udp -d [IP PBX]/32 --dport 5060 -m hashlimit --hashlimit 10/m --hashlimit-burst 10 --hashlimit-mode srcip,dstip,dstport --hashlimit-htable-expire 180 --hashlimit-name SIP -j ACCEPT</rule>
     <rule ipv="ipv4" table="filter" chain="INPUT" priority="100">-m multiport -m udp -p udp -d [IP PBX]/32 --dports 10000:20000 -j ACCEPT</rule>
     </direct>
              
    

    # systemctl restart firewalld

18. cat /etc/odbc.ini (проверить что в базе utf8_unicode_ci ):

    [MySQL-asteriskcdrdb]
    Description=MySQL connection to 'asteriskcdrdb' database
    driver=MariaDB
    server=localhost
    database=asteriskcdrdb
    UserName=asteriskuser
    Password=[ваш пароль]
    Port=3306
    Socket=/var/lib/mysql/mysql.sock
    option=3
    Charset=utf8
    

Дополнительные установки:

1.  # yum -y install bind bind-utils mailx ntp cyrus-sasl-plain
   # systemctl enable named
   # systemctl enable ntpdate
   # systemctl start named
   # systemctl start ntpdate
   # echo “nameserver 127.0.0.1” > /etc/resolv.conf
   # echo “nameserver 8.8.8.8” >> /etc/resolv.conf

Дополнительные материалы:

• Installing Asterisk From Source