PBX in the container. Asterisk 14 + Nginx + Freepbx 14 + srtp on Centos 7 in Proxmox VE 4 lxc container
In containers, in our time, you can install many interesting systems 
but under the cut you can find only relatively standard installation instructions for asterisk + freepbx. The boredom will slightly dispel the fact that the versions of all software are “latest stable”, there is encryption, instead of apache - nginx, and the whole installation under the recently “matured” lxc. The output will be quite mobile, compact and modern IP PBX, consuming 200-300 MB of RAM alone
0. Before installation
Before you begin, take into account that the instruction does not involve installing DAHDI and working with analog lines. In addition, since the system is not an officially distributed FreePBX distribution , you will not be able to connect commercial FreePBX modules in the future.
')
1. LXC.Proxmox
First you need to create a container with Centos. If you, like me, have proxmox ve - it will be most convenient to do this through a web interface. Settings "equipment" take the minimum. Then they can be increased to the needs of: cores: 1 memory: 1024 rootfs: 8G swap: 256, and as the OS template we use centos-7-default_20171212_amd64.tar.xz.
If you have such a template is not available for download, run pveam update on the host. After installing and running the container, I usually immediately put ssh, because Working with the embedded web console proxmox is not very convenient.
2. LEMP
Repositories and Basic Utilities
The choice of webtatic is justified by the further installation of php56w, with which freepbx is guaranteed to work well. But you can try Remi.
We put mariadb, nginx and utility. The net-tools package is also useful because in centos7, there is no default ifconfig with which freepbx works.
Freepbx does not yet support php7, so we put the recommended 5.6.
We launch mariadb and nginx, we disconnect apache, we rule php.ini. Otherwise, you will not be able to update the freepbx modules via the web interface.
After that you can run mysql_secure_installation but without setting the root password - this is required by the freepbx installer.
Now that we have a working “preset” of the LEMP server, we can make a backup of the system so that we can roll back or use the backup to prepare another server. It takes less than a minute, and the full archive will be about 350MB.
3. Asterisk.SRTP
In principle, we are all ready to install asterisk. We will install SIP and PJSIP when building via the option --with-pjproject-bundled. What is missing is srtp to enable support for media encryption. There is a small plug, because the asterisk 14 documentation says that srtp needs libsrtp 1.5.4 or higher, libsrtp 2.x is theoretically supported, but almost you need to use 1.5.4 to achieve a stable result. That is, version 1.4.4 of the repositories will not work, and we need to build it ourselves.
Just in case, you can check the library at the destination.
and through ldconfig
Hint! If you do not specify make shared_library, then by default make compiles the archive library libsrtp.a, and requires an intermediate test run runtest. If you need libsrtp.a, then download the dictionary for this test in advance.
Download and deploy Asterisk:
At this stage, you can use the script provided by the developers to check the availability of the necessary packages and install them. Since we have already installed part of the packages, I recommend performing this test in
From the output of the script, remove mysql-devel, srtp-devel, and replace gmime22-devel with gmime-devel. At the moment, the lame and jansson packages are fresh in the repositories, so we will also install them from the repositories:
Next, load the sources of the sound files and run the asterisk configuration.
If everything went without errors, then run the configuration menu
We include mp3 support, choose the necessary sound file packages in Core Sound Packages, Music On Hold File Packages and Extras Sound Packages. Also, just in case, we check the presence of the res_srtp item in the Resource Modules. Is done. Further:
Now you can try to run asterisk and check if the srtp module has picked up:
Asterisk is working, now we are looking at whether the srtp module is loaded. In the asterisk console we execute:
If the module is not loaded - try to load it:
If everything went well, we stop the service and disable the asterisk autoload. In the future, it will run the freepbx service.
4. Freepbx.Nginx
We get the user asterisk and give him the rights to directories
Install nodeJS:
We configure nginx and php-fpm. To do this, delete all the files in /etc/nginx/conf.d/ and /etc/php-fpm.d/, and create our own instead. In the example, access by IP of the machine is indicated:
Allow autorun php-fpm and restart nginx:
Download and install FreePBX:
We are checking. If everything went fine, then we should get to the FreePBX admin panel by the IP address that was specified in /etc/nginx/conf.d/freepbx.conf You can set the admin password / email and see errors, if any.
Next, create a systemd unit for autoloading freepbx:
Stop freepbx, start the service, check:
If all is well, congratulations! Your PBX is ready!
Possible errors that I encountered while writing instructions:
In preparing the instructions used materials:
Installing FreePBX 14 on CentOS 7
Installing Asterisk 14 on Centos 7
Asterisk TLS SRTP setup for PJSIP .
Thank you all for your attention! I would welcome comments and amendments.
Special thanks to Generick , otkachov and chents for any inaccuracies found!
but under the cut you can find only relatively standard installation instructions for asterisk + freepbx. The boredom will slightly dispel the fact that the versions of all software are “latest stable”, there is encryption, instead of apache - nginx, and the whole installation under the recently “matured” lxc. The output will be quite mobile, compact and modern IP PBX, consuming 200-300 MB of RAM alone
0. Before installation
Before you begin, take into account that the instruction does not involve installing DAHDI and working with analog lines. In addition, since the system is not an officially distributed FreePBX distribution , you will not be able to connect commercial FreePBX modules in the future.
At this time we only support commercial modules in the distro. Yoy . Director of Software Engineering
')
1. LXC.Proxmox
First you need to create a container with Centos. If you, like me, have proxmox ve - it will be most convenient to do this through a web interface. Settings "equipment" take the minimum. Then they can be increased to the needs of: cores: 1 memory: 1024 rootfs: 8G swap: 256, and as the OS template we use centos-7-default_20171212_amd64.tar.xz.
If you have such a template is not available for download, run pveam update on the host. After installing and running the container, I usually immediately put ssh, because Working with the embedded web console proxmox is not very convenient.
yum -y install openssh-server systemctl enable sshd --now 2. LEMP
Repositories and Basic Utilities
yum -y install epel-release rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm yum -y update The choice of webtatic is justified by the further installation of php56w, with which freepbx is guaranteed to work well. But you can try Remi.
We put mariadb, nginx and utility. The net-tools package is also useful because in centos7, there is no default ifconfig with which freepbx works.
yum -y install wget tar nano bzip2 unzip curl net-tools make gcc gcc-c++ openssl openssl-devel mariadb-server mariadb-devel nginx tftp-server crontabs cronie cronie-anacron sendmail sendmail-cf Freepbx does not yet support php7, so we put the recommended 5.6.
yum -y install php56w php56w-pdo php56w-mysql php56w-mbstring php56w-pear php56w-process php56w-xml php56w-opcache php56w-ldap php56w-intl php56w-soap php56w-fpm php56w-gd We launch mariadb and nginx, we disconnect apache, we rule php.ini. Otherwise, you will not be able to update the freepbx modules via the web interface.
systemctl enable mariadb.service systemctl start mariadb sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php.ini systemctl enable nginx --now systemctl disable httpd After that you can run mysql_secure_installation but without setting the root password - this is required by the freepbx installer.
Now that we have a working “preset” of the LEMP server, we can make a backup of the system so that we can roll back or use the backup to prepare another server. It takes less than a minute, and the full archive will be about 350MB.
3. Asterisk.SRTP
In principle, we are all ready to install asterisk. We will install SIP and PJSIP when building via the option --with-pjproject-bundled. What is missing is srtp to enable support for media encryption. There is a small plug, because the asterisk 14 documentation says that srtp needs libsrtp 1.5.4 or higher, libsrtp 2.x is theoretically supported, but almost you need to use 1.5.4 to achieve a stable result. That is, version 1.4.4 of the repositories will not work, and we need to build it ourselves.
cd /usr/src/ wget https://github.com/cisco/libsrtp/archive/v1.5.4.tar.gz tar xvzf v1.5.4.tar.gz cd libsrtp-1.5.4 ./configure --libdir=/usr/lib64 --enable-openssl make shared_library make install Just in case, you can check the library at the destination.
ls /usr/lib64 | grep srtp and through ldconfig
ldconfig -p | grep srtp Hint! If you do not specify make shared_library, then by default make compiles the archive library libsrtp.a, and requires an intermediate test run runtest. If you need libsrtp.a, then download the dictionary for this test in advance.
wget -O /usr/share/dict/words https://github.com/cisco/libsrtp/blob/master/test/words.txt Download and deploy Asterisk:
cd /usr/src wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-14-current.tar.gz tar xvfz asterisk-14-current.tar.gz cd asterisk-14*/ At this stage, you can use the script provided by the developers to check the availability of the necessary packages and install them. Since we have already installed part of the packages, I recommend performing this test in
test mode. ./contrib/scripts/install_prereq test From the output of the script, remove mysql-devel, srtp-devel, and replace gmime22-devel with gmime-devel. At the moment, the lame and jansson packages are fresh in the repositories, so we will also install them from the repositories:
yum -y install patch ncurses-devel uuid-devel libuuid-devel jansson-devel lame lame-libs libxml2-devel sqlite-devel automake unixODBC-devel libcurl-devel libogg-devel libvorbis-devel speex-devel spandsp-devel freetds-devel net-snmp-devel iksemel-devel corosynclib-devel newt-devel popt-devel libtool-ltdl-devel lua-devel libsqlite3x-devel radiusclient-ng-devel portaudio-devel neon-devel libical-devel openldap-devel sqlite2-devel bluez-libs-devel jack-audio-connection-kit-devel gsm-devel libedit-devel pjproject-devel gmime-devel subversion git libxslt-devel python-devel Next, load the sources of the sound files and run the asterisk configuration.
./contrib/scripts/get_mp3_source.sh ./configure --libdir=/usr/lib64 --with-pjproject-bundled --with-crypto --with-ssl=ssl --with-srtp If everything went without errors, then run the configuration menu
make menuselect We include mp3 support, choose the necessary sound file packages in Core Sound Packages, Music On Hold File Packages and Extras Sound Packages. Also, just in case, we check the presence of the res_srtp item in the Resource Modules. Is done. Further:
make && make install && make config && ldconfig Now you can try to run asterisk and check if the srtp module has picked up:
systemctl start asterisk systemctl status asterisk rasterisk Asterisk 14.7.5, Copyright (C) 1999 - 2016, Digium, Inc. and others. Created by Mark Spencer <markster@digium.com> Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details. This is free software, with components licensed under the GNU General Public License version 2 and other licenses; you are welcome to redistribute it under certain conditions. Type 'core show license' for details. =============================================================== Connected to Asterisk 14.7.5 currently running on pbx4 (pid = 28020) pbx4*CLI> Asterisk is working, now we are looking at whether the srtp module is loaded. In the asterisk console we execute:
pbx4*CLI> module show like srtp Module Description Use Count Status Support Level res_srtp.so Secure RTP (SRTP) 0 Running core 1 modules loaded If the module is not loaded - try to load it:
pbx4*CLI> module load res_srtp.so Loaded res_srtp.so If everything went well, we stop the service and disable the asterisk autoload. In the future, it will run the freepbx service.
systemctl stop asterisk systemctl disable asterisk 4. Freepbx.Nginx
We get the user asterisk and give him the rights to directories
adduser asterisk -m -c "Asterisk User" chown asterisk. /var/run/asterisk chown asterisk. /var/spool/mqueue/ chown -R asterisk. /etc/asterisk chown -R asterisk. /var/{lib,log,spool}/asterisk chown -R asterisk. /usr/lib64/asterisk chown -R asterisk. /var/www/ chown -R asterisk. /var/lib/nginx Install nodeJS:
curl -sL https://rpm.nodesource.com/setup_8.x | bash - yum install -y nodejs We configure nginx and php-fpm. To do this, delete all the files in /etc/nginx/conf.d/ and /etc/php-fpm.d/, and create our own instead. In the example, access by IP of the machine is indicated:
nano /etc/nginx/conf.d/freepbx.conf server { server_name 10.10.0.126; listen 80; index index.php; client_max_body_size 120m; root /var/www/html/; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param SERVER_NAME $host; } } nano /etc/php-fpm.d/freepbx.conf [freepbx] listen = /var/run/php-fpm.sock listen.owner = asterisk listen.group = asterisk listen.mode = 0666 user = asterisk group = asterisk pm = dynamic pm.max_children = 30 pm.start_servers = 3 pm.min_spare_servers = 3 pm.max_spare_servers = 21 pm.max_requests = 1000 php_admin_value[memory_limit] = 512M Allow autorun php-fpm and restart nginx:
systemctl enable php-fpm systemctl restart nginx Download and install FreePBX:
cd /usr/src wget http://mirror.freepbx.org/modules/packages/freepbx/freepbx-14.0-latest.tgz tar xvfz freepbx-14.0-latest.tgz cd freepbx ./start_asterisk start ./install -n We are checking. If everything went fine, then we should get to the FreePBX admin panel by the IP address that was specified in /etc/nginx/conf.d/freepbx.conf You can set the admin password / email and see errors, if any.
Next, create a systemd unit for autoloading freepbx:
nano /etc/systemd/system/freepbx.service [Unit] Description=FreePBX VoIP Server After=mariadb.service [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/fwconsole start -q ExecStop=/usr/sbin/fwconsole stop -q [Install] WantedBy=multi-user.target Stop freepbx, start the service, check:
fwconsole stop systemctl enable freepbx --now If all is well, congratulations! Your PBX is ready!
Possible errors that I encountered while writing instructions:
- If there is an error on the web gui that cannot communicate with Asterisk: Check passwords. /etc/asterisk/manager.conf and /etc/amportal.conf password from manager.conf section [admin] must match the password from amportal.conf
- If any of the modules are marked as tampered: Run thefwconsole ma refreshsignaturesin thefwconsole ma refreshsignatures, restart the freepbx service and try updating the module online
In preparing the instructions used materials:
Installing FreePBX 14 on CentOS 7
Installing Asterisk 14 on Centos 7
Asterisk TLS SRTP setup for PJSIP .
Thank you all for your attention! I would welcome comments and amendments.
Special thanks to Generick , otkachov and chents for any inaccuracies found!
Source: https://habr.com/ru/post/347224/
All Articles