Fusionpbx is a full featured mult-tenant GUI for Freeswitch.  This guide covers the installation of Fusionpbx and Freeswitch® with PostgreSQL and Apache on CentOS v7. 

Tested on:

CentOS v7
Freeswitch v1.6
FusionPBX v4.4
PostgreSQL v9.4
Apache v2.4
PHP v7.1

Assumptions:

Console text mode (multi-user.target)
Installation done as root user (#)

Install Prerequisites

Ensure all required packages are installed. 

yum -y install epel-release && yum -y update

yum install git nano httpd memcached ghostscript libtiff-devel libtiff-tools at tftp-server

PHP

yum -y install https://centos7.iuscommunity.org/ius-release.rpm
yum -y install yum-plugin-replace

# This updates any existing default version PHP files
yum replace php-common --replace-with php71u-common

yum install php71u php71u-common php71u-pdo php71u-soap php71u-xml php71u-xmlrpc php71u-pgsql php71u-cli php71u-imap php71u-mcrypt php71u-gd php71u-opcache php71u-json

PostgreSQL

rpm -Uvh https://download.postgresql.org/pub/repos/yum/9.4/redhat/rhel-7-x86_64/pgdg-centos94-9.4-3.noarch.rpm

yum -y install postgresql94-server postgresql94-contrib
/usr/pgsql-9.4/bin/postgresql94-setup initdb
systemctl enable postgresql-9.4
systemctl start postgresql-9.4

Setup client authentication to allow local connections.

nano +82 /var/lib/pgsql/9.4/data/pg_hba.conf

host  all all 127.0.0.1/32 trusthost  all all ::1/128      trust

systemctl restart postgresql-9.4

Test interactive terminal

sudo -u postgres psql
postgres=#
\q

Disable Selinux

Check status

sestatus

If not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Timezone

## FIND YOUR TIMEZONE
tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE
​timedatectl status

Memcached

Restrict memcached to localhost to prevent it from being used for DDoS attacks.

nano /etc/sysconfig/memcached

PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1"

Install

Freeswitch

rpm -Uvh http://files.freeswitch.org/freeswitch-release-1-6.noarch.rpm
yum -y install freeswitch-config-vanilla freeswitch-sounds* freeswitch-lang* freeswitch-lua freeswitch-xml-cdr

Create Databases and user

cd /tmp
password=somepassword

sudo -u postgres psql -c "CREATE DATABASE fusionpbx;"
sudo -u postgres psql -c "CREATE DATABASE freeswitch;"
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"

Download Fusionpbx

Make sure to include the . at the end.  There may be enhancements and fixes in our version that are not be in the official repo.

cd /var/www/html
git clone -b 4.4 https://github.com/powerpbx/fusionpbx.git .

Copy Directories

Replace default freeswitch conf files with fusionpbx conf files

mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/html/resources/templates/conf/* /etc/freeswitch

Copy music directories to default location

mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/music/*000/ /usr/share/freeswitch/sounds/music/default/

Apache

# Add user freeswitch to group apache to avoid problems with /var/lib/php/sessions directory 
usermod -a -G apache freeswitch

# Set http server to run as same user/group as Freeswitch
sed -i "s/User apache/User freeswitch/" /etc/httpd/conf/httpd.conf
sed -i "s/Group apache/Group daemon/" /etc/httpd/conf/httpd.conf

# Set webserver to obey any .htaccess files in /var/www/html and subdirs 
sed -i ':a;N;$!ba;s/AllowOverride None/AllowOverride All/2' /etc/httpd/conf/httpd.conf

Set ownership and permissions

# Ownership
chown -R freeswitch.daemon /etc/freeswitch /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/html

# Directory permissions to 770 (u=rwx,g=rwx,o='')
find /etc/freeswitch -type d -exec chmod 770 {} \;
find /var/lib/freeswitch -type d -exec chmod 770 {} \;
find /var/log/freeswitch -type d -exec chmod 770 {} \;
find /usr/share/freeswitch -type d -exec chmod 770 {} \;
find /var/www/html -type d -exec chmod 770 {} \;

# File permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;

Systemd config

nano /etc/systemd/system/freeswitch.service

[Unit]
Description=FreeSWITCH
Wants=network-online.target
After=syslog.target network-online.target
After=postgresql-9.4.service httpd.service

[Service]
Type=forking
User=freeswitch
ExecStartPre=/usr/bin/mkdir -m 0750 -p /run/freeswitch
ExecStartPre=/usr/bin/chown freeswitch:daemon /run/freeswitch
WorkingDirectory=/run/freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
EnvironmentFile=-/etc/sysconfig/freeswitch
ExecStart=/usr/bin/freeswitch -ncwait -nonat $FREESWITCH_PARAMS
ExecReload=/usr/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

Create the $FREESWITCH_PARAMS file for extra parameters.  If freeswitch was installed from RPM this will probably already exist.

nano /etc/sysconfig/freeswitch

## Type:                string
## Default:             ""
## Config:              ""
## ServiceRestart:      freeswitch
#
# if not empty: parameters for freeswitch
#
FREESWITCH_PARAMS=""

Enable services

systemctl daemon-reload
systemctl enable httpd
systemctl enable freeswitch
systemctl enable memcached
systemctl restart httpd
systemctl restart freeswitch
systemctl restart memcached

Browse to the public IP address of the server

 http://xx.xx.xx.xx 

to complete the install using the following:

Username: superadmin (or whatever you want)
Password: somepassword (use whatever you want)

Database Name: fusionpbx
Database Username: fusionpbx
Database Password: somepassword
Create Database Options: uncheck
Create Database Username: 
Create Database Password : 

It will take several minutes to complete.  Post install tasks are mandatory.

Post Install

Enable freeswitch database connection

This optional configuration sets Freeswitch to use PostgreSQL instead of sqlite for storing internal data.

nano +147 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=fusionpbx password='somepassword'" /> 

systemctl restart freeswitch

Change Voicemail to Email app configuration

nano +119 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="mailer-app" value="/usr/bin/php /var/www/html/secure/v_mailto.php"/>
                <param name="mailer-app-args" value="-t"/>

systemctl restart freeswitch

Configure firewall

yum -y install firewalld
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Daily Backup and housekeeping

Backup script

nano /etc/cron.daily/fusionpbx-backup

#!/bin/sh

db_host=127.0.0.1
db_port=5432
now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql

# Delete postgres backups if older than 4 days
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;

# Delete the main backup if older than 4 days
find /var/backups/fusionpbx/*.tgz -mtime +4 -exec rm {} \;

# Create databse backup
pg_dump --verbose -Fc --host=${db_host} --port=${db_port} -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql

# Combine and compress to create the main backup
tar -zvcf /var/backups/fusionpbx/backup_${now}.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql \
/var/www/html /usr/share/freeswitch/scripts /var/lib/freeswitch/storage \
/var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch

chmod +x /etc/cron.daily/fusionpbx-backup

Housekeeping script

nano /etc/cron.daily/fusionpbx-maintenance

#!/bin/sh

# Delete freeswitch logs older 7 days
find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;

# Delete call recordings older than 90 days
find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +90 -exec rm {} \;
find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +90 -exec rm {} \;

## Uncomment to delete faxes older than 90 days #find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \; #find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \;

## Uncomment to delete voicemails older than 90 days
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"

## Uncomment to delete call detail records older 90 days
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"

chmod +x /etc/cron.daily/fusionpbx-maintenance

TFTP

If you plan to use hardware SIP phones you may want to set up TFTP provisioning. 

yum -y install tftp-server
nano /etc/xinetd.d/tftp

change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot

change disable=yes
to disable=no

mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd

firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload

Now go to GUI Advanced > Default Settings > Provision.  About 20 rows down set enabled = True.

Add a new Subcategory in Provision category by pressing the + icon and fill in as follows:

Category = provision
Subcategory = path
type = text
Value = /tftpboot
Enabled = True

This guide covers the installation of the ASTPP VoIP billing and Freeswitch applications.  ASTPP is installed manually from source.  Freeswitch is installed from RPMs.

Tested using the following software:

• CentOS v7 minimal install
• Freeswitch v1.6
• ASTPP v3.6
• Apache v2.4
• PHP v7.1
• MariaDB v5.5
  

Prerequisites

yum -y install epel-release && yum -y update

yum -y install git nano httpd unixODBC mysql-connector-odbc ghostscript libtiff-devel libtiff-tools at mariadb mariadb-server postfix

PHP

yum -y install https://centos7.iuscommunity.org/ius-release.rpm
yum -y install yum-plugin-replace

# This updates any existing default version PHP files
yum replace php-common --replace-with php71u-common

yum -y install php71u php71u-common php71u-pdo php71u-soap php71u-xml php71u-xmlrpc php71u-cli php71u-imap php71u-mcrypt php71u-gd php71u-opcache php71u-json php71u-mysqlnd php71u-odbc pear1u

Disable Selinux

Check status

sestatus

If not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Timezone

## FIND YOUR TIMEZONE
tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE
​timedatectl status

Install

Freeswitch

rpm -Uvh http://files.freeswitch.org/freeswitch-release-1-6.noarch.rpm
yum -y install freeswitch-config-vanilla freeswitch-sounds* freeswitch-lang* freeswitch-lua freeswitch-xml-cdr freeswitch-application-curl freeswitch-xml-curl freeswitch-event-json-cdr

ASTPP

# Set ${password} variable.  This is used muliple times in this section.
password=somepassword

cd /usr/src
git clone -b v3.6 https://github.com/iNextrix/ASTPP.git
systemctl enable mariadb
systemctl restart mariadb

mysql -e "CREATE DATABASE astpp CHARACTER SET utf8 COLLATE utf8_general_ci;"
mysql -e "CREATE USER 'astppuser'@'localhost' IDENTIFIED BY '${password}';"
mysql -e "GRANT ALL PRIVILEGES ON astpp.* TO 'astppuser'@'localhost' WITH GRANT OPTION;"
mysql -e "FLUSH PRIVILEGES;"

mysql astpp < ASTPP/database/astpp-3.0.sql
mysql astpp < ASTPP/database/astpp-upgrade-3.5.sql
mysql astpp < ASTPP/database/astpp-upgrade-3.6.sql

ODBC

cat >> /etc/odbc.ini << EOF
[ASTPP]
Driver = MySQL
SERVER = 127.0.0.1
DATABASE = astpp
USERNAME = astppuser
PASSWORD = ${password}
PORT = 3306
OPTION = 67108864
Socket = /var/lib/mysql/mysql.sock
threading = 0
charset = utf8
EOF

Test odbc driver

odbcinst -s -q

Test odbc connection

isql -v astpp astppuser ${password} 
quit

Copy and configure Freeswitch files

cd /usr/src
cp -R ASTPP/freeswitch/fs /var/www/html/
cp -R ASTPP/freeswitch/scripts/* /usr/share/freeswitch/scripts/
cp -R ASTPP/freeswitch/sounds/*.wav /usr/share/freeswitch/sounds/en/us/callie/

rm -Rf /etc/freeswitch/dialplan/*
touch /etc/freeswitch/dialplan/astpp.xml
rm -Rf /etc/freeswitch/directory/*
touch /etc/freeswitch/directory/astpp.xml
rm -Rf /etc/freeswitch/sip_profiles/*
touch /etc/freeswitch/sip_profiles/astpp.xml

Copy and configure ASTPP files

cd /usr/src
mkdir -p /var/lib/astpp
cp ASTPP/config/astpp-config.conf /var/lib/astpp/astpp-config.conf
cp ASTPP/config/astpp.lua /var/lib/astpp/astpp.lua

# Copy/config web GUI files
cp -R ASTPP/web_interface/astpp /var/www/html/
cp ASTPP/web_interface/apache/astpp.conf /etc/httpd/conf.d/astpp.conf
cp ASTPP/web_interface/apache/astpp.conf /etc/httpd/conf.d/fs.conf
sed -i "s#8081#8735#g" /etc/httpd/conf.d/fs.conf
sed -i "s#astpp#fs#g" /etc/httpd/conf.d/fs.conf
mv /var/www/html/astpp/htaccess /var/www/html/astpp/.htaccess

# Copy ASTPP specific freeswitch config files
/bin/cp -R ASTPP/freeswitch/conf/autoload_configs/* /etc/freeswitch/autoload_configs/

# ASTPP links to Freeswitch use /usr/local by default.  Freeswitch RPMs use /usr/share.
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /etc/freeswitch/autoload_configs/lua.conf.xml
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /etc/freeswitch/autoload_configs/json_cdr.conf.xml
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp-callingcards.lua
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp/astpp.lua
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp/scripts/astpp.xml.lua

sed -i "s#\$\${base_dir}/recordings#\$\${recordings_dir}#g" /usr/share/freeswitch/scripts/astpp/scripts/astpp.xml.lua

# Configure ASTPP config files in /var/lib/astpp.
serverIP=$(ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
sed -i "s#\(^dbname\).*#dbname = astpp#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbuser\).*#dbuser = astppuser#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbpass\).*#dbpass = ${password}#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^base_url\).*#base_url = http://${serverIP}:8081/#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^DB_USERNAME\).*#DB_USERNAME = \"astppuser\"#" /var/lib/astpp/astpp.lua
sed -i "s#\(^DB_PASSWD\).*#DB_PASSWD = \"${password}\"#" /var/lib/astpp/astpp.lua

CRON

crontab -u freeswitch -e

# I
# Generate Invoice   
0 1 * * * cd /var/www/html/astpp/cron/ && php cron.php GenerateInvoice
# Low balance notification
0 1 * * * cd /var/www/html/astpp/cron/ && php cron.php UpdateBalance
# Low balance notification
0 0 * * * cd /var/www/html/astpp/cron/ && php cron.php LowBalance        
# Update currency rate
0 0 * * * cd /var/www/html/astpp/cron/ && php cron.php CurrencyUpdate
# Email Broadcasting
* * * * * cd /var/www/html/astpp/cron/ && php cron.php BroadcastEmail

Apache

# Add user freeswitch to group apache to avoid problems with /var/lib/php/sessions directory 
usermod -a -G apache freeswitch

# Set http server to run as same user/group as Freeswitch
sed -i "s/User apache/User freeswitch/" /etc/httpd/conf/httpd.conf
sed -i "s/Group apache/Group daemon/" /etc/httpd/conf/httpd.conf

# Set webserver to obey any .htaccess files in /var/www/html and subdirs 
sed -i ':a;N;$!ba;s/AllowOverride None/AllowOverride All/2' /etc/httpd/conf/httpd.conf

Set ownership and permissions

It is a good idea to run this anytime there are any changes/moves/adds/upgrades.

# Ownership
chown -R freeswitch.daemon /etc/freeswitch /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/html

# Directory permissions to 770 (u=rwx,g=rwx,o='')
find /etc/freeswitch -type d -exec chmod 770 {} \;
find /var/lib/freeswitch -type d -exec chmod 770 {} \;
find /var/log/freeswitch -type d -exec chmod 770 {} \;
find /usr/share/freeswitch -type d -exec chmod 770 {} \;
find /var/www/html -type d -exec chmod 770 {} \;

# File permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;

Systemd config

nano /etc/systemd/system/freeswitch.service

[Unit]
Description=FreeSWITCH
Wants=network-online.target
After=syslog.target network-online.target
After=mariadb.service httpd.service

[Service]
Type=forking
User=freeswitch
ExecStartPre=/usr/bin/mkdir -m 0750 -p /run/freeswitch
ExecStartPre=/usr/bin/chown freeswitch:daemon /run/freeswitch
WorkingDirectory=/run/freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
EnvironmentFile=-/etc/sysconfig/freeswitch
ExecStart=/usr/bin/freeswitch -ncwait -nonat $FREESWITCH_PARAMS
ExecReload=/usr/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

Configure php.ini

sed -i "s#short_open_tag = Off#short_open_tag = On#g" /etc/php.ini
sed -i "s#;cgi.fix_pathinfo=1#cgi.fix_pathinfo=1#g" /etc/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 3000/" /etc/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /etc/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /etc/php.ini
sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php.ini

Lock down the database server

mysql_secure_installation
systemctl restart mariadb

Answer Y to everything.

Configure firewall

yum -y install firewalld
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081,8081}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Enable services

systemctl daemon-reload
systemctl enable mariadb
systemctl enable httpd
systemctl enable freeswitch
systemctl restart httpd
systemctl restart freeswitch
systemctl disable sendmail
systemctl stop sendmail
systemctl enable postfix
systemctl restart postfix

Test Freeswitch console

If fs_cli command is not working change the following line.

nano +4 /etc/freeswitch/autoload_configs/event_socket.conf.xml

<param name="listen-ip" value="127.0.0.1"/>

systemctl restart freeswitch

Browse to control panel

http://x.x.x.x:8081

username: admin
password: admin

The 8081 port can be changed at /var/lib/astpp/astpp-config.conf and  /etc/httpd/conf.d/astpp.conf. Remember to change the port on the firewall as well.

User documentation is located at the following link
http://astpp.readthedocs.io/en/v3.6/Modules/modules.html

Fusionpbx is a full featured mult-tenant GUI for Freeswitch.  This guide covers the installation of Fusionpbx and Freeswitch® with PostgreSQL and Apache on Debian v8. 

Tested on:

Debian v8 (Jessie) 64 bit
Freeswitch v1.6
FusionPBX v4
PostgreSQL v9.4
Apache v2.4
PHP v7.1

Assumptions:

Console text mode (multi-user.target)
Installation done as root user (#)

Install Prerequisites

Set server locale.  This should be done before PostgreSQL is installed.

# Select en_US.UTF-8 UTF-8
dpkg-reconfigure locales

Logout and log back in and check that LANG=en_US.UTF-8.

locale

Install packages

apt update && apt upgrade -y && apt install lsb-release

apt -y install git nano dbus sudo apache2 curl memcached sqlite3 postgresql-9.4 postgresql-client-9.4 haveged ghostscript libtiff5-dev libtiff-tools at tftpd

PHP

# install this section one line at a time.

apt -y install apt-transport-https ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> /etc/apt/sources.list.d/php.list

apt update && apt -y install php7.1 php7.1-cli php7.1-common php7.1-curl php7.1-mcrypt php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-xml php7.1-imap

Disable Selinux

Check status

sestatus

If command exists and indicates it is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Set Timezone

Using tzselect is one way to find the correct timezone.

tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

​timedatectl status

Also need to change php timezone

nano +939 /etc/php/7.1/apache2/php.ini

date.timezone = America/Vancouver

systemctl restart apache2

Install

Freeswitch

curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -

echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-all freeswitch-all-dbg freeswitch-sounds* freeswitch-music* gdb

Database

Check that localhost connections are allowed.  This is necessary for the backup script.

nano +92 /etc/postgresql/9.4/main/pg_hba.conf

host all all 127.0.0.1/32 trust

systemctl restart postgresql

Check PostgreSQL locale

sudo -u postgres psql -l

If Encoding is not UTF8 and Collate & Ctype is not en_US.UTF8 then set it now.

sudo -u postgres psql

update pg_database set encoding = 6, datcollate = 'en_US.UTF8', datctype = 'en_US.UTF8' where datname = 'template0';
update pg_database set encoding = 6, datcollate = 'en_US.UTF8', datctype = 'en_US.UTF8' where datname = 'template1';

Create databases and user

cd /tmp
password=somepassword

sudo -u postgres psql -c "CREATE DATABASE fusionpbx;" 
sudo -u postgres psql -c "CREATE DATABASE freeswitch;"
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"

Fusionpbx

There may be enhancements and fixes in our version that are not be in the official repo.

# Makes sure to include the "." at the end.
cd /var/www/html
rm index.html
mkdir -p /etc/fusionpbx
git clone -b 4.4 https://github.com/powerpbx/fusionpbx.git .

Copy Directories

mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/html/resources/templates/conf/* /etc/freeswitch

Copy music directories to default location

mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/music/*000/ /usr/share/freeswitch/sounds/music/default/

Set ownership and permissions

# Set ownership
chown -R freeswitch. /etc/freeswitch /etc/fusionpbx /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/html

# Set directory permissions to 770 (u=rwx,g=rwx,o='')
find /etc/freeswitch -type d -exec chmod 770 {} \;
find /etc/fusionpbx -type d -exec chmod 770 {} \;
find /var/lib/freeswitch -type d -exec chmod 770 {} \;
find /var/log/freeswitch -type d -exec chmod 770 {} \;
find /usr/share/freeswitch -type d -exec chmod 770 {} \;
find /var/www/html -type d -exec chmod 770 {} \;

# Set file permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /etc/fusionpbx -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;

Apache config

sed -i 's/\(APACHE_RUN_USER=\)\(.*\)/\1freeswitch/g' /etc/apache2/envvars
sed -i 's/\(APACHE_RUN_GROUP=\)\(.*\)/\1freeswitch/g' /etc/apache2/envvars
chown freeswitch. /run/lock/apache2
systemctl restart apache2

Systemd

nano /etc/systemd/system/freeswitch.service

[Unit]
Description=FreeSWITCH
Wants=network-online.target
After=syslog.target network.target network-online.target
After=postgresql.service apache2.service

[Service]
Type=forking
User=freeswitch
WorkingDirectory=/run/freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch -ncwait -nonat $FREESWITCH_PARAMS
ExecReload=/usr/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

Create the $FREESWITCH_PARAMS file for extra parameters

nano /etc/default/freeswitch

## Type:                string
## Default:             ""
## Config:              ""
## ServiceRestart:      freeswitch
#
# if not empty: parameters for freeswitch
#
FREESWITCH_PARAMS=""

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Fix fs_cli

If fs_cli command does not work with freeswitch running change the following config line. 

nano +4 /etc/freeswitch/autoload_configs/event_socket.conf.xml

<param name="listen-ip" value="127.0.0.1"/>

systemctl restart freeswitch

Change Voicemail to Email app configuration

nano +119 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="mailer-app" value="/usr/bin/php /var/www/html/secure/v_mailto.php"/>
                <param name="mailer-app-args" value="-t"/>

systemctl restart freeswitch

Browse to the public IP address of the server

 http://xx.xx.xx.xx 

to complete the install using the following:

Username: superadmin (or whatever you want)
Password: somepassword (use whatever you want)

Database Name: fusionpbx
Database Username: fusionpbx
Database Password: somepassword
Create Database Options: uncheck
Create Database Username: 
Create Database Password : 

It will take several minutes to complete.  Post install tasks are mandatory.

Post Install

Enable freeswitch database connection

Freeswitch uses sqlite by default.  This optional configuration changes that to use PostgreSQL.

nano +147 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=fusionpbx password='somepassword'" />

systemctl restart freeswitch

Configure Firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Daily Backup and housekeeping

Backup script

nano /etc/cron.daily/fusionpbx-backup

#!/bin/sh

db_host=127.0.0.1
db_port=5432
now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql

# Delete postgres backups if older than 4 days
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;

# Delete the main backup if older than 4 days
find /var/backups/fusionpbx/*.tgz -mtime +4 -exec rm {} \;

# Create databse backup
pg_dump --verbose -Fc --host=${db_host} --port=${db_port} -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql

# Combine and compress to create the main backup
tar -zvcf /var/backups/fusionpbx/backup_${now}.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql \
/var/www/html /usr/share/freeswitch/scripts /var/lib/freeswitch/storage \
/var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch

chmod +x /etc/cron.daily/fusionpbx-backup

Housekeeping script

nano /etc/cron.daily/fusionpbx-maintenance

#!/bin/sh

# Delete freeswitch logs older than 7 days
find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;

# Delete call recordings older than 90 days
find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +90 -exec rm {} \;
find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +90 -exec rm {} \;

## Uncomment to delete faxes older than 90 days 
#find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \; 
#find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \; 

## Uncomment to delete voicemails older than 90 days
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"

## Uncomment to delete call detail records older 90 days
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"

chmod +x /etc/cron.daily/fusionpbx-maintenance

Troubleshooting Lua

To view the dyamically generated xml files.

nano /usr/share/freeswitch/scripts/resources/config.lua

## Change debug options from false to true to see lua generated output in fs_cli
       debug["params"] = true;
       debug["sql"] = true;
       debug["xml_request"] = true;
       debug["xml_string"] = true;
       debug["cache"] = true;

TFTP

If you plan to use hardware SIP phones you may want to enable TFTP.

Create tftp config

cat >> /etc/xinetd.d/tftp << EOF
service tftp
{
protocol        = udp
port            = 69
socket_type     = dgram
wait            = yes
user            = nobody
server          = /usr/sbin/in.tftpd
server_args     = /tftpboot
disable         = no
}

EOF

Make the directory and restart the daemon to start tftp.

mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd

firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload

Now go to GUI Advanced > Default Settings > Provision.  About 20 rows down set enabled = True.

Add a new Subcategory in Provision category by pressing the + icon and fill in as follows:

Category = provision
Subcategory = path
type = text
Value = /tftpboot
Enabled = True

This guide covers the installation of the ASTPP VoIP billing and Freeswitch applications.  ASTPP is installed manually from source.  Freeswitch is installed from deb packages.

Tested using the following software:

• Debian v8 (Jessie) x64 minimal install
• ASTPP v3.6
• Freeswitch v1.6
• Apache v2.4
• PHP v7.1
• MariaDB v10
  

Prerequisites

apt update && apt upgrade -y && apt install

apt -y install git nano dbus sudo apache2 curl sqlite3 haveged lsb-release ghostscript libtiff5-dev libtiff-tools at dirmngr postfix gawk dnsutils openssl ntp libmyodbc unixodbc unixodbc-bin gettext

PHP

# install this section one line at a time.

apt -y install apt-transport-https ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> /etc/apt/sources.list.d/php.list

apt update && apt -y install php7.1 php7.1-gd php7.1-opcache php7.1-cli php7.1-common php7.1-curl php7.1-sqlite3 php7.1-odbc php7.1-mysql php7.1-xml php7.1-mcrypt php7.1-json php7.1-pdo php-pear

ODBC

cd /usr/src
wget https://downloads.mariadb.com/Connectors/odbc/connector-odbc-3.0.3/\
mariadb-connector-odbc-3.0.3-ga-debian-x86_64.tar.gz
tar -zxvf mariadb-connector-odbc-3.0.3*.tar.gz
cp mariadb-connector-odbc-3.0.3*/lib/libmaodbc.so /usr/lib/x86_64-linux-gnu/odbc/

Create /etc/odbcinst.ini

cat >> /etc/odbcinst.ini << EOF
[MySQL]
Description = ODBC for MariaDB
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmaodbc.so
Setup = /usr/lib/x86_64-linux-gnu/odbc/libodbcmyS.so
FileUsage = 1
  
EOF

MariaDB

# After install set root password when asked. Otherwise it will keep nagging.

apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
apt update && apt -y install mariadb-server

Add the following line under [mysqld] in /etc/mysql.my.cnf to disable strict mode.

sql_mode=''

systemctl restart mariadb

Disable Selinux

Check status

sestatus

If the command is found and is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Timezone

## FIND YOUR TIMEZONE
tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE
​timedatectl status

Install

Freeswitch

curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -

echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-all freeswitch-all-dbg freeswitch-sounds* freeswitch-music* gdb

ASTPP

# Set ${password} variable.  This is used muliple times in this section.
password=somepassword

cd /usr/src
git clone -b v3.6 https://github.com/iNextrix/ASTPP.git

mysql -p -e "CREATE DATABASE astpp CHARACTER SET utf8 COLLATE utf8_general_ci;"
mysql -p -e "CREATE USER 'astppuser'@'localhost' IDENTIFIED BY '${password}';"
mysql -p -e "GRANT ALL PRIVILEGES ON astpp.* TO 'astppuser'@'localhost' WITH GRANT OPTION;"
mysql -p -e "FLUSH PRIVILEGES;"

mysql -p astpp < ASTPP/database/astpp-3.0.sql
mysql -p astpp < ASTPP/database/astpp-upgrade-3.5.sql
mysql -p astpp < ASTPP/database/astpp-upgrade-3.6.sql

ODBC

cat >> /etc/odbc.ini << EOF
[ASTPP]
Driver = MySQL
SERVER = 127.0.0.1
DATABASE = astpp
USERNAME = astppuser
PASSWORD = ${password}
PORT = 3306
OPTION = 67108864
Socket = /run/mysqld/mysqld.sock
threading = 0
charset = utf8
EOF

Test odbc driver

odbcinst -s -q

Test odbc connection

isql -v astpp astppuser ${password} 
quit

Copy and configure Freeswitch files

cd /usr/src
cp -R ASTPP/freeswitch/fs /var/www/html/
cp -R ASTPP/freeswitch/scripts/* /usr/share/freeswitch/scripts/
cp -R ASTPP/freeswitch/sounds/*.wav /usr/share/freeswitch/sounds/en/us/callie/

rm -Rf /etc/freeswitch/dialplan/*
touch /etc/freeswitch/dialplan/astpp.xml
rm -Rf /etc/freeswitch/directory/*
touch /etc/freeswitch/directory/astpp.xml
rm -Rf /etc/freeswitch/sip_profiles/*
touch /etc/freeswitch/sip_profiles/astpp.xml

Copy and configure ASTPP files

cd /usr/src
mkdir -p /var/lib/astpp
cp ASTPP/config/astpp-config.conf /var/lib/astpp/astpp-config.conf
cp ASTPP/config/astpp.lua /var/lib/astpp/astpp.lua

# Copy/config web GUI files
cp -R ASTPP/web_interface/astpp /var/www/html/
cp ASTPP/web_interface/apache/astpp.conf /etc/apache2/conf-available/astpp.conf
cp ASTPP/web_interface/apache/astpp.conf /etc/apache2/conf-available/fs.conf

sed -i "s#log/httpd#log/apache2#g" /etc/apache2/conf-available/astpp.conf
sed -i "s#log/httpd#log/apache2#g" /etc/apache2/conf-available/fs.conf
sed -i "s#8081#8735#g" /etc/apache2/conf-available/fs.conf
sed -i "s#astpp#fs#g" /etc/apache2/conf-available/fs.conf

mv /var/www/html/astpp/htaccess /var/www/html/astpp/.htaccess
a2enconf astpp
a2enconf fs
systemctl reload apache2

# Copy ASTPP specific freeswitch config files
/bin/cp -R ASTPP/freeswitch/conf/autoload_configs/* /etc/freeswitch/autoload_configs/

# ASTPP links to Freeswitch use /usr/local by default.  Freeswitch binary packages use /usr/share.
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /etc/freeswitch/autoload_configs/lua.conf.xml
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /etc/freeswitch/autoload_configs/json_cdr.conf.xml
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp-callingcards.lua
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp/astpp.lua
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp/scripts/astpp.xml.lua

# Configure ASTPP config files in /var/lib/astpp.
serverIP=$(ifconfig | sed -En 's/127.0.0.*//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
sed -i "s#\(^dbname\).*#dbname = astpp#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbuser\).*#dbuser = astppuser#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbpass\).*#dbpass = ${password}#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^base_url\).*#base_url = http://${serverIP}:8081/#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^DB_USERNAME\).*#DB_USERNAME = \"astppuser\"#" /var/lib/astpp/astpp.lua
sed -i "s#\(^DB_PASSWD\).*#DB_PASSWD = \"${password}\"#" /var/lib/astpp/astpp.lua

CRON

crontab -e

# I
# Generate Invoice   
0 1 * * * cd /var/www/html/astpp/cron/ && php cron.php GenerateInvoice
# Low balance notification
0 1 * * * cd /var/www/html/astpp/cron/ && php cron.php UpdateBalance
# Low balance notification
0 0 * * * cd /var/www/html/astpp/cron/ && php cron.php LowBalance        
# Update currency rate
0 0 * * * cd /var/www/html/astpp/cron/ && php cron.php CurrencyUpdate
# Email Broadcasting
* * * * * cd /var/www/html/astpp/cron/ && php cron.php BroadcastEmail

Apache

Configure Apache

Add AllowOverride All to web directory so that .htaccess is active.

cat >> /etc/apache2/conf-available/allowoverride.conf << EOF 
<Directory /var/www/html>
    AllowOverride All
    </Directory>
EOF

a2enconf allowoverride

Change default apache user/group, disable index.html, enable rewrite module

sed -i 's/\(APACHE_RUN_USER=\)\(.*\)/\1freeswitch/g' /etc/apache2/envvars
sed -i 's/\(APACHE_RUN_GROUP=\)\(.*\)/\1freeswitch/g' /etc/apache2/envvars
chown freeswitch. /run/lock/apache2
mv /var/www/html/index.html /var/www/html/index.html.disable
a2enmod rewrite

systemctl restart apache2

Set ownership and permissions

It is a good idea to run this anytime there are any changes/moves/adds/upgrades.

# Ownership
chown -R freeswitch. /etc/freeswitch /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/html

# Directory permissions to 770 (u=rwx,g=rwx,o='')
find /etc/freeswitch -type d -exec chmod 770 {} \;
find /var/lib/freeswitch -type d -exec chmod 770 {} \;
find /var/log/freeswitch -type d -exec chmod 770 {} \;
find /usr/share/freeswitch -type d -exec chmod 770 {} \;
find /var/www/html -type d -exec chmod 770 {} \;

# File permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;

Systemd config

nano /etc/systemd/system/freeswitch.service

[Unit]
Description=FreeSWITCH
Wants=network-online.target
After=syslog.target network.target network-online.target
After=mariadb.service apache2.service

[Service]
Type=forking
User=freeswitch
WorkingDirectory=/run/freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch -ncwait -nonat $FREESWITCH_PARAMS
ExecReload=/usr/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

Create the file for adding extra parameters.

cat >> /etc/default/freeswitch << EOF
## Type:                string
## Default:             ""
## Config:              ""
## ServiceRestart:      freeswitch
#
# if not empty: parameters for freeswitch
#
FREESWITCH_PARAMS=""
EOF

Configure php.ini

sed -i "s#short_open_tag = Off#short_open_tag = On#g" /etc/php/7.1/apache2/php.ini
sed -i "s#;cgi.fix_pathinfo=1#cgi.fix_pathinfo=1#g" /etc/php/7.1/apache2/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 3000/" /etc/php/7.1/apache2/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /etc/php/7.1/apache2/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /etc/php/7.1/apache2/php.ini
sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.1/apache2/php.ini

Configure firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,8081}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Test Freeswitch console

If fs_cli command is not working change the following line.

nano +4 /etc/freeswitch/autoload_configs/event_socket.conf.xml

<param name="listen-ip" value="127.0.0.1"/>

systemctl restart freeswitch

Browse to control panel

http://x.x.x.x:8081

username: admin
password: admin

The 8081 port can be changed at /var/lib/astpp/astpp-config.conf and  /etc/httpd/conf.d/astpp.conf. Remember to change the port on the firewall as well.

User documentation is located at the following link
http://astpp.readthedocs.io/en/v3.6/Modules/modules.html

Fusionpbx is a full featured mult-tenant GUI for Freeswitch.  This guide covers the installation of Fusionpbx and Freeswitch® with PostgreSQL and Apache on Debian v8. 

Tested on:

Debian v8 (Jessie) x64 minimal install
Freeswitch v1.6
FusionPBX v4
Nginx v1.6
PHP v7.1
PostgreSQL v9.4

Assumptions:

Console text mode (multi-user.target)
Installation done as root user (#)

Install Prerequisites

Set server locale.  This should be done before PostgreSQL is installed.

# Select en_US.UTF-8 UTF-8
dpkg-reconfigure locales

Logout and log back in to verify.

locale

Install packages

apt update && apt upgrade -y && apt -y remove apache2

apt -y install git nano dbus sudo nginx curl lsb-release memcached sqlite3 postgresql-9.4 postgresql-client-9.4 haveged ghostscript libtiff5-dev libtiff-tools at tftpd ssl-cert fail2ban

PHP

# install this section one line at a time.

apt -y install apt-transport-https ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> /etc/apt/sources.list.d/php.list

apt update && apt -y install php7.1 php7.1-cli php7.1-common php7.1-curl php7.1-mcrypt php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-xml php7.1-imap php7.1-fpm

Disable Selinux

Check status

sestatus

If command exists and indicates it is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Set Timezone

Using tzselect is one way to find the correct timezone.

## FIND YOUR TIMEZONE 
tzselect 

## SET TIMEZONE EXAMPLE 
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE 
​timedatectl status

systemctl restart rsyslog

Install

Freeswitch

curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -

echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-all freeswitch-all-dbg freeswitch-sounds* freeswitch-music* gdb

Database

Check that localhost connections are always allowed.  This is necessary for the backup script.

nano +92 /etc/postgresql/9.4/main/pg_hba.conf

host all all 127.0.0.1/32 trust

systemctl restart postgresql

Check PostgreSQL locale

sudo -u postgres psql -l

If Encoding is not UTF8 and Collate & Ctype is not en_US.UTF8 then set it now.

sudo -u postgres psql

update pg_database set encoding = 6, datcollate = 'en_US.UTF8', datctype = 'en_US.UTF8' where datname = 'template0';
update pg_database set encoding = 6, datcollate = 'en_US.UTF8', datctype = 'en_US.UTF8' where datname = 'template1';

Create databases and user

cd /tmp

# Set the DB password variable.
password=somepassword

sudo -u postgres psql -c "CREATE DATABASE fusionpbx;" 
sudo -u postgres psql -c "CREATE DATABASE freeswitch;"
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"

Fusionpbx

There may be enhancements and fixes in our version that are not be in the official repo.

mkdir -p /etc/fusionpbx
mkdir -p /var/www/fusionpbx
git clone -b 4.4 https://github.com/powerpbx/fusionpbx.git /var/www/fusionpbx

Copy Directories

mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch

Copy music directories to default location

mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/music/*000/ /usr/share/freeswitch/sounds/music/default/

Php-fpm config

sed 's#post_max_size = .*#post_max_size = 80M#g' -i /etc/php/7.1/fpm/php.ini
sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i /etc/php/7.1/fpm/php.ini
systemctl restart php7.1-fpm

Nginx config

mkdir -p /etc/nginx/ssl
cd /etc/nginx/sites-available
wget https://raw.githubusercontent.com/powerpbx/fusionpbx-install.sh/master/debian/resources/nginx/fusionpbx
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g'

ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
rm /etc/nginx/sites-enabled/default

# link to self signed certificate
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt

# For future use
mkdir -p /var/www/letsencrypt/

systemctl restart nginx

Systemd

Create unit file.

systemctl stop freeswitch
rm -r /run/freeswitch
nano /etc/systemd/system/freeswitch.service

[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target postgresql.service

[Service]
Type=forking
RuntimeDirectory=freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-ncwait -nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch $DAEMON_OPTS
TimeoutSec=45s
Restart=always

User=www-data
Group=www-data

LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
LimitSTACK=250000
LimitRTPRIO=infinity
LimitRTTIME=infinity
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUSchedulingPriority=89
UMask=0007

; Comment this out if using OpenVZ
CPUSchedulingPolicy=rr

[Install]
WantedBy=multi-user.target

Create environment file.

cat >> /etc/default/freeswitch << EOF
# Uncommented variables will override variables in unit file
# User=""
# Group=""
# DAEMON_OPTS=""
EOF

Set ownership and permissions

# Set ownership
chown -R www-data. /etc/freeswitch /etc/fusionpbx /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/fusionpbx /var/run/freeswitch

## Set directory permissions to 755 (u=rwx,g=rx,o='rx')
find /etc/freeswitch -type d -exec chmod 755 {} \;
find /etc/fusionpbx -type d -exec chmod 755 {} \;
find /var/lib/freeswitch -type d -exec chmod 755 {} \;
find /var/log/freeswitch -type d -exec chmod 755 {} \;
find /usr/share/freeswitch -type d -exec chmod 755 {} \;
find /var/www/html -type d -exec chmod 755 {} \;

## Set file permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /etc/fusionpbx -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;

## Set misc permissions to 755 (u=rwx,g=rx,o='rx')
chmod -R 755 /var/www/fusionpbx/secure

## These two files do not yet exist on a fresh install
chmod 755 /etc/cron.daily/fusionpbx-backup.sh
chmod 755 /etc/cron.daily/fusionpbx-maintenance.sh

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Browse to the public IP address of the server

 http://xx.xx.xx.xx 

to complete the install using the following:

Username: superadmin (or whatever you want)
Password: somesuperadminpassword 

Database Name: fusionpbx
Database Username: fusionpbx
Database Password: somepassword(The database user password created earlier)
Create Database Options: uncheck
Create Database Username: 
Create Database Password : 

The install may take a minute or two. 
Log into the GUI and go to Advanced > Default Settings > Adminer(auto_login) > Enabled = True
Click the Reload button and go to Advanced > Adminer and verify you can view the database. 

Post install tasks are optional but recommended.

Post Install

Enable freeswitch database connection

Freeswitch stores internal data on sqlite by default.  This optional configuration changes that to use PostgreSQL.  This has the advantage of being able to view it in the GUI using Adminer. 

nano +147 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=fusionpbx password='somepassword'" />

systemctl restart freeswitch

Configure Firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld

firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Daily Backup and Housekeeping

Backup script

nano /etc/cron.daily/fusionpbx-backup

#!/bin/sh

db_host=127.0.0.1
db_port=5432
now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql

# Delete postgres backups if older than 4 days
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;

# Delete the main backup if older than 4 days
find /var/backups/fusionpbx/*.tgz -mtime +4 -exec rm {} \;

# Create database backup
pg_dump --verbose -Fc --host=${db_host} --port=${db_port} -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql

# Combine and compress to create the main backup
tar -zvcf /var/backups/fusionpbx/backup_${now}.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql \
/var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage \
/var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch

chmod 755 /etc/cron.daily/fusionpbx-backup

Housekeeping script

nano /etc/cron.daily/fusionpbx-maintenance

#!/bin/sh

# Delete freeswitch logs older than 7 days
find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;

## Uncomment to delete call recordings older than 90 days
#find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +90 -exec rm {} \;

## Uncomment to delete faxes older than 90 days 
#find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \; 
#find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \; 

## Uncomment to delete voicemails older than 90 days
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"

## Uncomment to delete call detail records older 90 days
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"

chmod 755 /etc/cron.daily/fusionpbx-maintenance

TFTP

If you plan to use hardware SIP phones you may want to enable TFTP.

Create tftp config

cat >> /etc/xinetd.d/tftp << EOF
service tftp
{
protocol        = udp
port            = 69
socket_type     = dgram
wait            = yes
user            = nobody
server          = /usr/sbin/in.tftpd
server_args     = /tftpboot
disable         = no
}
EOF

Make the directory and restart the daemon to start tftp.

mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd

firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload

Now go to GUI Advanced > Default Settings > Provision.  About 20 rows down set enabled = Trueand reload

Add a new Subcategory in Provision category by pressing the + icon and fill in as follows:

Category = provision
Subcategory = path
type = text
Value = /tftpboot
Enabled = True

Troubleshooting the Dialplan

To view the dyamically generated xml files.

nano /usr/share/freeswitch/scripts/resources/config.lua

## Change debug options from false to true to see lua generated output in fs_cli
       debug["params"] = true;
       debug["sql"] = true;
       debug["xml_request"] = true;
       debug["xml_string"] = true;
       debug["cache"] = true;

This guide covers the installation of the ASTPP VoIP billing and Freeswitch applications.  ASTPP is installed manually from source.  Freeswitch is installed from deb packages.

Tested using the following software:

• Debian v8 (Jessie) x64 minimal install
• ASTPP v3.6
• Freeswitch v1.6
• Nginx v1.6
• PHP v7.1
• MariaDB v10
  

Prerequisites

apt update && apt upgrade -y && apt -y remove apache2

apt -y install git nano dbus sudo nginx curl sqlite3 haveged ghostscript lsb-release libtiff5-dev libtiff-tools at dirmngr postfix gawk dnsutils openssl ntp libmyodbc unixodbc unixodbc-bin gettext fail2ban

PHP

# install this section one line at a time.

apt -y install apt-transport-https ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> /etc/apt/sources.list.d/php.list

apt update && apt -y install php7.1 php7.1-fpm php7.1-gd php7.1-opcache php7.1-cli php7.1-common php7.1-curl php7.1-sqlite3 php7.1-odbc php7.1-mysql php7.1-xml php7.1-mcrypt php7.1-json php-pear

ODBC

cd /usr/src
wget https://downloads.mariadb.com/Connectors/odbc/connector-odbc-3.0.3/\
mariadb-connector-odbc-3.0.3-ga-debian-x86_64.tar.gz
tar -zxvf mariadb-connector-odbc-3.0.3*.tar.gz
cp mariadb-connector-odbc-3.0.3*/lib/libmaodbc.so /usr/lib/x86_64-linux-gnu/odbc/

Create /etc/odbcinst.ini

cat >> /etc/odbcinst.ini << EOF
[MySQL]
Description = ODBC for MariaDB
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmaodbc.so
Setup = /usr/lib/x86_64-linux-gnu/odbc/libodbcmyS.so
FileUsage = 1
  
EOF

MariaDB

# Set MariaDB root password when asked. Otherwise it will keep nagging.

apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
apt update && apt -y install mariadb-server

nano /etc/mysql/my.cnf

# Add the following line under [mysqld] to disable strict mode.
sql_mode=''

systemctl restart mariadb

Disable Selinux

Check status

sestatus

If the command is found and is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Timezone

## FIND YOUR TIMEZONE
tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE
​timedatectl status

systemctl restart rsyslog

Install

Freeswitch

curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -

echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-all freeswitch-all-dbg freeswitch-sounds* freeswitch-music* gdb

ASTPP

# Set MariaDB user ${userpassword} variable.  This is used muliple times in this section.
userpassword=somepassword

# Set MariaDB root password to whatever it was previously set to.
mysqlpassword=existingmysqlpassword

cd /usr/src
git clone -b v3.6 https://github.com/iNextrix/ASTPP.git

mysql -p${mysqlpassword} -e "CREATE DATABASE astpp CHARACTER SET utf8 COLLATE utf8_general_ci;"
mysql -p${mysqlpassword} -e "CREATE USER 'astppuser'@'localhost' IDENTIFIED BY '${userpassword}';"
mysql -p${mysqlpassword} -e "GRANT ALL PRIVILEGES ON astpp.* TO 'astppuser'@'localhost' WITH GRANT OPTION;"
mysql -p${mysqlpassword} -e "FLUSH PRIVILEGES;"

mysql -p${mysqlpassword} astpp < ASTPP/database/astpp-3.0.sql
mysql -p${mysqlpassword} astpp < ASTPP/database/astpp-upgrade-3.5.sql
mysql -p${mysqlpassword} astpp < ASTPP/database/astpp-upgrade-3.6.sql

ODBC

cat >> /etc/odbc.ini << EOF
[ASTPP]
Driver = MySQL
SERVER = 127.0.0.1
DATABASE = astpp
USERNAME = astppuser
PASSWORD = ${userpassword}
PORT = 3306
OPTION = 67108864
Socket = /run/mysqld/mysqld.sock
threading = 0
charset = utf8

EOF

Test odbc driver

odbcinst -s -q

Test odbc connection

isql -v astpp astppuser ${userpassword} 
quit

Copy and configure Freeswitch files

cd /usr/src
cp -R ASTPP/freeswitch/fs /var/www/html/
cp -R ASTPP/freeswitch/scripts/* /usr/share/freeswitch/scripts/
cp -R ASTPP/freeswitch/sounds/*.wav /usr/share/freeswitch/sounds/en/us/callie/

rm -Rf /etc/freeswitch/dialplan/*
touch /etc/freeswitch/dialplan/astpp.xml
rm -Rf /etc/freeswitch/directory/*
touch /etc/freeswitch/directory/astpp.xml
rm -Rf /etc/freeswitch/sip_profiles/*
touch /etc/freeswitch/sip_profiles/astpp.xml

Copy and configure ASTPP files

cd /usr/src
mkdir -p /usr/local/astpp
mkdir -p /var/log/astpp
mkdir -p /var/lib/astpp
cp ASTPP/config/astpp-config.conf /var/lib/astpp/astpp-config.conf
cp ASTPP/config/astpp.lua /var/lib/astpp/astpp.lua

# Copy/config web GUI files
cp -R ASTPP/web_interface/astpp /var/www/html/
cp ASTPP/web_interface/nginx/deb_astpp.conf /etc/nginx/sites-available/astpp.conf
cp ASTPP/web_interface/nginx/deb_fs.conf /etc/nginx/sites-available/fs.conf

sed -i "s/client_max_body_size 8M/client_max_body_size 20M/" /etc/nginx/sites-available/astpp.conf
sed -i '35i fastcgi_read_timeout 300;' /etc/nginx/sites-available/astpp.conf
sed -i "s#php7.0#php7.1#" /etc/nginx/sites-available/astpp.conf
sed -i "s#php7.0#php7.1#" /etc/nginx/sites-available/fs.conf

ln -s /etc/nginx/sites-available/astpp.conf /etc/nginx/sites-enabled/astpp.conf 
ln -s /etc/nginx/sites-available/fs.conf /etc/nginx/sites-enabled/fs.conf 
rm /etc/nginx/sites-enabled/default

# Add nginx log files
touch /var/log/nginx/astpp_access.log
touch /var/log/nginx/astpp_error.log
touch /var/log/nginx/fs_access.log
touch /var/log/nginx/fs_error.log

# Add ASTPP log file
touch /var/log/astpp/astpp.log

# Copy ASTPP specific freeswitch config files
/bin/cp -R ASTPP/freeswitch/conf/autoload_configs/* /etc/freeswitch/autoload_configs/

# ASTPP links to Freeswitch use /usr/local by default.  Freeswitch binary packages use /usr/share.
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /etc/freeswitch/autoload_configs/lua.conf.xml
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /etc/freeswitch/autoload_configs/json_cdr.conf.xml
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp-callingcards.lua
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp/astpp.lua
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp/scripts/astpp.xml.lua

# Configure ASTPP config files in /var/lib/astpp.
serverIP=$(ifconfig | sed -En 's/127.0.0.*//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
sed -i "s#\(^dbname\).*#dbname = astpp#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbuser\).*#dbuser = astppuser#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbpass\).*#dbpass = ${userpassword}#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^base_url\).*#base_url = http://${serverIP}:8089/#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^DB_USERNAME\).*#DB_USERNAME = \"astppuser\"#" /var/lib/astpp/astpp.lua
sed -i "s#\(^DB_PASSWD\).*#DB_PASSWD = \"${userpassword}\"#" /var/lib/astpp/astpp.lua

CRON

crontab -u www-data -e

# I
# Generate Invoice   
0 1 * * * cd /var/www/html/astpp/cron/ && php cron.php GenerateInvoice
# Low balance notification
0 1 * * * cd /var/www/html/astpp/cron/ && php cron.php UpdateBalance
# Low balance notification
0 0 * * * cd /var/www/html/astpp/cron/ && php cron.php LowBalance        
# Update currency rate
0 0 * * * cd /var/www/html/astpp/cron/ && php cron.php CurrencyUpdate
# Email Broadcasting
* * * * * cd /var/www/html/astpp/cron/ && php cron.php BroadcastEmail

Systemd

Create unit file.

systemctl stop freeswitch
rm -r /run/freeswitch
nano /etc/systemd/system/freeswitch.service

[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target mariadb.service

[Service]
Type=forking
RuntimeDirectory=freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-ncwait -nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch $DAEMON_OPTS
TimeoutSec=45s
Restart=always

User=www-data
Group=www-data
LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
LimitSTACK=250000
LimitRTPRIO=infinity
LimitRTTIME=infinity
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUSchedulingPriority=89
UMask=0007

; Comment this out if using OpenVZ
CPUSchedulingPolicy=rr

[Install]
WantedBy=multi-user.target

Create environment file.

cat >> /etc/default/freeswitch << EOF
# Uncommented variables will override variables in unit file
# User=""
# Group=""
# DAEMON_OPTS=""

EOF

Set ownership and permissions

Run this any time there are any changes/moves/adds/upgrades or if experiencing problems.

# Ownership
chown -R www-data. /etc/freeswitch /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/html \
/var/log/astpp /var/log/nginx

# Directory permissions to 755 (u=rwx,g=rx,o='rx')
find /etc/freeswitch -type d -exec chmod 755 {} \;
find /var/lib/freeswitch -type d -exec chmod 755 {} \;
find /var/log/freeswitch -type d -exec chmod 755 {} \;
find /usr/share/freeswitch -type d -exec chmod 755 {} \;
find /var/www/html -type d -exec chmod 755 {} \;
find /var/log/astpp -type d -exec chmod 755 {} \;

# File permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;
find /var/log/astpp -type d -exec chmod 664 {} \;

Configure php-fpm

sed -i "s/;request_terminate_timeout = 0/request_terminate_timeout = 300/" /etc/php/7.1/fpm/pool.d/www.conf
sed -i "s#short_open_tag = Off#short_open_tag = On#g" /etc/php/7.1/fpm/php.ini
sed -i "s#;cgi.fix_pathinfo=1#cgi.fix_pathinfo=1#g" /etc/php/7.1/fpm/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 3000/" /etc/php/7.1/fpm/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /etc/php/7.1/fpm/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /etc/php/7.1/fpm/php.ini
sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.1/fpm/php.ini

systemctl restart php7.1-fpm
systemctl restart nginx

Configure firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld

firewall-cmd --permanent --zone=public --add-port={5060,5061,8089}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Test Freeswitch console

If fs_cli command is not working change the following line.

nano +4 /etc/freeswitch/autoload_configs/event_socket.conf.xml

<param name="listen-ip" value="127.0.0.1"/>

systemctl restart freeswitch

Browse to control panel

http://x.x.x.x:8089

username: admin
password: admin

The 8089 port can be changed at /var/lib/astpp/astpp-config.conf and  /etc/nginx/sites-available/astpp.conf. Remember to change the port on the firewall as well.  If accessing by DNS name change the IP to the DNS name.

User documentation is located at the following link
http://astpp.readthedocs.io/en/v3.6/Modules/modules.html

Fusionpbx is a full featured mult-tenant GUI for Freeswitch.  This guide covers the installation of Fusionpbx and Freeswitch® with PostgreSQL and NGINX on Debian v9. 

Tested on:

Debian v9 (Stretch) x64 minimal install
Freeswitch v1.8
FusionPBX v4
Nginx v1.10
PHP v7.1
PostgreSQL v11

Assumptions:

Console text mode (multi-user.target)
Installation done as root user (#)

Prerequisites

Set server locale.  This should be done before PostgreSQL is installed.

# Select en_US.UTF-8 UTF-8
dpkg-reconfigure locales

Logout and log back in to verify.

locale

Install packages

apt update && apt upgrade -y && apt -y remove apache2

apt -y install git nano dbus sudo nginx curl lsb-release sqlite3 haveged ghostscript libtiff5-dev libtiff-tools at tftpd ssl-cert fail2ban

PostgreSQL

echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -sc)-pgdg main"> \
/etc/apt/sources.list.d/postgresql.list

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
apt update && apt install postgresql-11 postgresql-client-11

PHP

# Remove older versions of PHP if they exist
apt remove -y php5* php7.0*

# Install dependencies
apt -y install apt-transport-https ca-certificates

# Add php7.1 repository
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/php.list

apt update && apt -y install php7.1 php7.1-cli php7.1-common php7.1-curl php7.1-mcrypt php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-xml php7.1-imap php7.1-fpm

sngrep

wget http://packages.irontec.com/public.key -q -O - | apt-key add -
echo "deb http://packages.irontec.com/debian $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/irontec.list

apt update && apt install sngrep

Disable Selinux

Check status

sestatus

If the command exists and indicates it is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Set Timezone

Using tzselect is one way to find the correct timezone.

## FIND YOUR TIMEZONE 
tzselect 

## SET TIMEZONE EXAMPLE 
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE 
​timedatectl status

systemctl restart rsyslog

Install

Freeswitch

wget -O - https://files.freeswitch.org/repo/deb/freeswitch-1.8/fsstretch-archive-keyring.asc | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.8/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-all freeswitch-all-dbg freeswitch-sounds* freeswitch-music* gdb

Database

Check that localhost connections are always allowed.  This is necessary for the backup script.

nano +92 /etc/postgresql/11/main/pg_hba.conf

host all all 127.0.0.1/32 trust

systemctl restart postgresql

Check PostgreSQL locale

sudo -u postgres psql -l

If Encoding is not UTF8 and Collate & Ctype is not en_US.UTF8 then set it now.

sudo -u postgres psql

update pg_database set encoding = 6, datcollate = 'en_US.UTF8', datctype = 'en_US.UTF8' where datname = 'template0';
update pg_database set encoding = 6, datcollate = 'en_US.UTF8', datctype = 'en_US.UTF8' where datname = 'template1';

Create databases and user

cd /tmp

# Set the DB password variable.
password=somepassword

sudo -u postgres psql -c "SET client_encoding = 'UTF8';"
sudo -u postgres psql -c "CREATE DATABASE fusionpbx;" 
sudo -u postgres psql -c "CREATE DATABASE freeswitch;"
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"

Fusionpbx

There may be enhancements and fixes in our version that are not be in the official repo.

mkdir -p /etc/fusionpbx
mkdir -p /var/www/fusionpbx
mkdir -p /var/cache/fusionpbx
git clone -b 4.4 https://github.com/powerpbx/fusionpbx.git /var/www/fusionpbx

Copy Directories

mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch

Copy music directories to default location

mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/music/*000/ /usr/share/freeswitch/sounds/music/default/

Php-fpm config

sed 's#post_max_size = .*#post_max_size = 80M#g' -i /etc/php/7.1/fpm/php.ini
sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i /etc/php/7.1/fpm/php.ini
sed 's#max_execution_time = .*#max_execution_time = 120#g' -i /etc/php/7.1/fpm/php.ini
systemctl restart php7.1-fpm

Nginx config

mkdir -p /etc/nginx/ssl
cd /etc/nginx/sites-available
wget https://raw.githubusercontent.com/powerpbx/fusionpbx-install.sh/master/debian/resources/nginx/fusionpbx
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g'

ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
rm /etc/nginx/sites-enabled/default

# link to self signed certificate
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt

# For future use
mkdir -p /var/www/letsencrypt/

systemctl restart nginx

Systemd

Create unit file.

systemctl stop freeswitch
rm -r /run/freeswitch
nano /etc/systemd/system/freeswitch.service

[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target postgresql.service

[Service]
Type=forking
RuntimeDirectory=freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-ncwait -nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch $DAEMON_OPTS
TimeoutSec=45s
Restart=always

User=www-data
Group=www-data

LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
LimitSTACK=250000
LimitRTPRIO=infinity
LimitRTTIME=infinity
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUSchedulingPriority=89
UMask=0007

; Comment this out if using OpenVZ
CPUSchedulingPolicy=rr

[Install]
WantedBy=multi-user.target

Create environment file.

cat >> /etc/default/freeswitch << EOF
# Uncommented variables will override variables in unit file
# User=""
# Group=""
# DAEMON_OPTS=""
EOF

Set ownership and permissions

# Set ownership
chown -R www-data. /etc/freeswitch /etc/fusionpbx /var/cache/fusionpbx /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/fusionpbx /var/run/freeswitch

## Set directory permissions to 755 (u=rwx,g=rx,o='rx')
find /etc/freeswitch -type d -exec chmod 755 {} \;
find /etc/fusionpbx -type d -exec chmod 755 {} \;
find /var/cache/fusionpbx -type d -exec chmod 755 {} \;
find /var/lib/freeswitch -type d -exec chmod 755 {} \;
find /var/log/freeswitch -type d -exec chmod 755 {} \;
find /usr/share/freeswitch -type d -exec chmod 755 {} \;
find /var/www -type d -exec chmod 755 {} \;

## Set file permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /etc/fusionpbx -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www -type f -exec chmod 664 {} \;

## Set misc permissions to 755 (u=rwx,g=rx,o='rx')
chmod -R 755 /var/www/fusionpbx/secure

## These two files do not yet exist on a fresh install
chmod 755 /etc/cron.daily/fusionpbx-backup
chmod 755 /etc/cron.daily/fusionpbx-maintenance

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Browse to the public IP address of the server

 http://xx.xx.xx.xx 

to complete the install using the following:

Username: superadmin (or whatever you want)
Password: someSuperadminPassword 

Database Name: fusionpbx
Database Username: fusionpbx
Database Password: somepassword(The database user password created earlier)
Create Database Options: uncheck
Create Database Username: 
Create Database Password : 

The install may take a minute or two. 

Log into the GUI and go to Advanced > Default Settings > Adminer(auto_login) > Enabled = True
Click the Reload button and go to Advanced > Adminer and verify you can view the database. 

Post install tasks are optional but recommended.

Post Install

Enable freeswitch database connection

Freeswitch stores internal data on sqlite by default.  This optional configuration changes that to PostgreSQL.  This has the advantage of being able to view it in the GUI using Adminer. 

nano +147 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=fusionpbx password='somepassword'" />

systemctl restart freeswitch

Configure Firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld

firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Daily Backup and Housekeeping

Backup script

nano /etc/cron.daily/fusionpbx-backup

#!/bin/sh

db_host=127.0.0.1
db_port=5432
now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql

# Delete postgres backups if older than 7 days
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +7 -exec rm {} \;

# Delete the main backup if older than 7 days
find /var/backups/fusionpbx/*.tgz -mtime +7 -exec rm {} \;

# Create database backup
pg_dump --verbose -Fc --host=${db_host} --port=${db_port} -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql

# Combine and compress to create the main backup
tar -zvcf /var/backups/fusionpbx/backup_${now}.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql \
/var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage \
/var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch

chmod 755 /etc/cron.daily/fusionpbx-backup

Housekeeping script

nano /etc/cron.daily/fusionpbx-maintenance

#!/bin/sh

# Delete freeswitch logs older than 7 days
find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;

## Uncomment to delete call recordings older than 90 days
#find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +90 -exec rm {} \;

## Uncomment to delete faxes older than 90 days 
#find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \; 
#find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \; 

## Uncomment to delete voicemails older than 90 days
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"

## Uncomment to delete call detail records older 90 days
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"

chmod 755 /etc/cron.daily/fusionpbx-maintenance

TFTP

If you plan to use hardware SIP phones you may want to enable TFTP.

Create tftp config

cat >> /etc/xinetd.d/tftp << EOF
service tftp
{
protocol        = udp
port            = 69
socket_type     = dgram
wait            = yes
user            = nobody
server          = /usr/sbin/in.tftpd
server_args     = /tftpboot
disable         = no
}
EOF

Make the directory and restart the daemon to start tftp.

mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd

firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload

Go to GUI Advanced > Default Settings > Provision.  About 20 rows down set enabled = Trueand reload

Add a new subcategory in Provision category by pressing the + icon and fill in as follows:

Category = provision
Subcategory = path
type = text
Value = /tftpboot
Enabled = True

Troubleshooting the Dialplan

To view the dyamically generated xml files.

nano /etc/fusionpbx/config.lua

## Change debug options from false to true to see lua generated output in fs_cli
       debug.params = true;
       debug.sql = true;
       debug.xml_request = true;
       debug.xml_string = true;
       debug.cache = true;

This assumes FusionPBX was installed using this FusionPBX install guide or the public install script.  This procedure should work for root domains, subdomains, and wildcards.

Tested using:

* Certbot v0.28 (included with Debian 9)
* Fusionpbx 4.4
* Debian 9
* Nginx

Install

apt install certbot

Create verification directory if it does not already exist

mkdir -p /var/www/letsencrypt
chown -R www-data. /var/www/letsencrypt

Edit nginx to redirect the verification directory and use http port 80.

nano /etc/nginx/sites-available/fusionpbx

server {
    listen 80;
    server_name fusionpbx;

    #redirect letsencrypt
    location ^~ /.well-known/acme-challenge {
        default_type "text/plain";
        auth_basic "off";
        alias /var/www/letsencrypt;    }

systemctl reload nginx

Generate Certificate 

Run each time a new domain or subdomain is added.  It needs to include all previous domains each time it is run.

# Add -d subdomain.domain -d *.domain etc.
# for each domain, subdomain, and wildcard used

certbot certonly --manual --preferred-challenges=dns --email somemail@somedomain.com \
--server https://acme-v02.api.letsencrypt.org/directory --agree-tos \
-d pbx.somedomain.com \
-d *.pbx.somedomain.com \
-d pbx.someotherdomain.com \
-d mypbxdomain.com

It will ask you to verify you are the owner of the domain by giving you a TXT record for each domain registrar used.  You will need to create this TXT record on your domain provider end.

_acme-challenge.subdomain.somedomain.com with the following value:
4ixUKJm50KTtD6pOK99jvjW1n2lRJaTMJWx0rU7EUeY

In a PuTTY shell, press and hold the left mouse button, highlight the text, then release the button.  It will now be copied into your clipboard and available to paste into your domain registrar form.  If you try copy with CTRL-C it will cause the script to exit and you will have to start over.

Open a separate bash shell and check if the TXT record has propagated to the server before hitting ENTER .

apt install -y dnsutils
dig -t txt _acme-challenge.subdomain.somedomain.com

It may take some time for the record to propagate to your downstream (recursive) nameserver.

Add the successfully generated certificate to nginx.

nano /etc/nginx/sites-available/fusionpbx

server {
    listen 443;
    server_name fusionpbx;
    ssl                     on;
    # ssl_certificate         /etc/ssl/certs/nginx.crt;
    # ssl_certificate_key     /etc/ssl/private/nginx.key;
    ssl_certificate /etc/letsencrypt/live/subdomain.somedomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/subdomain.somedomain.com/privkey.pem;    ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers             HIGH:!ADH:!MD5:!aNULL;

systemctl reload nginx

Automatic Renewal

crontab -e

# In this example, the command is run at 1:02 am on Sundays.
2 1 * * 0 /usr/bin/certbot renew

Certificates will not renew until after 60 days by default. 

This guide covers the installation of the ASTPP VoIP billing and Freeswitch applications.  ASTPP is installed manually from source.  Freeswitch is installed from deb packages.

Tested using the following software:

• Debian v9 (Stretch) x64 minimal install
• ASTPP v4.0
• Freeswitch v1.10
• Nginx v1.10
• PHP v7.3
• MySQL v8
  

Prerequisites

Verify locale is set to en US.UTF-8.

locale

If it is not then set it now.  You may also set your own UTF-8 locale if not in the US.

# Select en_US.UTF-8 UTF-8
apt install locales && dpkg-reconfigure locales

Log out/in or close/open shell for changes to take effect. 

Install prerequisite packages

apt update && apt upgrade -y && apt -y remove apache2

apt -y install software-properties-common
add-apt-repository 'deb http://security.debian.org/debian-security/ stretch/updates main contrib'

apt -y install git nano dbus sudo nginx curl sqlite3 haveged ghostscript lsb-release libtiff5-dev libtiff-tools at dirmngr postfix gawk dnsutils openssl ntp unixodbc unixodbc-bin gettext fail2ban ntpdate ntp lua5.1 bc libxml2 libxml2-dev openssl libcurl4-openssl-dev gettext gcc g++

PHP

# install this section one line at a time.

apt -y install apt-transport-https ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> /etc/apt/sources.list.d/php.list

apt update && apt -y install php7.3 php7.3-fpm php7.3-gd php7.3-opcache php7.3-cli php7.3-common php7.3-curl php7.3-sqlite3 php7.3-odbc php7.3-mysql php7.3-xml php7.3-json php7.3-mbstring php-pear

MySQL

# Confirm that MySQL Server & Cluster mysql-8.0 is selected

cd /usr/src
wget https://repo.mysql.com/mysql-apt-config_0.8.15-1_all.deb
dpkg -i mysql-apt-config_0.8.13-1_all.deb

# You can leave root password blank
# Select "Use Legacy Authentication" when asked

apt update && apt -y install mysql-server

MySQL ODBC

wget https://dev.mysql.com/get/Downloads/Connector-ODBC/8.0/mysql-connector-odbc_8.0.22-1debian9_amd64.deb
dpkg -i mysql-connector-odbc_8.0.22-1debian9_amd64.deb

Disable Selinux

Check status

sestatus

If the command is found and is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Timezone

## FIND YOUR TIMEZONE
tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE
​timedatectl status

systemctl restart rsyslog

Install

Freeswitch

wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/debian-release/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-meta-all

ASTPP

# Set MySQL user ${userpassword} variable.  This is used muliple times in this section.
userpassword=somepassword

# If you have set a MySQL root password assign it here.
# If you left it blank just hit ENTER when asked.
mysqlpassword=existingmysqlpassword

cd /usr/src
git clone -b v4.0.1 https://github.com/iNextrix/ASTPP.git

mysql -p${mysqlpassword} -e "CREATE DATABASE astpp;"
mysql -p${mysqlpassword} -e "CREATE USER 'astppuser'@'localhost' IDENTIFIED BY '${userpassword}';"
mysql -uroot -p${mysqlpassword} -e "ALTER USER 'astppuser'@'localhost' IDENTIFIED WITH mysql_native_password BY '${userpassword}';"
mysql -p${mysqlpassword} -e "GRANT ALL PRIVILEGES ON astpp.* TO 'astppuser'@'localhost' WITH GRANT OPTION;"
mysql -p${mysqlpassword} -e "FLUSH PRIVILEGES;"

# This will likely run for several minutes and should not be interrupted.
mysql -p${mysqlpassword} astpp < ASTPP/database/astpp-4.0.sql

# If you get a datetime error on this step try restart mysql
mysql -p${mysqlpassword} astpp < ASTPP/database/astpp-4.0.1.sql

Configure MySQL

cp ASTPP/misc/odbc/deb_odbc.ini /etc/odbc.ini
sed -i "s#\(^PASSWORD\).*#PASSWORD = ${userpassword}#g" /etc/odbc.ini

sed -i '33i wait_timeout=600' /etc/mysql/mysql.conf.d/mysqld.cnf
sed -i '33i interactive_timeout = 600' /etc/mysql/mysql.conf.d/mysqld.cnf
sed -i '33i sql_mode=""' /etc/mysql/mysql.conf.d/mysqld.cnf

systemctl restart mysql

Test odbc driver

odbcinst -s -q

Test odbc connection

isql -v astpp astppuser ${userpassword} 
quit

Copy and configure Freeswitch files

cd /usr/src
cp -R ASTPP/freeswitch/fs /var/www/html/
cp -R ASTPP/freeswitch/scripts/* /usr/share/freeswitch/scripts/
cp -R ASTPP/freeswitch/sounds/*.wav /usr/share/freeswitch/sounds/en/us/callie/

rm -Rf /etc/freeswitch/dialplan/*
touch /etc/freeswitch/dialplan/astpp.xml
rm -Rf /etc/freeswitch/directory/*
touch /etc/freeswitch/directory/astpp.xml
rm -Rf /etc/freeswitch/sip_profiles/*
touch /etc/freeswitch/sip_profiles/astpp.xml

Copy and configure ASTPP files

cd /usr/src
mkdir -p /usr/local/astpp
mkdir -p /var/log/astpp
mkdir -p /var/lib/astpp
cp ASTPP/config/astpp-config.conf /var/lib/astpp/astpp-config.conf
cp ASTPP/config/astpp.lua /var/lib/astpp/astpp.lua

# Copy/config web GUI files
cp -R ASTPP/web_interface/astpp /var/www/html/
cp ASTPP/web_interface/nginx/deb_astpp.conf /etc/nginx/sites-available/astpp.conf
cp ASTPP/web_interface/nginx/deb_fs.conf /etc/nginx/sites-available/fs.conf

ln -s /etc/nginx/sites-available/astpp.conf /etc/nginx/sites-enabled/astpp.conf 
ln -s /etc/nginx/sites-available/fs.conf /etc/nginx/sites-enabled/fs.conf 
rm /etc/nginx/sites-enabled/default

# Just press ENTER to use defaults for all the questions
mkdir -p /etc/nginx/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

# Add nginx log files
touch /var/log/nginx/astpp_access.log
touch /var/log/nginx/astpp_error.log
touch /var/log/nginx/fs_access.log
touch /var/log/nginx/fs_error.log

# Add ASTPP log files
touch /var/log/astpp/astpp.log
touch /var/log/astpp/astpp_email.log

# Copy ASTPP specific freeswitch config files
/bin/cp -R ASTPP/freeswitch/conf/autoload_configs/* /etc/freeswitch/autoload_configs/

# Configure ASTPP config files in /var/lib/astpp.
serverIP=$(ifconfig | sed -En 's/127.0.0.*//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
sed -i "s#\(^dbname\).*#dbname = astpp#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbuser\).*#dbuser = astppuser#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbpass\).*#dbpass = ${userpassword}#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^base_url\).*#base_url = https://${serverIP}/#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^DB_USERNAME\).*#DB_USERNAME = \"astppuser\"#" /var/lib/astpp/astpp.lua
sed -i "s#\(^DB_PASSWD\).*#DB_PASSWD = \"${userpassword}\"#" /var/lib/astpp/astpp.lua

Enable mariadb module

nano /etc/freeswitch/autoload_configs/pre_load_modules.conf.xml

<configuration name="pre_load_modules.conf" description="Modules">
  <modules>
    <!-- Databases -->
    <load module="mod_mariadb"/>
  </modules>
</configuration>

CRON

crontab -u www-data -e

# Call all crons
* * * * * cd /var/www/html/astpp/cron/ && php cron.php crons

Systemd

Create unit file.

systemctl stop freeswitch
rm -r /run/freeswitch
nano /etc/systemd/system/freeswitch.service

[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target mariadb.service

[Service]
Type=forking
RuntimeDirectory=freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-ncwait -nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch $DAEMON_OPTS
TimeoutSec=45s
Restart=always

User=www-data
Group=www-data
LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
LimitSTACK=250000
LimitRTPRIO=infinity
LimitRTTIME=infinity
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUSchedulingPriority=89
UMask=0007

; Comment this out if using OpenVZ
CPUSchedulingPolicy=rr

[Install]
WantedBy=multi-user.target

Create environment file.

cat >> /etc/default/freeswitch << EOF
# Uncommented variables will override variables in unit file
# User=""
# Group=""
# DAEMON_OPTS=""

EOF

Set ownership and permissions

Run this any time there are any changes/moves/adds/upgrades or if experiencing problems.

# Ownership
chown -R www-data. /etc/freeswitch /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/html \
/var/log/astpp /var/log/nginx

# Directory permissions to 755 (u=rwx,g=rx,o='rx')
find /etc/freeswitch -type d -exec chmod 755 {} \;
find /var/lib/freeswitch -type d -exec chmod 755 {} \;
find /var/log/freeswitch -type d -exec chmod 755 {} \;
find /usr/share/freeswitch -type d -exec chmod 755 {} \;
find /var/www/html -type d -exec chmod 755 {} \;
find /var/log/astpp -type d -exec chmod 755 {} \;

# File permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;
find /var/log/astpp -type d -exec chmod 664 {} \;

Configure php-fpm

sed -i "s/;request_terminate_timeout = 0/request_terminate_timeout = 300/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s#short_open_tag = Off#short_open_tag = On#g" /etc/php/7.3/fpm/php.ini
sed -i "s#;cgi.fix_pathinfo=1#cgi.fix_pathinfo=1#g" /etc/php/7.3/fpm/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 3000/" /etc/php/7.3/fpm/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /etc/php/7.3/fpm/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /etc/php/7.3/fpm/php.ini
sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.3/fpm/php.ini

systemctl restart php7.3-fpm
systemctl restart nginx

Configure firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld

firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Test Freeswitch console

If fs_cli command is not working change the following line.

nano +4 /etc/freeswitch/autoload_configs/event_socket.conf.xml

<param name="listen-ip" value="127.0.0.1"/>

systemctl restart freeswitch

Browse to control panel

https://x.x.x.x

username: admin
password: admin

The  443 listening port can be changed at /var/lib/astpp/astpp-config.conf and  /etc/nginx/sites-available/astpp.conf. Remember to change the port on the firewall as well.  If accessing by DNS name change the IP to the DNS name.

User documentation is located at the following link
https://docs.astppbilling.org/display/itplmars/Overview+of+ASTPP

Kazoo is a highly scalable API based VoIP telephony platform.  This guide shows how to install Kazoo v4 on one CentOS v7 server.  It can be used in conjunction with our Kazoo multiple server guide for more than one server.

Assumptions

To make this procedure more universal, some of the configurations are there for compatibility with multiple-server installs. 

Software

CentOS v7 minimal ISO
BigCouch NoSQL database v0.4
HAProxy http load balancer v1.5
FreeSWITCH media server v1.6
Kamailio SIP server v4
RabbitMQ message broker v3
Kazoo v4

Block diagram

Shown with a 3 server DB cluster.

PRE-INSTALL

FQDN check

# For example, to set a local FQDN
hostnamectl set-hostname somedomain.local

If using a virtualization platform that overwrites /etc/hostname incorrectly on reboot, such that hostname command no longer returns the FQDN after reboot, set the file to prevent overwriting.

chattr +i /etc/hostname

Disable Selinux

Check status.

sestatus

If not disabled, do the following and reboot.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable firewall

It is sometimes helpful to disable the firewall during install.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Timezone

Kazoo assumes UTC system time.  It is converted to the individual account timezones from there.

yum install ntp
systemctl enable ntpd
systemctl start ntpd

timedatectl set-timezone UTC

Prerequisites

yum -y update
yum -y install net-tools wget gdb yum-utils bash-completion epel-release

Kazoo, Kamailio, and Freeswitch Repositories

This will install the necessary RPM repositories for the latest stable release of Kazoo.

cd /usr/src
wget --no-check-certificate \
https://packages.2600hz.com/centos/7/stable/2600hz-release/4.2/2600hz-release-4.2-0.el7.centos.noarch.rpm
rpm -Uvh 2600hz-release-4.2-0.el7.centos.noarch.rpm

yum-config-manager --disable 2600hz-experimental
yum-config-manager --disable 2600hz-staging
yum-config-manager --enable 2600hz-stable

Quick Install

Complete install in about 10 minutes.  Alternatively, skip down to the Detailed Install section for step by step with explanations and checks.

yum -y install kazoo-bigcouch kazoo-haproxy kazoo-rabbitmq kazoo-freeswitch kazoo-kamailio kazoo-applications kazoo-application-* monster-ui* httpd

systemctl enable kazoo-bigcouch kazoo-haproxy kazoo-rabbitmq kazoo-freeswitch kazoo-kamailio kazoo-applications kazoo-ecallmgr httpd

systemctl restart kazoo-bigcouch kazoo-haproxy kazoo-rabbitmq kazoo-freeswitch kazoo-kamailio kazoo-applications kazoo-ecallmgr httpd

/usr/sbin/chkconfig kamailio off

Verify that database creation has completed.

# Lower left number = 24 when complete.
curl localhost:15984/_all_dbs | python -mjson.tool | wc -l

Configure

sup kazoo_media_maintenance import_prompts /opt/kazoo/sounds/en/us/

# Create master account. Account name, realm and password can be changed afterwards via Monster UI.
sup crossbar_maintenance create_account master master.local superadmin somepassword

serverIP=$(ifconfig | sed -En 's/127.0.0.*//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
serverFQDN=$(hostname)

sed -i "s/127\.0\.0\.1/$serverIP/g" /etc/kazoo/kamailio/local.cfg
sed -i "s/kamailio\.2600hz\.com/$serverFQDN/g" /etc/kazoo/kamailio/local.cfg
sed -i "s/localhost/$serverIP/" /var/www/html/monster-ui/js/config.js

systemctl restart kazoo-kamailio

sup -n ecallmgr ecallmgr_maintenance add_fs_node freeswitch@$serverFQDN

# The following command is run twice because it doesn't seem to always stick the first time.
sup -n ecallmgr ecallmgr_maintenance allow_sbc kamailio1 $serverIP
sup -n ecallmgr ecallmgr_maintenance allow_sbc kamailio1 $serverIP

sup crossbar_maintenance init_apps /var/www/html/monster-ui/apps http://$serverIP:8000/v2
 
echo "<VirtualHost *:80>
DocumentRoot \"/var/www/html/monster-ui\"
ServerName $serverFQDN
</VirtualHost>
"> /etc/httpd/conf.d/monster-ui.conf

systemctl reload httpd

Browse to Monster UI and login to master account.
http://ServerIP

Installation is complete.  Skip down to the Post Install section for additional information.

If you have problems run Kazoo Checks.

Detailed Install

BigCouch

Clusterable NoSQL database.  Upgradeable to CouchDB v2.

yum -y install kazoo-bigcouch
systemctl enable kazoo-bigcouch
systemctl restart kazoo-bigcouch
systemctl status kazoo-bigcouch

Checks

# Check frontend API
curl localhost:5984

# Check admin API
curl localhost:5986

HAProxy

yum -y install kazoo-haproxy
systemctl enable kazoo-haproxy
systemctl restart kazoo-haproxy
systemctl status kazoo-haproxy

Checks

# Check BigCouch frontend API via HAproxy
curl localhost:15984

# Check BigCouch admin API via HAproxy
curl localhost:15986

You can now use port 5984 or 15984 locally, as long as HAproxy is running.

Config file is located at /etc/kazoo/haproxy

RabbitMQ

This is how the kazoo applications talk to each other and to Kamailio.

yum -y install kazoo-rabbitmq
systemctl enable kazoo-rabbitmq
systemctl restart kazoo-rabbitmq
systemctl status kazoo-rabbitmq

Checks

# Check status
kazoo-rabbitmq status

# Check API
curl -i -u guest:guest http://localhost:15672/api/aliveness-test/%2F
curl -u guest:guest http://localhost:15672/api/overview | python -m json.tool

RabbitMQ web GUI is located at: 
http://serverIP:15672

user/pass = guest

Config file is located at /etc/kazoo/rabbitmq

FreeSWITCH

yum -y install kazoo-freeswitch
systemctl enable kazoo-freeswitch
systemctl restart kazoo-freeswitch
systemctl status kazoo-freeswitch

# Check FreeSWITCH status
fs_cli -x status

Config files are located at /etc/kazoo/freeswitch

Kamailio

yum -y install kazoo-kamailio

​# Save a copy of config file for future reference
cp /etc/kazoo/kamailio/local.cfg /etc/kazoo/kamailio/local.cfg.orig

# Create and check serverIP (x.x.x.x) variable
serverIP=$(ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
echo $serverIP

# Create and check serverFQDN variable
serverFQDN=$(hostname)
echo $serverFQDN

## Replace 127.0.0.1 with ServerIP
# This only works the first time.  The file needs to be updated manually after that

sed -i "s/127\.0\.0\.1/$serverIP/g" /etc/kazoo/kamailio/local.cfg

## Update the serverFQDN
# This only works the first time.  The file needs to be updated manually afterwards.

sed -i "s/kamailio\.2600hz\.com/$serverFQDN/g" /etc/kazoo/kamailio/local.cfg

systemctl enable kazoo-kamailio
systemctl restart kazoo-kamailio
systemctl status kazoo-kamailio

# Seeing ERROR: dispatcher is normal until we get further down the procedure.

​# Fix a legacy issue with Kamailio RPM
/usr/sbin/chkconfig kamailio off

Miscellaneous commands

# Check kamailio stats
kamcmd stats.get_statistics all

# List other commands
kamcmd ?

Config files are located at /etc/kazoo/kamailio

Kazoo

yum -y install kazoo-applications kazoo-application-*
systemctl enable kazoo-applications
systemctl restart kazoo-applications
systemctl status kazoo-applications

Check database creation

# Check the total number of databases (lower left)
# If less than 20 wait a few minutes and check again before proceeding further

curl localhost:15984/_all_dbs | python -mjson.tool | wc -l

Install sound files

# Check that the system_media db has been created
curl localhost:15984/system_media

# Import english sound files into database
sup kazoo_media_maintenance import_prompts /opt/kazoo/sounds/en/us/

# For alternative languages, install the relevant RPMs (core & freeswitch) and modify above command.
yum search kazoo-sounds

Create master account

# Check that the accounts db has been created
curl localhost:15984/accounts

# Create the master account and superadmin user, substituting in your own values.  
# ACCOUNTREALM is used to identify individual accounts and needs to be a unique valid local or global FQDN.
# IF ACCOUNTREALM is DNS resolvable, devices can access the account by using realm instead of IP + realm. 
# Account name, realm, and password can be changes afterwards via Monster UI.

# sup crossbar_maintenance create_account ACCOUNTNAME ACCOUNTREALM ADMINUSER ADMINPASS

# So for example
sup crossbar_maintenance create_account master master.local superadmin somepassword 

To understand the account hierarchy refer to this link.    In case that link does not work for some reason, this basic hierarchy diagram might be of some help.

To understand how account credentials are used refer to this link.  In case that link does not work, this account login diagram and this device lookup diagram might help.

Ecallmgr  

Erlang call manager.  Abstracts and clusters Freeswitch.

# Installed previously. Verify as follows
yum -y install kazoo-application-ecallmgr

systemctl enable kazoo-ecallmgr
systemctl restart kazoo-ecallmgr
systemctl status kazoo-ecallmgr

Add Freeswitch and Kamailio

# Create and check serverIP (x.x.x.x) variable
serverIP=$(ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
echo $serverIP

# Create and check serverFQDN variable
serverFQDN=$(hostname)
echo $serverFQDN

# Add FreeSWITCH
sup -n ecallmgr ecallmgr_maintenance add_fs_node freeswitch@$serverFQDN

# Add Kamailio to ACL so that Freeswitch allows the traffic. 
# We run it twice because it doesn't seem to always stick the first time.
sup -n ecallmgr ecallmgr_maintenance allow_sbc kamailio1 $serverIP
sup -n ecallmgr ecallmgr_maintenance allow_sbc kamailio1 $serverIP

Kazoo Checks

Reboot and check overall system.

reboot

# Check that Freeswitch is connected to ecallmgr.
fs_cli -x 'erlang status'

# Check that Freeswitch sip stack is running with at least one profile.
fs_cli -x 'sofia status'

# Check that Kamailio IP is in ACL. 
sup -n ecallmgr ecallmgr_maintenance acl_summary

# Redo add Kamailio to ACL procedure in Ecallmgr section if the IP is not listed.

# Check that Freeswitch is in configuration
sup -n ecallmgr ecallmgr_maintenance get_fs_nodes

# Check Erlang nodes
epmd -names

# Should result in:
epmd: up and running on port 4369 with data:
name kazoo-rabbitmq at port 25672
name freeswitch at port 8031
name kazoo_apps at port 11502
name ecallmgr at port 11501
name bigcouch at port 11500

# Check overall system status
# You should see 3 nodes listed as shown at this link.  Kazoo Apps, Kamailio, and Ecallmgr.
# The Freeswitch media server should be listed under Ecallmgr node.
# Freeswitch IP on port 11000 with (AP) status should be listed beside Dispatcher 1 under Kamailio node.

kazoo-applications status

Crossbar

Crossbar is the name of the REST API application.

# Check that crossbar is accessible
# 401 invalid credentials error is the expected response

curl http://x.x.x.x:8000/v2

Monster UI

An end user interface that interacts with the REST API.

yum -y install monster-ui* httpd
systemctl enable httpd
systemctl restart httpd
systemctl status httpd

Configure and initialize

# Create and check serverIP (x.x.x.x) variable
serverIP=$(ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
echo $serverIP

# Replace localhost with serverIP 
# This only works the first time 
# The IP needs to be changed manually after that 

sed -i "s/localhost/$serverIP/" /var/www/html/monster-ui/js/config.js 

# Initialize Monster Apps 
sup crossbar_maintenance init_apps /var/www/html/monster-ui/apps http://$serverIP:8000/v2

Change web server root directory

#Create and check serverFQDN variable
serverFQDN=$(hostname)
echo $serverFQDN

# Create the virtual host

echo "<VirtualHost *:80>
  DocumentRoot \"/var/www/html/monster-ui\"
  ServerName $serverFQDN
</VirtualHost>
"> /etc/httpd/conf.d/monster-ui.conf

# Reload web server for changes to take effect
systemctl reload httpd

Post Install

Firewall

systemctl enable firewalld
systemctl restart firewalld

firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={8000,8443}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,7000}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,7000}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp

#Administrator access.  Replace x.x.x.x with the public IP address of your admin computer.
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="x.x.x.x" accept'

firewall-cmd --reload

# View top level list of commands using bash completion
sup [TAB][TAB]

# To view next level down with autocomplete (using ecallmgr_maintenance as an example)
sup ecallmgr_m[TAB][TAB][TAB]

# Create a file listing all sup commands

mkdir /usr/doc
/opt/kazoo/lib/sup*/priv/build-autocomplete.escript \
/etc/bash_completion.d/sup.bash /opt/kazoo > /usr/doc/sup_commands

# View the file
cat /usr/doc/sup_commands

https://gist.github.com/jamesaimonetti/1e08a3e7e6cdbb59c6420d7132fafdfa

Fusionpbx is a full featured mult-tenant GUI for Freeswitch.  This guide covers the installation of Fusionpbx and Freeswitch® with MariaDB and Apache on CentOS v7. 

Tested on:

CentOS v7
Freeswitch v1.6
FusionPBX v4.4
MariaDB v5.5
Apache v2.4
PHP v7.1

Assumptions:

Console text mode (multi-user.target)
Installation done as root user (#)

Prerequisites

yum -y update && yum -y install epel-release

yum install git nano httpd unixODBC mysql-connector-odbc memcached ghostscript libtiff-devel libtiff-tools at mariadb mariadb-server tftp-server

PHP

Install Repo

yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum -y install yum-utils

Install PHP v7.1

yum-config-manager --enable remi-php71
yum -y install php php-common php-pdo php-soap php-xml php-xmlrpc php-mysqlnd php-cli php-imap php-mcrypt php-gd php-odbc php-opcache php-json

Disable Selinux

Check status

sestatus

If not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Timezone

## FIND YOUR TIMEZONE
tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE
​timedatectl status

Memcached

Restrict memcached to localhost to prevent it from being used for DDoS attacks.

nano /etc/sysconfig/memcached

PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1"

Install

Freeswitch

rpm -Uvh http://files.freeswitch.org/freeswitch-release-1-6.noarch.rpm
yum install freeswitch-config-vanilla freeswitch-sounds* freeswitch-lang* freeswitch-lua freeswitch-xml-cdr

Database

systemctl start mariadb

password=somepassword

mysql -e "CREATE DATABASE freeswitch;"
mysql -e "CREATE DATABASE fusionpbx;"
mysql -e "GRANT ALL PRIVILEGES ON freeswitch.* TO fusionpbx@localhost IDENTIFIED BY '$password';"
mysql -e "GRANT ALL PRIVILEGES ON fusionpbx.* TO fusionpbx@localhost IDENTIFIED BY '$password';"
mysql -e "flush privileges;"

ODBC

nano /etc/odbc.ini

[freeswitch]
Driver   = MySQL
SERVER   = 127.0.0.1
PORT     = 3306
DATABASE = freeswitch
OPTION  = 67108864
Socket   = /var/lib/mysql/mysql.sock
threading=0
MaxLongVarcharSize=65536

[fusionpbx]
Driver   = MySQL
SERVER   = 127.0.0.1
PORT     = 3306
DATABASE = fusionpbx
OPTION  = 67108864
Socket   = /var/lib/mysql/mysql.sock
threading=0

Test odbc driver

odbcinst -s -q

Test odbc connection

isql -v freeswitch fusionpbx somepassword 
quit

Download Fusionpbx

Make sure to include the . at the end.  There may be enhancements and fixes in our version that are not be in the official repo.

cd /var/www/html
git clone -b 4.4 https://github.com/powerpbx/fusionpbx.git .

Copy Directories

Replace default freeswitch conf files with fusionpbx conf files

mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/html/resources/templates/conf/* /etc/freeswitch

Copy music directories to default location

mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/music/*000/ /usr/share/freeswitch/sounds/music/default/

Apache

# Add user freeswitch to group apache to avoid problems with /var/lib/php/sessions directory 
usermod -a -G apache freeswitch

# Set http server to run as same user/group as Freeswitch
sed -i "s/User apache/User freeswitch/" /etc/httpd/conf/httpd.conf
sed -i "s/Group apache/Group daemon/" /etc/httpd/conf/httpd.conf

# Set webserver to obey any .htaccess files in /var/www/html and subdirs 
sed -i ':a;N;$!ba;s/AllowOverride None/AllowOverride All/2' /etc/httpd/conf/httpd.conf

Set ownership and permissions

# Ownership
chown -R freeswitch.daemon /etc/freeswitch /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/html

# Directory permissions to 770 (u=rwx,g=rwx,o='')
find /etc/freeswitch -type d -exec chmod 770 {} \;
find /var/lib/freeswitch -type d -exec chmod 770 {} \;
find /var/log/freeswitch -type d -exec chmod 770 {} \;
find /usr/share/freeswitch -type d -exec chmod 770 {} \;
find /var/www/html -type d -exec chmod 770 {} \;

# File permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;

Systemd config

nano /etc/systemd/system/freeswitch.service

[Unit]
Description=FreeSWITCH
Wants=network-online.target
After=syslog.target network-online.target
After=mariadb.service httpd.service

[Service]
Type=forking
User=freeswitch
ExecStartPre=/usr/bin/mkdir -m 0750 -p /run/freeswitch
ExecStartPre=/usr/bin/chown freeswitch:daemon /run/freeswitch
WorkingDirectory=/run/freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
EnvironmentFile=-/etc/sysconfig/freeswitch
ExecStart=/usr/bin/freeswitch -ncwait -nonat $FREESWITCH_PARAMS
ExecReload=/usr/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

Create the $FREESWITCH_PARAMS file for extra parameters.  If freeswitch was installed from RPM this will probably already exist.

nano /etc/sysconfig/freeswitch

## Type:                string
## Default:             ""
## Config:              ""
## ServiceRestart:      freeswitch
#
# if not empty: parameters for freeswitch
#
FREESWITCH_PARAMS=""

Enable services

systemctl daemon-reload
systemctl enable mariadb
systemctl enable httpd
systemctl enable memcached
systemctl enable freeswitch
systemctl restart memcached
systemctl restart httpd
systemctl restart freeswitch

Reboot and browse to the public IP address of the server

 http://xx.xx.xx.xx 

to complete the install using the following:

Username: superadmin (or whatever you want)
Password: somepassword (use whatever you want)

Database Name: fusionpbx
Database Username: fusionpbx
Database Password: somepassword
Create Database Options: uncheck
Create Database Username:
Create Database Password : 

It will take several minutes to complete. Post install tasks are mandatory.

Post Install

Lock down MySQL

mysql_secure_installation
systemctl restart mariadb

Answer Y to everything.

Enable freeswitch database connection

This optional configuration sets Freeswitch to use mysql instead of sqlite for storing internal data.

nano +147 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="core-db-dsn" value="freeswitch:fusionpbx:somepassword" /> 

systemctl restart freeswitch

Change Voicemail to Email app configuration

nano +119 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="mailer-app" value="/usr/bin/php /var/www/html/secure/v_mailto.php"/>
                <param name="mailer-app-args" value="-t"/>

systemctl restart freeswitch

Configure firewall

yum -y install firewalld
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload

Daily Backup and housekeeping

Backup script

nano /etc/cron.daily/fusionpbx-backup

#!/bin/sh

# set up variables
NOW=$(date +%Y-%m-%d)
DATABASE=fusionpbx
USER=fusionpbx
PASS=somepassword
mkdir -p /var/backups/fusionpbx/mysql

# Delete mysql backups if older than 4 days
find /var/backups/fusionpbx/mysql/fusionpbx_mysql* -mtime +4 -exec rm {} \;

# Delete the main backup if older than 4 days
find /var/backups/fusionpbx/*.tgz -mtime +4 -exec rm {} \;

# do the mysql database backup
/usr/bin/mysqldump --opt --user=${USER} --password=${PASS} ${DATABASE} > /var/backups/fusionpbx/mysql/fusionpbx_mysql_${NOW}.sql

# Combine and compress to create the main backup
tar -zvcf /var/backups/fusionpbx/backup_${NOW}.tgz /var/backups/fusionpbx/mysql/fusionpbx_mysql_${NOW}.sql \
/var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage \
/var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch

chmod 755 /etc/cron.daily/fusionpbx-backup

Housekeeping script

nano /etc/cron.daily/fusionpbx-maintenance

#!/bin/sh

DATABASE=fusionpbx
USER=fusionpbx
PASS=somepassword

# Delete freeswitch logs older than 7 days
find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;

# Delete call recordings older than 90 days
find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +90 -exec rm {} \;
find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +90 -exec rm {} \;

## Uncomment to delete faxes older than 90 days 
#find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \; 
#find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \; 

## Uncomment to delete voicemails older than 90 days
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
# /usr/bin/mysql -u ${USER} -p ${PASS} ${DATABASE} -e "DELETE FROM  v_voicemail_messages WHERE search_date < UNIX_TIMESTAMP(DATE_SUB(NOW(), INTERVAL 180 DAY));"

## Uncomment to delete CDRs older than 90 days
# /usr/bin/mysql -u ${USER} -p ${PASS} ${DATABASE} -e "DELETE FROM  v_xml_cdr WHERE search_date < UNIX_TIMESTAMP(DATE_SUB(NOW(), INTERVAL 180 DAY));"

chmod 755 /etc/cron.daily/fusionpbx-maintenance

TFTP

If you plan to use hardware SIP phones you may want to set up TFTP provisioning. 

yum -y install tftp-server
nano /etc/xinetd.d/tftp

change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot

change disable=yes
to disable=no

mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd

firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload

Now go to GUI Advanced > Default Settings > Provision.  About 20 rows down set enabled = True.

Add a new Subcategory in Provision category by pressing the + icon and fill in as follows:

Category = provision
Subcategory = path
type = text
Value = /tftpboot
Enabled = True

Fusionpbx is a full featured mult-tenant GUI for Freeswitch.  This guide covers the installation of Fusionpbx and Freeswitch® with PostgreSQL and Apache on CentOS v7. 

Tested on:

CentOS v7
Freeswitch v1.6
FusionPBX v4.4
PostgreSQL v9.4
Apache v2.4
PHP v7.1

Assumptions:

Console text mode (multi-user.target)
Installation done as root user (#)

Install Prerequisites

Ensure all required packages are installed. 

yum -y install epel-release && yum -y update

yum install git nano httpd memcached ghostscript libtiff-devel libtiff-tools at tftp-server

PHP

yum -y install https://centos7.iuscommunity.org/ius-release.rpm
yum -y install yum-plugin-replace

# This updates any existing default version PHP files
yum replace php-common --replace-with php71u-common

yum install php71u php71u-common php71u-pdo php71u-soap php71u-xml php71u-xmlrpc php71u-pgsql php71u-cli php71u-imap php71u-mcrypt php71u-gd php71u-opcache php71u-json

PostgreSQL

rpm -Uvh https://download.postgresql.org/pub/repos/yum/9.4/redhat/rhel-7-x86_64/pgdg-centos94-9.4-3.noarch.rpm

yum -y install postgresql94-server postgresql94-contrib
/usr/pgsql-9.4/bin/postgresql94-setup initdb
systemctl enable postgresql-9.4
systemctl start postgresql-9.4

Setup client authentication to allow local connections.

nano +82 /var/lib/pgsql/9.4/data/pg_hba.conf

host  all all 127.0.0.1/32 trusthost  all all ::1/128      trust

systemctl restart postgresql-9.4

Test interactive terminal

sudo -u postgres psql
postgres=#
\q

Disable Selinux

Check status

sestatus

If not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Timezone

## FIND YOUR TIMEZONE
tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE
​timedatectl status

Memcached

Restrict memcached to localhost to prevent it from being used for DDoS attacks.

nano /etc/sysconfig/memcached

PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1"

Install

Freeswitch

rpm -Uvh http://files.freeswitch.org/freeswitch-release-1-6.noarch.rpm
yum -y install freeswitch-config-vanilla freeswitch-sounds* freeswitch-lang* freeswitch-lua freeswitch-xml-cdr

Create Databases and user

cd /tmp
password=somepassword

sudo -u postgres psql -c "CREATE DATABASE fusionpbx;"
sudo -u postgres psql -c "CREATE DATABASE freeswitch;"
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"

Download Fusionpbx

Make sure to include the . at the end.  There may be enhancements and fixes in our version that are not be in the official repo.

cd /var/www/html
git clone -b 4.4 https://github.com/powerpbx/fusionpbx.git .

Copy Directories

Replace default freeswitch conf files with fusionpbx conf files

mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/html/resources/templates/conf/* /etc/freeswitch

Copy music directories to default location

mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/music/*000/ /usr/share/freeswitch/sounds/music/default/

Apache

# Add user freeswitch to group apache to avoid problems with /var/lib/php/sessions directory 
usermod -a -G apache freeswitch

# Set http server to run as same user/group as Freeswitch
sed -i "s/User apache/User freeswitch/" /etc/httpd/conf/httpd.conf
sed -i "s/Group apache/Group daemon/" /etc/httpd/conf/httpd.conf

# Set webserver to obey any .htaccess files in /var/www/html and subdirs 
sed -i ':a;N;$!ba;s/AllowOverride None/AllowOverride All/2' /etc/httpd/conf/httpd.conf

Set ownership and permissions

# Ownership
chown -R freeswitch.daemon /etc/freeswitch /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/html

# Directory permissions to 770 (u=rwx,g=rwx,o='')
find /etc/freeswitch -type d -exec chmod 770 {} \;
find /var/lib/freeswitch -type d -exec chmod 770 {} \;
find /var/log/freeswitch -type d -exec chmod 770 {} \;
find /usr/share/freeswitch -type d -exec chmod 770 {} \;
find /var/www/html -type d -exec chmod 770 {} \;

# File permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;

Systemd config

nano /etc/systemd/system/freeswitch.service

[Unit]
Description=FreeSWITCH
Wants=network-online.target
After=syslog.target network-online.target
After=postgresql-9.4.service httpd.service

[Service]
Type=forking
User=freeswitch
ExecStartPre=/usr/bin/mkdir -m 0750 -p /run/freeswitch
ExecStartPre=/usr/bin/chown freeswitch:daemon /run/freeswitch
WorkingDirectory=/run/freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
EnvironmentFile=-/etc/sysconfig/freeswitch
ExecStart=/usr/bin/freeswitch -ncwait -nonat $FREESWITCH_PARAMS
ExecReload=/usr/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

Create the $FREESWITCH_PARAMS file for extra parameters.  If freeswitch was installed from RPM this will probably already exist.

nano /etc/sysconfig/freeswitch

## Type:                string
## Default:             ""
## Config:              ""
## ServiceRestart:      freeswitch
#
# if not empty: parameters for freeswitch
#
FREESWITCH_PARAMS=""

Enable services

systemctl daemon-reload
systemctl enable httpd
systemctl enable freeswitch
systemctl enable memcached
systemctl restart httpd
systemctl restart freeswitch
systemctl restart memcached

Browse to the public IP address of the server

 http://xx.xx.xx.xx 

to complete the install using the following:

Username: superadmin (or whatever you want)
Password: somepassword (use whatever you want)

Database Name: fusionpbx
Database Username: fusionpbx
Database Password: somepassword
Create Database Options: uncheck
Create Database Username: 
Create Database Password : 

It will take several minutes to complete.  Post install tasks are mandatory.

Post Install

Enable freeswitch database connection

This optional configuration sets Freeswitch to use PostgreSQL instead of sqlite for storing internal data.

nano +147 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=fusionpbx password='somepassword'" /> 

systemctl restart freeswitch

Change Voicemail to Email app configuration

nano +119 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="mailer-app" value="/usr/bin/php /var/www/html/secure/v_mailto.php"/>
                <param name="mailer-app-args" value="-t"/>

systemctl restart freeswitch

Configure firewall

yum -y install firewalld
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Daily Backup and housekeeping

Backup script

nano /etc/cron.daily/fusionpbx-backup

#!/bin/sh

db_host=127.0.0.1
db_port=5432
now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql

# Delete postgres backups if older than 4 days
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;

# Delete the main backup if older than 4 days
find /var/backups/fusionpbx/*.tgz -mtime +4 -exec rm {} \;

# Create databse backup
pg_dump --verbose -Fc --host=${db_host} --port=${db_port} -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql

# Combine and compress to create the main backup
tar -zvcf /var/backups/fusionpbx/backup_${now}.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql \
/var/www/html /usr/share/freeswitch/scripts /var/lib/freeswitch/storage \
/var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch

chmod +x /etc/cron.daily/fusionpbx-backup

Housekeeping script

nano /etc/cron.daily/fusionpbx-maintenance

#!/bin/sh

# Delete freeswitch logs older 7 days
find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;

# Delete call recordings older than 90 days
find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +90 -exec rm {} \;
find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +90 -exec rm {} \;

## Uncomment to delete faxes older than 90 days #find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \; #find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \;

## Uncomment to delete voicemails older than 90 days
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"

## Uncomment to delete call detail records older 90 days
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"

chmod +x /etc/cron.daily/fusionpbx-maintenance

TFTP

If you plan to use hardware SIP phones you may want to set up TFTP provisioning. 

yum -y install tftp-server
nano /etc/xinetd.d/tftp

change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot

change disable=yes
to disable=no

mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd

firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload

Now go to GUI Advanced > Default Settings > Provision.  About 20 rows down set enabled = True.

Add a new Subcategory in Provision category by pressing the + icon and fill in as follows:

Category = provision
Subcategory = path
type = text
Value = /tftpboot
Enabled = True

Fusionpbx is a full featured mult-tenant GUI for Freeswitch.  This guide covers the installation of Fusionpbx and Freeswitch® with PostgreSQL and Apache on Debian v8. 

Tested on:

Debian v8 (Jessie) 64 bit
Freeswitch v1.6
FusionPBX v4
PostgreSQL v9.4
Apache v2.4
PHP v7.1

Assumptions:

Console text mode (multi-user.target)
Installation done as root user (#)

Install Prerequisites

Set server locale.  This should be done before PostgreSQL is installed.

# Select en_US.UTF-8 UTF-8
dpkg-reconfigure locales

Logout and log back in and check that LANG=en_US.UTF-8.

locale

Install packages

apt update && apt upgrade -y && apt install lsb-release

apt -y install git nano dbus sudo apache2 curl memcached sqlite3 postgresql-9.4 postgresql-client-9.4 haveged ghostscript libtiff5-dev libtiff-tools at tftpd

PHP

# install this section one line at a time.

apt -y install apt-transport-https ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> /etc/apt/sources.list.d/php.list

apt update && apt -y install php7.1 php7.1-cli php7.1-common php7.1-curl php7.1-mcrypt php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-xml php7.1-imap

Disable Selinux

Check status

sestatus

If command exists and indicates it is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Set Timezone

Using tzselect is one way to find the correct timezone.

tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

​timedatectl status

Also need to change php timezone

nano +939 /etc/php/7.1/apache2/php.ini

date.timezone = America/Vancouver

systemctl restart apache2

Install

Freeswitch

curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -

echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-all freeswitch-all-dbg freeswitch-sounds* freeswitch-music* gdb

Database

Check that localhost connections are allowed.  This is necessary for the backup script.

nano +92 /etc/postgresql/9.4/main/pg_hba.conf

host all all 127.0.0.1/32 trust

systemctl restart postgresql

Check PostgreSQL locale

sudo -u postgres psql -l

If Encoding is not UTF8 and Collate & Ctype is not en_US.UTF8 then set it now.

sudo -u postgres psql

update pg_database set encoding = 6, datcollate = 'en_US.UTF8', datctype = 'en_US.UTF8' where datname = 'template0';
update pg_database set encoding = 6, datcollate = 'en_US.UTF8', datctype = 'en_US.UTF8' where datname = 'template1';

Create databases and user

cd /tmp
password=somepassword

sudo -u postgres psql -c "CREATE DATABASE fusionpbx;" 
sudo -u postgres psql -c "CREATE DATABASE freeswitch;"
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"

Fusionpbx

There may be enhancements and fixes in our version that are not be in the official repo.

# Makes sure to include the "." at the end.
cd /var/www/html
rm index.html
mkdir -p /etc/fusionpbx
git clone -b 4.4 https://github.com/powerpbx/fusionpbx.git .

Copy Directories

mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/html/resources/templates/conf/* /etc/freeswitch

Copy music directories to default location

mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/music/*000/ /usr/share/freeswitch/sounds/music/default/

Set ownership and permissions

# Set ownership
chown -R freeswitch. /etc/freeswitch /etc/fusionpbx /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/html

# Set directory permissions to 770 (u=rwx,g=rwx,o='')
find /etc/freeswitch -type d -exec chmod 770 {} \;
find /etc/fusionpbx -type d -exec chmod 770 {} \;
find /var/lib/freeswitch -type d -exec chmod 770 {} \;
find /var/log/freeswitch -type d -exec chmod 770 {} \;
find /usr/share/freeswitch -type d -exec chmod 770 {} \;
find /var/www/html -type d -exec chmod 770 {} \;

# Set file permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /etc/fusionpbx -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;

Apache config

sed -i 's/\(APACHE_RUN_USER=\)\(.*\)/\1freeswitch/g' /etc/apache2/envvars
sed -i 's/\(APACHE_RUN_GROUP=\)\(.*\)/\1freeswitch/g' /etc/apache2/envvars
chown freeswitch. /run/lock/apache2
systemctl restart apache2

Systemd

nano /etc/systemd/system/freeswitch.service

[Unit]
Description=FreeSWITCH
Wants=network-online.target
After=syslog.target network.target network-online.target
After=postgresql.service apache2.service

[Service]
Type=forking
User=freeswitch
WorkingDirectory=/run/freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch -ncwait -nonat $FREESWITCH_PARAMS
ExecReload=/usr/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

Create the $FREESWITCH_PARAMS file for extra parameters

nano /etc/default/freeswitch

## Type:                string
## Default:             ""
## Config:              ""
## ServiceRestart:      freeswitch
#
# if not empty: parameters for freeswitch
#
FREESWITCH_PARAMS=""

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Fix fs_cli

If fs_cli command does not work with freeswitch running change the following config line. 

nano +4 /etc/freeswitch/autoload_configs/event_socket.conf.xml

<param name="listen-ip" value="127.0.0.1"/>

systemctl restart freeswitch

Change Voicemail to Email app configuration

nano +119 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="mailer-app" value="/usr/bin/php /var/www/html/secure/v_mailto.php"/>
                <param name="mailer-app-args" value="-t"/>

systemctl restart freeswitch

Browse to the public IP address of the server

 http://xx.xx.xx.xx 

to complete the install using the following:

Username: superadmin (or whatever you want)
Password: somepassword (use whatever you want)

Database Name: fusionpbx
Database Username: fusionpbx
Database Password: somepassword
Create Database Options: uncheck
Create Database Username: 
Create Database Password : 

It will take several minutes to complete.  Post install tasks are mandatory.

Post Install

Enable freeswitch database connection

Freeswitch uses sqlite by default.  This optional configuration changes that to use PostgreSQL.

nano +147 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=fusionpbx password='somepassword'" />

systemctl restart freeswitch

Configure Firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Daily Backup and housekeeping

Backup script

nano /etc/cron.daily/fusionpbx-backup

#!/bin/sh

db_host=127.0.0.1
db_port=5432
now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql

# Delete postgres backups if older than 4 days
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;

# Delete the main backup if older than 4 days
find /var/backups/fusionpbx/*.tgz -mtime +4 -exec rm {} \;

# Create databse backup
pg_dump --verbose -Fc --host=${db_host} --port=${db_port} -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql

# Combine and compress to create the main backup
tar -zvcf /var/backups/fusionpbx/backup_${now}.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql \
/var/www/html /usr/share/freeswitch/scripts /var/lib/freeswitch/storage \
/var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch

chmod +x /etc/cron.daily/fusionpbx-backup

Housekeeping script

nano /etc/cron.daily/fusionpbx-maintenance

#!/bin/sh

# Delete freeswitch logs older than 7 days
find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;

# Delete call recordings older than 90 days
find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +90 -exec rm {} \;
find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +90 -exec rm {} \;

## Uncomment to delete faxes older than 90 days 
#find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \; 
#find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \; 

## Uncomment to delete voicemails older than 90 days
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"

## Uncomment to delete call detail records older 90 days
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"

chmod +x /etc/cron.daily/fusionpbx-maintenance

Troubleshooting Lua

To view the dyamically generated xml files.

nano /usr/share/freeswitch/scripts/resources/config.lua

## Change debug options from false to true to see lua generated output in fs_cli
       debug["params"] = true;
       debug["sql"] = true;
       debug["xml_request"] = true;
       debug["xml_string"] = true;
       debug["cache"] = true;

TFTP

If you plan to use hardware SIP phones you may want to enable TFTP.

Create tftp config

cat >> /etc/xinetd.d/tftp << EOF
service tftp
{
protocol        = udp
port            = 69
socket_type     = dgram
wait            = yes
user            = nobody
server          = /usr/sbin/in.tftpd
server_args     = /tftpboot
disable         = no
}

EOF

Make the directory and restart the daemon to start tftp.

mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd

firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload

Now go to GUI Advanced > Default Settings > Provision.  About 20 rows down set enabled = True.

Add a new Subcategory in Provision category by pressing the + icon and fill in as follows:

Category = provision
Subcategory = path
type = text
Value = /tftpboot
Enabled = True

This guide covers the installation of the ASTPP VoIP billing and Freeswitch applications.  ASTPP is installed manually from source.  Freeswitch is installed from deb packages.

Tested using the following software:

• Debian v8 (Jessie) x64 minimal install
• ASTPP v3.6
• Freeswitch v1.6
• Apache v2.4
• PHP v7.1
• MariaDB v10
  

Prerequisites

apt update && apt upgrade -y && apt install

apt -y install git nano dbus sudo apache2 curl sqlite3 haveged lsb-release ghostscript libtiff5-dev libtiff-tools at dirmngr postfix gawk dnsutils openssl ntp libmyodbc unixodbc unixodbc-bin gettext

PHP

# install this section one line at a time.

apt -y install apt-transport-https ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> /etc/apt/sources.list.d/php.list

apt update && apt -y install php7.1 php7.1-gd php7.1-opcache php7.1-cli php7.1-common php7.1-curl php7.1-sqlite3 php7.1-odbc php7.1-mysql php7.1-xml php7.1-mcrypt php7.1-json php7.1-pdo php-pear

ODBC

cd /usr/src
wget https://downloads.mariadb.com/Connectors/odbc/connector-odbc-3.0.3/\
mariadb-connector-odbc-3.0.3-ga-debian-x86_64.tar.gz
tar -zxvf mariadb-connector-odbc-3.0.3*.tar.gz
cp mariadb-connector-odbc-3.0.3*/lib/libmaodbc.so /usr/lib/x86_64-linux-gnu/odbc/

Create /etc/odbcinst.ini

cat >> /etc/odbcinst.ini << EOF
[MySQL]
Description = ODBC for MariaDB
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmaodbc.so
Setup = /usr/lib/x86_64-linux-gnu/odbc/libodbcmyS.so
FileUsage = 1
  
EOF

MariaDB

# After install set root password when asked. Otherwise it will keep nagging.

apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
apt update && apt -y install mariadb-server

Add the following line under [mysqld] in /etc/mysql.my.cnf to disable strict mode.

sql_mode=''

systemctl restart mariadb

Disable Selinux

Check status

sestatus

If the command is found and is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Timezone

## FIND YOUR TIMEZONE
tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE
​timedatectl status

Install

Freeswitch

curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -

echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-all freeswitch-all-dbg freeswitch-sounds* freeswitch-music* gdb

ASTPP

# Set ${password} variable.  This is used muliple times in this section.
password=somepassword

cd /usr/src
git clone -b v3.6 https://github.com/iNextrix/ASTPP.git

mysql -p -e "CREATE DATABASE astpp CHARACTER SET utf8 COLLATE utf8_general_ci;"
mysql -p -e "CREATE USER 'astppuser'@'localhost' IDENTIFIED BY '${password}';"
mysql -p -e "GRANT ALL PRIVILEGES ON astpp.* TO 'astppuser'@'localhost' WITH GRANT OPTION;"
mysql -p -e "FLUSH PRIVILEGES;"

mysql -p astpp < ASTPP/database/astpp-3.0.sql
mysql -p astpp < ASTPP/database/astpp-upgrade-3.5.sql
mysql -p astpp < ASTPP/database/astpp-upgrade-3.6.sql

ODBC

cat >> /etc/odbc.ini << EOF
[ASTPP]
Driver = MySQL
SERVER = 127.0.0.1
DATABASE = astpp
USERNAME = astppuser
PASSWORD = ${password}
PORT = 3306
OPTION = 67108864
Socket = /run/mysqld/mysqld.sock
threading = 0
charset = utf8
EOF

Test odbc driver

odbcinst -s -q

Test odbc connection

isql -v astpp astppuser ${password} 
quit

Copy and configure Freeswitch files

cd /usr/src
cp -R ASTPP/freeswitch/fs /var/www/html/
cp -R ASTPP/freeswitch/scripts/* /usr/share/freeswitch/scripts/
cp -R ASTPP/freeswitch/sounds/*.wav /usr/share/freeswitch/sounds/en/us/callie/

rm -Rf /etc/freeswitch/dialplan/*
touch /etc/freeswitch/dialplan/astpp.xml
rm -Rf /etc/freeswitch/directory/*
touch /etc/freeswitch/directory/astpp.xml
rm -Rf /etc/freeswitch/sip_profiles/*
touch /etc/freeswitch/sip_profiles/astpp.xml

Copy and configure ASTPP files

cd /usr/src
mkdir -p /var/lib/astpp
cp ASTPP/config/astpp-config.conf /var/lib/astpp/astpp-config.conf
cp ASTPP/config/astpp.lua /var/lib/astpp/astpp.lua

# Copy/config web GUI files
cp -R ASTPP/web_interface/astpp /var/www/html/
cp ASTPP/web_interface/apache/astpp.conf /etc/apache2/conf-available/astpp.conf
cp ASTPP/web_interface/apache/astpp.conf /etc/apache2/conf-available/fs.conf

sed -i "s#log/httpd#log/apache2#g" /etc/apache2/conf-available/astpp.conf
sed -i "s#log/httpd#log/apache2#g" /etc/apache2/conf-available/fs.conf
sed -i "s#8081#8735#g" /etc/apache2/conf-available/fs.conf
sed -i "s#astpp#fs#g" /etc/apache2/conf-available/fs.conf

mv /var/www/html/astpp/htaccess /var/www/html/astpp/.htaccess
a2enconf astpp
a2enconf fs
systemctl reload apache2

# Copy ASTPP specific freeswitch config files
/bin/cp -R ASTPP/freeswitch/conf/autoload_configs/* /etc/freeswitch/autoload_configs/

# ASTPP links to Freeswitch use /usr/local by default.  Freeswitch binary packages use /usr/share.
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /etc/freeswitch/autoload_configs/lua.conf.xml
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /etc/freeswitch/autoload_configs/json_cdr.conf.xml
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp-callingcards.lua
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp/astpp.lua
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp/scripts/astpp.xml.lua

# Configure ASTPP config files in /var/lib/astpp.
serverIP=$(ifconfig | sed -En 's/127.0.0.*//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
sed -i "s#\(^dbname\).*#dbname = astpp#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbuser\).*#dbuser = astppuser#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbpass\).*#dbpass = ${password}#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^base_url\).*#base_url = http://${serverIP}:8081/#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^DB_USERNAME\).*#DB_USERNAME = \"astppuser\"#" /var/lib/astpp/astpp.lua
sed -i "s#\(^DB_PASSWD\).*#DB_PASSWD = \"${password}\"#" /var/lib/astpp/astpp.lua

CRON

crontab -e

# I
# Generate Invoice   
0 1 * * * cd /var/www/html/astpp/cron/ && php cron.php GenerateInvoice
# Low balance notification
0 1 * * * cd /var/www/html/astpp/cron/ && php cron.php UpdateBalance
# Low balance notification
0 0 * * * cd /var/www/html/astpp/cron/ && php cron.php LowBalance        
# Update currency rate
0 0 * * * cd /var/www/html/astpp/cron/ && php cron.php CurrencyUpdate
# Email Broadcasting
* * * * * cd /var/www/html/astpp/cron/ && php cron.php BroadcastEmail

Apache

Configure Apache

Add AllowOverride All to web directory so that .htaccess is active.

cat >> /etc/apache2/conf-available/allowoverride.conf << EOF 
<Directory /var/www/html>
    AllowOverride All
    </Directory>
EOF

a2enconf allowoverride

Change default apache user/group, disable index.html, enable rewrite module

sed -i 's/\(APACHE_RUN_USER=\)\(.*\)/\1freeswitch/g' /etc/apache2/envvars
sed -i 's/\(APACHE_RUN_GROUP=\)\(.*\)/\1freeswitch/g' /etc/apache2/envvars
chown freeswitch. /run/lock/apache2
mv /var/www/html/index.html /var/www/html/index.html.disable
a2enmod rewrite

systemctl restart apache2

Set ownership and permissions

It is a good idea to run this anytime there are any changes/moves/adds/upgrades.

# Ownership
chown -R freeswitch. /etc/freeswitch /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/html

# Directory permissions to 770 (u=rwx,g=rwx,o='')
find /etc/freeswitch -type d -exec chmod 770 {} \;
find /var/lib/freeswitch -type d -exec chmod 770 {} \;
find /var/log/freeswitch -type d -exec chmod 770 {} \;
find /usr/share/freeswitch -type d -exec chmod 770 {} \;
find /var/www/html -type d -exec chmod 770 {} \;

# File permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;

Systemd config

nano /etc/systemd/system/freeswitch.service

[Unit]
Description=FreeSWITCH
Wants=network-online.target
After=syslog.target network.target network-online.target
After=mariadb.service apache2.service

[Service]
Type=forking
User=freeswitch
WorkingDirectory=/run/freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch -ncwait -nonat $FREESWITCH_PARAMS
ExecReload=/usr/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

Create the file for adding extra parameters.

cat >> /etc/default/freeswitch << EOF
## Type:                string
## Default:             ""
## Config:              ""
## ServiceRestart:      freeswitch
#
# if not empty: parameters for freeswitch
#
FREESWITCH_PARAMS=""
EOF

Configure php.ini

sed -i "s#short_open_tag = Off#short_open_tag = On#g" /etc/php/7.1/apache2/php.ini
sed -i "s#;cgi.fix_pathinfo=1#cgi.fix_pathinfo=1#g" /etc/php/7.1/apache2/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 3000/" /etc/php/7.1/apache2/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /etc/php/7.1/apache2/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /etc/php/7.1/apache2/php.ini
sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.1/apache2/php.ini

Configure firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,8081}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Test Freeswitch console

If fs_cli command is not working change the following line.

nano +4 /etc/freeswitch/autoload_configs/event_socket.conf.xml

<param name="listen-ip" value="127.0.0.1"/>

systemctl restart freeswitch

Browse to control panel

http://x.x.x.x:8081

username: admin
password: admin

The 8081 port can be changed at /var/lib/astpp/astpp-config.conf and  /etc/httpd/conf.d/astpp.conf. Remember to change the port on the firewall as well.

User documentation is located at the following link
http://astpp.readthedocs.io/en/v3.6/Modules/modules.html

Fusionpbx is a full featured mult-tenant GUI for Freeswitch.  This guide covers the installation of Fusionpbx and Freeswitch® with PostgreSQL and Apache on Debian v8. 

Tested on:

Debian v8 (Jessie) x64 minimal install
Freeswitch v1.6
FusionPBX v4
Nginx v1.6
PHP v7.1
PostgreSQL v9.4

Assumptions:

Console text mode (multi-user.target)
Installation done as root user (#)

Install Prerequisites

Set server locale.  This should be done before PostgreSQL is installed.

# Select en_US.UTF-8 UTF-8
dpkg-reconfigure locales

Logout and log back in to verify.

locale

Install packages

apt update && apt upgrade -y && apt -y remove apache2

apt -y install git nano dbus sudo nginx curl lsb-release memcached sqlite3 postgresql-9.4 postgresql-client-9.4 haveged ghostscript libtiff5-dev libtiff-tools at tftpd ssl-cert fail2ban

PHP

# install this section one line at a time.

apt -y install apt-transport-https ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> /etc/apt/sources.list.d/php.list

apt update && apt -y install php7.1 php7.1-cli php7.1-common php7.1-curl php7.1-mcrypt php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-xml php7.1-imap php7.1-fpm

Disable Selinux

Check status

sestatus

If command exists and indicates it is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Set Timezone

Using tzselect is one way to find the correct timezone.

## FIND YOUR TIMEZONE 
tzselect 

## SET TIMEZONE EXAMPLE 
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE 
​timedatectl status

systemctl restart rsyslog

Install

Freeswitch

curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -

echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-all freeswitch-all-dbg freeswitch-sounds* freeswitch-music* gdb

Database

Check that localhost connections are always allowed.  This is necessary for the backup script.

nano +92 /etc/postgresql/9.4/main/pg_hba.conf

host all all 127.0.0.1/32 trust

systemctl restart postgresql

Check PostgreSQL locale

sudo -u postgres psql -l

If Encoding is not UTF8 and Collate & Ctype is not en_US.UTF8 then set it now.

sudo -u postgres psql

update pg_database set encoding = 6, datcollate = 'en_US.UTF8', datctype = 'en_US.UTF8' where datname = 'template0';
update pg_database set encoding = 6, datcollate = 'en_US.UTF8', datctype = 'en_US.UTF8' where datname = 'template1';

Create databases and user

cd /tmp

# Set the DB password variable.
password=somepassword

sudo -u postgres psql -c "CREATE DATABASE fusionpbx;" 
sudo -u postgres psql -c "CREATE DATABASE freeswitch;"
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"

Fusionpbx

There may be enhancements and fixes in our version that are not be in the official repo.

mkdir -p /etc/fusionpbx
mkdir -p /var/www/fusionpbx
git clone -b 4.4 https://github.com/powerpbx/fusionpbx.git /var/www/fusionpbx

Copy Directories

mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch

Copy music directories to default location

mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/music/*000/ /usr/share/freeswitch/sounds/music/default/

Php-fpm config

sed 's#post_max_size = .*#post_max_size = 80M#g' -i /etc/php/7.1/fpm/php.ini
sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i /etc/php/7.1/fpm/php.ini
systemctl restart php7.1-fpm

Nginx config

mkdir -p /etc/nginx/ssl
cd /etc/nginx/sites-available
wget https://raw.githubusercontent.com/powerpbx/fusionpbx-install.sh/master/debian/resources/nginx/fusionpbx
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g'

ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
rm /etc/nginx/sites-enabled/default

# link to self signed certificate
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt

# For future use
mkdir -p /var/www/letsencrypt/

systemctl restart nginx

Systemd

Create unit file.

systemctl stop freeswitch
rm -r /run/freeswitch
nano /etc/systemd/system/freeswitch.service

[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target postgresql.service

[Service]
Type=forking
RuntimeDirectory=freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-ncwait -nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch $DAEMON_OPTS
TimeoutSec=45s
Restart=always

User=www-data
Group=www-data

LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
LimitSTACK=250000
LimitRTPRIO=infinity
LimitRTTIME=infinity
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUSchedulingPriority=89
UMask=0007

; Comment this out if using OpenVZ
CPUSchedulingPolicy=rr

[Install]
WantedBy=multi-user.target

Create environment file.

cat >> /etc/default/freeswitch << EOF
# Uncommented variables will override variables in unit file
# User=""
# Group=""
# DAEMON_OPTS=""
EOF

Set ownership and permissions

# Set ownership
chown -R www-data. /etc/freeswitch /etc/fusionpbx /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/fusionpbx /var/run/freeswitch

## Set directory permissions to 755 (u=rwx,g=rx,o='rx')
find /etc/freeswitch -type d -exec chmod 755 {} \;
find /etc/fusionpbx -type d -exec chmod 755 {} \;
find /var/lib/freeswitch -type d -exec chmod 755 {} \;
find /var/log/freeswitch -type d -exec chmod 755 {} \;
find /usr/share/freeswitch -type d -exec chmod 755 {} \;
find /var/www/html -type d -exec chmod 755 {} \;

## Set file permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /etc/fusionpbx -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;

## Set misc permissions to 755 (u=rwx,g=rx,o='rx')
chmod -R 755 /var/www/fusionpbx/secure

## These two files do not yet exist on a fresh install
chmod 755 /etc/cron.daily/fusionpbx-backup.sh
chmod 755 /etc/cron.daily/fusionpbx-maintenance.sh

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Browse to the public IP address of the server

 http://xx.xx.xx.xx 

to complete the install using the following:

Username: superadmin (or whatever you want)
Password: somesuperadminpassword 

Database Name: fusionpbx
Database Username: fusionpbx
Database Password: somepassword(The database user password created earlier)
Create Database Options: uncheck
Create Database Username: 
Create Database Password : 

The install may take a minute or two. 
Log into the GUI and go to Advanced > Default Settings > Adminer(auto_login) > Enabled = True
Click the Reload button and go to Advanced > Adminer and verify you can view the database. 

Post install tasks are optional but recommended.

Post Install

Enable freeswitch database connection

Freeswitch stores internal data on sqlite by default.  This optional configuration changes that to use PostgreSQL.  This has the advantage of being able to view it in the GUI using Adminer. 

nano +147 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=fusionpbx password='somepassword'" />

systemctl restart freeswitch

Configure Firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld

firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Daily Backup and Housekeeping

Backup script

nano /etc/cron.daily/fusionpbx-backup

#!/bin/sh

db_host=127.0.0.1
db_port=5432
now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql

# Delete postgres backups if older than 4 days
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;

# Delete the main backup if older than 4 days
find /var/backups/fusionpbx/*.tgz -mtime +4 -exec rm {} \;

# Create database backup
pg_dump --verbose -Fc --host=${db_host} --port=${db_port} -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql

# Combine and compress to create the main backup
tar -zvcf /var/backups/fusionpbx/backup_${now}.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql \
/var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage \
/var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch

chmod 755 /etc/cron.daily/fusionpbx-backup

Housekeeping script

nano /etc/cron.daily/fusionpbx-maintenance

#!/bin/sh

# Delete freeswitch logs older than 7 days
find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;

## Uncomment to delete call recordings older than 90 days
#find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +90 -exec rm {} \;

## Uncomment to delete faxes older than 90 days 
#find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \; 
#find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \; 

## Uncomment to delete voicemails older than 90 days
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"

## Uncomment to delete call detail records older 90 days
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"

chmod 755 /etc/cron.daily/fusionpbx-maintenance

TFTP

If you plan to use hardware SIP phones you may want to enable TFTP.

Create tftp config

cat >> /etc/xinetd.d/tftp << EOF
service tftp
{
protocol        = udp
port            = 69
socket_type     = dgram
wait            = yes
user            = nobody
server          = /usr/sbin/in.tftpd
server_args     = /tftpboot
disable         = no
}
EOF

Make the directory and restart the daemon to start tftp.

mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd

firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload

Now go to GUI Advanced > Default Settings > Provision.  About 20 rows down set enabled = Trueand reload

Add a new Subcategory in Provision category by pressing the + icon and fill in as follows:

Category = provision
Subcategory = path
type = text
Value = /tftpboot
Enabled = True

Troubleshooting the Dialplan

To view the dyamically generated xml files.

nano /usr/share/freeswitch/scripts/resources/config.lua

## Change debug options from false to true to see lua generated output in fs_cli
       debug["params"] = true;
       debug["sql"] = true;
       debug["xml_request"] = true;
       debug["xml_string"] = true;
       debug["cache"] = true;

This guide covers the installation of the ASTPP VoIP billing and Freeswitch applications.  ASTPP is installed manually from source.  Freeswitch is installed from deb packages.

Tested using the following software:

• Debian v8 (Jessie) x64 minimal install
• ASTPP v3.6
• Freeswitch v1.6
• Nginx v1.6
• PHP v7.1
• MariaDB v10
  

Prerequisites

apt update && apt upgrade -y && apt -y remove apache2

apt -y install git nano dbus sudo nginx curl sqlite3 haveged ghostscript lsb-release libtiff5-dev libtiff-tools at dirmngr postfix gawk dnsutils openssl ntp libmyodbc unixodbc unixodbc-bin gettext fail2ban

PHP

# install this section one line at a time.

apt -y install apt-transport-https ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> /etc/apt/sources.list.d/php.list

apt update && apt -y install php7.1 php7.1-fpm php7.1-gd php7.1-opcache php7.1-cli php7.1-common php7.1-curl php7.1-sqlite3 php7.1-odbc php7.1-mysql php7.1-xml php7.1-mcrypt php7.1-json php-pear

ODBC

cd /usr/src
wget https://downloads.mariadb.com/Connectors/odbc/connector-odbc-3.0.3/\
mariadb-connector-odbc-3.0.3-ga-debian-x86_64.tar.gz
tar -zxvf mariadb-connector-odbc-3.0.3*.tar.gz
cp mariadb-connector-odbc-3.0.3*/lib/libmaodbc.so /usr/lib/x86_64-linux-gnu/odbc/

Create /etc/odbcinst.ini

cat >> /etc/odbcinst.ini << EOF
[MySQL]
Description = ODBC for MariaDB
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmaodbc.so
Setup = /usr/lib/x86_64-linux-gnu/odbc/libodbcmyS.so
FileUsage = 1
  
EOF

MariaDB

# Set MariaDB root password when asked. Otherwise it will keep nagging.

apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
apt update && apt -y install mariadb-server

nano /etc/mysql/my.cnf

# Add the following line under [mysqld] to disable strict mode.
sql_mode=''

systemctl restart mariadb

Disable Selinux

Check status

sestatus

If the command is found and is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Timezone

## FIND YOUR TIMEZONE
tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE
​timedatectl status

systemctl restart rsyslog

Install

Freeswitch

curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -

echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-all freeswitch-all-dbg freeswitch-sounds* freeswitch-music* gdb

ASTPP

# Set MariaDB user ${userpassword} variable.  This is used muliple times in this section.
userpassword=somepassword

# Set MariaDB root password to whatever it was previously set to.
mysqlpassword=existingmysqlpassword

cd /usr/src
git clone -b v3.6 https://github.com/iNextrix/ASTPP.git

mysql -p${mysqlpassword} -e "CREATE DATABASE astpp CHARACTER SET utf8 COLLATE utf8_general_ci;"
mysql -p${mysqlpassword} -e "CREATE USER 'astppuser'@'localhost' IDENTIFIED BY '${userpassword}';"
mysql -p${mysqlpassword} -e "GRANT ALL PRIVILEGES ON astpp.* TO 'astppuser'@'localhost' WITH GRANT OPTION;"
mysql -p${mysqlpassword} -e "FLUSH PRIVILEGES;"

mysql -p${mysqlpassword} astpp < ASTPP/database/astpp-3.0.sql
mysql -p${mysqlpassword} astpp < ASTPP/database/astpp-upgrade-3.5.sql
mysql -p${mysqlpassword} astpp < ASTPP/database/astpp-upgrade-3.6.sql

ODBC

cat >> /etc/odbc.ini << EOF
[ASTPP]
Driver = MySQL
SERVER = 127.0.0.1
DATABASE = astpp
USERNAME = astppuser
PASSWORD = ${userpassword}
PORT = 3306
OPTION = 67108864
Socket = /run/mysqld/mysqld.sock
threading = 0
charset = utf8

EOF

Test odbc driver

odbcinst -s -q

Test odbc connection

isql -v astpp astppuser ${userpassword} 
quit

Copy and configure Freeswitch files

cd /usr/src
cp -R ASTPP/freeswitch/fs /var/www/html/
cp -R ASTPP/freeswitch/scripts/* /usr/share/freeswitch/scripts/
cp -R ASTPP/freeswitch/sounds/*.wav /usr/share/freeswitch/sounds/en/us/callie/

rm -Rf /etc/freeswitch/dialplan/*
touch /etc/freeswitch/dialplan/astpp.xml
rm -Rf /etc/freeswitch/directory/*
touch /etc/freeswitch/directory/astpp.xml
rm -Rf /etc/freeswitch/sip_profiles/*
touch /etc/freeswitch/sip_profiles/astpp.xml

Copy and configure ASTPP files

cd /usr/src
mkdir -p /usr/local/astpp
mkdir -p /var/log/astpp
mkdir -p /var/lib/astpp
cp ASTPP/config/astpp-config.conf /var/lib/astpp/astpp-config.conf
cp ASTPP/config/astpp.lua /var/lib/astpp/astpp.lua

# Copy/config web GUI files
cp -R ASTPP/web_interface/astpp /var/www/html/
cp ASTPP/web_interface/nginx/deb_astpp.conf /etc/nginx/sites-available/astpp.conf
cp ASTPP/web_interface/nginx/deb_fs.conf /etc/nginx/sites-available/fs.conf

sed -i "s/client_max_body_size 8M/client_max_body_size 20M/" /etc/nginx/sites-available/astpp.conf
sed -i '35i fastcgi_read_timeout 300;' /etc/nginx/sites-available/astpp.conf
sed -i "s#php7.0#php7.1#" /etc/nginx/sites-available/astpp.conf
sed -i "s#php7.0#php7.1#" /etc/nginx/sites-available/fs.conf

ln -s /etc/nginx/sites-available/astpp.conf /etc/nginx/sites-enabled/astpp.conf 
ln -s /etc/nginx/sites-available/fs.conf /etc/nginx/sites-enabled/fs.conf 
rm /etc/nginx/sites-enabled/default

# Add nginx log files
touch /var/log/nginx/astpp_access.log
touch /var/log/nginx/astpp_error.log
touch /var/log/nginx/fs_access.log
touch /var/log/nginx/fs_error.log

# Add ASTPP log file
touch /var/log/astpp/astpp.log

# Copy ASTPP specific freeswitch config files
/bin/cp -R ASTPP/freeswitch/conf/autoload_configs/* /etc/freeswitch/autoload_configs/

# ASTPP links to Freeswitch use /usr/local by default.  Freeswitch binary packages use /usr/share.
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /etc/freeswitch/autoload_configs/lua.conf.xml
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /etc/freeswitch/autoload_configs/json_cdr.conf.xml
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp-callingcards.lua
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp/astpp.lua
sed -i "s#/usr/local/freeswitch/#/usr/share/freeswitch/#g" /usr/share/freeswitch/scripts/astpp/scripts/astpp.xml.lua

# Configure ASTPP config files in /var/lib/astpp.
serverIP=$(ifconfig | sed -En 's/127.0.0.*//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
sed -i "s#\(^dbname\).*#dbname = astpp#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbuser\).*#dbuser = astppuser#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbpass\).*#dbpass = ${userpassword}#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^base_url\).*#base_url = http://${serverIP}:8089/#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^DB_USERNAME\).*#DB_USERNAME = \"astppuser\"#" /var/lib/astpp/astpp.lua
sed -i "s#\(^DB_PASSWD\).*#DB_PASSWD = \"${userpassword}\"#" /var/lib/astpp/astpp.lua

CRON

crontab -u www-data -e

# I
# Generate Invoice   
0 1 * * * cd /var/www/html/astpp/cron/ && php cron.php GenerateInvoice
# Low balance notification
0 1 * * * cd /var/www/html/astpp/cron/ && php cron.php UpdateBalance
# Low balance notification
0 0 * * * cd /var/www/html/astpp/cron/ && php cron.php LowBalance        
# Update currency rate
0 0 * * * cd /var/www/html/astpp/cron/ && php cron.php CurrencyUpdate
# Email Broadcasting
* * * * * cd /var/www/html/astpp/cron/ && php cron.php BroadcastEmail

Systemd

Create unit file.

systemctl stop freeswitch
rm -r /run/freeswitch
nano /etc/systemd/system/freeswitch.service

[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target mariadb.service

[Service]
Type=forking
RuntimeDirectory=freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-ncwait -nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch $DAEMON_OPTS
TimeoutSec=45s
Restart=always

User=www-data
Group=www-data
LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
LimitSTACK=250000
LimitRTPRIO=infinity
LimitRTTIME=infinity
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUSchedulingPriority=89
UMask=0007

; Comment this out if using OpenVZ
CPUSchedulingPolicy=rr

[Install]
WantedBy=multi-user.target

Create environment file.

cat >> /etc/default/freeswitch << EOF
# Uncommented variables will override variables in unit file
# User=""
# Group=""
# DAEMON_OPTS=""

EOF

Set ownership and permissions

Run this any time there are any changes/moves/adds/upgrades or if experiencing problems.

# Ownership
chown -R www-data. /etc/freeswitch /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/html \
/var/log/astpp /var/log/nginx

# Directory permissions to 755 (u=rwx,g=rx,o='rx')
find /etc/freeswitch -type d -exec chmod 755 {} \;
find /var/lib/freeswitch -type d -exec chmod 755 {} \;
find /var/log/freeswitch -type d -exec chmod 755 {} \;
find /usr/share/freeswitch -type d -exec chmod 755 {} \;
find /var/www/html -type d -exec chmod 755 {} \;
find /var/log/astpp -type d -exec chmod 755 {} \;

# File permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;
find /var/log/astpp -type d -exec chmod 664 {} \;

Configure php-fpm

sed -i "s/;request_terminate_timeout = 0/request_terminate_timeout = 300/" /etc/php/7.1/fpm/pool.d/www.conf
sed -i "s#short_open_tag = Off#short_open_tag = On#g" /etc/php/7.1/fpm/php.ini
sed -i "s#;cgi.fix_pathinfo=1#cgi.fix_pathinfo=1#g" /etc/php/7.1/fpm/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 3000/" /etc/php/7.1/fpm/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /etc/php/7.1/fpm/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /etc/php/7.1/fpm/php.ini
sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.1/fpm/php.ini

systemctl restart php7.1-fpm
systemctl restart nginx

Configure firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld

firewall-cmd --permanent --zone=public --add-port={5060,5061,8089}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Test Freeswitch console

If fs_cli command is not working change the following line.

nano +4 /etc/freeswitch/autoload_configs/event_socket.conf.xml

<param name="listen-ip" value="127.0.0.1"/>

systemctl restart freeswitch

Browse to control panel

http://x.x.x.x:8089

username: admin
password: admin

The 8089 port can be changed at /var/lib/astpp/astpp-config.conf and  /etc/nginx/sites-available/astpp.conf. Remember to change the port on the firewall as well.  If accessing by DNS name change the IP to the DNS name.

User documentation is located at the following link
http://astpp.readthedocs.io/en/v3.6/Modules/modules.html

Fusionpbx is a full featured mult-tenant GUI for Freeswitch.  This guide covers the installation of Fusionpbx and Freeswitch® with PostgreSQL and NGINX on Debian v9. 

Tested on:

Debian v9 (Stretch) x64 minimal install
Freeswitch v1.8
FusionPBX v4
Nginx v1.10
PHP v7.1
PostgreSQL v11

Assumptions:

Console text mode (multi-user.target)
Installation done as root user (#)

Prerequisites

Set server locale.  This should be done before PostgreSQL is installed.

# Select en_US.UTF-8 UTF-8
dpkg-reconfigure locales

Logout and log back in to verify.

locale

Install packages

apt update && apt upgrade -y && apt -y remove apache2

apt -y install git nano dbus sudo nginx curl lsb-release sqlite3 haveged ghostscript libtiff5-dev libtiff-tools at tftpd ssl-cert fail2ban

PostgreSQL

echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -sc)-pgdg main"> \
/etc/apt/sources.list.d/postgresql.list

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
apt update && apt install postgresql-11 postgresql-client-11

PHP

# Remove older versions of PHP if they exist
apt remove -y php5* php7.0*

# Install dependencies
apt -y install apt-transport-https ca-certificates

# Add php7.1 repository
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/php.list

apt update && apt -y install php7.1 php7.1-cli php7.1-common php7.1-curl php7.1-mcrypt php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-xml php7.1-imap php7.1-fpm

sngrep

wget http://packages.irontec.com/public.key -q -O - | apt-key add -
echo "deb http://packages.irontec.com/debian $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/irontec.list

apt update && apt install sngrep

Disable Selinux

Check status

sestatus

If the command exists and indicates it is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Set Timezone

Using tzselect is one way to find the correct timezone.

## FIND YOUR TIMEZONE 
tzselect 

## SET TIMEZONE EXAMPLE 
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE 
​timedatectl status

systemctl restart rsyslog

Install

Freeswitch

wget -O - https://files.freeswitch.org/repo/deb/freeswitch-1.8/fsstretch-archive-keyring.asc | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.8/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-all freeswitch-all-dbg freeswitch-sounds* freeswitch-music* gdb

Database

Check that localhost connections are always allowed.  This is necessary for the backup script.

nano +92 /etc/postgresql/11/main/pg_hba.conf

host all all 127.0.0.1/32 trust

systemctl restart postgresql

Check PostgreSQL locale

sudo -u postgres psql -l

If Encoding is not UTF8 and Collate & Ctype is not en_US.UTF8 then set it now.

sudo -u postgres psql

update pg_database set encoding = 6, datcollate = 'en_US.UTF8', datctype = 'en_US.UTF8' where datname = 'template0';
update pg_database set encoding = 6, datcollate = 'en_US.UTF8', datctype = 'en_US.UTF8' where datname = 'template1';

Create databases and user

cd /tmp

# Set the DB password variable.
password=somepassword

sudo -u postgres psql -c "SET client_encoding = 'UTF8';"
sudo -u postgres psql -c "CREATE DATABASE fusionpbx;" 
sudo -u postgres psql -c "CREATE DATABASE freeswitch;"
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"

Fusionpbx

There may be enhancements and fixes in our version that are not be in the official repo.

mkdir -p /etc/fusionpbx
mkdir -p /var/www/fusionpbx
mkdir -p /var/cache/fusionpbx
git clone -b 4.4 https://github.com/powerpbx/fusionpbx.git /var/www/fusionpbx

Copy Directories

mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch

Copy music directories to default location

mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/music/*000/ /usr/share/freeswitch/sounds/music/default/

Php-fpm config

sed 's#post_max_size = .*#post_max_size = 80M#g' -i /etc/php/7.1/fpm/php.ini
sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i /etc/php/7.1/fpm/php.ini
sed 's#max_execution_time = .*#max_execution_time = 120#g' -i /etc/php/7.1/fpm/php.ini
systemctl restart php7.1-fpm

Nginx config

mkdir -p /etc/nginx/ssl
cd /etc/nginx/sites-available
wget https://raw.githubusercontent.com/powerpbx/fusionpbx-install.sh/master/debian/resources/nginx/fusionpbx
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g'

ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
rm /etc/nginx/sites-enabled/default

# link to self signed certificate
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt

# For future use
mkdir -p /var/www/letsencrypt/

systemctl restart nginx

Systemd

Create unit file.

systemctl stop freeswitch
rm -r /run/freeswitch
nano /etc/systemd/system/freeswitch.service

[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target postgresql.service

[Service]
Type=forking
RuntimeDirectory=freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-ncwait -nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch $DAEMON_OPTS
TimeoutSec=45s
Restart=always

User=www-data
Group=www-data

LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
LimitSTACK=250000
LimitRTPRIO=infinity
LimitRTTIME=infinity
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUSchedulingPriority=89
UMask=0007

; Comment this out if using OpenVZ
CPUSchedulingPolicy=rr

[Install]
WantedBy=multi-user.target

Create environment file.

cat >> /etc/default/freeswitch << EOF
# Uncommented variables will override variables in unit file
# User=""
# Group=""
# DAEMON_OPTS=""
EOF

Set ownership and permissions

# Set ownership
chown -R www-data. /etc/freeswitch /etc/fusionpbx /var/cache/fusionpbx /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/fusionpbx /var/run/freeswitch

## Set directory permissions to 755 (u=rwx,g=rx,o='rx')
find /etc/freeswitch -type d -exec chmod 755 {} \;
find /etc/fusionpbx -type d -exec chmod 755 {} \;
find /var/cache/fusionpbx -type d -exec chmod 755 {} \;
find /var/lib/freeswitch -type d -exec chmod 755 {} \;
find /var/log/freeswitch -type d -exec chmod 755 {} \;
find /usr/share/freeswitch -type d -exec chmod 755 {} \;
find /var/www -type d -exec chmod 755 {} \;

## Set file permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /etc/fusionpbx -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www -type f -exec chmod 664 {} \;

## Set misc permissions to 755 (u=rwx,g=rx,o='rx')
chmod -R 755 /var/www/fusionpbx/secure

## These two files do not yet exist on a fresh install
chmod 755 /etc/cron.daily/fusionpbx-backup
chmod 755 /etc/cron.daily/fusionpbx-maintenance

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Browse to the public IP address of the server

 http://xx.xx.xx.xx 

to complete the install using the following:

Username: superadmin (or whatever you want)
Password: someSuperadminPassword 

Database Name: fusionpbx
Database Username: fusionpbx
Database Password: somepassword(The database user password created earlier)
Create Database Options: uncheck
Create Database Username: 
Create Database Password : 

The install may take a minute or two. 

Log into the GUI and go to Advanced > Default Settings > Adminer(auto_login) > Enabled = True
Click the Reload button and go to Advanced > Adminer and verify you can view the database. 

Post install tasks are optional but recommended.

Post Install

Enable freeswitch database connection

Freeswitch stores internal data on sqlite by default.  This optional configuration changes that to PostgreSQL.  This has the advantage of being able to view it in the GUI using Adminer. 

nano +147 /etc/freeswitch/autoload_configs/switch.conf.xml

<param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=fusionpbx password='somepassword'" />

systemctl restart freeswitch

Configure Firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld

firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Daily Backup and Housekeeping

Backup script

nano /etc/cron.daily/fusionpbx-backup

#!/bin/sh

db_host=127.0.0.1
db_port=5432
now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql

# Delete postgres backups if older than 7 days
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +7 -exec rm {} \;

# Delete the main backup if older than 7 days
find /var/backups/fusionpbx/*.tgz -mtime +7 -exec rm {} \;

# Create database backup
pg_dump --verbose -Fc --host=${db_host} --port=${db_port} -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql

# Combine and compress to create the main backup
tar -zvcf /var/backups/fusionpbx/backup_${now}.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_${now}.sql \
/var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage \
/var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch

chmod 755 /etc/cron.daily/fusionpbx-backup

Housekeeping script

nano /etc/cron.daily/fusionpbx-maintenance

#!/bin/sh

# Delete freeswitch logs older than 7 days
find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;

## Uncomment to delete call recordings older than 90 days
#find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +90 -exec rm {} \;

## Uncomment to delete faxes older than 90 days 
#find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \; 
#find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \; 

## Uncomment to delete voicemails older than 90 days
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"

## Uncomment to delete call detail records older 90 days
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"

chmod 755 /etc/cron.daily/fusionpbx-maintenance

TFTP

If you plan to use hardware SIP phones you may want to enable TFTP.

Create tftp config

cat >> /etc/xinetd.d/tftp << EOF
service tftp
{
protocol        = udp
port            = 69
socket_type     = dgram
wait            = yes
user            = nobody
server          = /usr/sbin/in.tftpd
server_args     = /tftpboot
disable         = no
}
EOF

Make the directory and restart the daemon to start tftp.

mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd

firewall-cmd --permanent --zone=public --add-port=69/udp
firewall-cmd --reload

Go to GUI Advanced > Default Settings > Provision.  About 20 rows down set enabled = Trueand reload

Add a new subcategory in Provision category by pressing the + icon and fill in as follows:

Category = provision
Subcategory = path
type = text
Value = /tftpboot
Enabled = True

Troubleshooting the Dialplan

To view the dynamically generated xml files.

nano /etc/fusionpbx/config.lua

## Change debug options from false to true to see lua generated output in fs_cli
       debug.params = true;
       debug.sql = true;
       debug.xml_request = true;
       debug.xml_string = true;
       debug.cache = true;

This assumes FusionPBX was installed using this FusionPBX install guide or the public install script.  This procedure should work for root domains, subdomains, and wildcards.

Tested using:

* Certbot v0.28 (included with Debian 9)
* Fusionpbx 4.4
* Debian 9
* Nginx

Install

apt install certbot

Create verification directory if it does not already exist

mkdir -p /var/www/letsencrypt
chown -R www-data. /var/www/letsencrypt

Edit nginx to redirect the verification directory and use http port 80.

nano /etc/nginx/sites-available/fusionpbx

server {
    listen 80;
    server_name fusionpbx;

    #redirect letsencrypt
    location ^~ /.well-known/acme-challenge {
        default_type "text/plain";
        auth_basic "off";
        alias /var/www/letsencrypt;    }

systemctl reload nginx

Generate Certificate 

Run each time a new domain or subdomain is added.  It needs to include all previous domains each time it is run.

# Add -d subdomain.domain -d *.domain etc.
# for each domain, subdomain, and wildcard used

certbot certonly --manual --preferred-challenges=dns --email somemail@somedomain.com \
--server https://acme-v02.api.letsencrypt.org/directory --agree-tos \
-d pbx.somedomain.com \
-d *.pbx.somedomain.com \
-d pbx.someotherdomain.com \
-d mypbxdomain.com

It will ask you to verify you are the owner of the domain by giving you a TXT record for each domain registrar used.  You will need to create this TXT record on your domain provider end.

_acme-challenge.subdomain.somedomain.com with the following value:
4ixUKJm50KTtD6pOK99jvjW1n2lRJaTMJWx0rU7EUeY

In a PuTTY shell, press and hold the left mouse button, highlight the text, then release the button.  It will now be copied into your clipboard and available to paste into your domain registrar form.  If you try copy with CTRL-C it will cause the script to exit and you will have to start over.

Open a separate bash shell and check if the TXT record has propagated to the server before hitting ENTER .

apt install -y dnsutils
dig -t txt _acme-challenge.subdomain.somedomain.com

It may take some time for the record to propagate to your downstream (recursive) nameserver.

Add the successfully generated certificate to nginx.

nano /etc/nginx/sites-available/fusionpbx

server {
    listen 443;
    server_name fusionpbx;
    ssl                     on;
    # ssl_certificate         /etc/ssl/certs/nginx.crt;
    # ssl_certificate_key     /etc/ssl/private/nginx.key;
    ssl_certificate /etc/letsencrypt/live/subdomain.somedomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/subdomain.somedomain.com/privkey.pem;    ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers             HIGH:!ADH:!MD5:!aNULL;

systemctl reload nginx

Automatic Renewal

crontab -e

# In this example, the command is run at 1:02 am on Sundays.
2 1 * * 0 /usr/bin/certbot renew

Certificates will not renew until after 60 days by default. 

This guide covers the installation of the ASTPP VoIP billing and Freeswitch applications.  ASTPP is installed manually from source.  Freeswitch is installed from deb packages.

Tested using the following software:

• Debian v9 (Stretch) x64 minimal install
• ASTPP v4.0
• Freeswitch v1.10
• Nginx v1.10
• PHP v7.3
• MySQL v8
  

   

Call Flow

Outbound

Inbound

Prerequisites

Verify locale is set to en US.UTF-8.

locale

If it is not then set it now.  You may also set your own UTF-8 locale if not in the US.

# Select en_US.UTF-8 UTF-8
apt install locales && dpkg-reconfigure locales

Log out/in or close/open shell for changes to take effect. 

Install prerequisite packages

apt update && apt upgrade -y && apt -y remove apache2

apt -y install software-properties-common
add-apt-repository 'deb http://security.debian.org/debian-security/ stretch/updates main contrib'

apt -y install git nano dbus sudo nginx curl sqlite3 haveged ghostscript lsb-release libtiff5-dev libtiff-tools at dirmngr postfix gawk dnsutils openssl ntp unixodbc unixodbc-bin gettext fail2ban ntpdate ntp lua5.1 bc libxml2 libxml2-dev openssl libcurl4-openssl-dev gettext gcc g++

PHP

# install this section one line at a time.

apt -y install apt-transport-https ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> /etc/apt/sources.list.d/php.list

apt update && apt -y install php7.3 php7.3-fpm php7.3-gd php7.3-opcache php7.3-cli php7.3-common php7.3-curl php7.3-sqlite3 php7.3-odbc php7.3-mysql php7.3-xml php7.3-json php7.3-mbstring php-pear

MySQL

# Confirm that MySQL Server & Cluster mysql-8.0 is selected

cd /usr/src
wget https://repo.mysql.com/mysql-apt-config_0.8.15-1_all.deb
dpkg -i mysql-apt-config_0.8.13-1_all.deb

# You can leave root password blank
# Select "Use Legacy Authentication" when asked

apt update && apt -y install mysql-server

MySQL ODBC

wget https://dev.mysql.com/get/Downloads/Connector-ODBC/8.0/mysql-connector-odbc_8.0.22-1debian9_amd64.deb
dpkg -i mysql-connector-odbc_8.0.22-1debian9_amd64.deb

Disable Selinux

Check status

sestatus

If the command is found and is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Timezone

## FIND YOUR TIMEZONE
tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE
​timedatectl status

systemctl restart rsyslog

Install

Freeswitch

wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/debian-release/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-meta-all

ASTPP

# Set MySQL user ${userpassword} variable.  This is used muliple times in this section.
userpassword=somepassword

# If you have set a MySQL root password assign it here.
# If you left it blank just hit ENTER when asked.
mysqlpassword=existingmysqlpassword

cd /usr/src
git clone -b v4.0.1 https://github.com/iNextrix/ASTPP.git

mysql -p${mysqlpassword} -e "CREATE DATABASE astpp;"
mysql -p${mysqlpassword} -e "CREATE USER 'astppuser'@'localhost' IDENTIFIED BY '${userpassword}';"
mysql -uroot -p${mysqlpassword} -e "ALTER USER 'astppuser'@'localhost' IDENTIFIED WITH mysql_native_password BY '${userpassword}';"
mysql -p${mysqlpassword} -e "GRANT ALL PRIVILEGES ON astpp.* TO 'astppuser'@'localhost' WITH GRANT OPTION;"
mysql -p${mysqlpassword} -e "FLUSH PRIVILEGES;"

# This will likely run for several minutes and should not be interrupted.
mysql -p${mysqlpassword} astpp < ASTPP/database/astpp-4.0.sql

# If you get a datetime error on this step try restart mysql
mysql -p${mysqlpassword} astpp < ASTPP/database/astpp-4.0.1.sql

Configure MySQL

cp ASTPP/misc/odbc/deb_odbc.ini /etc/odbc.ini
sed -i "s#\(^PASSWORD\).*#PASSWORD = ${userpassword}#g" /etc/odbc.ini

sed -i '33i wait_timeout=600' /etc/mysql/mysql.conf.d/mysqld.cnf
sed -i '33i interactive_timeout = 600' /etc/mysql/mysql.conf.d/mysqld.cnf
sed -i '33i sql_mode=""' /etc/mysql/mysql.conf.d/mysqld.cnf

systemctl restart mysql

Test odbc driver

odbcinst -s -q

Test odbc connection

isql -v astpp astppuser ${userpassword} 
quit

Copy and configure Freeswitch files

cd /usr/src
cp -R ASTPP/freeswitch/fs /var/www/html/
cp -R ASTPP/freeswitch/scripts/* /usr/share/freeswitch/scripts/
cp -R ASTPP/freeswitch/sounds/*.wav /usr/share/freeswitch/sounds/en/us/callie/

rm -Rf /etc/freeswitch/dialplan/*
touch /etc/freeswitch/dialplan/astpp.xml
rm -Rf /etc/freeswitch/directory/*
touch /etc/freeswitch/directory/astpp.xml
rm -Rf /etc/freeswitch/sip_profiles/*
touch /etc/freeswitch/sip_profiles/astpp.xml

Copy and configure ASTPP files

cd /usr/src
mkdir -p /usr/local/astpp
mkdir -p /var/log/astpp
mkdir -p /var/lib/astpp
cp ASTPP/config/astpp-config.conf /var/lib/astpp/astpp-config.conf
cp ASTPP/config/astpp.lua /var/lib/astpp/astpp.lua

# Copy/config web GUI files
cp -R ASTPP/web_interface/astpp /var/www/html/
cp ASTPP/web_interface/nginx/deb_astpp.conf /etc/nginx/sites-available/astpp.conf
cp ASTPP/web_interface/nginx/deb_fs.conf /etc/nginx/sites-available/fs.conf

ln -s /etc/nginx/sites-available/astpp.conf /etc/nginx/sites-enabled/astpp.conf 
ln -s /etc/nginx/sites-available/fs.conf /etc/nginx/sites-enabled/fs.conf 
rm /etc/nginx/sites-enabled/default

# Just press ENTER to use defaults for all the questions
mkdir -p /etc/nginx/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

# Add nginx log files
touch /var/log/nginx/astpp_access.log
touch /var/log/nginx/astpp_error.log
touch /var/log/nginx/fs_access.log
touch /var/log/nginx/fs_error.log

# Add ASTPP log files
touch /var/log/astpp/astpp.log
touch /var/log/astpp/astpp_email.log

# Copy ASTPP specific freeswitch config files
/bin/cp -R ASTPP/freeswitch/conf/autoload_configs/* /etc/freeswitch/autoload_configs/

# Configure ASTPP config files in /var/lib/astpp.
serverIP=$(ifconfig | sed -En 's/127.0.0.*//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
sed -i "s#\(^dbname\).*#dbname = astpp#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbuser\).*#dbuser = astppuser#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbpass\).*#dbpass = ${userpassword}#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^base_url\).*#base_url = https://${serverIP}/#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^DB_USERNAME\).*#DB_USERNAME = \"astppuser\"#" /var/lib/astpp/astpp.lua
sed -i "s#\(^DB_PASSWD\).*#DB_PASSWD = \"${userpassword}\"#" /var/lib/astpp/astpp.lua

Enable mariadb module

nano /etc/freeswitch/autoload_configs/pre_load_modules.conf.xml

<configuration name="pre_load_modules.conf" description="Modules">
  <modules>
    <!-- Databases -->
    <load module="mod_mariadb"/>
  </modules>
</configuration>

CRON

crontab -u www-data -e

# Call all crons
* * * * * cd /var/www/html/astpp/cron/ && php cron.php crons

Systemd

Create unit file.

systemctl stop freeswitch
rm -r /run/freeswitch
nano /etc/systemd/system/freeswitch.service

[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target mariadb.service

[Service]
Type=forking
RuntimeDirectory=freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-ncwait -nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch $DAEMON_OPTS
TimeoutSec=45s
Restart=always

User=www-data
Group=www-data
LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
LimitSTACK=250000
LimitRTPRIO=infinity
LimitRTTIME=infinity
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUSchedulingPriority=89
UMask=0007

; Comment this out if using OpenVZ
CPUSchedulingPolicy=rr

[Install]
WantedBy=multi-user.target

Create environment file.

cat >> /etc/default/freeswitch << EOF
# Uncommented variables will override variables in unit file
# User=""
# Group=""
# DAEMON_OPTS=""

EOF

Set ownership and permissions

Run this any time there are any changes/moves/adds/upgrades or if experiencing problems.

# Ownership
chown -R www-data. /etc/freeswitch /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch /var/www/html \
/var/log/astpp /var/log/nginx

# Directory permissions to 755 (u=rwx,g=rx,o='rx')
find /etc/freeswitch -type d -exec chmod 755 {} \;
find /var/lib/freeswitch -type d -exec chmod 755 {} \;
find /var/log/freeswitch -type d -exec chmod 755 {} \;
find /usr/share/freeswitch -type d -exec chmod 755 {} \;
find /var/www/html -type d -exec chmod 755 {} \;
find /var/log/astpp -type d -exec chmod 755 {} \;

# File permissions to 664 (u=rw,g=rw,o=r)
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/html -type f -exec chmod 664 {} \;
find /var/log/astpp -type d -exec chmod 664 {} \;

Configure php-fpm

sed -i "s/;request_terminate_timeout = 0/request_terminate_timeout = 300/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s#short_open_tag = Off#short_open_tag = On#g" /etc/php/7.3/fpm/php.ini
sed -i "s#;cgi.fix_pathinfo=1#cgi.fix_pathinfo=1#g" /etc/php/7.3/fpm/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 3000/" /etc/php/7.3/fpm/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /etc/php/7.3/fpm/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /etc/php/7.3/fpm/php.ini
sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.3/fpm/php.ini

systemctl restart php7.3-fpm
systemctl restart nginx

Configure firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld

firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Test Freeswitch console

If fs_cli command is not working change the following line.

nano +4 /etc/freeswitch/autoload_configs/event_socket.conf.xml

<param name="listen-ip" value="127.0.0.1"/>

systemctl restart freeswitch

Browse to control panel

https://x.x.x.x

username: admin
password: admin

The  443 listening port can be changed at /var/lib/astpp/astpp-config.conf and  /etc/nginx/sites-available/astpp.conf. Remember to change the port on the firewall as well.  If accessing by DNS name change the IP to the DNS name.

User documentation is located at the following link
https://docs.astppbilling.org/display/itplmars/Overview+of+ASTPP

This guide covers the installation of the ASTPP VoIP billing and Freeswitch applications.  ASTPP is installed manually from source.  Freeswitch is installed from deb packages.

Tested using the following software:

• Debian v9 (Stretch) x64 minimal install
• ASTPP v5.0
• Freeswitch v1.10
• Nginx v1.10
• PHP v7.3
• MySQL v8
  

   

Call Flow

Outbound

Inbound

Prerequisites

Verify locale is set to en US.UTF-8.

locale

If it is not then set it now.  You may also set your own UTF-8 locale if not in the US.

# Select en_US.UTF-8 UTF-8
apt -y install locales && dpkg-reconfigure locales

Log out/in or close/open shell for changes to take effect. 

Install prerequisite packages

apt update && apt -y upgrade && apt -y remove apache2

apt -y install software-properties-common

add-apt-repository 'deb http://security.debian.org/debian-security/ stretch/updates main contrib'

apt update && apt -y install git nano dbus sudo nginx wget curl sqlite3 haveged ghostscript lsb-release libtiff5-dev libtiff-tools at dirmngr postfix gawk dnsutils openssl ntp unixodbc unixodbc-bin net-tools whois sensible-mda mlocate vim gettext fail2ban ntpdate ntp lua5.1 bc libxml2 libxml2-dev openssl libcurl4-openssl-dev gettext gcc g++ gnupg2

Postfix

If a postfix configuration wizard pops up you can select the default Internet Site and also the default mail name.  These settings can be manually changed later in /etc/postfix/main.cf.

PHP

# install this section one line at a time.

apt -y install apt-transport-https ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"> /etc/apt/sources.list.d/php.list

apt update && apt -y install php7.3 php7.3-fpm php7.3-gd php7.3-opcache php7.3-cli php7.3-common php7.3-curl php7.3-sqlite3 php7.3-odbc php7.3-mysql php7.3-xml php7.3-json php7.3-mbstring php7.3-readline php7.3-imap

MySQL

Configure

# Confirm MySQL Server & Cluster (mysql-8.0) is currently selected
cd /opt && wget https://repo.mysql.com/mysql-apt-config_0.8.13-1_all.deb
dpkg -i mysql-apt-config_0.8.13-1_all.deb

Install MySQL

# You can leave root password blank
# IMPORTANT:Select "Use Legacy Authentication" when asked

apt update && apt -y install mysql-server

Install ODBC

wget https://dev.mysql.com/get/Downloads/Connector-ODBC/8.0/mysql-connector-odbc_8.0.22-1debian9_amd64.deb
dpkg -i mysql-connector-odbc_8.0.22-1debian9_amd64.deb

Disable Selinux

Check status

sestatus

If the command is found and is not disabled, set SELINUX=disabled in /etc/selinux/config.  Requires reboot for changes to take effect.

sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Disable Firewall

It is sometimes helpful to disable the firewall during installation.

systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables

Timezone

## FIND YOUR TIMEZONE
tzselect

## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver

## CHECK TIMEZONE
​timedatectl status

systemctl restart rsyslog

Install

Freeswitch

wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/debian-release/ $(lsb_release -sc) main"> \
/etc/apt/sources.list.d/freeswitch.list

apt update && apt -y install freeswitch-meta-all

ASTPP

# Set MySQL user ${USER_PASSWORD} variable.  This is used muliple times in this section.
USER_PASSWORD=somepassword

# If you have set a MySQL root password assign it here.
# If you left it blank just hit ENTER when asked.
MYSQL_PASSWORD=existingmysqlpassword

cd /opt && git clone -b v5.0 https://github.com/iNextrix/ASTPP.git

Configure MySQL

mysql -p${MYSQL_PASSWORD} -e "CREATE DATABASE astpp;"
mysql -p${MYSQL_PASSWORD} -e "CREATE USER 'astppuser'@'localhost' IDENTIFIED BY '${USER_PASSWORD}';"
mysql -uroot -p${MYSQL_PASSWORD} -e "ALTER USER 'astppuser'@'localhost' \
IDENTIFIED WITH mysql_native_password BY '${USER_PASSWORD}';"
mysql -p${MYSQL_PASSWORD} -e "GRANT ALL PRIVILEGES ON astpp.* TO 'astppuser'@'localhost' WITH GRANT OPTION;"
mysql -p${MYSQL_PASSWORD} -e "FLUSH PRIVILEGES;"

cd /opt && cp ASTPP/misc/odbc/deb_odbc.ini /etc/odbc.ini
sed -i "s#\(^PASSWORD\).*#PASSWORD = ${USER_PASSWORD}#g" /etc/odbc.ini

sed -i '33i wait_timeout=600' /etc/mysql/mysql.conf.d/mysqld.cnf
sed -i '33i interactive_timeout = 600' /etc/mysql/mysql.conf.d/mysqld.cnf
sed -i '33i sql_mode=""' /etc/mysql/mysql.conf.d/mysqld.cnf

systemctl restart mysql

Install ASTPP DB

# This may run for a few minutes and should not be interrupted.
mysql -p${MYSQL_PASSWORD} astpp < ASTPP/database/astpp-5.0.sql

# If you get a datetime error on this step try restart mysql
mysql -p${MYSQL_PASSWORD} astpp < ASTPP/database/astpp-5.0.1.sql

Test odbc driver

odbcinst -s -q

Test odbc connection

isql -v astpp astppuser ${USER_PASSWORD} 
quit

Configure Freeswitch

cd /opt
mv /usr/share/freeswitch/scripts /tmp/.
ln -s /opt/ASTPP/freeswitch/fs/ /var/www/html
ln -s /opt/ASTPP/freeswitch/scripts/ /usr/share/freeswitch
cp -rf ASTPP/freeswitch/sounds/*.wav /usr/share/freeswitch/sounds/en/us/callie/

rm -rf /etc/freeswitch/dialplan/*
touch /etc/freeswitch/dialplan/astpp.xml
rm -rf /etc/freeswitch/directory/*
touch /etc/freeswitch/directory/astpp.xml
rm -rf /etc/freeswitch/sip_profiles/*
touch /etc/freeswitch/sip_profiles/astpp.xml

Configure ASTPP

cd /opt
mkdir -p /usr/local/astpp
mkdir -p /var/log/astpp
mkdir -p /var/lib/astpp
cp ASTPP/config/astpp-config.conf /var/lib/astpp/astpp-config.conf
cp ASTPP/config/astpp.lua /var/lib/astpp/astpp.lua

Configure web server

ln -s /opt/ASTPP/web_interface/astpp/ /var/www/html
cp ASTPP/web_interface/nginx/deb_astpp.conf /etc/nginx/sites-available/astpp.conf
cp ASTPP/web_interface/nginx/deb_fs.conf /etc/nginx/sites-available/fs.conf

ln -s /etc/nginx/sites-available/astpp.conf /etc/nginx/sites-enabled/astpp.conf 
ln -s /etc/nginx/sites-available/fs.conf /etc/nginx/sites-enabled/fs.conf 
rm /etc/nginx/sites-enabled/default

# Just press ENTER to use defaults for all the questions
mkdir -p /etc/nginx/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

# Add nginx log files
touch /var/log/nginx/astpp_access.log
touch /var/log/nginx/astpp_error.log
touch /var/log/nginx/fs_access.log
touch /var/log/nginx/fs_error.log

Add ASTPP log files

touch /var/log/astpp/astpp.log
touch /var/log/astpp/astpp_email.log

Configure ASTPP Freeswitch files

# Copy
cp -rf ASTPP/freeswitch/conf/autoload_configs/* /etc/freeswitch/autoload_configs/

# Configure
SWITCH_CONF=/etc/freeswitch/autoload_configs/switch.conf.xml
sed -i "s#max-sessions\" value=\"1000#max-sessions\" value=\"2000#g" ${SWITCH_CONF}
sed -i "s#sessions-per-second\" value=\"30#sessions-per-second\" value=\"50#g" ${SWITCH_CONF}
sed -i "s#max-db-handles\" value=\"50#max-db-handles\" value=\"500#g" ${SWITCH_CONF}
sed -i "s#db-handle-timeout\" value=\"10#db-handle-timeout\" value=\"30#g" ${SWITCH_CONF}

Configure ASTPP DB access

SERVER_IP=$(ifconfig | sed -En 's/127.0.0.*//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
sed -i "s#\(^dbname\).*#dbname = astpp#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbuser\).*#dbuser = astppuser#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^dbpass\).*#dbpass = ${USER_PASSWORD}#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^base_url\).*#base_url = https://${SERVER_IP}/#" /var/lib/astpp/astpp-config.conf
sed -i "s#\(^DB_USERNAME\).*#DB_USERNAME = \"astppuser\"#" /var/lib/astpp/astpp.lua
sed -i "s#\(^DB_PASSWD\).*#DB_PASSWD = \"${USER_PASSWORD}\"#" /var/lib/astpp/astpp.lua

Enable MySQL module on Freeswitch

nano /etc/freeswitch/autoload_configs/pre_load_modules.conf.xml

<configuration name="pre_load_modules.conf" description="Modules">
  <modules>
    <!-- Databases -->
    <load module="mod_mariadb"/>
  </modules>
</configuration>

CRON

crontab -u www-data -e

# Call all crons
* * * * * cd /opt/ASTPP/web_interface/astpp/cron/ && /usr/bin/php cron.php crons

Systemd

Create unit file.

systemctl stop freeswitch
rm -r /run/freeswitch
nano /etc/systemd/system/freeswitch.service

[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target mysql.service

[Service]
Type=forking
RuntimeDirectory=freeswitch
PIDFile=/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-ncwait -nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/bin/freeswitch $DAEMON_OPTS
TimeoutSec=45s
Restart=always

User=www-data
Group=www-data
LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
LimitSTACK=250000
LimitRTPRIO=infinity
LimitRTTIME=infinity
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUSchedulingPriority=89
UMask=0007

; Comment this out if using OpenVZ
CPUSchedulingPolicy=rr

[Install]
WantedBy=multi-user.target

Create environment file.

cat >> /etc/default/freeswitch << EOF
# Uncommented variables will override variables in unit file
# User=""
# Group=""
# DAEMON_OPTS=""

EOF

Set ownership and permissions

Run this any time there are any changes/moves/adds/upgrades or if experiencing problems.

# Ownership www-data
chown -R www-data. /etc/freeswitch /var/lib/freeswitch \
/var/log/freeswitch /usr/share/freeswitch \
/var/log/astpp /var/log/nginx /opt/ASTPP

# Directory permissions to 755 (u=rwx,g=rx,o='rx')
find /etc/freeswitch -type d -exec chmod 755 {} \;
find /var/lib/freeswitch -type d -exec chmod 755 {} \;
find /var/log/freeswitch -type d -exec chmod 755 {} \;
find /usr/share/freeswitch -type d -exec chmod 755 {} \;
find /opt/ASTPP -type d -exec chmod 755 {} \;
find /var/log/astpp -type d -exec chmod 755 {} \;
find /var/lib/astpp -type d -exec chmod 755 {} \;

# File permissions to 777(u=rwx,g=rwx,o=rwx)
find /var/log/astpp -type f -exec chmod 777 {} \;

# File permissions to 644 (u=rw,g=r,o=r)
find /etc/freeswitch -type f -exec chmod 644 {} \;
find /var/lib/freeswitch -type f -exec chmod 644 {} \;
find /var/log/freeswitch -type f -exec chmod 644 {} \;
find /usr/share/freeswitch -type f -exec chmod 644 {} \;
find /opt/ASTPP -type f -exec chmod 644 {} \;
find /var/lib/astpp -type f -exec chmod 644 {} \;

Configure php-fpm

sed -i "s/;request_terminate_timeout = 0/request_terminate_timeout = 300/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s#short_open_tag = Off#short_open_tag = On#g" /etc/php/7.3/fpm/php.ini
sed -i "s#;cgi.fix_pathinfo=1#cgi.fix_pathinfo=1#g" /etc/php/7.3/fpm/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 3000/" /etc/php/7.3/fpm/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /etc/php/7.3/fpm/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /etc/php/7.3/fpm/php.ini
sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.3/fpm/php.ini

systemctl restart php7.3-fpm
systemctl restart nginx

Configure firewall

apt -y install firewalld
systemctl enable firewalld
systemctl start firewalld

firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,5061}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --reload
firewall-cmd --list-all

Configure log rotation

sed -i -e 's/daily/size 30M/g' /etc/logrotate.d/rsyslog
sed -i -e 's/weekly/size 30M/g' /etc/logrotate.d/rsyslog
sed -i -e 's/rotate 7/rotate 5/g' /etc/logrotate.d/rsyslog
sed -i -e 's/weekly/size 30M/g' /etc/logrotate.d/php7.3-fpm
sed -i -e 's/rotate 12/rotate 5/g' /etc/logrotate.d/php7.3-fpm
sed -i -e 's/daily/size 30M/g' /etc/logrotate.d/nginx
sed -i -e 's/rotate 14/rotate 5/g' /etc/logrotate.d/nginx
sed -i -e 's/weekly/size 30M/g' /etc/logrotate.d/fail2ban

Enable services

systemctl daemon-reload
systemctl enable freeswitch
systemctl restart freeswitch

Test Freeswitch console

If fs_cli command is not working change the following line.

nano +4 /etc/freeswitch/autoload_configs/event_socket.conf.xml

<param name="listen-ip" value="127.0.0.1"/>

systemctl restart freeswitch

Browse to control panel

https://x.x.x.x

username: admin
password: admin

The  443 listening port can be changed at /var/lib/astpp/astpp-config.conf and  /etc/nginx/sites-available/astpp.conf. Remember to add the port on the firewall as well.  If accessing by DNS name change the IP to the DNS name in /var/lib/astpp/astpp-config.conf.

User documentation is located at the following link
https://docs.astppbilling.org/display/itplmars/Overview+of+ASTPP

Troubleshooting

The primary ways to troubleshoot are to watch the fs_cli command line in real time or to scan the log files, some of which duplicate that info.  The fs_cli info is logged in /var/log/freeswitch.log. 

When troubleshooting it is also sometimes helpful to enable debugging.  There are at least 4 separate debugging settings in ASTPP. 

The first place to start would usually be to set

/opt/ASTPP/web_interface/astpp/application/config/config.php > $config['log_threshold'] = 4

This will cause a date stamped log file to be created at

/opt/ASTPP/web_interface/astpp/application/log

which shows all the PHP code being initialized and any errors in that code.   This should only be enabled temporarily as the log files are not automatically deleted.  There may also be some sensitive information in those files.

The second debugger is in the GUI at

Configuration > Settings > Calls  > Debug

This will enable logging to /var/log/astpp.log and will show the variables being passed to freeswitch from the database.

The 3rd debugger is located in the GUI at

Switch > SIP Profiles > default > sip-trace 

If changed to yes and adding another setting tracelevel = debug you can trace SIP traffic.

Lastly, you can enable php debugging by going to 

/opt/ASTPP/web_interface/astpp/index.php

and set define ( 'ENVIRONMENT', 'development' ).  This allows you to see the PHP errors in a web browser as they happen instead of just in the log files.