You are on page 1of 9

Asterisk/FreePBX on an OpenVZ/Virtuozzo Virtual Private Server (VPS) | Asterisk FreePBX guidesJump to Navigation Asterisk FreePBX guides Main menuAsterisk

Server HostingHomeContact UsSecondary menuFreePBX Install GuidesAastra XMLOther GuidesYou are hereHome Asterisk/FreePBX on an OpenVZ/Virtuozzo Virtual Private Server (VPS) Submitted by admin on Thu, 10/15/2009 - 17:17 This install procedure can be used in a generic OpenVZ or Virtuozzo environment or inside an all in one OpenVZ installer+GUI product such as Proxmox VE. It is the procedure used to create servers for our Asterisk hosting service. I am not sure how relevant it would be for Xen. This guide covers the installation INSIDE an already created OpenVZ/Virtuozzo container (VPS sans Operating System) which would then become a functioning Virtual Private Server (VPS). I will not be covering the OpenVZ host setup or iptables or zaptel/dahdi setup inside or outside the OpenVZ environment. Software used: CentOS 5-x86_64 OpenVZ template Asterisk 1.6 or 1.8 FreePBX 2.6 Linux commands executed at a command prompt are in courier font. Output as a result of linux commands are in Verdana font. 64 or 32bit It is common to run OpenVZ/Virtuozzo setups with 64bit host OS and 32bit VPS's due to lower memory usage within VPS containers combined with the larger memory addressability of the 64bit Host. If you run Asterisk/FreePBX in a 32bit VPS on a 64bit host you won't have MeetMe conferencing because Zaptel/Dahdi needs to be installed on the host and will not work in a mixed environment the way it is written now. The options are to run both host and VPS on 32bit or 64bit. Running a 64bit Asterisk/Freepbx VPS requires a bit more more memory (perhaps 20-60MB more) which can be a factor in a shared memory VPS environment. Why OpenVZ Of all the alternatives, such as Xen and KVM over IP, I believe OpenVZ offers the best performing platform for running Asterisk on a VPS. For those not familiar with OpenVZ/Virtuozzo terminology, a container is the Virtual Private Server (VPS) shell into which is installed a pre-created operating system (template). This can be any operating system that uses the common Linux Kernel such as Redhat, CentOS, Ubuntu, Gentoo, Debian, SuSE etc. You can create them yourself on a host system or use pre-created ones available on the OpenVZ website. The main restriction is that all versions are running on the same kernel. The advantage is that the kernel only needs to be updated once on the host in order to update all the VPS's. Let's get started Once the OpenVZ/Virtuozzo container is created install the CentOS 5-x86_64 template into the container. Log into the VPS as root with an SSH client such as PuTTy. Another handy tool is WinSCP for browsing directories and editing files in a more intuitive Graphical environment. If using 64bit get rid of all 32bit packages in the 64bit VPS. They are not necessary and may cause hard to find conflicts. yum remove *.i?86 Clean out yum to ensure all cached packages and mirrored server references are removed. yum clean all Get rid of all installed groups except 'Yum Utilities' so we are starting with a

clean slate. Check the delete list before entering 'y' to make sure none of these remove 'sshd' or 'yum' (they don't but check just in case things change with newer revisions). yum grouplist installed Installed Groups: DNS Name Server Editors Legacy Network Server Mail Server Network Servers System Tools Text-based Internet Web Server Windows File Server Yum Utilities yum groupremove 'DNS Name Server' yum groupremove 'Editors' yum groupremove 'Legacy Network Server' yum groupremove 'Mail Server' yum groupremove 'Network Servers' yum groupremove 'System Tools' yum groupremove 'Text-based Internet' yum groupremove 'Web Server' yum groupremove 'Windows File Server' If installing 64bit VPS edit yum.conf to prevent 32bit packages from being installed. If that happens it may have unintended consequences. yum install -y nano nano /etc/yum.conf Add the following line. exclude=*.i?86 (Ctrl-x> y >Enter)Now update the base install yum -y update Install Asterisk/FreePBX required packages, other useful packages, and their dependencies yum groupinstall core yum groupinstall base yum install gcc gcc-c++ wget bison mysql-devel mysql-server php php-mysql php-pear php-pear-DB php-mbstring nano tftp-server httpd make ncurses-devel libtermcap-devel sendmail sendmail-cf caching-nameserver sox newt-devel libxml2-devel libtiff-devel php-gd audiofile-devel gtk2-devel subversion Get rid of some unnecessary packages. I have no doubt there are many other packages that could be added to this list. These are the ones I found that are resident in memory by default. Since memory is at a premium on a VPS, removing these will help reduce the memory footprint. yum remove yum-updatesd cups cups-lpd redhat-lsb autofs pcsc-lite smartmontools cpuspeed Shutdown unnecessary daemon brcm-iscsi which tends to do a lot of logging even when not used. This creates unnecessary I/O load. chkconfig iscsi off chkconfig iscsid off service iscsid stop service iscsi stop Replace syslog with the improved and backwards compatible rsyslog (standard in RHEL6 but not RHEL5). This also prevents a problem that comes up with improper timestamps in /var/log/secure when you get disconnects. yum -y install rsyslog chkconfig syslog off chkconfig rsyslog on service syslog stop

service rsyslog start To prevent problems that can occur in an OpenVZ VPS if udev is ever updated do the following: nano /etc/rc.local add the following lines: /bin/rm -rf /dev/null /bin/rm -rf /dev/random /bin/rm -rf /dev/tty* /bin/rm -rf /dev/pty* /bin/mknod -m 0666 /dev/null c 1 3 /bin/mknod -m 0644 /dev/random c 1 8 /sbin/MAKEDEV tty /sbin/MAKEDEV pty (Ctrl-x> y >Enter) Selinux is not compatible with OpenVZ. Create the following file and copy paste the contents indicated here just to be sure selinux never runs. nano /etc/selinux/config# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted # SETLOCALDEFS= Check local definition changes SETLOCALDEFS=0 (Ctrl-x> y >Enter) Make sure selinux is turned off for this session setenforce 0Enable the tftp server on startup if required (for configuring phone s on LAN or VPN) nano /etc/xinetd.d/tftp change disable=yes to disable=no (Ctrl-X>y>ENTER) Set timezone: Create a symbolic link to the appropriate timezone from /etc/localtime. Example:ln -sf /usr/share/zoneinfo/America/Vancouver /etc/localtime Download and untar source files. Since this is a shared kernel environment we cannot make use of zaptel/dahdi hardware in the physical server and cannot install the zaptel/dahdi kernel module inside the virtual servers. The zaptel/dahdi kernel module must be installed on the host server kernel with some special configurations and sharing of files for each virtual server. This is only required for enabling meetme conferencing during Asterisk installation as of Asterisk 1.6.1 and will not be required at all eventually. This is all beyond the scope of this document. If you require meetme conferencing and have access to the host operating system you can complete this procedure in the VPS first and then return after zaptel/dahdi is installed on the host system and re-compile Asterisk with meetme conferencing enabled. Get FreePBX. Check if this is the latest released version. cd /usr/src wget http://mirror.freepbx.org/freepbx-2.9.0.tar.gz tar zxvf freepbx-2.9.0.tar.gz Get Asterisk and addons. Check if this is the latest released version of Asterisk and Asterisk addons

wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.8-current.tar.gz tar zxvf asterisk-1.8-current.tar.gz Configure and compile Asterisk cd /usr/src/asterisk-1.8* make clean ./configure && make menuselect For Add-ons select all of them. I leave out chan_ooh323 as I never use that. I don't ever see a need for app_saycountpl which is for Polish language . If you don't plan to use Asterisk realtime you can leave out res_config_mysql as well. If unsure just select all of them. Select the core sounds you want. Same with addon sounds. I suggest ulaw or alaw if that will be the format you will be using on your SIP phones as they sound better than the default gsm files. If unsure just select gsm. Or select more than one but that will take up more space. configure mp3 functionality ./contrib/scripts/get_mp3_source.sh If you have the GUI then select the SAVE button. Otherwise at menu press "x" to save make && make install && make samples Create user. May already exist but just to make sure useradd -c "Asterisk PBX" -d /var/lib/asterisk asterisk The following directory may already exist but just to make sure mkdir /var/run/asterisk Set ownership chown -R asterisk:asterisk /var/run/asterisk chown -R asterisk:asterisk /var/log/asterisk chown -R asterisk:asterisk /var/lib/asterisk/moh chown -R asterisk:asterisk /var/lib/php/session Music on Hold Since the Asterisk default moh directory (/moh) and the Freepbx default moh directory (/mohmp3) are different we need to create a symbolic link so moh files are where FreePBX expect them to be. I don't think this is necessary anymore. I still include it in this procedure for legacy reasons. ln -s /var/lib/asterisk/moh /var/lib/asterisk/mohmp3 The new default behaviour for Asterisk and Freepbx is to only use wav files for moh due to transcoding overhead and Asterisk stability issues with mp3's. So we want to install mpg123 for converting uploaded mp3's to wav automatically. cd /usr/src wget http://sourceforge.net/projects/mpg123/files/mpg123/1.13.4/mpg123-1.13.4.tar.bz2 /download tar -xjvf mpg123-1.13.4.tar.bz2 cd mpg123-1.13.4 ./configure && make && make install Freepbx php script cannot find mpg123 by default so we need to create a symbolic link. ln -s /usr/local/bin/mpg123 /usr/bin/mpg123 Change User apache and Group apache to User asterisk and Group asterisk. sed -i "s/User apache/User asterisk/" /etc/httpd/conf/httpd.conf sed -i "s/Group apache/Group asterisk/" /etc/httpd/conf/httpd.conf Change AllowOverride None to AllowOverride All so that /var/www/html/.../.htaccess directives are not ignored. nano +327 /etc/httpd/conf/httpd.conf AllowOverride All

Before you can do anything to MySQL, you need to make sure it's running: service mysqld start Initializing MySQL database: [ OK ] Starting MySQL: [ OK ] Now, to configure the databases for freePBX: Note: If mysql admin password is already configured, add "-p" after the command and enter password when asked. For example, "mysqladmin -p create asterisk" cd /usr/src/freepbx-2.9.0 mysqladmin create asterisk mysqladmin create asteriskcdrdb mysql asterisk < SQL/newinstall.sql mysql asteriskcdrdb < SQL/cdr_mysql_table.sql They also need to be secured. FreePBX will prompt you for a database username/password when you do the install. You need to pick that now. We'll assume that you've picked 'asteriskuser' and 'amp109' - you probably shouldn't use these, as they are well known passwords for Freepbx. MySQL only listens to localhost by default so I would not get too paranoid about using these defaults. mysql mysql> GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY 'amp109'; Query OK, 0 rows affected (0.00 sec) mysql> GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY 'amp109'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> \q Bye Now, after all of this, you need to pick a root 'mysql' password. We'll make it 'abcdef' just for this example. You should use a reasonably strong password. If you need to do anything else with mysql, you'll need to provide this password. mysqladmin -u root password 'abcdef' edit /usr/sbin/safe_asterisk and comment out TTY=9 to prevent errors in OpenVZ VPS nano +5 /usr/sbin/safe_asterisk #TTY=9 Prioritize Asterisk Process Increase Asterisk process priority. You can experiment with different values and see what works best. I wouldn't go too high as it could cause other problems. From the command 'top' the PR column shows absolute priority and NI column is the relative number we add here. Default is 0 which gives Asterisk about the same default priority as httpd and mysql. 5-10 should give top priority without crippling critical background tasks. I believe you can go as high as 20. This is only a prioritization recommendation setting. The process scheduler still has ultimate authority so actual priority will vary from system to system depending on what else is installed. nano +22 /usr/sbin/safe_asterisk PRIORITY=10 (Ctl-x > y >ENTER) Memory Limit The recommended setting is 128M otherwise you may get warnings in FreePBX. Newer versions of php reduce this so you may or may not need to change it. nano +314 /etc/php.ini memory_limit = 128M service httpd restart Install FreePBX /usr/sbin/safe_asterisk If you didn't run 'make samples' when you installed asterisk you will probably get some warning messages saying no modules will be loaded. Just ignore and

press 'ENTER' to get a command prompt. cd /usr/src/freepbx-2.9.0 ./install_amp If you get any warnings or errors in the last part of the output, they're usually not traumatic. Leave AMPWEBADDRESS=xx.xx.xx.xx blank. After install go into FreePBX GUI/Advanced Settings and change the xx.xx.xx.xx to blank. Freepbx 2.10 now wants to create symlinks to some .conf files and complains if actual files already exist as is the case when Asterisk make samples is run. So we need to delete these files. In FreePBX 2.9 you should only delete sip_notify.conf and ccss.conf. Not sure what would happen if you try delete the rest. The next time we make a change in FreePBX and apply settings these symlinks will be created. rm -f /etc/asterisk/sip_notify.conf rm -f /etc/asterisk/iax.conf rm -f /etc/asterisk/logger.conf rm -f /etc/asterisk/features.conf rm -f /etc/asterisk/sip.conf rm -f /etc/asterisk/extensions.conf rm -f /etc/asterisk/ccss.conf rm -f /etc/asterisk/chan_dahdi.conf Default Freepbx username is: admin Default pw is: admin Edit /etc/asterisk/cdr_mysql.conf and add 'loguniqueid=yes' to the global section nano /etc/asterisk/cdr_mysql.conf loguniqueid=yes set FreePBX to start on boot echo /usr/local/sbin/amportal start >> /etc/rc.local Enable Apache and mysql to start on boot chkconfig httpd on chkconfig mysqld on Now reboot at which point you should be able to access freePBX with your web browser. The very first thing you need to do when you enter the FreePBX Admin GUI for the first time is "Apply Configuration Changes" so all the *.conf files are created then reboot again or 'amportal restart' from command prompt. SYMLINK FAIL FIX You may get an error in the FreePBX GUI saying "symlink failed for /etc/asterisk/sip_notify.conf" or something along those lines. If that is the case just delete or rename /etc/asterisk/sip_notify.conf. The next time you "Apply Configuration Changes" in the FreePBX GUI after some change this file will be recreated as a symlink and the error should be gone. MISC CONFIGURATIONS change the max filesize from 2M to 20M to allow larger music on hold files nano +582 /etc/php.ini Edit Apache web server for GUI access using a port other than 80 (optional): nano /etc/httpd/conf/httpd.conf change "Listen 80" to "Listen 8888" or whatever port you want /etc/rc.d/init.d/httpd restart Instead of accessing FreePBX by http://xxx.xxx.xxx.xxx You now access it by http://xxx.xxx.xxx.xxx:8888 setup external sip extensions if going through NAT nano /etc/asterisk/sip_nat.conf nat=yes externip=<your fixed external IP> or ;externhost=yourdns.com localnet=192.168.1.0/255.255.255.0

externrefresh=10 (Ctrl-X>y>ENTER) Also, when adding the external SIP extension in FreePBX, make sure to change the nat=never default in the configuration to nat=yes for the extension that will be external. logrotate setup Set up configuration to rotate log files otherwise they get too big after a short while. Create the following file. nano /etc/logrotate.d/asterisk Now add the following to make sure the asterisk log files are rotated weekly along with all the other log files. /var/log/asterisk/messages /var/log/asterisk/*log /var/log/asterisk/full { missingok notifempty sharedscripts create 0640 asterisk asterisk postrotate /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null endscript } Sendmail configuration Edit /etc/aliases file and add a root: username_to_forward_to to forward all root messages to your personal email address. Put in the full email address if it is not on the asterisk system itself. Then run /usr/bin/newaliases to restart the service. If emails are not received you must set up masquerading in sendmail. These still may be rejected if the email server requires the source of the email to also resolve to the same DNS that sendmail is masquerading as. To enable this, add the following lines to the /etc/mail/sendmail.mc file: MASQUERADE_AS(domain.com)dnl FEATURE(masquerade_envelope)dnl FEATURE(masquerade_entire_domain)dnl MASQUERADE_DOMAIN(domain.com)dnl Put a dnl in front of the line EXPOSED_USER (root) dnl. This enables host masquerading for root as well which is disabled by default. Update the Sendmail configuration files using the m4 macro processor to generate a new sendmail.cf file by executing the following command: # m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf To get the Sendmail macro file, the sendmail-cf package must be installed on the system. After creating a new /etc/mail/sendmail.cf file, restart Sendmail for the changes to take effect. To do this, use the following command: # service sendmail restart nano /etc/asterisk/vm_general.inc change serveremail=vm@asterisk to whom ever you want it to appear voicemail emails are coming from. NOTE: If you are installing on a LAN or do not have a domain resolving to the IP of the VPS, Sendmail will hang for a couple minutes everytime you reboot. To prevent this your VPS hostname should end with .local or .localhost. So, for example, instead of naming the VPS hostname 'powerpbx' it should be named 'powerpbx.local'. The manual method is to edit your /etc/hosts file. There

should be 2 lines. 127.0.0.1 localhost.localdomain localhost yourIPaddress yourhostname.local yourhostname yourhostname MySQL performance tuning for low memory This will reduce memory usage significantly without affecting performance. nano /etc/my.cnf [mysqld] . . . skip-innodb skip-bdb (Ctl-x > y > ENTER) From command prompt: service mysqld restart MySQL security enhancement This will prevent outside IP's from connecting to the MySQL port nano /etc/my.cnf [mysqld] . . . bind-address = 127.0.0.1 (Ctl-x > y > ENTER) Add Password Protection to Flash Operator Panel GUI By default, flash operator panel GUI (/var/www/html/panel) is visible to anyone who points a browser at your server unless port 4445 is blocked by a firewall. mkdir -p /usr/local/apache/passwd htpasswd -c /usr/local/apache/passwd/wwwpasswd NewUserName Apache will prompt you for a new password for the user name you've just indicated New password: Apache will prompt you to retype your new password Re-type new password: Apache will then confirm the new user Adding password for user NewUserName Now you have to add the user name you've just created to the "httpd.conf" file. To edit that file in "nano" type: nano /etc/httpd/conf/httpd.conf Now do a CTRL-W to search for "AuthUser" and you'll find the area where all the users are listed (for example: "maint", your AMP user). If you don't find any try around line 587 right after the cgi-bin "<Directory....." entry. Now add the following lines: #Password protect the Flash Operator Panel Page /var/www/html/panel <Directory /var/www/html/panel> AuthType Basic AuthName "Restricted Area" AuthUserFile /usr/local/apache/passwd/wwwpasswd Require user NewUserName1 NewUserName2 NewUserName3 yaddayaddayadda </Directory> To delete an Apache user, type in the following and then remove the user from the "httpd.conf" file. htpasswd -D /usr/local/apache/passwd/wwwpasswd NewUserName Then restart apache. service httpd restart Sections: FreePBX 51270 readsPopular contentToday's: FreePBX Production Install Guide (RHEL v6, Asterisk v1.8+, FreePBX v2.9+) FreePBX on Ubuntu (Ubuntu v12, Asterisk v11, FreePBX v2.11)

A2Billing Install guide FreePBX Production Install Guide (RHEL v6, Asterisk v1.11+, FreePBX v2.11+) OpenSIPS and Control Panel Install Guide All time: FreePBX Production Install Guide (RHEL v6, Asterisk v1.8+, FreePBX v2.9+) FreePBX Install Guide (CentOS v5.x, Asterisk v1.6.x, FreePBX) A2Billing Install guide Asterisk/FreePBX on an OpenVZ/Virtuozzo Virtual Private Server (VPS) My Hardware Last viewed: My Hardware Integrate Flash Operator Panel v2 into FreePBX Bluebox FreeSwitch install guide (CentOS v5.x, Freeswitch v1.0.x, Bluebox) Compile-install Zaptel (DHADI) and Asterisk Appendix A: Time settings on Aastra phones User loginUsername * Password * Request new password Copyright 2008-2013 PowerPBX.org. All rights reserved.

You might also like