dbxe
/
fusionpbx-install.sh
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1 from fusionpbx/master 

Merge latest changes from base fork (from #62 to #72)
This commit is contained in:
erxspin 2017-02-25 13:41:38 +06:00 committed by GitHub
parent fbdca20dee b517884450
commit c74dcd7351
40 changed files with 1317 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
centos/install.sh Normal file
View File

@ -0,0 +1,126 @@
#!/bin/sh
# CentOS 7 install, no arm arch support
#move to script directory so all relative paths work
cd "$(dirname "$0")"
. ./resources/colors.sh
. ./resources/arguments.sh
if [ $CPU_CHECK = true ] && [ $USE_SWITCH_SOURCE = false ]; then
#check what the CPU and OS are
OS_test=$(uname -m)
CPU_arch='unknown'
OS_bits='unknown'
CPU_bits='unknown'
if [ $OS_test = 'armv7l' ]; then
OS_bits='32'
CPU_bits='32'
# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
CPU_arch='arm'
elif [ $OS_test = 'armv8l' ]; then
# We currently have no test case for armv8l
OS_bits='unknown'
CPU_bits='64'
CPU_arch='arm'
elif [ $OS_test = 'i386' ]; then
OS_bits='32'
if [ "$(grep -o -w 'lm' /proc/cpuinfo)" = 'lm' ]; then
CPU_bits='64'
else
CPU_bits='32'
fi
CPU_arch='x86'
elif [ $OS_test = 'i686' ]; then
OS_bits='32'
if [ "$(grep -o -w 'lm' /proc/cpuinfo)" = 'lm' ]; then
CPU_bits='64'
else
CPU_bits='32'
fi
CPU_arch='x86'
elif [ $OS_test = 'x86_64' ]; then
OS_bits='64'
if [ "$(grep -o -w 'lm' /proc/cpuinfo)" = 'lm' ]; then
CPU_bits='64'
else
CPU_bits='32'
fi
CPU_arch='x86'
fi
if [ $CPU_arch = 'arm' ]; then
error "CentOS on arm is not supported at this time"
exit 3
elif [ $CPU_arch = 'x86' ]; then
if [ $OS_bits = '32' ]; then
error "You are using a 32bit OS this is unsupported"
if [ $CPU_bits = '64' ]; then
warning " Your CPU is 64bit you should consider reinstalling with a 64bit OS"
fi
exit 3
elif [ $OS_bits = '64' ]; then
verbose "Correct CPU/OS detected"
else
error "Unknown OS_bits $OS_bits this is unsupported"
exit 3
fi
else
error "You are using a unsupported architecture $CPU_arch"
fi
fi
# Update CentOS
verbose "Updating CentOS"
yum -y update && yum -y upgrade
# Installing basics packages
yum -y install ntp htop epel-release vim openssl
# Disable SELinux
verbose "Disabling SELinux"
warning "Reboot required after installation completes"
setenforce 0
sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config
verbose "SELinux disabled"
#FreeSWITCH
resources/switch/package-release.sh
#FusionPBX
resources/fusionpbx.sh
#Postgres
resources/postgres.sh
#NGINX web server
resources/sslcert.sh
resources/nginx.sh
#PHP/PHP-FPM
resources/php.sh
#IPTables
resources/firewalld.sh
# FusionPBX to FreeSWITCH configs
verbose "Configuring freeswitch"
resources/switch/conf-copy.sh
resources/switch/package-permissions.sh
resources/switch/package-systemd.sh
verbose "freeswitch configured"
#Fail2ban
resources/fail2ban.sh
#restart services
verbose "Restarting packages for final configuration"
systemctl daemon-reload
systemctl restart freeswitch
systemctl restart php-fpm
systemctl restart nginx
systemctl restart fail2ban
verbose "Restart of service complete"
#add the database schema, user and groups
resources/finish.sh

44
centos/resources/arguments.sh Normal file
View File

@ -0,0 +1,44 @@
#!/bin/sh
#Process command line options only if we haven't been processed once
if [ -z "$CPU_CHECK" ]; then
export script_name=`basename "$0"`
ARGS=$(getopt -n '$script_name' -o h -l help,use-switch-source,use-switch-package-all,use-switch-master,use-switch-package-unofficial-arm,use-system-master,no-cpu-check -- "$@")
if [ $? -ne 0 ]; then
error "Failed parsing options."
exit 1
fi
export USE_SWITCH_SOURCE=false
export USE_SWITCH_PACKAGE_ALL=false
export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=false
export USE_SWITCH_MASTER=false
export USE_SYSTEM_MASTER=false
export CPU_CHECK=true
HELP=false
while true; do
case "$1" in
--use-switch-source ) export USE_SWITCH_SOURCE=true; shift ;;
--use-switch-package-all ) export USE_SWITCH_PACKAGE_ALL=true; shift ;;
--use-switch-master ) export USE_SWITCH_MASTER=true; shift ;;
--use-system-master ) export USE_SYSTEM_MASTER=true; shift ;;
--no-cpu-check ) export CPU_CHECK=false; shift ;;
-h | --help ) HELP=true; shift ;;
-- ) shift; break ;;
* ) break ;;
esac
done
if [ $HELP = true ]; then
warning "Debian installer script"
warning " --use-switch-source will use freeswitch from source rather than ${green}(default:packages)"
warning " --use-switch-package-all if using packages use the meta-all package"
warning " --use-switch-package-unofficial-arm if your system is arm and you are using packages, use the unofficial arm repo"
warning " --use-switch-master will use master branch/packages for the switch instead of ${green}(default:stable)"
warning " --use-system-master will use master branch/packages for the system instead of ${green}(default:stable)"
warning " --no-cpu-check disable the cpu check ${green}(default:check)"
exit;
fi
fi

27
centos/resources/backup/fusionpbx-backup.sh Normal file
View File

@ -0,0 +1,27 @@
#!/bin/sh
export PGPASSWORD="zzz"
db_host=127.0.0.1
db_port=5432
now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql
echo "Backup Started"
#delete postgres backups
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;
#delete the main backup
find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm {} \;
#backup the database
pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
#package
tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch
#source
#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf
echo "Backup Completed"

25
centos/resources/colors.sh Normal file
View File

@ -0,0 +1,25 @@
#!/bin/sh
verbose () {
echo "${green}$1${normal}"
}
error () {
echo "${red}$1${normal}"
}
warning () {
echo "${yellow}$1${normal}"
}
# check for color support
if test -t 1; then
# see if it supports colors...
ncolors=$(tput colors)
if test -n "$ncolors" && test $ncolors -ge 8; then
normal="$(tput sgr0)"
red="$(tput setaf 1)"
green="$(tput setaf 2)"
yellow="$(tput setaf 3)"
fi
fi

33
centos/resources/fail2ban.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
. ./colors.sh
. ./arguments.sh
verbose "Installing Fail2ban"
#initialize variable encase we are called directly
#[ -z $USE_FREESWITCH_SOURCE ] && USE_FREESWITCH_SOURCE=false
#add the dependencies
yum -y install fail2ban
#move the filters
cp ./fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf
cp ./fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
cp ./fail2ban/freeswitch-404.conf /etc/fail2ban/filter.d/freeswitch-404.conf
cp ./fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
cp ./fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
cp ./fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
cp ./fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
cp ./fail2ban/jail.local /etc/fail2ban/jail.local
#update config if source is being used
#if [ $USE_FREESWITCH_SOURCE = true ]; then
# sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
#fi
systemctl restart fail2ban
verbose "Fail2ban installed"

27
centos/resources/fail2ban/freeswitch-404.conf Normal file
View File

@ -0,0 +1,27 @@
# Fail2Ban configuration file
# inbound route - 404 not found
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
#[hostname] variable doesn't seem to work in every case. Do this instead:
failregex = 404 not found <HOST>
#EXECUTE sofia/external/8888888888888@example.fusionpbx.com log([inbound routes] 404 not found 82.68.115.62)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

21
centos/resources/fail2ban/freeswitch-dos.conf Normal file
View File

@ -0,0 +1,21 @@
# Fail2Ban configuration file
#
# Author: soapee01
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

20
centos/resources/fail2ban/freeswitch-ip.conf Normal file
View File

@ -0,0 +1,20 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#2014-12-01 00:47:54.331821 [WARNING] sofia_reg.c:2752 Can't find user [1000@xxx.xxx.xxx.xxx] from 62.210.151.162
failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

18
centos/resources/fail2ban/freeswitch.conf Normal file
View File

@ -0,0 +1,18 @@
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

25
centos/resources/fail2ban/fusionpbx.conf Normal file
View File

@ -0,0 +1,25 @@
# Fail2Ban configuration file
#
# Author: soapee01
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
#[hostname] variable doesn't seem to work in every case. Do this instead:
failregex = .* FusionPBX: \[<HOST>\] authentication failed for
= .* FusionPBX: \[<HOST>\] provision attempt bad password for
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

113
centos/resources/fail2ban/jail.local Normal file
View File

@ -0,0 +1,113 @@
[freeswitch-udp]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
maxretry = 5
findtime = 600
bantime = 600
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
[freeswitch-tcp]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
maxretry = 5
findtime = 600
bantime = 600
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
#[freeswitch-ip-tcp]
#enabled = true
#port = 5060,5061,5080,5081
#protocol = all
#filter = freeswitch-ip
#logpath = /var/log/freeswitch/freeswitch.log
#action = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp]
#maxretry = 1
#findtime = 30
#bantime = 86400
#[freeswitch-ip-udp]
#enabled = true
#port = 5060,5061,5080,5081
#protocol = all
#filter = freeswitch-ip
#logpath = /var/log/freeswitch/freeswitch.log
#action = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp]
#maxretry = 1
#findtime = 30
#bantime = 86400
[freeswitch-dos-udp]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch-dos
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-dos-udp, port="5060,5061,5080,5081", protocol=udp]
maxretry = 50
findtime = 30
bantime = 6000
[freeswitch-dos-tcp]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch-dos
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-dos-tcp, port="5060,5061,5080,5081", protocol=tcp]
maxretry = 50
findtime = 30
bantime = 6000
[freeswitch-404]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch-404
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-allports[name=freeswitch-404, protocol=all]
maxretry = 3
findtime = 300
bantime = 86400
#[fusionpbx]
#enabled = true
#port = 80,443
#protocol = tcp
#filter = fusionpbx
#logpath = /var/log/auth.log
#action = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp]
# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
#maxretry = 10
#findtime = 600
#bantime = 600
[nginx-404]
enabled = true
port = 80,443
protocol = tcp
filter = nginx-404
logpath = /var/log/nginx/access*.log
bantime = 600
findtime = 60
maxretry = 120
[nginx-dos]
# Based on apache-badbots but a simple IP check (any IP requesting more than
# 240 pages in 60 seconds, or 4p/s average, is suspicious)
# Block for two full days.
enabled = true
port = 80,443
protocol = tcp
filter = nginx-dos
logpath = /var/log/nginx/access*.log
findtime = 60
bantime = 172800
maxretry = 240

5
centos/resources/fail2ban/nginx-404.conf Normal file
View File

@ -0,0 +1,5 @@
# Fail2Ban configuration file
#
[Definition]
failregex = <HOST> - - \[.*\] "(GET|POST).*HTTP[^ ]* 404
ignoreregex =

14
centos/resources/fail2ban/nginx-dos.conf Normal file
View File

@ -0,0 +1,14 @@
# Fail2Ban configuration file
[Definition]
# Option: failregex
# Notes.: Regexp to catch a generic call from an IP address.
# Values: TEXT
#
failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

112
centos/resources/finish.sh Normal file
View File

@ -0,0 +1,112 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./colors.sh
. ./arguments.sh
#database details
database_host=127.0.0.1
database_port=5432
database_username=fusionpbx
database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
#allow the script to use the new password
export PGPASSWORD=$database_password
#update the database password
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
#add the config.php
mkdir -p /etc/fusionpbx
chown -R freeswitch:daemon /etc/fusionpbx
cp fusionpbx/config.php /etc/fusionpbx
sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:'
sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:"
#add the database schema
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1
#get the server hostname
#domain_name=$(hostname -f)
#get the ip address
domain_name=$(hostname -I | cut -d ' ' -f1)
#get a domain_uuid
domain_uuid=$(php /var/www/fusionpbx/resources/uuid.php);
#add the domain name
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');"
#app defaults
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
#add the user
user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
user_name=admin
user_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
password_hash=$(php -r "echo md5('$user_salt$user_password');");
psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');"
#get the superadmin group_uuid
group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -t -c "select group_uuid from v_groups where group_name = 'superadmin';");
group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')
#add the user to the group
group_user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
group_name=superadmin
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_group_users (group_user_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$group_user_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
#update xml_cdr url, user and password
xml_cdr_username=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
xml_cdr_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:127.0.0.1:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:"
#app defaults
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
systemctl daemon-reload
systemctl mask wpa_supplicant.service
systemctl stop wpa_supplicant.service
systemctl enable fail2ban
systemctl enable ntpd
systemctl enable php-fpm
systemctl enable nginx
systemctl enable freeswitch
systemctl enable memcached
systemctl enable postgresql-9.4
#welcome message
echo ""
echo ""
verbose "Installation has completed."
error "Please note details below and reboot your system"
echo ""
echo " Use a web browser to login."
echo " domain name: https://$domain_name"
echo " username: $user_name"
echo " password: $user_password"
echo ""
echo " The domain name in the browser is used by default as part of the authentication."
echo " If you need to login to a different domain then use username@domain."
echo " username: $user_name@$domain_name";
echo ""
echo " Additional information."
echo " https://fusionpbx.com/support.php"
echo " https://www.fusionpbx.com"
echo " http://docs.fusionpbx.com"
warning "*------------------------------------------*"
warning "* NOTE: Please save the above information. *"
warning "* REBOOT YOUR SERVER TO COMPLETE INSTALL. *"
warning "*------------------------------------------*"
echo ""

33
centos/resources/firewalld.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
. ./colors.sh
. ./arguments.sh
verbose "Configuring FirewallD"
#ssh should be on by default
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/udp
firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/tcp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp --dport 5060:5061 -m string --string "sipcli/" --algo bm -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 5060:5061 -m string --string "sipcli/" --algo bm -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp --dport 5080:5081 -m string --string "sipcli/" --algo bm -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 5080:5081 -m string --string "sipcli/" --algo bm -j DROP
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm -j DROP
firewall-cmd --add-service openvpn
firewall-cmd --permanent --add-service openvpn
firewall-cmd --reload
verbose "FirewallD configured"

39
centos/resources/fusionpbx.sh Normal file
View File

@ -0,0 +1,39 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
. ./colors.sh
. ./arguments.sh
verbose "Installing FusionPBX"
yum -y install git
yum -y install ghostscript libtiff-devel libtiff-tools
IRONTEC="[irontec]
name=Irontec RPMs repository
baseurl=http://packages.irontec.com/centos/$releasever/$basearch/"
echo "${IRONTEC}" > /etc/yum.repos.d/irontec.repo
rpm --import http://packages.irontec.com/public.key
yum -y install sngrep
wget https://forensics.cert.org/cert-forensics-tools-release-el7.rpm
rpm -Uvh cert-forensics-tools-release*rpm
yum -y --enablerepo=forensics install lame
if [ $USE_SYSTEM_MASTER = true ]; then
verbose "Using master"
BRANCH=""
else
FUSION_MAJOR=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1)
FUSION_MINOR=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $FUSION_MAJOR.* | cut -d/ -f3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2)
FUSION_VERSION=$FUSION_MAJOR.$FUSION_MINOR
verbose "Using version $FUSION_VERSION"
BRANCH="-b $FUSION_VERSION"
fi
#get the source code
git clone $BRANCH https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx
verbose "FusionPBX Installed"

45
centos/resources/fusionpbx/config.php Normal file
View File

@ -0,0 +1,45 @@
<?php
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2016
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
//set the database type
$db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection
//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here.
//$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename
//$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable
//pgsql: database connection information
$db_host = 'localhost'; //set the host only if the database is not local
$db_port = '5432';
$db_name = 'fusionpbx';
$db_username = '{database_username}';
$db_password = '{database_password}';
//show errors
ini_set('display_errors', '1');
//error_reporting (E_ALL); // Report everything
error_reporting (E_ALL ^ E_NOTICE); // hide notices
//error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings

25
centos/resources/nginx.sh Normal file
View File

@ -0,0 +1,25 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
. ./colors.sh
. ./arguments.sh
verbose "Installing nginx"
#install dependencies
yum -y install nginx php-fpm php-gd php-pgsql php-odbc php-curl php-imap php-mcrypt php-opcache php-common php-pdo php-soap php-xml php-xmlrpc php-cli
#setup nginx
mkdir -p /etc/nginx/sites-available
mkdir -p /etc/nginx/sites-enabled
#enable fusionpbx nginx config
cp ./nginx/fusionpbx /etc/nginx/sites-available/fusionpbx.conf
ln -s /etc/nginx/sites-available/fusionpbx.conf /etc/nginx/sites-enabled/fusionpbx.conf
awk '/server *{/ {c=1 ; next} c && /{/{c++} c && /}/{c--;next} !c' /etc/nginx/nginx.conf > /etc/nginx/nginx.tmp && mv -f /etc/nginx/nginx.tmp /etc/nginx/nginx.conf && rm -f /etc/nginx/nginx.tmp
sed -i '/include \/etc\/nginx\/conf\.d\/\*\.conf\;/a \ include \/etc\/nginx\/sites-enabled\/\*\.conf\;' /etc/nginx/nginx.conf
verbose "nginx installed"

196
centos/resources/nginx/fusionpbx Normal file
View File

@ -0,0 +1,196 @@
server{
listen 127.0.0.1:80;
server_name 127.0.0.1;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 80M;
client_body_buffer_size 128k;
location / {
root /var/www/fusionpbx;
index index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Disable viewing .htaccess & .htpassword & .db
location ~ .htaccess {
deny all;
}
location ~ .htpassword {
deny all;
}
location ~^.+.(db)$ {
deny all;
}
}
server {
listen 80;
server_name fusionpbx;
if ($uri !~* ^.*provision.*$) {
rewrite ^(.*) https://$host$1 permanent;
break;
}
#REST api
if ($uri ~* ^.*/api/.*$) {
rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
break;
}
#algo
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
#mitel
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
#grandstream
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
#aastra
rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
#yealink common
rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
#yealink mac
rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
#polycom
rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
#cisco
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
#Escene
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 80M;
client_body_buffer_size 128k;
location / {
root /var/www/fusionpbx;
index index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Disable viewing .htaccess & .htpassword & .db
location ~ .htaccess {
deny all;
}
location ~ .htpassword {
deny all;
}
location ~^.+.(db)$ {
deny all;
}
}
server {
listen 443;
server_name fusionpbx;
ssl on;
ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!ADH:!MD5:!aNULL;
#REST api
if ($uri ~* ^.*/api/.*$) {
rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
break;
}
#algo
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
#mitel
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
#grandstriam
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
#aastra
rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
#yealink common
rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
#yealink mac
rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
#polycom
rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
#cisco
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
#Escene
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 80M;
client_body_buffer_size 128k;
location / {
root /var/www/fusionpbx;
index index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Disable viewing .htaccess & .htpassword & .db
location ~ .htaccess {
deny all;
}
location ~ .htpassword {
deny all;
}
location ~^.+.(db)$ {
deny all;
}
}

42
centos/resources/php.sh Normal file
View File

@ -0,0 +1,42 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
. ./colors.sh
. ./arguments.sh
verbose "Configuring php/nginx/php-fpm and permissions"
TIMEZ=$(timedatectl | grep 'Time zone' | awk '{ print $3 }')
sed -i 's/user nginx/user freeswitch daemon/g' /etc/nginx/nginx.conf
chown -Rf freeswitch:daemon /var/lib/nginx
sed -ie "s#;date.timezone =#date.timezone = $TIMEZ#g" /etc/php.ini
sed -ie 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php.ini
sed -ie "s|listen = 127.0.0.1:9000|listen = /var/run/php-fpm/php-fpm.sock|g" /etc/php-fpm.d/www.conf
sed -ie 's/;listen.owner = nobody/listen.owner = nobody/g' /etc/php-fpm.d/www.conf
sed -ie 's/;listen.group = nobody/listen.group = nobody/g' /etc/php-fpm.d/www.conf
sed -ie 's/user = apache/user = freeswitch/g' /etc/php-fpm.d/www.conf
sed -ie 's/group = apache/group = daemon/g' /etc/php-fpm.d/www.conf
mkdir -p /var/lib/php/session
chown -R freeswitch:daemon /var/lib/php/session
chmod -Rf 700 /var/lib/php/session
#update config if source is being used
#sed -ie 's/post_max_size = .*/post_max_size = 80M/g' /etc/php.ini
#sed -ie 's/upload_max_filesize = .*/upload_max_filesize = 80M/g' /etc/php.ini
chown -R freeswitch.daemon /etc/freeswitch /var/lib/freeswitch /var/log/freeswitch /usr/share/freeswitch /var/www/fusionpbx
find /etc/freeswitch -type d -exec chmod 770 {} \;
find /var/lib/freeswitch -type d -exec chmod 770 {} \;
find /var/log/freeswitch -type d -exec chmod 770 {} \;
find /usr/share/freeswitch -type d -exec chmod 770 {} \;
find /var/www/fusionpbx -type d -exec chmod 770 {} \;
find /etc/freeswitch -type f -exec chmod 664 {} \;
find /var/lib/freeswitch -type f -exec chmod 664 {} \;
find /var/log/freeswitch -type f -exec chmod 664 {} \;
find /usr/share/freeswitch -type f -exec chmod 664 {} \;
find /var/www/fusionpbx -type f -exec chmod 664 {} \;
verbose "php/nginx/php-fpm and permissions configured"

44
centos/resources/postgres.sh Normal file
View File

@ -0,0 +1,44 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
. ./colors.sh
. ./arguments.sh
#send a message
verbose "Installing PostgreSQL 9.4"
#generate a random password
password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64)
#included in the distribution
rpm -ivh --quiet http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/pgdg-centos94-9.4-3.noarch.rpm
yum -y update
yum -y install postgresql94-server postgresql94-contrib postgresql94
verbose "Initalize PostgreSQL database"
/usr/pgsql-9.4/bin/postgresql94-setup initdb
sed -i 's/\(host *all *all *127.0.0.1\/32 *\)ident/\1md5/' /var/lib/pgsql/9.4/data/pg_hba.conf
sed -i 's/\(host *all *all *::1\/128 *\)ident/\1md5/' /var/lib/pgsql/9.4/data/pg_hba.conf
#systemd
systemctl daemon-reload
systemctl restart postgresql-9.4
#move to /tmp to prevent a red herring error when running sudo with psql
cwd=$(pwd)
cd /tmp
#add the databases, users and grant permissions to them
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE DATABASE fusionpbx";
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE DATABASE freeswitch";
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
#ALTER USER fusionpbx WITH PASSWORD 'newpassword';
cd $cwd
verbose "PostgreSQL 9.4 installed"

22
centos/resources/sslcert.sh Normal file
View File

@ -0,0 +1,22 @@
# no default SSL in centos, generate a tmp certificate
# ssl_certificate /etc/ssl/certs/nginx.crt;
# ssl_certificate_key /etc/ssl/private/nginx.key;
DOMAIN=$(hostname)
SSL_DIR="/etc/ssl"
SUBJ="
C=US
ST=Idaho
O=FusionPBX
localityName=Boise
commonName=$DOMAIN
organizationUnitName=
emailAddress=
"
mkdir -p $SSL_DIR/private && mkdir -p $SSL_DIR/certs
chmod 700 $SSL_DIR/private
openssl req -x509 -nodes -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -days 365 -newkey rsa:2048 -keyout "$SSL_DIR/private/nginx.key" -out "$SSL_DIR/certs/nginx.crt"

3
centos/resources/switch/conf-copy.sh Normal file
View File

@ -0,0 +1,3 @@
mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch

6
centos/resources/switch/package-permissions.sh Normal file
View File

@ -0,0 +1,6 @@
#default permissions
chown -R freeswitch:daemon /etc/freeswitch
chown -R freeswitch:daemon /var/lib/freeswitch
chown -R freeswitch:daemon /usr/share/freeswitch
chown -R freeswitch:daemon /var/log/freeswitch
chown -R freeswitch:daemon /var/run/freeswitch

24
centos/resources/switch/package-release.sh Normal file
View File

@ -0,0 +1,24 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
. ../colors.sh
. ../arguments.sh
verbose "Installing FreeSWITCH"
yum -y install memcached curl gdb
yum install -y http://files.freeswitch.org/freeswitch-release-1-6.noarch.rpm
yum install -y freeswitch-config-vanilla freeswitch-lang-* freeswitch-sounds-* freeswitch-lua freeswitch-xml-cdr
##remove the music package to protect music on hold from package updates
mkdir -p /usr/share/freeswitch/sounds/temp
mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
yum -y remove freeswitch-sounds-music
mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
rm -R /usr/share/freeswitch/sounds/temp
verbose "FreeSWITCH installed"

3
centos/resources/switch/package-systemd.sh Normal file
View File

@ -0,0 +1,3 @@
rm -f /lib/systemd/system/freeswitch.service
cp "$(dirname $0)/source/freeswitch.service.package" /lib/systemd/system/freeswitch.service
cp "$(dirname $0)/source/etc.default.freeswitch" /etc/sysconfig/freeswitch

4
centos/resources/switch/source/etc.default.freeswitch Normal file
View File

@ -0,0 +1,4 @@
# /etc/default/freeswitch
FS_USER="freeswitch"
FS_GROUP="daemon"
DAEMON_OPTS="-nonat -ncwait -u freeswitch -g daemon -run /var/run/freeswitch"

55
centos/resources/switch/source/freeswitch.service.package Normal file
View File

@ -0,0 +1,55 @@
;;;;; Author: Travis Cross <tc@traviscross.com>
[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target postgresql.service
[Service]
; service
Type=forking
PIDFile=/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStartPre=/bin/mkdir -p /var/run/freeswitch/
ExecStartPre=/bin/chown -R freeswitch:daemon /var/run/freeswitch/
ExecStart=/usr/bin/freeswitch -u freeswitch -g daemon -ncwait $DAEMON_OPTS
TimeoutSec=45s
Restart=always
; exec
User=root
Group=daemon
LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
LimitRTPRIO=infinity
LimitRTTIME=7000000
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUSchedulingPolicy=rr
CPUSchedulingPriority=89
UMask=0007
; alternatives which you can enforce by placing a unit drop-in into
; /etc/systemd/system/freeswitch.service.d/*.conf:
;
; User=freeswitch
; Group=freeswitch
; ExecStart=
; ExecStart=/usr/bin/freeswitch -ncwait -nonat -rp
;
; empty ExecStart is required to flush the list.
;
; if your filesystem supports extended attributes, execute
; setcap 'cap_net_bind_service,cap_sys_nice=+ep' /usr/bin/freeswitch
; this will also allow socket binding on low ports
;
; otherwise, remove the -rp option from ExecStart and
; add these lines to give real-time priority to the process:
;
; PermissionsStartOnly=true
; ExecStartPost=/bin/chrt -f -p 1 $MAINPID
;
; execute "systemctl daemon-reload" after editing the unit files.
[Install]
WantedBy=multi-user.target

55
centos/resources/switch/source/freeswitch.service.source Normal file
View File

@ -0,0 +1,55 @@
;;;;; Author: Travis Cross <tc@traviscross.com>
[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target postgresql.service haveged.service
[Service]
; service
Type=forking
PIDFile=/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/usr/local/freeswitch/bin/freeswitch -u www-data -g www-data -ncwait $DAEMON_OPTS
;ExecStart=/usr/local/freeswitch/bin/freeswitch -u freeswitch -g freeswitch -ncwait $DAEMON_OPTS
TimeoutSec=45s
Restart=always
; exec
User=root
Group=daemon
LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
LimitSTACK=240K
LimitRTPRIO=infinity
LimitRTTIME=7000000
IOSchedulingClass=realtime
IOSchedulingPriority=2
CPUSchedulingPolicy=rr
CPUSchedulingPriority=89
UMask=0007
; alternatives which you can enforce by placing a unit drop-in into
; /etc/systemd/system/freeswitch.service.d/*.conf:
;
; User=freeswitch
; Group=freeswitch
; ExecStart=
; ExecStart=/usr/bin/freeswitch -ncwait -nonat -rp
;
; empty ExecStart is required to flush the list.
;
; if your filesystem supports extended attributes, execute
; setcap 'cap_net_bind_service,cap_sys_nice=+ep' /usr/bin/freeswitch
; this will also allow socket binding on low ports
;
; otherwise, remove the -rp option from ExecStart and
; add these lines to give real-time priority to the process:
;
; PermissionsStartOnly=true
; ExecStartPost=/bin/chrt -f -p 1 $MAINPID
;
; execute "systemctl daemon-reload" after editing the unit files.
[Install]
WantedBy=multi-user.target

47
debian/install.sh vendored
View File

@ -6,41 +6,41 @@ cd "$(dirname "$0")"
. ./resources/colors.sh
. ./resources/arguments.sh
if [ $CPU_CHECK = true ] && [ $USE_SWITCH_SOURCE = false ]; then
if [ .$CPU_CHECK = .true ] && [ .$USE_SWITCH_SOURCE = .false ]; then
#check what the CPU and OS are
OS_test=$(uname -m)
CPU_arch='unknown'
OS_bits='unknown'
CPU_bits='unknown'
if [ $OS_test = 'armv7l' ]; then
if [ .$OS_test = .'armv7l' ]; then
OS_bits='32'
CPU_bits='32'
# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
CPU_arch='arm'
elif [ $OS_test = 'armv8l' ]; then
elif [ .$OS_test = .'armv8l' ]; then
# We currently have no test case for armv8l
OS_bits='unknown'
CPU_bits='64'
CPU_arch='arm'
elif [ $OS_test = 'i386' ]; then
elif [ .$OS_test = .'i386' ]; then
OS_bits='32'
if [ "$(grep -o -w 'lm' /proc/cpuinfo)" = 'lm' ]; then
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
CPU_bits='64'
else
CPU_bits='32'
fi
CPU_arch='x86'
elif [ $OS_test = 'i686' ]; then
elif [ .$OS_test = .'i686' ]; then
OS_bits='32'
if [ $(grep -o -w 'lm' /proc/cpuinfo) = 'lm' ]; then
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
CPU_bits='64'
else
CPU_bits='32'
fi
CPU_arch='x86'
elif [ $OS_test = 'x86_64' ]; then
elif [ .$OS_test = .'x86_64' ]; then
OS_bits='64'
if [ $(grep -o -w 'lm' /proc/cpuinfo) = 'lm' ]; then
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
CPU_bits='64'
else
CPU_bits='32'
@ -48,11 +48,11 @@ if [ $CPU_CHECK = true ] && [ $USE_SWITCH_SOURCE = false ]; then
CPU_arch='x86'
fi
if [ $CPU_arch = 'arm' ]; then
if [ $OS_bits = '32' ]; then
if [ .$CPU_arch = .'arm' ]; then
if [ .$OS_bits = .'32' ]; then
export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=true
verbose "Correct CPU/OS detected, using unofficial arm repo"
elif [ $OS_bits = '64' ]; then
elif [ .$OS_bits = .'64' ]; then
error "You are using a 64bit arm OS this is unsupported"
warning " please rerun with --use-switch-source"
exit 3
@ -61,15 +61,15 @@ if [ $CPU_CHECK = true ] && [ $USE_SWITCH_SOURCE = false ]; then
warning " please rerun with --use-switch-source"
exit 3
fi
elif [ $CPU_arch = 'x86' ]; then
if [ $OS_bits = '32' ]; then
elif [ .$CPU_arch = .'x86' ]; then
if [ .$OS_bits = .'32' ]; then
error "You are using a 32bit OS this is unsupported"
if [ $CPU_bits = '64' ]; then
if [ .$CPU_bits = .'64' ]; then
warning " Your CPU is 64bit you should consider reinstalling with a 64bit OS"
fi
warning " please rerun with --use-switch-source"
exit 3
elif [ $OS_bits = '64' ]; then
elif [ .$OS_bits = .'64' ]; then
verbose "Correct CPU/OS detected"
else
error "Unknown OS_bits $OS_bits this is unsupported"
@ -88,6 +88,9 @@ sed -i '/cdrom:/d' /etc/apt/sources.list
verbose "Update Debian"
apt-get upgrade && apt-get update -y --force-yes
#Add dependencies
apt-get install -y lsb-release
#IPTables
resources/iptables.sh
@ -104,8 +107,8 @@ resources/php.sh
resources/fail2ban.sh
#FreeSWITCH
if [ $USE_SWITCH_SOURCE = true ]; then
if [ $USE_SWITCH_MASTER = true ]; then
if [ .$USE_SWITCH_SOURCE = .true ]; then
if [ .$USE_SWITCH_MASTER = .true ]; then
resources/switch/source-master.sh
else
resources/switch/source-release.sh
@ -121,14 +124,14 @@ if [ $USE_SWITCH_SOURCE = true ]; then
resources/switch/source-systemd.sh
else
if [ $USE_SWITCH_MASTER = true ]; then
if [ $USE_SWITCH_PACKAGE_ALL = true ]; then
if [ .$USE_SWITCH_MASTER = .true ]; then
if [ .$USE_SWITCH_PACKAGE_ALL = .true ]; then
resources/switch/package-master-all.sh
else
resources/switch/package-master.sh
fi
else
if [ $USE_SWITCH_PACKAGE_ALL = true ]; then
if [ .$USE_SWITCH_PACKAGE_ALL = .true ]; then
resources/switch/package-all.sh
else
resources/switch/package-release.sh
@ -154,7 +157,7 @@ server_address=$(hostname -I)
#restart services
systemctl daemon-reload
systemctl restart php5-fpm
systemctl restart php7.0-fpm
systemctl restart nginx
systemctl restart fail2ban

2
debian/resources/arguments.sh vendored
View File

@ -31,7 +31,7 @@ if [ -z "$CPU_CHECK" ]; then
esac
done
if [ $HELP = true ]; then
if [ .$HELP = .true ]; then
warning "Debian installer script"
warning " --use-switch-source will use freeswitch from source rather than ${green}(default:packages)"
warning " --use-switch-package-all if using packages use the meta-all package"

2
debian/resources/fail2ban.sh vendored
View File

@ -23,7 +23,7 @@ cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
cp fail2ban/jail.local /etc/fail2ban/jail.local
#update config if source is being used
if [ $USE_FREESWITCH_SOURCE = true ]; then
if [ .$USE_FREESWITCH_SOURCE = .true ]; then
sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
fi

2
debian/resources/fusionpbx.sh vendored
View File

@ -13,7 +13,7 @@ verbose "Installing FusionPBX"
apt-get install -y --force-yes vim git dbus haveged ssl-cert
apt-get install -y --force-yes ghostscript libtiff5-dev libtiff-tools
if [ $USE_SYSTEM_MASTER = true ]; then
if [ .$USE_SYSTEM_MASTER = .true ]; then
verbose "Using master"
BRANCH=""
else

23
debian/resources/nginx.sh vendored
View File

@ -9,8 +9,29 @@ cd "$(dirname "$0")"
#send a message
verbose "Installing the web server"
arch=$(uname -m)
real_os=$(lsb_release -is)
codename=$(lsb_release -cs)
if [ $real_os = 'Ubuntu' ]; then
#16.10.x - */yakkety/
#16.04.x - */xenial/
#14.04.x - */trusty/
if [ $codename = 'trusty' ]; then
LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
fi
else
#9.x - */stretch/
#8.x - */jessie/
if [ $codename = 'jessie' ]; then
echo "deb http://packages.dotdeb.org $codename all" > /etc/apt/sources.list.d/dotdeb.list
echo "deb-src http://packages.dotdeb.org $codename all" >> /etc/apt/sources.list.d/dotdeb.list
wget -O - https://www.dotdeb.org/dotdeb.gpg | apt-key add -
fi
fi
apt-get update
#install dependencies
apt-get install -y --force-yes nginx php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-mcrypt
apt-get install -y nginx php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-mcrypt php7.0-xml
#enable fusionpbx nginx config
cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx

6
debian/resources/nginx/fusionpbx vendored
View File

@ -14,7 +14,7 @@ server{
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
@ -95,7 +95,7 @@ server {
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
@ -181,7 +181,7 @@ server {
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;

10
debian/resources/php.sh vendored
View File

@ -10,12 +10,12 @@ cd "$(dirname "$0")"
verbose "Configuring PHP"
#update config if source is being used
sed 's#post_max_size = .*#post_max_size = 80M#g' -i /etc/php5/fpm/php.ini
sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i /etc/php5/fpm/php.ini
sed 's#post_max_size = .*#post_max_size = 80M#g' -i /etc/php/7.0/fpm/php.ini
sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i /etc/php/7.0/fpm/php.ini
#restart php5-fpm
#restart php-fpm
#systemd
/bin/systemctl restart php5-fpm
/bin/systemctl restart php7.0-fpm
#init.d
#/usr/sbin/service php5-fpm restart
#/usr/sbin/service php7.0-fpm restart

2
debian/resources/postgres.sh vendored
View File

@ -13,7 +13,7 @@ echo "Install PostgreSQL and create the database and users\n"
#apt-get install -y --force-yes sudo postgresql
#postgres official repository
echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' >> /etc/apt/sources.list.d/pgdg.list
echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' > /etc/apt/sources.list.d/pgdg.list
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
apt-get update && apt-get upgrade -y
apt-get install -y --force-yes sudo postgresql

2
debian/resources/reboot_phones.sh vendored
View File

@ -24,7 +24,7 @@ INPUT=$FILE
#Loop through the registrations and reboot
[ ! -f $INPUT ] &while read reg_user realm extra
do
if [ "$realm" = "$domain" ]; then
if [ ."$realm" = ."$domain" ]; then
eval 'fs_cli -x "luarun app.lua event_notify internal reboot $reg_user@$realm $vendor"'
if [ "$pausetime" > 0 ]; then
sleep $pausetime

2
debian/resources/switch/source-permissions.sh vendored
View File

@ -1,4 +1,6 @@
#setup owner and group, permissions and sticky
chown -R www-data:www-data /usr/local/freeswitch
chmod -R ug+rw /usr/local/freeswitch
touch /var/log/freeswitch/freeswitch.log
chown -R www-data:www-data /var/log/freeswitch
find /usr/local/freeswitch -type d -exec chmod 2770 {} \;

68
install.sh
View File

@ -47,6 +47,7 @@ chmod +x $0
os_check=$(lsb_release -is)
real_os=$os_check
check_major_release=$(lsb_release -rs | cut -d. -f1)
check_codename=$(lsb_release -cs)
os_unsupported () {
echo " Your Operating System appears to be: "
@ -55,33 +56,62 @@ os_unsupported () {
exit 2;
}
if [ $os_check = 'Raspbian' ]; then
os_debian_common () {
verbose "Removing the CD image from /etc/apt/sources.list"
sed -i '/cdrom:/d' /etc/apt/sources.list
verbose "Updating system before starting."
apt-get update && apt-get -y upgrade
verbose "Installing Git"
apt-get install -y git
}
os_fetch_installer () {
if [ ! -d /usr/src ]; then
mkdir -vp /usr/src
fi
cd /usr/src
verbose "Fetching Installer"
if [ -d /usr/src/fusionpbx-install.sh ]; then
cd /usr/src/fusionpbx-install.sh
git pull
else
git clone https://github.com/fusionpbx/fusionpbx-install.sh
fi
}
if [ .$os_check = .'Raspbian' ]; then
echo "${yellow}Detected Raspbian, using Debian for compatibility${normal}"
os_check="Debian"
fi
if [ $os_check = 'Debian' ]; then
if [ $check_major_release -ge 8 ]; then
verbose "Removing the CD image from /etc/apt/sources.list"
sed -i '/cdrom:/d' /etc/apt/sources.list
verbose "Updating system before starting."
apt-get update && apt-get -y upgrade
verbose "Installing Git"
apt-get install -y git
cd /usr/src
verbose "Fetching Installer"
if [ -d /usr/src/fusionpbx-install.sh ]; then
cd /usr/src/fusionpbx-install.sh
git pull
if [ .$os_check = .'Ubuntu' ]; then
echo "${yellow}Detected Ubuntu, using Debian for compatibility${normal}"
os_check="Debian"
fi
if [ .$os_check = .'Debian' ]; then
if [ .$real_os = .'Debian' ]; then
echo "${yellow}Detected Debian${normal}"
if [ $check_major_release -ge 8 ]; then
os_debian_continue='true'
else
git clone https://github.com/fusionpbx/fusionpbx-install.sh
os_debian_continue='false'
error "Although you are running $real_os we require version >= 8"
os_unsupported
fi
fi
if [ .$real_os = .'Ubuntu' ]; then
if [ $check_major_release -ge 14 ]; then
os_debian_continue='true'
else
os_debian_continue='false'
error "Although you are running $real_os we require version >= 14"
os_unsupported
fi
fi
if [ .$os_debian_continue = .'true' ]; then
os_debian_common
os_fetch_installer
cd /usr/src/fusionpbx-install.sh/debian
./install.sh $@
else
error "Although you are running $real_os we require version >= 8"
os_unsupported
fi
else
os_unsupported
fi