This guide covers the installation of Asterisk® from source on CentOS include the use of Asterisk v12 & v13, Freepbx v12, and the addition of the pjsip library.
1. Tested on:
CentOS v6 32 bit & 64 bit
Asterisk v12 & v13
Freepbx v12
2. Assumptions:
Console text mode (init 3)
Installation done as root user (#)
3. Install Prerequisites
Ensure all required packages are installed.
yum -y update && yum -y groupinstall core && yum -y groupinstall base && yum -y install epel-release
yum -y install automake gcc gcc-c++ ncurses-devel openssl-devel libxml2-devel unixODBC-devel libcurl-devel libogg-devel libvorbis-devel speex-devel spandsp-devel freetds-devel net-snmp-devel iksemel-devel corosynclib-devel newt-devel popt-devel libtool-ltdl-devel lua-devel sqlite-devel radiusclient-ng-devel portaudio-devel libresample-devel neon-devel libical-devel openldap-devel gmime-devel mysql-devel bluez-libs-devel jack-audio-connection-kit-devel gsm-devel libedit-devel libuuid-devel jansson-devel libsrtp-devel git subversion libxslt-devel kernel-devel audiofile-devel gtk2-devel libtiff-devel libtermcap-devel bison php php-mysql php-process php-pear php-mbstring php-xml php-gd tftp-server httpd sox tzdata mysql-connector-odbc mysql-server fail2ban xmlstarlet
Disable firewall
The following commands save any running firewall rules, flush the rules from running memory, and prevent rules from loading on boot.
service iptables save
service iptables stop
chkconfig iptables off
After completing the entire procedure we can load the firewall rules again by running service iptables start and have them load on boot by running chkconfig iptables on.
3. Disable Selinux
Check status
sestatus
If not disabled edit /etc/selinux/config and reboot
SELINUX=disabled
4. Reboot
To ensure any changes/additions up until now such as updated kernel, selinux disable, email etc. are active.
reboot
5. Set Timezone
Enable ntpd to syncronize time with public time servers so that it is always exactly correct.
chkconfig ntpd on
service ntpd start
Copy timezone from this link or use tzselect.
tzselect
Example:
ln -sf /usr/share/zoneinfo/America/Vancouver /etc/localtime
nano /etc/sysconfig/clock
ZONE=”America/Vancouver”
UTC=false
ARC=false
6. Download and install source files
6.1. DAHDI
Only required if using a physical server and installing telecom hardware.
cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
tar zxvf dahdi-linux-complete*
cd /usr/src/dahdi-linux-complete*/
make && make install && make config
service dahdi start
6.2. PJSIP
cd /usr/src
wget http://www.pjsip.org/release/2.4.5/pjproject-2.4.5.tar.bz2
tar -xjvf pjproject-2.4.5*
cd /usr/src/pjproject-2.4.5*/
#If this is a new source install the following command won’t do anything
make distclean
# libdir will be automatically selected
# /usr/lib for 32bit OS
# /usr/lib64 for 64bit OS
ARCH=$(getconf LONG_BIT | grep “64”)
./configure –prefix=/usr –libdir=/usr/lib${ARCH} –enable-shared –disable-sound –disable-resample \
–disable-video –disable-opencore-amr CFLAGS=’-O2 -DNDEBUG’
make uninstall && make dep && make && make install && ldconfig
To verify type ldconfig -p | grep pj which should show several linked *.so files in /usr/lib or /usr/lib64 depending on OS architecture.
6.3. Asterisk
cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar zxvf asterisk-13-current.tar.gz
cd /usr/src/asterisk-13*/
make distclean
ARCH=$(getconf LONG_BIT | grep “64”)
./configure –libdir=/usr/lib${ARCH}
To verify type nano -v config.log.
cd /usr/src/asterisk-13*/
make menuselect.makeopts
#To select compile options manually run make menuselect instead of the following command
#To list command line options run menuselect/menuselect –list-options
#If Asterisk fails to run on a virtual machine try add “–disable BUILD_NATIVE”
#To add asterisk realtime for applications such as A2billing add “–enable res_config_mysql”
menuselect/menuselect –enable cdr_mysql –enable EXTRA-SOUNDS-EN-GSM menuselect.makeopts
Create Asterisk user, compile, install, and set ownership.
adduser asterisk -M -d /var/lib/asterisk -s /sbin/nologin -c “Asterisk User”
make && make install && chown -R asterisk. /var/lib/asterisk
6.4. Freepbx GUI
pear install db-1.7.14
VERSION=12.0
USERNAME=asteriskuser
PASSWORD=amp109
service mysqld start
mysqladmin create asterisk
mysqladmin create asteriskcdrdb
mysql -e “GRANT ALL PRIVILEGES ON asterisk.* TO $USERNAME@localhost IDENTIFIED BY ‘$PASSWORD’;”
mysql -e “GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO $USERNAME@localhost IDENTIFIED BY ‘$PASSWORD’;”
mysql -e “flush privileges;”
cd /usr/src
git clone -b release/$VERSION https://github.com/FreePBX/framework.git freepbx
cd /usr/src/freepbx
./start_asterisk start
mv /var/www/html /var/www/html_orig
./install_amp –installdb –skip-module-install –username $USERNAME –password $PASSWORD
# Press ENTER for all the questions including the incorrect IP address.
Do not be concerned by the warning messages.
# Minimal module install
amportal a ma upgrade framework
amportal a ma upgrade core
amportal a ma upgrade voicemail
amportal a ma upgrade sipsettings
amportal a ma upgrade infoservices
amportal a ma upgrade featurecodeadmin
amportal a ma upgrade logfiles
amportal a ma upgrade callrecording
amportal a ma upgrade cdr
amportal a ma upgrade dashboard
# Optionally install all standard modules
amportal a ma upgrade manager
amportal a ma installall
amportal restart
amportal a reload
amportal chown
If the GUI complains about problems with the framework module or a missing /usr/sbin/amportal file try amportal a ma delete framework followed by amportal a ma upgrade framework.
Post install tasks are mandatory.
7. Post-install tasks
Setting a mysql root password is recommended.
MYSQL_ROOT_PW=abcdef
mysqladmin -u root password “$MYSQL_ROOT_PW”
You will need to provide this password for any further mysql configuration. So instead of using mysql and mysqladmin use mysql -p and mysqladmin -p.
Change webserver default user and group from apache to asterisk.
sed -i ‘s/User apache/User asterisk/’ /etc/httpd/conf/httpd.conf
sed -i ‘s/Group apache/Group asterisk/’ /etc/httpd/conf/httpd.conf
Enable .htaccess files to protect sensitive webserver directories.
sed -i ‘:a;N;$!ba;s/AllowOverride None/AllowOverride All/2’ /etc/httpd/conf/httpd.conf
Prevent external MySQL access.
sed -i ‘2i bind-address=127.0.0.1’ /etc/my.cnf
Set mysql and http servers to start on boot.
chkconfig mysqld on
chkconfig httpd on
Change default “upload_max_filesize” to 20M to allow larger music on hold files.
sed -i ‘s/upload_max_filesize = .*/upload_max_filesize = 20M/’ /etc/php.ini
Set Freepbx to start on boot.
echo ‘/usr/local/sbin/amportal start’ >> /etc/rc.local
Finally reboot for all changes to take effect.
reboot
8. Optional
8.1. Log File Rotation
If this is not done the log files will keep growing indefinitely.
nano /etc/logrotate.d/asterisk
/var/log/asterisk/queue_log
/var/spool/mail/asterisk
/var/log/asterisk/freepbx_debug.log
/var/log/asterisk/messages
/var/log/asterisk/event_log
/var/log/asterisk/full
/var/log/asterisk/dtmf
/var/log/asterisk/fail2ban {
weekly
missingok
rotate 5
#compress
notifempty
sharedscripts
create 0640 asterisk asterisk
postrotate
/usr/sbin/asterisk -rx ‘logger reload’ > /dev/null 2> /dev/null || true
endscript
}
8.2. TFTP
If you plan to use hardware SIP phones you will probably want to set up the tftpboot directory and enable the tftp server.
yum -y install tftp-server
nano /etc/xinetd.d/tftp
change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot
change disable=yes
to disable=no
mkdir /tftpboot
chmod 777 /tftpboot
service xinetd restart
8.3. MPG123
This is used in combination with sox to convert uploaded mp3 music on hold files to Asterisk compatible wav files.
cd /usr/src
wget http://ufpr.dl.sourceforge.net/project/mpg123/mpg123/1.21.0/mpg123-1.21.0.tar.bz2
tar -xjvf mpg123*
cd mpg123*/
ARCH=$(getconf LONG_BIT | grep “64”)
./configure –prefix=/usr –libdir=/usr/lib${ARCH} && make && make install && ldconfig
8.4. Digum addons
To register digium® licenses. Although there is a freepbx module for this it did not appear to be working properly at the time this procedure was written.
cd /usr/src
wget http://downloads.digium.com/pub/register/linux/register
chmod +x register
./register
To install the individual addons refer to the README files and ignore the register instructions.
http://downloads.digium.com/pub/telephony/codec_g729/README
http://downloads.digium.com/pub/telephony/res_digium_phone/README
http://downloads.digium.com/pub/telephony/fax/README
http://downloads.digium.com/pub/telephony/hpec/README
8.5. Password protect http access
A simple way to block scanners looking for exploits on apache web servers. This assumes the GUI does not need anonymous access. Also prevents any added load on the server as a result of scanning.
mkdir -p /usr/local/apache/passwd
htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername
htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername
nano /var/www/html/.htaccess
# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf
AuthType Basic
AuthName “Restricted Access”
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
Alternatively, the above can be added in /etc/httpd/conf/httpd.conf as follows.
<Directory /var/www/html>
AuthType Basic
AuthName “Restricted Area”
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
</Directory>
8.6. Whitelist protect http access
If http access is only required from certain IP addresses.
nano /etc/httpd/conf.d/whitelist.conf
<Location />
Order Deny,Allow
Deny from all
#
Allow from x.x.x.x
Allow from x.x.x.x x.x.x.x x.x.x.x
Allow from somedomain.com
Allow from x.x
Allow from x.x.x.0/255.255.255.0
#
#See http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html for more examples
#
</Location>