This guide covers the installation of Asterisk® from source on CentOS. Changes compared to previous guides include the use of CentOS v7 and Freepbx v13.
Tested on:
CentOS v7 64 bit
Asterisk v13
Freepbx v13
Assumptions:
Console text mode (multi-user.target)
Installation done as root user (#)
1. Install Prerequisites
Ensure all required packages are installed.
yum -y update && yum -y groupinstall core && yum -y groupinstall base && yum -y install epel-release
yum -y install automake gcc gcc-c++ ncurses-devel openssl-devel libxml2-devel unixODBC-devel libcurl-devel libogg-devel libvorbis-devel speex-devel spandsp-devel freetds-devel net-snmp-devel iksemel-devel corosynclib-devel newt-devel popt-devel libtool-ltdl-devel lua-devel sqlite-devel radiusclient-ng-devel portaudio-devel neon-devel libical-devel openldap-devel gmime-devel mysql-devel bluez-libs-devel jack-audio-connection-kit-devel gsm-devel libedit-devel libuuid-devel jansson-devel libsrtp-devel git subversion libxslt-devel kernel-devel audiofile-devel gtk2-devel libtiff-devel libtermcap-devel ilbc-devel bison php php-mysql php-process php-pear php-mbstring php-xml php-gd tftp-server httpd sox tzdata mysql-connector-odbc mariadb mariadb-server fail2ban jwhois xmlstarlet ghostscript libtiff-tools python-devel patch
## Legacy pear requirement
pear install Console_getopt
Disable Selinux
Check status
sestatus
If not disabled, set SELINUX=disabled in /etc/selinux/config. Requires reboot for changes to take effect.
sed -i ‘s/\(^SELINUX=\).*/\SELINUX=disabled/’ /etc/selinux/config
Timezone
Use tzselect to find the correct timezone.
tzselect
## SET TIMEZONE EXAMPLE
timedatectl set-timezone America/Vancouver
timedatectl status
Reboot
To ensure the changes/additions are active.
reboot
2. Download and install source files
DAHDI
Only required if using a physical server and installing telecom hardware.
cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
tar zxvf dahdi-linux-complete*
cd /usr/src/dahdi-linux-complete*/
make all && make install && make config
systemctl start dahdi
If make all fails try reboot and run yum -y install kernel-devel .
PJSIP
This separate PJSIP install is optional since Asterisk v13.8. If asterisk is compiled with the –-with-pjproject-bundled flag, this separate install will be ignored.
cd /usr/src
wget http://www.pjsip.org/release/2.5.5/pjproject-2.5.5.tar.bz2
tar -xjvf pjproject-2.5*
cd /usr/src/pjproject-2.5*/
make distclean
./configure –prefix=/usr –libdir=/usr/lib64 –enable-shared –disable-sound –disable-resample \
–disable-video –disable-opencore-amr CFLAGS=’-O2 -DNDEBUG’
make uninstall && ldconfig && make dep && make && make install && ldconfig
To verify type ldconfig -p | grep pj which should show several linked *.so files in /usr/lib64.
Asterisk
cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar zxvf asterisk-13-current.tar.gz
cd /usr/src/asterisk-13*/
make distclean
./configure –libdir=/usr/lib64 –with-pjproject-bundled
To verify type nano -v config.log.
cd /usr/src/asterisk-13*/
make menuselect.makeopts
#To select compile options manually from menu run make menuselect instead of the following command.
#To list command line options run menuselect/menuselect –list-options
#If Asterisk fails to run on a virtual machine try add “–disable BUILD_NATIVE”
#To add asterisk realtime for applications such as A2billing add “–enable res_config_mysql”
menuselect/menuselect –enable cdr_mysql –enable EXTRA-SOUNDS-EN-GSM menuselect.makeopts
Create Asterisk user, compile, install, and set ownership.
adduser asterisk -s /sbin/nologin -c “Asterisk User”
make && make install && chown -R asterisk. /var/lib/asterisk
Freepbx
systemctl start mariadb
cd /usr/src
git clone -b release/13.0 https://github.com/FreePBX/framework.git freepbx
cd /usr/src/freepbx
./start_asterisk start
./install -n
# Minimal module install
fwconsole ma upgrade framework core voicemail sipsettings infoservices \
featurecodeadmin logfiles callrecording cdr dashboard music conferences
fwconsole restart
fwconsole reload
fwconsole chown
Post install tasks are mandatory.
3. Post-install tasks
Lock down the database server.
mysql_secure_installation
Answer Y to everything.
Change apache web server settings.
sed -i ‘s/\(^upload_max_filesize = \).*/\120M/’ /etc/php.ini
sed -i ‘s/^\(User\|Group\).*/\1 asterisk/’ /etc/httpd/conf/httpd.conf
sed -i ‘:a;N;$!ba;s/AllowOverride None/AllowOverride All/2’ /etc/httpd/conf/httpd.conf
Enable access to services and ports.
firewall-cmd –permanent –zone=public –add-service={http,https}
firewall-cmd –permanent –zone=public –add-port=5060-5061/tcp
firewall-cmd –permanent –zone=public –add-port=5060-5061/udp
firewall-cmd –permanent –zone=public –add-port=10000-20000/udp
Set database and web server to start on boot.
systemctl enable mariadb
systemctl enable httpd
Set Freepbx to start on boot.
nano /etc/systemd/system/freepbx.service
[Unit]
Description=Freepbx
After=mariadb.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/fwconsole start
ExecStop=/usr/sbin/fwconsole stop
[Install]
WantedBy=multi-user.target
systemctl enable freepbx
CDR ODBC
If the deprecated cdr_mysql.so module is installed then this is optional, but still recommended.
nano /etc/odbc.ini
[MySQL-asteriskcdrdb]
Description=MySQL connection to ‘asteriskcdrdb’ database
driver=MySQL
server=localhost
database=asteriskcdrdb
Port=3306
Socket=/var/lib/mysql/mysql.sock
option=3
Use username & password in /etc/asterisk/res_odbc_additional.conf to test connectivity to the DB via ODBC. For this example we are using username asteriskuser and password amp109
isql -v MySQL-asteriskcdrdb asteriskuser amp109
Finally reboot for all changes to take effect
reboot
4. Optional
Log File Rotation
If this is not done the log files will keep growing indefinitely.
nano /etc/logrotate.d/asterisk
/var/spool/mail/asterisk
/var/log/asterisk/*log
/var/log/asterisk/full
/var/log/asterisk/dtmf
/var/log/asterisk/freepbx_dbug
/var/log/asterisk/fail2ban {
weekly
missingok
rotate 4
#compress
notifempty
sharedscripts
create 0640 asterisk asterisk
postrotate
/usr/sbin/asterisk -rx ‘logger reload’ > /dev/null 2> /dev/null || true
endscript
su root root
}
TFTP
If you plan to use hardware SIP phones you will probably want to set up TFTP.
yum -y install tftp-server
nano /etc/xinetd.d/tftp
change server_args = -s /var/lib/tftpboot
to server_args = -s /tftpboot
change disable=yes
to disable=no
mkdir /tftpboot
chmod 777 /tftpboot
systemctl restart xinetd
firewall-cmd –permanent –zone=public –add-port=69/udp
firewall-cmd –reload
MPG123
This is used in combination with sox to convert uploaded mp3 files to Asterisk compatible wav files.
cd /usr/src
wget http://ufpr.dl.sourceforge.net/project/mpg123/mpg123/1.22.4/mpg123-1.22.4.tar.bz2
tar -xjvf mpg123*
cd mpg123*/
./configure –prefix=/usr –libdir=/usr/lib64 && make && make install && ldconfig
Digum addons
To register digium® licenses.
cd /usr/src
wget http://downloads.digium.com/pub/register/linux/register
chmod +x register
./register
To install the individual addons refer to the README files and ignore the register instructions.
http://downloads.digium.com/pub/telephony/codec_g729/README
http://downloads.digium.com/pub/telephony/res_digium_phone/README
http://downloads.digium.com/pub/telephony/fax/README
http://downloads.digium.com/pub/telephony/hpec/README
Password protect http access
A simple way to block scanners looking for exploits on apache web servers.
mkdir -p /usr/local/apache/passwd
htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername
htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername
nano /var/www/html/.htaccess
# .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf
AuthType Basic
AuthName “Restricted Access”
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
Alternatively, the above .htaccess config can be added to /etc/httpd/conf/httpd.conf or as a separate file in /etc/httpd/conf.d/ as follows.
<Directory /var/www/html>
AuthType Basic
AuthName “Restricted Area”
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require valid-user
</Directory>
Whitelist protect http access
If http access is only required from certain IP addresses.
nano /etc/httpd/conf.d/whitelist.conf
<Location />
<RequireAny>
## Uncomment the following line to disable the whitelist
#Require all granted
Require ip x.x.x.x
Require ip x.x.x.x x.x.x.x x.x.x.x
Require ip x.x
Require ip x.x.x.0/255.255.255.0
Require host somedomain.com
#
## See http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html for more examples
#
</RequireAny>
</Location>
