Asterisk Freepbx Install Guide

This guide covers Asterisk installation from source on CentOS 7. Freepbx 13 with Asterisk 13 will be installed on CentOS 7.
You have to do the installation as root user or with sudo.

Disable SELinux

Check SELinux status:

# sestatus

If not disabled, set SELINUX=disabled in /etc/selinux/config.

# sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

and disable SElinux for current session:

# setenforce 0

Install Asterisk Prerequisites

Ensure all required packages are installed.
yum -y update && yum -y groupinstall core && yum -y groupinstall base && yum -y install epel-release
yum -y install automake gcc gcc-c++ ncurses-devel openssl-devel libxml2-devel unixODBC-devel libcurl-devel libogg-devel libvorbis-devel speex-devel spandsp-devel freetds-devel net-snmp-devel iksemel-devel corosynclib-devel newt-devel popt-devel libtool-ltdl-devel lua-devel sqlite-devel radiusclient-ng-devel portaudio-devel neon-devel libical-devel openldap-devel gmime-devel mysql-devel bluez-libs-devel jack-audio-connection-kit-devel gsm-devel libedit-devel libuuid-devel jansson-devel libsrtp-devel git subversion libxslt-devel kernel-devel audiofile-devel gtk2-devel libtiff-devel libtermcap-devel ilbc-devel bison php php-mysql php-process php-pear php-mbstring php-xml php-gd tftp-server httpd sox tzdata mysql-connector-odbc mariadb mariadb-server fail2ban jwhois xmlstarlet ghostscript libtiff-tools python-devel patch
Legacy pear requirement:
pear install Console_getopt

Set Linux Timezone:



timedatectl set-timezone Europe/Kiev

​timedatectl status

Download and install source files


Only required if physical server is used and you are going to use PRI or BRI cards.

cd /usr/src
tar zxvf dahdi-linux-complete*
cd /usr/src/dahdi-linux-complete*/
make all && make install && make config
systemctl start dahdi

If make all fails try reboot and run yum -y install kernel-devel .

This separate PJSIP install is optional since Asterisk v13.8. If asterisk is compiled with the --with-pjproject-bundled flag, this separate install will be ignored.

cd /usr/src
tar -xjvf pjproject-2.5*
cd /usr/src/pjproject-2.5*/
make distclean

./configure --prefix=/usr --libdir=/usr/lib64 --enable-shared --disable-sound --disable-resample \
--disable-video --disable-opencore-amr CFLAGS='-O2 -DNDEBUG'

make uninstall && ldconfig && make dep && make && make install && ldconfig

To verify type ldconfig -p | grep pj which should show several linked *.so files in /usr/lib64.

cd /usr/src
tar zxvf asterisk-13-current.tar.gz
cd /usr/src/asterisk-13*/
make distclean

./configure --libdir=/usr/lib64 --with-pjproject-bundled

To verify type nano -v config.log.

cd /usr/src/asterisk-13*/
make menuselect.makeopts

#To select compile options manually from menu run make menuselect instead of the following command.
#To list command line options run menuselect/menuselect –list-options
#If Asterisk fails to run on a virtual machine try add “–disable BUILD_NATIVE”
#To add asterisk realtime for applications such as A2billing add “–enable res_config_mysql”

menuselect/menuselect --enable cdr_mysql --enable EXTRA-SOUNDS-EN-GSM menuselect.makeopts

Create Asterisk user, compile, install, and set ownership.

adduser asterisk -s /sbin/nologin -c "Asterisk User"
make && make install && chown -R asterisk. /var/lib/asterisk


systemctl start mariadb

cd /usr/src
git clone -b release/13.0 freepbx

cd /usr/src/freepbx
./start_asterisk start
./install -n

# Minimal module install
fwconsole ma upgrade framework core voicemail sipsettings infoservices \
featurecodeadmin logfiles callrecording cdr dashboard music conferences

fwconsole restart
fwconsole reload
fwconsole chown

Post install tasks are mandatory.

Post-install tasks

Lock down the database server.

Answer Y to everything.

Change apache web server settings.

sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php.ini
sed -i 's/^\(User\|Group\).*/\1 asterisk/' /etc/httpd/conf/httpd.conf
sed -i ':a;N;$!ba;s/AllowOverride None/AllowOverride All/2' /etc/httpd/conf/httpd.conf

Enable access to services and ports.

firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port=5060-5061/tcp
firewall-cmd --permanent --zone=public --add-port=5060-5061/udp
firewall-cmd --permanent --zone=public --add-port=10000-20000/udp

Set database and web server to start on boot.

systemctl enable mariadb
systemctl enable httpd

Set Freepbx to start on boot.

nano /etc/systemd/system/freepbx.service


ExecStart=/usr/sbin/fwconsole start
ExecStop=/usr/sbin/fwconsole stop


systemctl enable freepbx


If the deprecated module is installed then this is optional, but still recommended.

nano /etc/odbc.ini

Description=MySQL connection to 'asteriskcdrdb' database

Use username & password in /etc/asterisk/res_odbc_additional.conf to test connectivity to the DB via ODBC. For this example we are using username asteriskuser and password amp109

isql -v MySQL-asteriskcdrdb asteriskuser amp109

Finally reboot for all changes to take effect




Log File Rotation

If this is not done the log files will keep growing indefinitely.

nano /etc/logrotate.d/asterisk

/var/log/asterisk/fail2ban {
rotate 4
create 0640 asterisk asterisk
/usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null || true
su root root


If you plan to use hardware SIP phones you will probably want to set up TFTP.

yum -y install tftp-server
nano /etc/xinetd.d/tftp

change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot

change disable=yes
to disable=no

mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd

firewall-cmd –permanent –zone=public –add-port=69/udp
firewall-cmd –reload


This is used in combination with sox to convert uploaded mp3 files to Asterisk compatible wav files.

cd /usr/src
tar -xjvf mpg123*

cd mpg123*/
./configure –prefix=/usr –libdir=/usr/lib64 && make && make install && ldconfig

Digum addons

To register digium® licenses.

cd /usr/src
chmod +x register

To install the individual addons refer to the README files and ignore the register instructions.

Password protect http access

A simple way to block scanners looking for exploits on apache web servers.

mkdir -p /usr/local/apache/passwd
htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername
htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername

nano /var/www/html/.htaccess

# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user

Alternatively, the above .htaccess config can be added to /etc/httpd/conf/httpd.conf or as a separate file in /etc/httpd/conf.d/ as follows.

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user

Whitelist protect http access

If http access is only required from certain IP addresses.

nano /etc/httpd/conf.d/whitelist.conf

## Uncomment the following line to disable the whitelist
#Require all granted

Require ip x.x.x.x
Require ip x.x.x.x x.x.x.x x.x.x.x
Require ip x.x
Require ip x.x.x.0/
Require host
## See for more examples

Want me to do this for you? Drop me a line: itgalaxyzzz {at} gmail [point] com