https://www.powerpbx.org/content/asterisk-freepbx-install-guide-centos-v7-asterisk-v13-freepbx-v13
This guide covers the installation of Asterisk® from source on CentOS. Changes compared to previous guides include the use of CentOS v7 and Freepbx v13.
Tested on:
CentOS v7 64 bit
Asterisk v13
Freepbx v13
Assumptions:
Console text mode (multi-user.target)
Installation done as root user (#)
Install Prerequisites
Ensure all required packages are installed.
yum -y update && yum -y groupinstall core && yum -y groupinstall base && yum -y install epel-release
yum -y install automake gcc gcc-c++ ncurses-devel openssl-devel libxml2-devel unixODBC-devel libcurl-devel libogg-devel libvorbis-devel speex-devel spandsp-devel freetds-devel net-snmp-devel iksemel-devel corosynclib-devel newt-devel popt-devel libtool-ltdl-devel lua-devel sqlite-devel radiusclient-ng-devel portaudio-devel neon-devel libical-devel openldap-devel gmime-devel mysql-devel bluez-libs-devel jack-audio-connection-kit-devel gsm-devel libedit-devel libuuid-devel jansson-devel libsrtp-devel git subversion libxslt-devel kernel-devel audiofile-devel gtk2-devel libtiff-devel libtermcap-devel ilbc-devel bison php php-mysql php-process php-pear php-mbstring php-xml php-gd tftp-server httpd sox tzdata mysql-connector-odbc mariadb mariadb-server fail2ban jwhois xmlstarlet ghostscript libtiff-tools python-devel patch
## Legacy pear requirement pear install Console_getopt
Disable Selinux
Check status
sestatus
If not disabled, set SELINUX=disabled in /etc/selinux/config. Requires reboot for changes to take effect.
sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config
Timezone
Use tzselect to find the correct timezone.
tzselect
## SET TIMEZONE EXAMPLE timedatectl set-timezone America/Vancouver
timedatectl status
Reboot
To ensure the changes/additions are active.
reboot
Download and install source files
DAHDI
Only required if using a physical server and installing telecom hardware.
cd /usr/src wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz tar zxvf dahdi-linux-complete* cd /usr/src/dahdi-linux-complete*/ make all && make install && make config systemctl start dahdi
If make all fails try reboot and run yum -y install kernel-devel .
PJSIP
--with-pjproject-bundled flag, this separate install will be ignored.cd /usr/src wget http://www.pjsip.org/release/2.5.5/pjproject-2.5.5.tar.bz2 tar -xjvf pjproject-2.5* cd /usr/src/pjproject-2.5*/ make distclean
./configure --prefix=/usr --libdir=/usr/lib64 --enable-shared --disable-sound --disable-resample \ --disable-video --disable-opencore-amr CFLAGS='-O2 -DNDEBUG'
make uninstall && ldconfig && make dep && make && make install && ldconfig
ldconfig -p | grep pj which should show several linked *.so files in /usr/lib64.Asterisk
cd /usr/src wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz tar zxvf asterisk-13-current.tar.gz cd /usr/src/asterisk-13*/ make distclean
./configure --libdir=/usr/lib64 --with-pjproject-bundled
To verify type nano -v config.log.
cd /usr/src/asterisk-13*/ make menuselect.makeopts #To select compile options manually from menu run make menuselect instead of the following command. #To list command line options run menuselect/menuselect --list-options #If Asterisk fails to run on a virtual machine try add "--disable BUILD_NATIVE" #To add asterisk realtime for applications such as A2billing add "--enable res_config_mysql" menuselect/menuselect --enable cdr_mysql --enable EXTRA-SOUNDS-EN-GSM menuselect.makeopts
Create Asterisk user, compile, install, and set ownership.
adduser asterisk -s /sbin/nologin -c "Asterisk User" make && make install && chown -R asterisk. /var/lib/asterisk
Freepbx
systemctl start mariadb
cd /usr/src git clone -b release/13.0 https://github.com/FreePBX/framework.git freepbx
cd /usr/src/freepbx ./start_asterisk start ./install -n
# Minimal module install fwconsole ma upgrade framework core voicemail sipsettings infoservices \ featurecodeadmin logfiles callrecording cdr dashboard music conferences
fwconsole restart fwconsole reload fwconsole chown
Post install tasks are mandatory.
Post-install tasks
Lock down the database server.
mysql_secure_installation
Answer Y to everything.
Change apache web server settings.
sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php.ini sed -i 's/^\(User\|Group\).*/\1 asterisk/' /etc/httpd/conf/httpd.conf sed -i ':a;N;$!ba;s/AllowOverride None/AllowOverride All/2' /etc/httpd/conf/httpd.conf
Enable access to services and ports.
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port=5060-5061/tcp
firewall-cmd --permanent --zone=public --add-port=5060-5061/udp
firewall-cmd --permanent --zone=public --add-port=10000-20000/udp
Set database and web server to start on boot.
systemctl enable mariadb systemctl enable httpd
Set Freepbx to start on boot.
nano /etc/systemd/system/freepbx.service
[Unit] Description=Freepbx After=mariadb.service [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/fwconsole start ExecStop=/usr/sbin/fwconsole stop [Install] WantedBy=multi-user.target
systemctl enable freepbx
CDR ODBC
If the deprecated cdr_mysql.so module is installed then this is optional, but still recommended.
nano /etc/odbc.ini
[MySQL-asteriskcdrdb] Description=MySQL connection to 'asteriskcdrdb' database driver=MySQL server=localhost database=asteriskcdrdb Port=3306 Socket=/var/run/mysqld/mysqld.sock option=3
Use username & password in /etc/asterisk/res_odbc_additional.conf to test connectivity to the DB via ODBC. For this example we are using username asteriskuser and password amp109
isql -v MySQL-asteriskcdrdb asteriskuser amp109
Finally reboot for all changes to take effect
reboot
Optional
Log File Rotation
If this is not done the log files will keep growing indefinitely.
nano /etc/logrotate.d/asterisk
/var/spool/mail/asterisk
/var/log/asterisk/*log
/var/log/asterisk/full
/var/log/asterisk/dtmf
/var/log/asterisk/freepbx_dbug
/var/log/asterisk/fail2ban {
weekly
missingok
rotate 4
#compress
notifempty
sharedscripts
create 0640 asterisk asterisk
postrotate
/usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null || true
endscript
su root root
}TFTP
If you plan to use hardware SIP phones you will probably want to set up TFTP.
yum -y install tftp-server nano /etc/xinetd.d/tftp
change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot
change disable=yes
to disable=no
mkdir /tftpboot chmod 777 /tftpboot systemctl restart xinetd
firewall-cmd --permanent --zone=public --add-port=69/udp firewall-cmd --reload
MPG123
This is used in combination with sox to convert uploaded mp3 files to Asterisk compatible wav files.
cd /usr/src wget http://ufpr.dl.sourceforge.net/project/mpg123/mpg123/1.22.4/mpg123-1.22.4.tar.bz2 tar -xjvf mpg123* cd mpg123*/ ./configure --prefix=/usr --libdir=/usr/lib64 && make && make install && ldconfig
Digum addons
To register digium® licenses.
cd /usr/src wget http://downloads.digium.com/pub/register/linux/register chmod +x register ./register
To install the individual addons refer to the README files and ignore the register instructions.
http://downloads.digium.com/pub/telephony/codec_g729/README
http://downloads.digium.com/pub/telephony/res_digium_phone/README
http://downloads.digium.com/pub/telephony/fax/README
http://downloads.digium.com/pub/telephony/hpec/README
Password protect http access
A simple way to block scanners looking for exploits on apache web servers.
mkdir -p /usr/local/apache/passwd htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername
nano /var/www/html/.htaccess
# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf AuthType Basic AuthName "Restricted Access" AuthUserFile /usr/local/apache/passwd/wwwpasswd Require valid-user
Alternatively, the above .htaccess config can be added to /etc/httpd/conf/httpd.conf or as a separate file in /etc/httpd/conf.d/ as follows.
<Directory /var/www/html> AuthType Basic AuthName "Restricted Area" AuthUserFile /usr/local/apache/passwd/wwwpasswd Require valid-user </Directory>
Whitelist protect http access
If http access is only required from certain IP addresses.
nano /etc/httpd/conf.d/whitelist.conf
<Location /> <RequireAny> ## Uncomment the following line to disable the whitelist #Require all granted Require ip x.x.x.x Require ip x.x.x.x x.x.x.x x.x.x.x Require ip x.x Require ip x.x.x.0/255.255.255.0 Require host somedomain.com # ## See http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html for more examples # </RequireAny> </Location>
A friendly request
These install instructions show up in many different places. Acknowledgements of our efforts would be appreciated.
