This guide covers Asterisk installation from source on CentOS 7. Freepbx 13 with Asterisk 13 will be installed on CentOS 7.
You have to do the installation as root user or with sudo.
Disable SELinux
Check SELinux status:
# sestatus
If not disabled, set SELINUX=disabled in /etc/selinux/config.
# sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config
and disable SElinux for current session:
# setenforce 0
Install Asterisk Prerequisites
Ensure all required packages are installed.
yum -y update && yum -y groupinstall core && yum -y groupinstall base && yum -y install epel-release
yum -y install automake gcc gcc-c++ ncurses-devel openssl-devel libxml2-devel unixODBC-devel libcurl-devel libogg-devel libvorbis-devel speex-devel spandsp-devel freetds-devel net-snmp-devel iksemel-devel corosynclib-devel newt-devel popt-devel libtool-ltdl-devel lua-devel sqlite-devel radiusclient-ng-devel portaudio-devel neon-devel libical-devel openldap-devel gmime-devel mysql-devel bluez-libs-devel jack-audio-connection-kit-devel gsm-devel libedit-devel libuuid-devel jansson-devel libsrtp-devel git subversion libxslt-devel kernel-devel audiofile-devel gtk2-devel libtiff-devel libtermcap-devel ilbc-devel bison php php-mysql php-process php-pear php-mbstring php-xml php-gd tftp-server httpd sox tzdata mysql-connector-odbc mariadb mariadb-server fail2ban jwhois xmlstarlet ghostscript libtiff-tools python-devel patch
Legacy pear requirement:
pear install Console_getopt
Set Linux Timezone:
tzselect
Example:
timedatectl set-timezone Europe/Kiev
timedatectl status
Download and install source files
DAHDI
Only required if physical server is used and you are going to use PRI or BRI cards.
cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
tar zxvf dahdi-linux-complete*
cd /usr/src/dahdi-linux-complete*/
make all && make install && make config
systemctl start dahdi
If make all fails try reboot and run yum -y install kernel-devel .
PJSIP
This separate PJSIP install is optional since Asterisk v13.8. If asterisk is compiled with the --with-pjproject-bundled flag, this separate install will be ignored.
cd /usr/src
wget http://www.pjsip.org/release/2.5.5/pjproject-2.5.5.tar.bz2
tar -xjvf pjproject-2.5*
cd /usr/src/pjproject-2.5*/
make distclean
./configure --prefix=/usr --libdir=/usr/lib64 --enable-shared --disable-sound --disable-resample \
--disable-video --disable-opencore-amr CFLAGS='-O2 -DNDEBUG'
make uninstall && ldconfig && make dep && make && make install && ldconfig
To verify type ldconfig -p | grep pj which should show several linked *.so files in /usr/lib64.
Asterisk
cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar zxvf asterisk-13-current.tar.gz
cd /usr/src/asterisk-13*/
make distclean
./configure --libdir=/usr/lib64 --with-pjproject-bundled
To verify type nano -v config.log.
cd /usr/src/asterisk-13*/
make menuselect.makeopts
#To select compile options manually from menu run make menuselect instead of the following command.
#To list command line options run menuselect/menuselect –list-options
#If Asterisk fails to run on a virtual machine try add “–disable BUILD_NATIVE”
#To add asterisk realtime for applications such as A2billing add “–enable res_config_mysql”
menuselect/menuselect --enable cdr_mysql --enable EXTRA-SOUNDS-EN-GSM menuselect.makeopts
Create Asterisk user, compile, install, and set ownership.
adduser asterisk -s /sbin/nologin -c "Asterisk User"
make && make install && chown -R asterisk. /var/lib/asterisk
Freepbx
systemctl start mariadb
cd /usr/src
git clone -b release/13.0 https://github.com/FreePBX/framework.git freepbx
cd /usr/src/freepbx
./start_asterisk start
./install -n
# Minimal module install
fwconsole ma upgrade framework core voicemail sipsettings infoservices \
featurecodeadmin logfiles callrecording cdr dashboard music conferences
fwconsole restart
fwconsole reload
fwconsole chown
Post install tasks are mandatory.
Post-install tasks
Lock down the database server.
mysql_secure_installation
Answer Y to everything.
Change apache web server settings.
sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php.ini
sed -i 's/^\(User\|Group\).*/\1 asterisk/' /etc/httpd/conf/httpd.conf
sed -i ':a;N;$!ba;s/AllowOverride None/AllowOverride All/2' /etc/httpd/conf/httpd.conf
Enable access to services and ports.
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port=5060-5061/tcp
firewall-cmd --permanent --zone=public --add-port=5060-5061/udp
firewall-cmd --permanent --zone=public --add-port=10000-20000/udp
Set database and web server to start on boot.
systemctl enable mariadb
systemctl enable httpd
Set Freepbx to start on boot.
nano /etc/systemd/system/freepbx.service
[Unit]
Description=Freepbx
After=mariadb.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/fwconsole start
ExecStop=/usr/sbin/fwconsole stop
[Install]
WantedBy=multi-user.target
systemctl enable freepbx
CDR ODBC
If the deprecated cdr_mysql.so module is installed then this is optional, but still recommended.
nano /etc/odbc.ini
[MySQL-asteriskcdrdb]
Description=MySQL connection to 'asteriskcdrdb' database
driver=MySQL
server=localhost
database=asteriskcdrdb
Port=3306
Socket=/var/lib/mysql/mysql.sock
option=3
Use username & password in /etc/asterisk/res_odbc_additional.conf to test connectivity to the DB via ODBC. For this example we are using username asteriskuser and password amp109
isql -v MySQL-asteriskcdrdb asteriskuser amp109
Finally reboot for all changes to take effect
reboot
Optional
Log File Rotation
If this is not done the log files will keep growing indefinitely.
nano /etc/logrotate.d/asterisk
/var/spool/mail/asterisk
/var/log/asterisk/*log
/var/log/asterisk/full
/var/log/asterisk/dtmf
/var/log/asterisk/freepbx_dbug
/var/log/asterisk/fail2ban {
weekly
missingok
rotate 4
#compress
notifempty
sharedscripts
create 0640 asterisk asterisk
postrotate
/usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null || true
endscript
su root root
}
TFTP
If you plan to use hardware SIP phones you will probably want to set up TFTP.
yum -y install tftp-server
nano /etc/xinetd.d/tftp
change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot
change disable=yes
to disable=no
mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd
firewall-cmd –permanent –zone=public –add-port=69/udp
firewall-cmd –reload
MPG123
This is used in combination with sox to convert uploaded mp3 files to Asterisk compatible wav files.
cd /usr/src
wget http://ufpr.dl.sourceforge.net/project/mpg123/mpg123/1.22.4/mpg123-1.22.4.tar.bz2
tar -xjvf mpg123*
cd mpg123*/
./configure –prefix=/usr –libdir=/usr/lib64 && make && make install && ldconfig
Digum addons
To register digium® licenses.
cd /usr/src
wget http://downloads.digium.com/pub/register/linux/register
chmod +x register
./register
To install the individual addons refer to the README files and ignore the register instructions.
http://downloads.digium.com/pub/telephony/codec_g729/README
http://downloads.digium.com/pub/telephony/res_digium_phone/README
http://downloads.digium.com/pub/telephony/fax/README
http://downloads.digium.com/pub/telephony/hpec/README
Password protect http access
A simple way to block scanners looking for exploits on apache web servers.
mkdir -p /usr/local/apache/passwd
htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername
htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername
nano /var/www/html/.htaccess
# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
Alternatively, the above .htaccess config can be added to /etc/httpd/conf/httpd.conf or as a separate file in /etc/httpd/conf.d/ as follows.
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
Whitelist protect http access
If http access is only required from certain IP addresses.
nano /etc/httpd/conf.d/whitelist.conf
## Uncomment the following line to disable the whitelist
#Require all granted
Require ip x.x.x.x
Require ip x.x.x.x x.x.x.x x.x.x.x
Require ip x.x
Require ip x.x.x.0/255.255.255.0
Require host somedomain.com
#
## See http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html for more examples
#
