This guide covers the installation of Asterisk® from source on CentOS. Changes compared to previous guides include the use of CentOS v7 and Freepbx v13. Tested on: CentOS v7 64 bit Asterisk v13 Freepbx v13 Assumptions: Console text mode [multi-user.target] Installation done as root user [#] 1. Install Prerequisites Ensure all required packages are installed. yum -y update && yum -y groupinstall core && yum -y groupinstall base && yum -y install epel-release yum -y install automake gcc gcc-c++ ncurses-devel openssl-devel libxml2-devel unixODBC-devel libcurl-devel libogg-devel libvorbis-devel speex-devel spandsp-devel freetds-devel net-snmp-devel iksemel-devel corosynclib-devel newt-devel popt-devel libtool-ltdl-devel lua-devel sqlite-devel radiusclient-ng-devel portaudio-devel neon-devel libical-devel openldap-devel gmime-devel mysql-devel bluez-libs-devel jack-audio-connection-kit-devel gsm-devel libedit-devel libuuid-devel jansson-devel libsrtp-devel git subversion libxslt-devel kernel-devel audiofile-devel gtk2-devel libtiff-devel libtermcap-devel ilbc-devel bison php php-mysql php-process php-pear php-mbstring php-xml php-gd tftp-server httpd sox tzdata mysql-connector-odbc mariadb mariadb-server fail2ban jwhois xmlstarlet ghostscript libtiff-tools python-devel patch ## Legacy pear requirement pear install Console_getopt Disable Selinux Check status sestatus If not disabled, set SELINUX=disabled in /etc/selinux/config. Requires reboot for changes to take effect. sed -i ‘s/\[^SELINUX=\].*/\SELINUX=disabled/’ /etc/selinux/config Timezone Use tzselect to find the correct timezone. tzselect ## SET TIMEZONE EXAMPLE timedatectl set-timezone America/Vancouver timedatectl status Reboot To ensure the changes/additions are active. reboot 2. Download and install source files DAHDI Only required if using a physical server and installing telecom hardware. cd /usr/src wget //downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz tar zxvf dahdi-linux-complete* cd /usr/src/dahdi-linux-complete*/ make all && make install && make config systemctl start dahdi If make all fails try reboot and run yum -y install kernel-devel . PJSIP This separate PJSIP install is optional since Asterisk v13.8. If asterisk is compiled with the –-with-pjproject-bundled flag, this separate install will be ignored. cd /usr/src wget //www.pjsip.org/release/2.5.5/pjproject-2.5.5.tar.bz2 tar -xjvf pjproject-2.5* cd /usr/src/pjproject-2.5*/ make distclean ./configure –prefix=/usr –libdir=/usr/lib64 –enable-shared –disable-sound –disable-resample \ –disable-video –disable-opencore-amr CFLAGS=’-O2 -DNDEBUG’ make uninstall && ldconfig && make dep && make && make install && ldconfig To verify type ldconfig -p | grep pj which should show several linked *.so files in /usr/lib64. Asterisk cd /usr/src wget //downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz tar zxvf asterisk-13-current.tar.gz cd /usr/src/asterisk-13*/ make distclean ./configure –libdir=/usr/lib64 –with-pjproject-bundled To verify type nano -v config.log. cd /usr/src/asterisk-13*/ make menuselect.makeopts

To select compile options manually from menu run make menuselect instead of the following command.

To list command line options run menuselect/menuselect –list-options

If Asterisk fails to run on a virtual machine try add “–disable BUILD_NATIVE”

To add asterisk realtime for applications such as A2billing add “–enable res_config_mysql”

menuselect/menuselect –enable cdr_mysql –enable EXTRA-SOUNDS-EN-GSM menuselect.makeopts Create Asterisk user, compile, install, and set ownership. adduser asterisk -s /sbin/nologin -c “Asterisk User” make && make install && chown -R asterisk. /var/lib/asterisk Freepbx systemctl start mariadb cd /usr/src git clone -b release/13.0 //github.com/FreePBX/framework.git freepbx cd /usr/src/freepbx ./start_asterisk start ./install -n # Minimal module install fwconsole ma upgrade framework core voicemail sipsettings infoservices \ featurecodeadmin logfiles callrecording cdr dashboard music conferences fwconsole restart fwconsole reload fwconsole chown Post install tasks are mandatory. 3. Post-install tasks Lock down the database server. mysql_secure_installation Answer Y to everything. Change apache web server settings. sed -i ‘s/\[upload_max_filesize = \].*/\120M/’ /etc/php.ini sed -i ‘s/\[User\|Group\].*/\1 asterisk/’ /etc/httpd/conf/httpd.conf sed -i ‘:a;N;$!ba;s/AllowOverride None/AllowOverride All/2’ /etc/httpd/conf/httpd.conf Enable access to services and ports. firewall-cmd –permanent –zone=public –add-service={http,https} firewall-cmd –permanent –zone=public –add-port=5060-5061/tcp firewall-cmd –permanent –zone=public –add-port=5060-5061/udp firewall-cmd –permanent –zone=public –add-port=10000-20000/udp Set database and web server to start on boot. systemctl enable mariadb systemctl enable httpd Set Freepbx to start on boot. nano /etc/systemd/system/freepbx.service [Unit] Description=Freepbx After=mariadb.service

[Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/fwconsole start ExecStop=/usr/sbin/fwconsole stop

[Install] WantedBy=multi-user.target systemctl enable freepbx CDR ODBC If the deprecated cdr_mysql.so module is installed then this is optional, but still recommended. nano /etc/odbc.ini [MySQL-asteriskcdrdb] Description=MySQL connection to ‘asteriskcdrdb’ database driver=MySQL server=localhost database=asteriskcdrdb Port=3306 Socket=/var/lib/mysql/mysql.sock option=3 Use username & password in /etc/asterisk/res_odbc_additional.conf to test connectivity to the DB via ODBC. For this example we are using username asteriskuser and password amp109 isql -v MySQL-asteriskcdrdb asteriskuser amp109 Finally reboot for all changes to take effect reboot 4. Optional Log File Rotation If this is not done the log files will keep growing indefinitely. nano /etc/logrotate.d/asterisk /var/spool/mail/asterisk /var/log/asterisk/*log /var/log/asterisk/full /var/log/asterisk/dtmf /var/log/asterisk/freepbx_dbug /var/log/asterisk/fail2ban { weekly missingok rotate 4

compress

notifempty sharedscripts create 0640 asterisk asterisk postrotate /usr/sbin/asterisk -rx ‘logger reload’ > /dev/null 2> /dev/null || true endscript su root root } TFTP If you plan to use hardware SIP phones you will probably want to set up TFTP. yum -y install tftp-server nano /etc/xinetd.d/tftp change server_args = -s /var/lib/tftpboot to server_args = -s /tftpboot change disable=yes to disable=no mkdir /tftpboot chmod 777 /tftpboot systemctl restart xinetd firewall-cmd –permanent –zone=public –add-port=69/udp firewall-cmd –reload MPG123 This is used in combination with sox to convert uploaded mp3 files to Asterisk compatible wav files. cd /usr/src wget //ufpr.dl.sourceforge.net/project/mpg123/mpg123/1.22.4/mpg123-1.22.4.tar.bz2 tar -xjvf mpg123*

cd mpg123*/ ./configure –prefix=/usr –libdir=/usr/lib64 && make && make install && ldconfig Digum addons To register digium® licenses. cd /usr/src wget //downloads.digium.com/pub/register/linux/register chmod +x register ./register To install the individual addons refer to the README files and ignore the register instructions. //downloads.digium.com/pub/telephony/codec_g729/README //downloads.digium.com/pub/telephony/res_digium_phone/README //downloads.digium.com/pub/telephony/fax/README //downloads.digium.com/pub/telephony/hpec/README Password protect http access A simple way to block scanners looking for exploits on apache web servers. mkdir -p /usr/local/apache/passwd htpasswd -c /usr/local/apache/passwd/wwwpasswd someusername htpasswd -c /usr/local/apache/passwd/wwwpasswd someotherusername nano /var/www/html/.htaccess # .htaccess files require AllowOverride On in /etc/httpd/conf/httpd.conf AuthType Basic AuthName “Restricted Access” AuthUserFile /usr/local/apache/passwd/wwwpasswd Require valid-user Alternatively, the above .htaccess config can be added to /etc/httpd/conf/httpd.conf or as a separate file in /etc/httpd/conf.d/ as follows. AuthType Basic AuthName “Restricted Area” AuthUserFile /usr/local/apache/passwd/wwwpasswd Require valid-user Whitelist protect http access If http access is only required from certain IP addresses. nano /etc/httpd/conf.d/whitelist.conf ## Uncomment the following line to disable the whitelist

Require all granted

Require ip x.x.x.x Require ip x.x.x.x x.x.x.x x.x.x.x Require ip x.x Require ip x.x.x.0/255.255.255.0 Require host somedomain.com

## See //httpd.apache.org/docs/2.4/mod/mod_authz_host.html for more examples