CentOS 7 Installer (#71)

centos/install.sh

@@ -0,0 +1,126 @@
+#!/bin/sh
+
+# CentOS 7 install, no arm arch support
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+. ./resources/colors.sh
+. ./resources/arguments.sh
+
+if [ $CPU_CHECK = true ] && [ $USE_SWITCH_SOURCE = false ]; then
+	#check what the CPU and OS are
+	OS_test=$(uname -m)
+	CPU_arch='unknown'
+	OS_bits='unknown'
+	CPU_bits='unknown'
+	if [ $OS_test = 'armv7l' ]; then
+		OS_bits='32'
+		CPU_bits='32'
+		# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
+		CPU_arch='arm'
+	elif [ $OS_test = 'armv8l' ]; then
+		# We currently have no test case for armv8l
+		OS_bits='unknown'
+		CPU_bits='64'
+		CPU_arch='arm'
+	elif [ $OS_test = 'i386' ]; then
+		OS_bits='32'
+	if [ "$(grep -o -w 'lm' /proc/cpuinfo)" = 'lm' ]; then
+			CPU_bits='64'
+		else
+			CPU_bits='32'
+		fi
+		CPU_arch='x86'
+	elif [ $OS_test = 'i686' ]; then
+		OS_bits='32'
+		if [ "$(grep -o -w 'lm' /proc/cpuinfo)" = 'lm' ]; then
+			CPU_bits='64'
+		else
+			CPU_bits='32'
+		fi
+		CPU_arch='x86'
+	elif [ $OS_test = 'x86_64' ]; then
+		OS_bits='64'
+		if [ "$(grep -o -w 'lm' /proc/cpuinfo)" = 'lm' ]; then
+			CPU_bits='64'
+		else
+			CPU_bits='32'
+		fi
+		CPU_arch='x86'
+	fi
+	
+	if [ $CPU_arch = 'arm' ]; then
+			error "CentOS on arm is not supported at this time"
+			exit 3
+	elif [ $CPU_arch = 'x86' ]; then
+		if [ $OS_bits = '32' ]; then
+			error "You are using a 32bit OS this is unsupported"
+			if [ $CPU_bits = '64' ]; then
+				warning " Your CPU is 64bit you should consider reinstalling with a 64bit OS"
+			fi
+			exit 3
+		elif [ $OS_bits = '64' ]; then
+			verbose "Correct CPU/OS detected"
+		else
+			error "Unknown OS_bits $OS_bits this is unsupported"
+			exit 3
+		fi
+	else
+		error "You are using a unsupported architecture $CPU_arch"
+	fi
+fi
+
+# Update CentOS 
+verbose "Updating CentOS"
+yum -y update && yum -y upgrade
+
+# Installing basics packages
+yum -y install ntp htop epel-release vim openssl
+
+# Disable SELinux
+verbose "Disabling SELinux"
+warning "Reboot required after installation completes"
+setenforce 0
+sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config
+verbose "SELinux disabled"
+
+#FreeSWITCH
+resources/switch/package-release.sh
+
+#FusionPBX
+resources/fusionpbx.sh
+
+#Postgres
+resources/postgres.sh
+
+#NGINX web server
+resources/sslcert.sh
+resources/nginx.sh
+
+#PHP/PHP-FPM
+resources/php.sh
+
+#IPTables
+resources/firewalld.sh
+
+# FusionPBX to FreeSWITCH configs
+verbose "Configuring freeswitch"
+resources/switch/conf-copy.sh
+resources/switch/package-permissions.sh
+resources/switch/package-systemd.sh
+verbose "freeswitch configured"
+
+#Fail2ban
+resources/fail2ban.sh
+
+#restart services
+verbose "Restarting packages for final configuration"
+systemctl daemon-reload
+systemctl restart freeswitch
+systemctl restart php-fpm
+systemctl restart nginx
+systemctl restart fail2ban
+verbose "Restart of service complete"
+
+#add the database schema, user and groups
+resources/finish.sh

centos/resources/arguments.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+#Process command line options only if we haven't been processed once
+if [ -z "$CPU_CHECK" ]; then
+	export script_name=`basename "$0"`
+	ARGS=$(getopt -n '$script_name' -o h -l help,use-switch-source,use-switch-package-all,use-switch-master,use-switch-package-unofficial-arm,use-system-master,no-cpu-check -- "$@")
+	
+	if [ $? -ne 0 ]; then
+		error "Failed parsing options."
+		exit 1
+	fi
+	
+	export USE_SWITCH_SOURCE=false
+	export USE_SWITCH_PACKAGE_ALL=false
+	export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=false
+	export USE_SWITCH_MASTER=false
+	export USE_SYSTEM_MASTER=false
+	export CPU_CHECK=true
+	HELP=false
+	
+	while true; do
+	  case "$1" in
+		--use-switch-source ) export USE_SWITCH_SOURCE=true; shift ;;
+		--use-switch-package-all ) export USE_SWITCH_PACKAGE_ALL=true; shift ;;
+		--use-switch-master ) export USE_SWITCH_MASTER=true; shift ;;
+		--use-system-master ) export USE_SYSTEM_MASTER=true; shift ;;
+		--no-cpu-check ) export CPU_CHECK=false; shift ;;
+		-h | --help ) HELP=true; shift ;;
+		-- ) shift; break ;;
+		* ) break ;;
+	  esac
+	done
+	
+	if [ $HELP = true ]; then
+		warning "Debian installer script"
+		warning "	--use-switch-source will use freeswitch from source rather than ${green}(default:packages)"
+		warning "	--use-switch-package-all if using packages use the meta-all package"
+		warning "	--use-switch-package-unofficial-arm if your system is arm and you are using packages, use the unofficial arm repo"
+		warning "	--use-switch-master will use master branch/packages for the switch instead of ${green}(default:stable)"
+		warning "	--use-system-master will use master branch/packages for the system instead of ${green}(default:stable)"
+		warning "	--no-cpu-check disable the cpu check ${green}(default:check)"
+		exit;
+	fi
+fi

centos/resources/backup/fusionpbx-backup.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+export PGPASSWORD="zzz"
+db_host=127.0.0.1
+db_port=5432
+
+now=$(date +%Y-%m-%d)
+mkdir -p /var/backups/fusionpbx/postgresql
+
+echo "Backup Started"
+
+#delete postgres backups
+find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;
+
+#delete the main backup
+find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm {} \;
+
+#backup the database
+pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
+
+#package
+tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch
+
+#source
+#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf
+
+echo "Backup Completed"

centos/resources/colors.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+verbose () {
+	echo "${green}$1${normal}"
+}
+error () {
+	echo "${red}$1${normal}"
+	}
+warning () {
+	echo "${yellow}$1${normal}"
+}
+
+# check for color support
+if test -t 1; then
+
+    # see if it supports colors...
+    ncolors=$(tput colors)
+
+    if test -n "$ncolors" && test $ncolors -ge 8; then
+        normal="$(tput sgr0)"
+        red="$(tput setaf 1)"
+        green="$(tput setaf 2)"
+        yellow="$(tput setaf 3)"
+    fi
+fi

centos/resources/fail2ban.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+. ./colors.sh
+. ./arguments.sh
+
+verbose "Installing Fail2ban"
+#initialize variable encase we are called directly
+#[ -z $USE_FREESWITCH_SOURCE ] && USE_FREESWITCH_SOURCE=false
+
+#add the dependencies
+yum -y install fail2ban
+
+#move the filters
+cp ./fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf
+cp ./fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
+cp ./fail2ban/freeswitch-404.conf /etc/fail2ban/filter.d/freeswitch-404.conf
+cp ./fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
+cp ./fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
+cp ./fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
+cp ./fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
+cp ./fail2ban/jail.local /etc/fail2ban/jail.local
+
+#update config if source is being used
+#if [ $USE_FREESWITCH_SOURCE = true ]; then
+#       sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
+#fi
+
+systemctl restart fail2ban
+
+verbose "Fail2ban installed"

centos/resources/fail2ban/freeswitch-404.conf

@@ -0,0 +1,27 @@
+# Fail2Ban configuration file
+# inbound route - 404 not found
+
+
+[Definition]
+
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
+#[hostname] variable doesn't seem to work in every case. Do this instead:
+failregex = 404 not found <HOST>
+
+
+#EXECUTE sofia/external/8888888888888@example.fusionpbx.com log([inbound routes] 404 not found 82.68.115.62)
+
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

centos/resources/fail2ban/freeswitch-dos.conf

@@ -0,0 +1,21 @@
+# Fail2Ban configuration file
+#
+# Author: soapee01
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

centos/resources/fail2ban/freeswitch-ip.conf

@@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#2014-12-01 00:47:54.331821 [WARNING] sofia_reg.c:2752 Can't find user [1000@xxx.xxx.xxx.xxx] from 62.210.151.162
+failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

centos/resources/fail2ban/freeswitch.conf

@@ -0,0 +1,18 @@
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
+

centos/resources/fail2ban/fusionpbx.conf

@@ -0,0 +1,25 @@
+# Fail2Ban configuration file
+#
+# Author: soapee01
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
+#[hostname] variable doesn't seem to work in every case. Do this instead:
+failregex = .* FusionPBX: \[<HOST>\] authentication failed for
+          = .* FusionPBX: \[<HOST>\] provision attempt bad password for
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
+

centos/resources/fail2ban/jail.local

@@ -0,0 +1,113 @@
+[freeswitch-udp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
+maxretry = 5
+findtime = 600
+bantime  = 600
+#          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
+
+[freeswitch-tcp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
+maxretry = 5
+findtime = 600
+bantime  = 600
+#          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
+
+#[freeswitch-ip-tcp]
+#enabled  = true
+#port     = 5060,5061,5080,5081
+#protocol = all
+#filter   = freeswitch-ip
+#logpath  = /var/log/freeswitch/freeswitch.log
+#action   = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp]
+#maxretry = 1
+#findtime = 30
+#bantime  = 86400
+
+#[freeswitch-ip-udp]
+#enabled  = true
+#port     = 5060,5061,5080,5081
+#protocol = all
+#filter   = freeswitch-ip
+#logpath  = /var/log/freeswitch/freeswitch.log
+#action   = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp]
+#maxretry = 1
+#findtime = 30
+#bantime  = 86400
+
+[freeswitch-dos-udp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch-dos
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-dos-udp, port="5060,5061,5080,5081", protocol=udp]
+maxretry = 50
+findtime = 30
+bantime  = 6000
+
+[freeswitch-dos-tcp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch-dos
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-dos-tcp, port="5060,5061,5080,5081", protocol=tcp]
+maxretry = 50
+findtime = 30
+bantime  = 6000
+
+[freeswitch-404]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch-404
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-allports[name=freeswitch-404, protocol=all]
+maxretry = 3
+findtime = 300
+bantime  = 86400
+
+#[fusionpbx]
+#enabled  = true
+#port     = 80,443
+#protocol = tcp
+#filter   = fusionpbx
+#logpath  = /var/log/auth.log
+#action   = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp]
+#          sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
+#maxretry = 10
+#findtime = 600
+#bantime  = 600
+
+[nginx-404]
+enabled  = true
+port     = 80,443
+protocol = tcp
+filter   = nginx-404
+logpath  = /var/log/nginx/access*.log
+bantime  = 600
+findtime = 60
+maxretry = 120
+
+[nginx-dos]
+# Based on apache-badbots but a simple IP check (any IP requesting more than
+# 240 pages in 60 seconds, or 4p/s average, is suspicious)
+# Block for two full days.
+enabled  = true
+port     = 80,443
+protocol = tcp
+filter   = nginx-dos
+logpath  = /var/log/nginx/access*.log
+findtime = 60
+bantime  = 172800
+maxretry = 240

centos/resources/fail2ban/nginx-404.conf

@@ -0,0 +1,5 @@
+# Fail2Ban configuration file
+#
+[Definition]
+failregex = <HOST> - - \[.*\] "(GET|POST).*HTTP[^ ]* 404
+ignoreregex =

centos/resources/fail2ban/nginx-dos.conf

@@ -0,0 +1,14 @@
+# Fail2Ban configuration file
+ 
+[Definition]
+# Option: failregex
+# Notes.: Regexp to catch a generic call from an IP address.
+# Values: TEXT
+#
+failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"$
+ 
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =

centos/resources/finish.sh

@@ -0,0 +1,112 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ./colors.sh
+. ./arguments.sh
+
+#database details
+database_host=127.0.0.1
+database_port=5432
+database_username=fusionpbx
+database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
+
+#allow the script to use the new password
+export PGPASSWORD=$database_password
+
+#update the database password
+sudo -u postgres /usr/pgsql-9.4/bin/psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
+sudo -u postgres /usr/pgsql-9.4/bin/psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
+
+#add the config.php
+mkdir -p /etc/fusionpbx
+chown -R freeswitch:daemon /etc/fusionpbx
+cp fusionpbx/config.php /etc/fusionpbx
+sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:'
+sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:"
+
+#add the database schema
+cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1
+
+#get the server hostname
+#domain_name=$(hostname -f)
+
+#get the ip address
+domain_name=$(hostname -I | cut -d ' ' -f1)
+
+#get a domain_uuid
+domain_uuid=$(php /var/www/fusionpbx/resources/uuid.php);
+
+#add the domain name
+psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');"
+
+#app defaults
+cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
+
+#add the user
+user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
+user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
+user_name=admin
+user_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
+password_hash=$(php -r "echo md5('$user_salt$user_password');");
+psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');"
+
+#get the superadmin group_uuid
+group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -t -c "select group_uuid from v_groups where group_name = 'superadmin';");
+group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')
+
+#add the user to the group
+group_user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
+group_name=superadmin
+psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_group_users (group_user_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$group_user_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
+
+#update xml_cdr url, user and password
+xml_cdr_username=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
+xml_cdr_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
+sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:"
+sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:127.0.0.1:"
+sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::"
+sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:"
+sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:"
+
+#app defaults
+cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
+
+systemctl daemon-reload
+systemctl mask wpa_supplicant.service
+systemctl stop wpa_supplicant.service
+systemctl enable fail2ban
+systemctl enable ntpd
+systemctl enable php-fpm
+systemctl enable nginx
+systemctl enable freeswitch
+systemctl enable memcached
+systemctl enable postgresql-9.4
+
+#welcome message
+echo ""
+echo ""
+verbose "Installation has completed."
+error "Please note details below and reboot your system"
+echo ""
+echo "   Use a web browser to login."
+echo "      domain name: https://$domain_name"
+echo "      username: $user_name"
+echo "      password: $user_password"
+echo ""
+echo "   The domain name in the browser is used by default as part of the authentication."
+echo "   If you need to login to a different domain then use username@domain."
+echo "      username: $user_name@$domain_name";
+echo ""
+echo "   Additional information."
+echo "      https://fusionpbx.com/support.php"
+echo "      https://www.fusionpbx.com"
+echo "      http://docs.fusionpbx.com"
+warning "*------------------------------------------*"
+warning "* NOTE: Please save the above information. *"
+warning "* REBOOT YOUR SERVER TO COMPLETE INSTALL.  *"
+warning "*------------------------------------------*"
+echo ""
+

centos/resources/firewalld.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+. ./colors.sh
+. ./arguments.sh
+
+verbose "Configuring FirewallD"
+#ssh should be on by default
+
+firewall-cmd --permanent --zone=public --add-service={http,https}
+firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/udp
+firewall-cmd --permanent --zone=public --add-port={5060,5061,5080,5081}/tcp
+firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
+
+firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm -j DROP
+firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp --dport 5060:5061 -m string --string "sipcli/" --algo bm -j DROP
+firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm -j DROP
+firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm -j DROP
+firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 5060:5061 -m string --string "sipcli/" --algo bm -j DROP
+firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm -j DROP
+firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm -j DROP
+firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp --dport 5080:5081 -m string --string "sipcli/" --algo bm -j DROP
+firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm -j DROP
+firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm -j DROP
+firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 5080:5081 -m string --string "sipcli/" --algo bm -j DROP
+firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm -j DROP
+firewall-cmd --add-service openvpn
+firewall-cmd --permanent --add-service openvpn
+firewall-cmd --reload
+
+verbose "FirewallD configured"

centos/resources/fusionpbx.sh

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+. ./colors.sh
+. ./arguments.sh
+
+verbose "Installing FusionPBX"
+
+yum -y install git
+yum -y install ghostscript libtiff-devel libtiff-tools
+
+IRONTEC="[irontec]
+name=Irontec RPMs repository
+baseurl=http://packages.irontec.com/centos/$releasever/$basearch/"
+echo "${IRONTEC}" > /etc/yum.repos.d/irontec.repo
+rpm --import http://packages.irontec.com/public.key
+yum -y install sngrep
+
+wget https://forensics.cert.org/cert-forensics-tools-release-el7.rpm
+rpm -Uvh cert-forensics-tools-release*rpm
+yum -y --enablerepo=forensics install lame
+
+if [ $USE_SYSTEM_MASTER = true ]; then
+	verbose "Using master"
+	BRANCH=""
+else
+	FUSION_MAJOR=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1)
+	FUSION_MINOR=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $FUSION_MAJOR.* | cut -d/ -f3 |  grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2)
+	FUSION_VERSION=$FUSION_MAJOR.$FUSION_MINOR
+	verbose "Using version $FUSION_VERSION"
+	BRANCH="-b $FUSION_VERSION"
+fi
+
+#get the source code
+git clone $BRANCH https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx
+
+verbose "FusionPBX Installed"

centos/resources/fusionpbx/config.php

@@ -0,0 +1,45 @@
+<?php
+/*
+	FusionPBX
+	Version: MPL 1.1
+
+	The contents of this file are subject to the Mozilla Public License Version
+	1.1 (the "License"); you may not use this file except in compliance with
+	the License. You may obtain a copy of the License at
+	http://www.mozilla.org/MPL/
+
+	Software distributed under the License is distributed on an "AS IS" basis,
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	for the specific language governing rights and limitations under the
+	License.
+
+	The Original Code is FusionPBX
+
+	The Initial Developer of the Original Code is
+	Mark J Crane <markjcrane@fusionpbx.com>
+	Portions created by the Initial Developer are Copyright (C) 2008-2016
+	the Initial Developer. All Rights Reserved.
+
+	Contributor(s):
+	Mark J Crane <markjcrane@fusionpbx.com>
+*/
+
+//set the database type
+	$db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection
+
+//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here.
+	//$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename
+	//$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable
+
+//pgsql: database connection information
+	$db_host = 'localhost'; //set the host only if the database is not local
+	$db_port = '5432';
+	$db_name = 'fusionpbx';
+	$db_username = '{database_username}';
+	$db_password = '{database_password}';
+
+//show errors
+	ini_set('display_errors', '1');
+	//error_reporting (E_ALL); // Report everything
+	error_reporting (E_ALL ^ E_NOTICE); // hide notices
+	//error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings

centos/resources/nginx.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+. ./colors.sh
+. ./arguments.sh
+
+verbose "Installing nginx"
+
+#install dependencies
+yum -y install nginx php-fpm php-gd php-pgsql php-odbc php-curl php-imap php-mcrypt php-opcache php-common php-pdo php-soap php-xml php-xmlrpc php-cli
+
+#setup nginx
+mkdir -p /etc/nginx/sites-available
+mkdir -p /etc/nginx/sites-enabled
+
+#enable fusionpbx nginx config
+cp ./nginx/fusionpbx /etc/nginx/sites-available/fusionpbx.conf
+ln -s /etc/nginx/sites-available/fusionpbx.conf /etc/nginx/sites-enabled/fusionpbx.conf
+
+awk '/server *{/ {c=1 ; next} c && /{/{c++} c && /}/{c--;next} !c' /etc/nginx/nginx.conf > /etc/nginx/nginx.tmp && mv -f /etc/nginx/nginx.tmp /etc/nginx/nginx.conf && rm -f /etc/nginx/nginx.tmp
+sed -i '/include \/etc\/nginx\/conf\.d\/\*\.conf\;/a \    include \/etc\/nginx\/sites-enabled\/\*\.conf\;' /etc/nginx/nginx.conf
+
+verbose "nginx installed"

centos/resources/nginx/fusionpbx

@@ -0,0 +1,196 @@
+
+server{
+	listen 127.0.0.1:80;
+	server_name 127.0.0.1;
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	client_max_body_size 80M;
+	client_body_buffer_size 128k;
+
+	location / {
+		root /var/www/fusionpbx;
+		index index.php;
+	}
+
+	location ~ \.php$ {
+		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
+		#fastcgi_pass 127.0.0.1:9000;
+		fastcgi_index index.php;
+		include fastcgi_params;
+		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+	}
+
+	# Disable viewing .htaccess & .htpassword & .db
+	location ~ .htaccess {
+			deny all;
+	}
+	location ~ .htpassword {
+			deny all;
+	}
+	location ~^.+.(db)$ {
+			deny all;
+	}
+}
+
+server {
+	listen 80;
+	server_name fusionpbx;
+	if ($uri !~* ^.*provision.*$) {
+		rewrite ^(.*) https://$host$1 permanent;
+		break;
+	}
+
+	#REST api
+	if ($uri ~* ^.*/api/.*$) {
+		rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
+		break;
+	}
+
+        #algo
+        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
+
+	#mitel
+	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
+	rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
+
+	#grandstream
+	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
+
+	#aastra
+	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
+	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
+
+	#yealink common
+	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
+
+	#yealink mac
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
+
+	#polycom
+	rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
+	#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
+	rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
+
+	#cisco
+	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
+
+	#Escene
+	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
+	rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$"    "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	client_max_body_size 80M;
+	client_body_buffer_size 128k;
+
+	location / {
+		root /var/www/fusionpbx;
+		index index.php;
+	}
+
+	location ~ \.php$ {
+		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
+		#fastcgi_pass 127.0.0.1:9000;
+		fastcgi_index index.php;
+		include fastcgi_params;
+		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+	}
+
+	# Disable viewing .htaccess & .htpassword & .db
+	location ~ .htaccess {
+		deny all;
+	}
+	location ~ .htpassword {
+		deny all;
+	}
+	location ~^.+.(db)$ {
+		deny all;
+	}
+}
+
+server {
+	listen 443;
+	server_name fusionpbx;
+	ssl                     on;
+	ssl_certificate         /etc/ssl/certs/nginx.crt;
+	ssl_certificate_key     /etc/ssl/private/nginx.key;
+	ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
+	ssl_ciphers             HIGH:!ADH:!MD5:!aNULL;
+
+	#REST api
+	if ($uri ~* ^.*/api/.*$) {
+		rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
+		break;
+	}
+
+        #algo
+        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
+
+	#mitel
+	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
+	rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
+
+	#grandstriam
+	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
+
+	#aastra
+	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
+	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
+
+	#yealink common
+	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
+
+	#yealink mac
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
+
+	#polycom
+	rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
+	#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
+	rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
+
+	#cisco
+	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
+
+	#Escene
+	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
+	rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$"    "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	client_max_body_size 80M;
+	client_body_buffer_size 128k;
+
+	location / {
+		root /var/www/fusionpbx;
+		index index.php;
+	}
+
+	location ~ \.php$ {
+		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
+		#fastcgi_pass 127.0.0.1:9000;
+		fastcgi_index index.php;
+		include fastcgi_params;
+		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+	}
+
+	# Disable viewing .htaccess & .htpassword & .db
+	location ~ .htaccess {
+		deny all;
+	}
+	location ~ .htpassword {
+		deny all;
+	}
+	location ~^.+.(db)$ {
+		deny all;
+	}
+}

centos/resources/php.sh

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+. ./colors.sh
+. ./arguments.sh
+
+verbose "Configuring php/nginx/php-fpm and permissions"
+
+TIMEZ=$(timedatectl | grep 'Time zone' | awk '{ print $3 }')
+
+sed -i 's/user nginx/user freeswitch daemon/g' /etc/nginx/nginx.conf
+chown -Rf freeswitch:daemon /var/lib/nginx
+sed -ie "s#;date.timezone =#date.timezone = $TIMEZ#g" /etc/php.ini
+sed -ie 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php.ini
+sed -ie "s|listen = 127.0.0.1:9000|listen = /var/run/php-fpm/php-fpm.sock|g" /etc/php-fpm.d/www.conf
+sed -ie 's/;listen.owner = nobody/listen.owner = nobody/g' /etc/php-fpm.d/www.conf
+sed -ie 's/;listen.group = nobody/listen.group = nobody/g' /etc/php-fpm.d/www.conf
+sed -ie 's/user = apache/user = freeswitch/g' /etc/php-fpm.d/www.conf
+sed -ie 's/group = apache/group = daemon/g' /etc/php-fpm.d/www.conf
+mkdir -p /var/lib/php/session
+chown -R freeswitch:daemon /var/lib/php/session
+chmod -Rf 700 /var/lib/php/session
+
+#update config if source is being used
+#sed -ie 's/post_max_size = .*/post_max_size = 80M/g' /etc/php.ini
+#sed -ie 's/upload_max_filesize = .*/upload_max_filesize = 80M/g' /etc/php.ini
+
+chown -R freeswitch.daemon /etc/freeswitch /var/lib/freeswitch /var/log/freeswitch /usr/share/freeswitch /var/www/fusionpbx
+find /etc/freeswitch -type d -exec chmod 770 {} \;
+find /var/lib/freeswitch -type d -exec chmod 770 {} \;
+find /var/log/freeswitch -type d -exec chmod 770 {} \;
+find /usr/share/freeswitch -type d -exec chmod 770 {} \;
+find /var/www/fusionpbx -type d -exec chmod 770 {} \;
+find /etc/freeswitch -type f -exec chmod 664 {} \;
+find /var/lib/freeswitch -type f -exec chmod 664 {} \;
+find /var/log/freeswitch -type f -exec chmod 664 {} \;
+find /usr/share/freeswitch -type f -exec chmod 664 {} \;
+find /var/www/fusionpbx -type f -exec chmod 664 {} \;
+
+verbose "php/nginx/php-fpm and permissions configured"

centos/resources/postgres.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+. ./colors.sh
+. ./arguments.sh
+
+#send a message
+verbose "Installing PostgreSQL 9.4"
+
+#generate a random password
+password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64)
+
+#included in the distribution
+rpm -ivh --quiet http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/pgdg-centos94-9.4-3.noarch.rpm
+yum -y update
+yum -y install postgresql94-server postgresql94-contrib postgresql94
+
+verbose "Initalize PostgreSQL database"
+/usr/pgsql-9.4/bin/postgresql94-setup initdb
+
+sed -i 's/\(host  *all  *all  *127.0.0.1\/32  *\)ident/\1md5/' /var/lib/pgsql/9.4/data/pg_hba.conf
+sed -i 's/\(host  *all  *all  *::1\/128  *\)ident/\1md5/' /var/lib/pgsql/9.4/data/pg_hba.conf
+
+#systemd
+systemctl daemon-reload
+systemctl restart postgresql-9.4
+
+#move to /tmp to prevent a red herring error when running sudo with psql
+cwd=$(pwd)
+cd /tmp
+#add the databases, users and grant permissions to them
+sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE DATABASE fusionpbx";
+sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE DATABASE freeswitch";
+sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
+sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
+sudo -u postgres /usr/pgsql-9.4/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
+sudo -u postgres /usr/pgsql-9.4/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
+sudo -u postgres /usr/pgsql-9.4/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
+#ALTER USER fusionpbx WITH PASSWORD 'newpassword';
+cd $cwd
+
+verbose "PostgreSQL 9.4 installed"

centos/resources/sslcert.sh

@@ -0,0 +1,22 @@
+# no default SSL in centos, generate a tmp certificate
+# ssl_certificate         /etc/ssl/certs/nginx.crt;
+# ssl_certificate_key     /etc/ssl/private/nginx.key;
+
+DOMAIN=$(hostname)
+SSL_DIR="/etc/ssl"
+
+SUBJ="
+C=US
+ST=Idaho
+O=FusionPBX
+localityName=Boise
+commonName=$DOMAIN
+organizationUnitName=
+emailAddress=
+"
+
+mkdir -p $SSL_DIR/private && mkdir -p $SSL_DIR/certs
+chmod 700 $SSL_DIR/private
+
+openssl req -x509 -nodes -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -days 365 -newkey rsa:2048 -keyout "$SSL_DIR/private/nginx.key" -out "$SSL_DIR/certs/nginx.crt"
+

centos/resources/switch/conf-copy.sh

@@ -0,0 +1,3 @@
+mv /etc/freeswitch /etc/freeswitch.orig
+mkdir /etc/freeswitch
+cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch

centos/resources/switch/package-permissions.sh

@@ -0,0 +1,6 @@
+#default permissions
+chown -R freeswitch:daemon /etc/freeswitch
+chown -R freeswitch:daemon /var/lib/freeswitch
+chown -R freeswitch:daemon /usr/share/freeswitch
+chown -R freeswitch:daemon /var/log/freeswitch
+chown -R freeswitch:daemon /var/run/freeswitch

centos/resources/switch/package-release.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+. ../colors.sh
+. ../arguments.sh
+
+verbose "Installing FreeSWITCH"
+
+yum -y install memcached curl gdb
+yum install -y http://files.freeswitch.org/freeswitch-release-1-6.noarch.rpm
+yum install -y freeswitch-config-vanilla freeswitch-lang-* freeswitch-sounds-* freeswitch-lua freeswitch-xml-cdr
+
+##remove the music package to protect music on hold from package updates
+mkdir -p /usr/share/freeswitch/sounds/temp
+mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
+yum -y remove freeswitch-sounds-music
+mkdir -p /usr/share/freeswitch/sounds/music/default
+mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
+rm -R /usr/share/freeswitch/sounds/temp
+
+verbose "FreeSWITCH installed"
+

centos/resources/switch/package-systemd.sh

@@ -0,0 +1,3 @@
+rm -f /lib/systemd/system/freeswitch.service
+cp "$(dirname $0)/source/freeswitch.service.package" /lib/systemd/system/freeswitch.service
+cp "$(dirname $0)/source/etc.default.freeswitch" /etc/sysconfig/freeswitch

centos/resources/switch/source/etc.default.freeswitch

@@ -0,0 +1,4 @@
+# /etc/default/freeswitch
+FS_USER="freeswitch"
+FS_GROUP="daemon"
+DAEMON_OPTS="-nonat -ncwait -u freeswitch -g daemon -run /var/run/freeswitch"

centos/resources/switch/source/freeswitch.service.package

@@ -0,0 +1,55 @@
+;;;;; Author: Travis Cross <tc@traviscross.com>
+
+[Unit]
+Description=freeswitch
+After=syslog.target network.target local-fs.target postgresql.service
+
+[Service]
+; service
+Type=forking
+PIDFile=/run/freeswitch/freeswitch.pid
+Environment="DAEMON_OPTS=-nonat"
+EnvironmentFile=-/etc/default/freeswitch
+ExecStartPre=/bin/mkdir -p /var/run/freeswitch/
+ExecStartPre=/bin/chown -R freeswitch:daemon /var/run/freeswitch/
+ExecStart=/usr/bin/freeswitch -u freeswitch -g daemon -ncwait $DAEMON_OPTS
+TimeoutSec=45s
+Restart=always
+; exec
+User=root
+Group=daemon
+LimitCORE=infinity
+LimitNOFILE=100000
+LimitNPROC=60000
+LimitRTPRIO=infinity
+LimitRTTIME=7000000
+IOSchedulingClass=realtime
+IOSchedulingPriority=2
+CPUSchedulingPolicy=rr
+CPUSchedulingPriority=89
+UMask=0007
+
+; alternatives which you can enforce by placing a unit drop-in into
+; /etc/systemd/system/freeswitch.service.d/*.conf:
+;
+; User=freeswitch
+; Group=freeswitch
+; ExecStart=
+; ExecStart=/usr/bin/freeswitch -ncwait -nonat -rp
+;
+; empty ExecStart is required to flush the list.
+;
+; if your filesystem supports extended attributes, execute
+;   setcap 'cap_net_bind_service,cap_sys_nice=+ep' /usr/bin/freeswitch
+; this will also allow socket binding on low ports
+;
+; otherwise, remove the -rp option from ExecStart and
+; add these lines to give real-time priority to the process:
+;
+; PermissionsStartOnly=true
+; ExecStartPost=/bin/chrt -f -p 1 $MAINPID
+;
+; execute "systemctl daemon-reload" after editing the unit files.
+
+[Install]
+WantedBy=multi-user.target

centos/resources/switch/source/freeswitch.service.source

@@ -0,0 +1,55 @@
+;;;;; Author: Travis Cross <tc@traviscross.com>
+ 
+[Unit]
+Description=freeswitch
+After=syslog.target network.target local-fs.target postgresql.service haveged.service
+
+[Service]
+; service
+Type=forking
+PIDFile=/run/freeswitch/freeswitch.pid
+Environment="DAEMON_OPTS=-nonat"
+EnvironmentFile=-/etc/default/freeswitch
+ExecStart=/usr/local/freeswitch/bin/freeswitch -u www-data -g www-data -ncwait $DAEMON_OPTS
+;ExecStart=/usr/local/freeswitch/bin/freeswitch -u freeswitch -g freeswitch -ncwait $DAEMON_OPTS
+TimeoutSec=45s
+Restart=always
+; exec
+User=root
+Group=daemon
+LimitCORE=infinity
+LimitNOFILE=100000
+LimitNPROC=60000
+LimitSTACK=240K
+LimitRTPRIO=infinity
+LimitRTTIME=7000000
+IOSchedulingClass=realtime
+IOSchedulingPriority=2
+CPUSchedulingPolicy=rr
+CPUSchedulingPriority=89
+UMask=0007
+ 
+; alternatives which you can enforce by placing a unit drop-in into
+; /etc/systemd/system/freeswitch.service.d/*.conf:
+;
+; User=freeswitch
+; Group=freeswitch
+; ExecStart=
+; ExecStart=/usr/bin/freeswitch -ncwait -nonat -rp
+;
+; empty ExecStart is required to flush the list.
+;
+; if your filesystem supports extended attributes, execute
+;   setcap 'cap_net_bind_service,cap_sys_nice=+ep' /usr/bin/freeswitch
+; this will also allow socket binding on low ports
+;
+; otherwise, remove the -rp option from ExecStart and
+; add these lines to give real-time priority to the process:
+;
+; PermissionsStartOnly=true
+; ExecStartPost=/bin/chrt -f -p 1 $MAINPID
+;
+; execute "systemctl daemon-reload" after editing the unit files.
+ 
+[Install]
+WantedBy=multi-user.target