My trials of installing FreePBX
-
Not really understanding what Fail2ban did I found this helpful guide.
http://lintut.com/easy-steps-to-install-fail2ban-on-centos-6-5-protect-sshftp-using-fail2ban/I re enabled IPTables (the original instructions have you disable them) and of course my website was no longer reachable.
-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPTare added to /etc/sysconfig/iptables.
OK now I reach the website, but the homepage indicated that it wasn't right and directed me to
http://wiki.freepbx.org/display/F2/Webserver+OverridesSo I edited /etc/httpd/conf/httpd.conf
searched for "<Directory "/var/www/html">" and changed AllowOverride from None to All
and restarted the httpd service.OK that's fixed.
-
After logging into the web page I notice that asterisk isn't running, or at least not connecting.
After some digging around I found out (more like remembered) I didn't disable SELinux as the original instructions stated, so asterisk wasn't working correctly. Disabling SELinux solved this.
Now I'm presented with
Some searches have lead to a possible explanation that apache might not be running as the user asterisk or I have another permissions problem.
-
OK three copies of retrieve_conf on the system.
./usr/src/freepbx/amp_conf/bin/retrieve_conf
./var/lib/asterisk/sounds/freepbx/amp_conf/bin/retrieve_conf
./var/lib/asterisk/bin/retrieve_confthe first being the install archive
and the third probably being the only one I care about for now.Check the permissions
ls -l retrieve_conf
[root@c1115759-27921 bin]# ls -l retrieve_conf
-rwxrwxr-x. 1 asterisk asterisk 37356 Apr 6 17:55 retrieve_confThat looks OK.
-
Try executing retrieve_conf
./retrieve_conf
[root@c1115759-27921 bin]# ./retrieve_conf
hostname: Unknown host
found language dir fr for directory, not installed on system, skipping
Added to globals: ASTETCDIR = /etc/asterisk
Added to globals: ASTMODDIR = /usr/lib/asterisk/modules
Added to globals: ASTVARLIBDIR = /var/lib/asterisk
Added to globals: ASTAGIDIR = /var/lib/asterisk/agi-bin
Added to globals: ASTSPOOLDIR = /var/spool/asterisk
Added to globals: ASTRUNDIR = /var/run/asterisk
Added to globals: ASTLOGDIR = /var/log/asterisk
Added to globals: CWINUSEBUSY = true
Added to globals: AMPMGRUSER = admin
Added to globals: AMPMGRPASS = amp111
Added to globals: AMPDBENGINE = mysql
Added to globals: AMPDBHOST = localhost
Added to globals: AMPDBNAME = asterisk
Added to globals: AMPDBUSER = asteriskuser
Added to globals: AMPDBPASS = amp109
Added to globals: VMX_CONTEXT = from-internal
Added to globals: VMX_PRI = 1
Added to globals: VMX_TIMEDEST_CONTEXT =
Added to globals: VMX_TIMEDEST_EXT = dovm
Added to globals: VMX_TIMEDEST_PRI = 1
Added to globals: VMX_LOOPDEST_CONTEXT =
Added to globals: VMX_LOOPDEST_EXT = dovm
Added to globals: VMX_LOOPDEST_PRI = 1
Added to globals: MIXMON_DIR =
Added to globals: MIXMON_POST =
Added to globals: DIAL_OPTIONS = Ttr
Added to globals: TRUNK_OPTIONS = Tt
Added to globals: TRUNK_RING_TIMER = 300
Added to globals: MIXMON_FORMAT = wav
Added to globals: REC_POLICY = caller
Added to globals: RINGTIMER_DEFAULT = 15
Added to globals: TRANSFER_CONTEXT = from-internal-xfer
Please update your modules and reload Asterisk by browsing to your server. -
Please update your modules and reload Asterisk by browsing to your server.
OK time to update
yum updateUpdating:
krb5-devel x86_64 1.10.3-37.el6_6 updates 499 k
krb5-libs x86_64 1.10.3-37.el6_6 updates 766 kthese don't 'look' to be related to asterisk or FreePBX ?
-
@Dashrender said:
Please update your modules and reload Asterisk by browsing to your server.
OK time to update
yum updateUpdating:
krb5-devel x86_64 1.10.3-37.el6_6 updates 499 k
krb5-libs x86_64 1.10.3-37.el6_6 updates 766 kthese don't 'look' to be related to asterisk or FreePBX ?
Kerberos are security libraries.
-
OK found how to update FreePBX,
from the webpage Admin tab at top, Module Admin about 2/3 down, then click the button for it to search for updates, then Process them.
-
OK weird - i'm still getting the same error as listed above, but what's even weirder is that the time hasn't changed. I've installed the two update from yum and there were 3 modules in FreePBX that needed updating, did that (also reinstalled CID - removed it earlier to solve the asterisk problem)
Will the error report continue to show me errors even if they are cleared? Do I just have to click the Ignore this button?
Also, under summary near the top of the page, Asterisk has a yellow triangle with an explanation mark in it, but when I hover over it, it says Asterisk has been up for less than 10 mins, and then lists how long it's actually been up - is this an issue?
-
While I wait for a few answer about that I'm moving on.
I've created a user with an extension - easy enough.... but when I try to connect a Zioper softphone to it using username = ext, password (created by FPBX - really long) Domain = IP of FPBX
I won't connect - We are sorry, we are unable to connect to your PBX with the information you provided.
-
Check the firewall.
-
Use netstat -tulpn to see what is listening.
-
[root@c1115759-27921 ~]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1418/sshd
tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN 2548/asterisk
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1683/sendmail
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1564/mysqld
tcp 0 0 0.0.0.0:5038 0.0.0.0:* LISTEN 2548/asterisk
tcp 0 0 :::22 :::* LISTEN 1418/sshd
tcp 0 0 :::80 :::* LISTEN 1733/httpd
udp 0 0 0.0.0.0:5060 0.0.0.0:* 2548/asterisk
udp 0 0 0.0.0.0:5061 0.0.0.0:* 2548/asterisk
udp 0 0 0.0.0.0:4569 0.0.0.0:* 2548/asterisk
udp 0 0 0.0.0.0:51326 0.0.0.0:* 2548/asteriskMy iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
-A INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -p udp -m udp --dport 4569 -j ACCEPT
-A INPUT -p udp -m udp --dport 5036 -j ACCEPT
-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT -
Not having any luck getting my extensions to connect I've decided to start over and document even better this time.
Again starting with a C@C Dev3 CentOS 6.5 box.
Following http://wiki.freepbx.org/display/HTGS/Installing+FreePBX+12+on+CentOS+6.5
Time to disable selinux
sed -i 's/(^SELINUX=)./\SELINUX=disabled/' /etc/sysconfig/selinux*reboot and check status with sestatus which shows
SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targetedUh - Houston, we have a problem. Let's look at /etc/sysconfig/selinux
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted </code></pre>OK this matches the instructions, but isn't working. Google tells me that I need to change a different file to disable selinux. http://www.shayanderson.com/linux/disable-selinux-on-centos-6.htm
This page tells me I need to change SELINUX=disabled in /etc/selinux/config
They also mention using getenforce as well as sestatus to check the status of selinux.Success! Upon rebooting after changing /etc/selinux/config I see
SELinux status: disabledTime to update the system
yum -y update yum groupinstall core yum groupinstall baseI'll be back in an hour or so after this is done.
-
Interrupted by the day job.
OK updates installed.. now to install some additional packages.
yum install gcc gcc-c++ lynx bison mysql-devel mysql-server php php-mysql php-pear php-mbstring tftp-server httpd make ncurses-devel libtermcap-devel sendmail sendmail-cf caching-nameserver sox newt-devel libxml2-devel libtiff-devel audiofile-devel gtk2-devel subversion kernel-devel git subversion kernel-devel php-process crontabs cronie cronie-anacron wget vim php-xml uuid-devel libtool sqlite-devel -
Why are you installing a compiler? What are you going to compile?
-
Because the instructions tell me to...
There are several make commands in these setup instructions... is that compiling?
-
Check the status of iptables and disable them for now to make setup easier. (not my idea, the instructions idea).
chkconfig iptables --list
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:offIt was already off (seems odd, but must be the default for C@C)
SQL setup time
chkconfig --level 345 mysqld on service mysqld startOutput
Initializing MySQL database: WARNING: The host 'c1107372-7807.cloudatcost.com' could not be looked up with resolveip. This probably means that your libc libraries are not 100 % compatible with this binary MySQL version. The MySQL daemon, mysqld, should work normally with the exception that host name resolving will not work. This means that you should use IP addresses instead of hostnames when specifying MySQL privileges ! Installing MySQL system tables... OK Filling help tables... OK To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands: /usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root -h c1107372-7807.cloudatcost.com password 'new-password' Alternatively you can run: /usr/bin/mysql_secure_installation which will also give you the option of removing the test databases and anonymous user created by default. This is strongly recommended for production servers. See the manual for more instructions. You can start the MySQL daemon with: cd /usr ; /usr/bin/mysqld_safe & You can test the MySQL daemon with mysql-test-run.pl cd /usr/mysql-test ; perl mysql-test-run.pl Please report any problems with the /usr/bin/mysqlbug script! [ OK ] Starting mysqld: [ OK ] -
@Dashrender said:
Because the instructions tell me to...
There are several make commands in these setup instructions... is that compiling?
Make is used for a lot of things. But presumably. This seems fishy, though.
-
Onto Apache
chkconfig --level 345 httpd onOutput
Starting httpd: httpd: apr_sockaddr_info_get() failed for c1107372-7807.cloudatcost.com httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName [ OK ]Now for PearDB
pear channel-update pear.php.net pear install db-1.7.14You may receive a warning:
WARNING: "pear/DB" is deprecated in favor of "pear/MDB2"Output
[root@c1107372-7807 ~]# pear channel-update pear.php.net Updating channel "pear.php.net" Update of Channel "pear.php.net" succeeded [root@c1107372-7807 ~]# pear install db-1.7.14 WARNING: "pear/DB" is deprecated in favor of "pear/MDB2" downloading DB-1.7.14.tgz ... Starting to download DB-1.7.14.tgz (133,103 bytes) .............................done: 133,103 bytes install ok: channel://pear.php.net/DB-1.7.14I did receive the notice about pear being deprecated - shouldn't these instructions be updated to use the current software?
And now a reboot.
-
The package would need to be updated, not just the instructions.
