Пошаговая инструкция для установки программной PBX Asterisk 13 и панели управления FreePBX на CentOS 7.2

Условия:

Система CentOS установлена и имеет доступ в интернет.

Подготовка

1. # yum -y update

2. Выключить SELinux:

   # sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/sysconfig/selinux
   # sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config
   

3. # reboot

4. Дополнительные репозитарии:

   # rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm 
   # yum -y install epel-release
   

5. # yum -y install net-tools mc make gcc kernel-devel gcc-c++ ncurses-devel jansson-devel libuuid-devel wget httpd fail2ban mariadb-server mariadb mariadb-devel php iksemel iksemel-devel crypto-utils openssl-devel gmime gmime-devel spandsp spandsp-devel openldap openldap-devel popt-devel  speex speex-devel libcurl-devel speex-tools svn sqlite-devel mod_ssl php-mysql php-pear-MDB2-Driver-mysqli php-mbstring php-gd php-mcrypt libxml2-devel lame bison audiofile-devel sox php-pear-DB php-posix atop htop telnet mpg123 bzip2 unixODBC unixODBC-devel libtool-ltdl libtool-ltdl-devel mysql-connector-odbc
   # rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/libresample-0.1.3-12.el6.x86_64.rpm https://dl.fedoraproject.org/pub/epel/6/x86_64/libresample-devel-0.1.3-12.el6.x86_64.rpm
   

6. Включаем fail2ban:

   # vi /etc/fail2ban/jail.local
   # cat /etc/fail2ban/jail.local
   [sshd]
   enable = true
   
   [asterisk] 
   enable = true
   filter = asterisk
   logpath  = /var/log/asterisk/messages tail
   bantime = 86400
   
   

7. # cd /etc/fail2ban/filter.d/
   # mv asterisk.conf asterisk.conf.orig
   # wget http://www.adminhelp.pro/wp-content/uploads/fail2ban/asterisk.conf
   # systemctl enable fail2ban.service
   # systemctl restart fail2ban.service
   

8. # cd /root

9. # wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz 
   # tar -zxf asterisk-13-current.tar.gz

10. # wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-current.tar.gz
    # tar -zxf libpri-current.tar.gz
    # wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
    # tar -zxf dahdi-linux-complete-current.tar.gz

 Установка  DAHDI, libPRI и Asterisk

1. # cd dahdi-linux-complete-2.11.1+2.11.1
   # make all
   # make install
   # make config
   # cp tools/dahdi.init /etc/init.d/dahdi 
   
   

2. # cd ../libpri-1.5.0
   # make
   # make install
   

3. # cd ../asterisk-13.9.1
   # ./configure --prefix=/usr --exec-prefix=/usr --with-crypto --with-dahdi --with-iconv -with-libcurl --with-gmime --with-iksemel --with-mysqlclient --disable-xmldoc --with-pri --with-spandsp --with-ldap --with-libcurl --with-popt --with-resample --with-speex --with-unixodbc
   # make menuselect
   # ./contrib/scripts/get_mp3_source.sh
   # make
   # make install
   # make samples
   

4. # ln -s /usr/lib/libasteriskssl.so.1 /usr/lib64/libasteriskssl.so.1
   # ln -s /usr/lib/libasteriskssl.so.1 /usr/lib64/libasteriskssl.so
   # ln -s /usr/lib/libpri.so.1.4 /usr/lib64/libpri.so.1.4
   # cat contrib/init.d/rc.redhat.asterisk | sed 's/__ASTERISK_SBIN_DIR__/\/usr\/sbin/' > /etc/init.d/asterisk
   # chmod 755 /etc/rc.d/init.d/asterisk
   # systemctl enable asterisk.service
   

5. # groupadd asterisk 
   # useradd -c "asterisk PBX" -d /var/lib/asterisk -s /sbin/nologin -g asterisk asterisk

6. # systemctl enable dahdi
   # cat /etc/dahdi/system.conf.sample > /etc/dahdi/system.conf
   # systemctl start dahdi
   # chown -R asterisk:asterisk /var/{lib,log,spool,run}/asterisk /etc/asterisk
   # systemctl start asterisk
   

Установка FreePBX

1. в /etc/hosts добавить:

   [IP PBX] pbx.example.com

2. в конфиг /etc/httpd/conf.d/ssl.conf добавить в секцию <VirtualHost _default_:443>:

   DocumentRoot "/var/www/html"
   ServerName pbx.example.com:443
   
   <Directory "/var/www/html">
   Order allow,deny
   Allow from [Admin IP]
   
   

3. # systemctl enable httpd
   # systemctl start httpd
   

4. В /etc/firewalld/zones/public.xml добавить:

   <service name="https"/>
   

   в секцию так же как и ssh

    # systemctl restart firewalld

5. # systemctl enable mariadb
   # systemctl start mariadb
   # /usr/bin/mysql_secure_installation
   

   Установить пароль root для MySQL

6. # cd /root
   # wget http://mirror.freepbx.org/modules/packages/freepbx/freepbx-13.0-latest.tgz
   # tar -zxf freepbx-13.0-latest.tgz -C /usr/src 
   # cd /usr/src/freepbx

7. Отредактировать /etc/php.ini:

   # vi /etc/php.ini (или /etc/php4/apache2/php.ini)
   upload_max_filesize=20M
   

8. # mysqladmin create asteriskcdrdb -p
   # mysql -p asteriskcdrdb < installlib/SQL/cdr.sql
   # mysqladmin create asterisk -p
   # mysql -p asterisk < installlib/SQL/asterisk.sql 
   # mysql -p 
   mysql> GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY '[ваш пароль]';
   mysql> GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY '[ваш пароль]';
   mysql> flush privileges;
   

9. Отредактировать:

   # vi /etc/httpd/conf/httpd.conf (или /etc/apache2/apache2.conf):
   User asterisk
   Group asterisk
   

10. # chown asterisk /var/lib/php/session

11. # rm -rf /var/www/html

12. # ./install_amp

13. Заменить в базе asterisk в таблице freepbx_settings пароль для астериск манагера:

    # mysql -p
    mysql> UPDATE `asterisk`.`freepbx_settings` SET `value` = '[ваш пароль 2]' WHERE `freepbx_settings`.`keyword` = 'AMPMGRPASS';

14. # systemctl restart httpd

15. Войти в  freepbx и завершить установку
16. В /etc/firewalld положить файл direct.xml :

    <?xml version="1.0" encoding="utf-8"?>
     <direct>
     <rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-m udp -p udp -d [IP PBX]/32 --dport 5060 -m hashlimit --hashlimit 10/m --hashlimit-burst 10 --hashlimit-mode srcip,dstip,dstport --hashlimit-htable-expire 180 --hashlimit-name SIP -j ACCEPT</rule>
     <rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-m multiport -m udp -p udp -d [IP PBX]/32 --dports 10000:20000 -j ACCEPT</rule>
     </direct>
              
    

    # systemctl restart firewalld

17. cat /etc/odbc.ini:

    [MySQL-asteriskcdrdb]
    Description=MySQL connection to 'asteriskcdrdb' database
    driver=MySQL
    server=localhost
    database=asteriskcdrdb
    UserName=asteriskuser
    Password=[ваш пароль]
    Port=3306
    Socket=/var/lib/mysql/mysql.sock
    option=3
    Charset=utf8
    

Дополнительные установки:

1.  # yum -y install bind bind-utils mailx ntp cyrus-sasl-plain
   # systemctl enable named
   # systemctl enable ntpdate
   # systemctl start named
   # systemctl start ntpdate
   # echo “nameserver 127.0.0.1” > /etc/resolv.conf
   # echo “nameserver 8.8.8.8” >> /etc/resolv.conf