https://www.powerpbx.org/content/asterisk-freepbx-install-guide-centos-v7-asterisk-v13-freepbx-v13



This guide covers the installation of Asterisk® from source on CentOS. Changes compared to previous guides include the use of CentOS v7 and Freepbx v13.

Tested on:

CentOS v7 64 bit
Asterisk v13
Freepbx v13

Assumptions:

Console text mode (multi-user.target)
Installation done as root user (#)

Install Prerequisites

Ensure all required packages are installed. 

yum -y update && yum -y groupinstall core && yum -y groupinstall base && yum -y install epel-release
yum -y install automake gcc gcc-c++ ncurses-devel openssl-devel libxml2-devel unixODBC-devel libcurl-devel libogg-devel libvorbis-devel speex-devel spandsp-devel freetds-devel net-snmp-devel iksemel-devel corosynclib-devel newt-devel popt-devel libtool-ltdl-devel lua-devel sqlite-devel radiusclient-ng-devel portaudio-devel neon-devel libical-devel openldap-devel gmime-devel mysql-devel bluez-libs-devel jack-audio-connection-kit-devel gsm-devel libedit-devel libuuid-devel jansson-devel libsrtp-devel git subversion libxslt-devel kernel-devel audiofile-devel gtk2-devel libtiff-devel libtermcap-devel ilbc-devel bison php php-mysql php-process php-pear php-mbstring php-xml php-gd tftp-server httpd sox tzdata mysql-connector-odbc mariadb mariadb-server fail2ban jwhois xmlstarlet ghostscript libtiff-tools python-devel patch
## Legacy pear requirement
pear install Console_getopt

Disable Selinux

Check status

sestatus

If not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Timezone

Use tzselect to find the correct timezone.

tzselect
## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver
​timedatectl status

Reboot

To ensure the changes/additions are active.

reboot

Download and install source files

DAHDI

Only required if using a physical server and installing telecom hardware.

cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
tar zxvf dahdi-linux-complete*
cd /usr/src/dahdi-linux-complete*/
make all && make install && make config
systemctl start dahdi

If make all fails try reboot and run yum -y install kernel-devel .

PJSIP

This separate PJSIP install is optional since Asterisk v13.8.  If asterisk is compiled with the --with-pjproject-bundled flag, this separate install will be ignored.
cd /usr/src
wget http://www.pjsip.org/release/2.5.5/pjproject-2.5.5.tar.bz2
tar -xjvf pjproject-2.5*
cd /usr/src/pjproject-2.5*/
make distclean
./configure --prefix=/usr --libdir=/usr/lib64 --enable-shared --disable-sound --disable-resample \
--disable-video --disable-opencore-amr CFLAGS='-O2 -DNDEBUG'
make uninstall && ldconfig && make dep && make && make install && ldconfig
To verify type ldconfig -p | grep pj which should show several linked *.so files in /usr/lib64.

Asterisk

cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar zxvf asterisk-13-current.tar.gz
cd /usr/src/asterisk-13*/
make distclean
./configure --libdir=/usr/lib64 --with-pjproject-bundled

To verify type nano -v config.log.

cd /usr/src/asterisk-13*/
make menuselect.makeopts

#To select compile options manually from menu run make menuselect instead of the following command.
#To list command line options run menuselect/menuselect --list-options
#If Asterisk fails to run on a virtual machine try add "--disable BUILD_NATIVE"
#To add asterisk realtime for applications such as A2billing add "--enable res_config_mysql"

menuselect/menuselect --enable cdr_mysql --enable EXTRA-SOUNDS-EN-GSM menuselect.makeopts

Create Asterisk user, compile, install, and set ownership.

adduser asterisk -s /sbin/nologin -c "Asterisk User"
make && make install && chown -R asterisk. /var/lib/asterisk

Freepbx

systemctl start mariadb
cd /usr/src
git clone -b release/13.0 https://github.com/FreePBX/framework.git freepbx
cd /usr/src/freepbx
./start_asterisk start
./install -n
# Minimal module install
fwconsole ma upgrade framework core voicemail sipsettings infoservices \
featurecodeadmin logfiles callrecording cdr dashboard music conferences
fwconsole restart
fwconsole reload
fwconsole chown

Post install tasks are mandatory.

Post-install tasks

Lock down the database server.

mysql_secure_installation

Answer Y to everything.

Change apache web server settings.

sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php.ini
sed -i 's/^\(User\|Group\).*/\1 asterisk/' /etc/httpd/conf/httpd.conf
sed -i ':a;N;$!ba;s/AllowOverride None/AllowOverride All/2' /etc/httpd/conf/httpd.conf

Enable access to services and  ports.

firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port=5060-5061/tcp
firewall-cmd --permanent --zone=public --add-port=5060-5061/udp
firewall-cmd --permanent --zone=public --add-port=10000-20000/udp

Set database and web server to start on boot.

systemctl enable mariadb
systemctl enable httpd

Set Freepbx to start on boot.

nano /etc/systemd/system/freepbx.service
​[Unit]
Description=Freepbx
After=mariadb.service
 
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/fwconsole start
ExecStop=/usr/sbin/fwconsole stop
 
[Install]
WantedBy=multi-user.target
systemctl enable freepbx

CDR ODBC

If the deprecated cdr_mysql.so module is installed then this is optional, but still recommended. 

nano /etc/odbc.ini
[MySQL-asteriskcdrdb]
Description=MySQL connection to 'asteriskcdrdb' database
driver=MySQL
server=localhost
database=asteriskcdrdb
Port=3306
Socket=/var/run/mysqld/mysqld.sock
option=3

Use username & password in /etc/asterisk/res_odbc_additional.conf to test connectivity to the DB via ODBC.  For this example we are using username asteriskuser and password amp109

isql -v MySQL-asteriskcdrdb asteriskuser amp109

Finally reboot for all changes to take effect

reboot

 

Optional

Log File Rotation

If this is not done the log files will keep growing indefinitely.

nano /etc/logrotate.d/asterisk
/var/spool/mail/asterisk
/var/log/asterisk/*log
/var/log/asterisk/full
/var/log/asterisk/dtmf
/var/log/asterisk/freepbx_dbug
/var/log/asterisk/fail2ban {
        weekly
        missingok
        rotate 4
        #compress
        notifempty
        sharedscripts
        create 0640 asterisk asterisk
        postrotate
        /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null || true
        endscript
        su root root
}

TFTP

If you plan to use hardware SIP phones you will probably want to set up TFTP.

yum -y install tftp-server
nano /etc/xinetd.d/tftp

change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot

change disable=yes
to disable=no

mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd
firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload

MPG123

This is used in combination with sox to convert uploaded mp3 files to Asterisk compatible wav files.

cd /usr/src
wget http://ufpr.dl.sourceforge.net/project/mpg123/mpg123/1.22.4/mpg123-1.22.4.tar.bz2
tar -xjvf mpg123*

cd mpg123*/
./configure --prefix=/usr --libdir=/usr/lib64 && make && make install && ldconfig

Digum addons

To register digium® licenses. 

cd /usr/src
wget http://downloads.digium.com/pub/register/linux/register
chmod +x register
./register

To install the individual addons refer to the README files and ignore the register instructions.

http://downloads.digium.com/pub/telephony/codec_g729/README
http://downloads.digium.com/pub/telephony/res_digium_phone/README
http://downloads.digium.com/pub/telephony/fax/README
http://downloads.digium.com/pub/telephony/hpec/README

Password protect http access

A simple way to block scanners looking for exploits on apache web servers

mkdir -p /usr/local/apache/passwd
htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername
htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername
nano /var/www/html/.htaccess
# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user

Alternatively, the above .htaccess config can be added to /etc/httpd/conf/httpd.conf or as a separate file in /etc/httpd/conf.d/  as follows.

<Directory /var/www/html>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
</Directory>

Whitelist protect http access

If http access is only required from certain IP addresses.

nano /etc/httpd/conf.d/whitelist.conf
<Location />
  <RequireAny>
  ## Uncomment the following line to disable the whitelist
  #Require all granted

  Require ip x.x.x.x
  Require ip x.x.x.x x.x.x.x x.x.x.x
  Require ip x.x
  Require ip x.x.x.0/255.255.255.0
  Require host somedomain.com
  #
  ## See http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html for more examples
  #
  </RequireAny>
</Location>

A friendly request

These install instructions show up in many different places.  Acknowledgements of our efforts would be appreciated.