Update call_recordings.php

2025-04-04 15:45:54 -06:00 · 2025-04-04 15:44:17 -06:00 · 2025-04-04 15:33:01 -06:00 · 2025-04-04 15:26:18 -06:00 · 2025-03-10 21:52:35 -06:00 · 2025-03-10 21:44:31 -06:00
241 changed files with 9767 additions and 2053 deletions
--- a/README.md
+++ b/README.md
@ -1,23 +1,31 @@
 FusionPBX Install
 --------------------------------------
-A quick install guide for a FusionPBX install. It is recommended to start the install on a minimal install of the operating system.
+A quick install guide & scripts for installing FusionPBX. It is recommended to start with a minimal install of the operating system. Notes on further tweaking your configuration are at end of the file.
 ## Operating Systems
-### Debian
+### Debian and Raspberry OS
-Debian 8 is the preferred operating system by the FreeSWITCH developers. It supports the latest video dependencies. If you want to do video mixing use Debian. Download Debian 8 Jessie from here https://cdimage.debian.org/cdimage/archive/
+Debian is the preferred operating system by the FreeSWITCH developers. It supports the latest video dependencies and should be used if you want to do video mixing. Download Debian at https://cdimage.debian.org/cdimage/release/current/
 ```sh
-wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/debian/pre-install.sh | sh
+wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/debian/pre-install.sh | sh;
 cd /usr/src/fusionpbx-install.sh/debian && ./install.sh
 ```
 ### Ubuntu and Raspberry OS
 ```sh
 wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/ubuntu/pre-install.sh | sh;
 cd /usr/src/fusionpbx-install.sh/ubuntu && ./install.sh
 ```
 ### Devuan
 If you like Debian but rather not bother with systemd, Devuan is a "drop in" replacement.
-Version 1 is bassed on Jessie. So you will find the same packages available.
+Devuan ASCII is based on Stretch, so you will find most of the same packages available.
 Please note that the source installation and installation on ARM is not fully tested.
 ```sh
-wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/devuan/pre-install.sh | sh
+wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/devuan/pre-install.sh | sh;
 cd /usr/src/fusionpbx-install.sh/devuan && ./install.sh
 ```
@ -40,13 +48,21 @@ cd /usr/src/fusionpbx-install.sh/centos && ./install.sh
 ```
 ### Windows
-Don't expect everything to work. Testing is required.
+*  This powershell install for windows is currently in a "beta stage".
-mod_lua is missing from builds after 1.6.14. Script will download it from github.
+*  mod_lua is missing from builds after 1.6.14. Script will download it from github.
-Open PowerShell as Administrator and run commands
+*  Click to download the zip file and extract it.
 *  Extract the zip file
 *  Navigate to install.ps1
 *  Click on install.ps1 then right click on install.ps1 then choose Run with Powershell
 *  If you are not already Administrator you will have to choose run as Administrator
 ```sh
-Set-Location "$env:PUBLIC\Downloads"
+
-Invoke-WebRequest https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/windows/install.ps1 -OutFile install.ps1
+Master https://github.com/fusionpbx/fusionpbx-install.sh/archive/master.zip
 #run the script
 .\install.ps1
 ```
 ## Security Considerations
 Fail2ban is installed and pre-configured for all operating systems this repository works on besides Windows, but the default settings may not be ideal depending on your needs. Please take a look at the jail file (/etc/fail2ban/jail.local on Debian/Devuan) to configure it to suit your application and security model!
 ## ISSUES
 If you find a bug sign up for an account on www.fusionpbx.com to report the issue.
--- a/centos/install.sh
+++ b/centos/install.sh
@ -13,9 +13,12 @@ cd "$(dirname "$0")"
 verbose "Updating CentOS"
 yum -y update && yum -y upgrade
-# Installing basics packages
+# Add additional repository
-yum -y install ntp htop epel-release vim openssl
+yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
 # Installing basics packages
 yum -y install ntp yum-utils net-tools epel-release htop vim openssl
 # Disable SELinux
 resources/selinux.sh
--- a/centos/resources/backup/fusionpbx-backup.sh
+++ b/centos/resources/backup/fusionpbx-backup.sh
@ -10,10 +10,10 @@ mkdir -p /var/backups/fusionpbx/postgresql
 echo "Backup Started"
 #delete postgres backups
-find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;
+find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm -f {} \;
 #delete the main backup
-find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm {} \;
+find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm -f {} \;
 #backup the database
 pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
--- a/centos/resources/config.sh
+++ b/centos/resources/config.sh
@ -2,7 +2,7 @@
 # FusionPBX Settings
 system_username=admin           # default username admin
 system_password=random          # random or as a pre-set value
-system_branch=stable            # master, stable
+system_branch=master            # master, stable
 # FreeSWITCH Settings
 switch_branch=stable            # master, stable
@ -10,4 +10,10 @@ switch_source=false             # true or false
 switch_package=true             # true or false
 # Database Settings
-database_password=random        # random or as a pre-set value
+database_name=fusionpbx                     # Database name (safe characters A-Z, a-z, 0-9)
 database_username=fusionpbx                 # Database username (safe characters A-Z, a-z, 0-9)
 database_password=random                    # random or a custom value (safe characters A-Z, a-z, 0-9)
 database_repo=official                      # PostgreSQL official, system, 2ndquadrant
 database_host=127.0.0.1                     # hostname or IP address
 database_port=5432                          # port number
 database_backup=false                       # true or false
--- a/centos/resources/fail2ban/freeswitch.conf
+++ b/centos/resources/fail2ban/freeswitch.conf
@ -7,8 +7,8 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
-failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
-            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/centos/resources/fail2ban/jail.local
+++ b/centos/resources/fail2ban/jail.local
@ -67,7 +67,7 @@ findtime = 30
 bantime  = 6000
 [freeswitch-404]
-enabled  = true
+enabled  = false
 port     = 5060,5061,5080,5081
 protocol = all
 filter   = freeswitch-404
@ -95,13 +95,13 @@ port     = 80,443
 protocol = tcp
 filter   = nginx-404
 logpath  = /var/log/nginx/access*.log
-bantime  = 600
+bantime  = 3600
 findtime = 60
 maxretry = 120
 [nginx-dos]
 # Based on apache-badbots but a simple IP check (any IP requesting more than
-# 240 pages in 60 seconds, or 4p/s average, is suspicious)
+# 300 pages in 60 seconds, or 5p/s average, is suspicious)
 # Block for two full days.
 enabled  = true
 port     = 80,443
@ -109,5 +109,5 @@ protocol = tcp
 filter   = nginx-dos
 logpath  = /var/log/nginx/access*.log
 findtime = 60
-bantime  = 172800
+bantime  = 86400
-maxretry = 240
+maxretry = 300
--- a/centos/resources/finish.sh
+++ b/centos/resources/finish.sh
@ -19,15 +19,16 @@ fi
 export PGPASSWORD=$database_password
 #update the database password
-sudo -u postgres /usr/pgsql-9.4/bin/psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
+sudo -u postgres /usr/bin/psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
-sudo -u postgres /usr/pgsql-9.4/bin/psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
+sudo -u postgres /usr/bin/psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
-#add the config.php
+#add the config.conf
-mkdir -p /etc/fusionpbx
+mkdir -p /etc/fusionpbx/
-chown -R freeswitch:daemon /etc/fusionpbx
+cp fusionpbx/config.conf /etc/fusionpbx/
-cp fusionpbx/config.php /etc/fusionpbx
+sed -i /etc/fusionpbx/config.conf -e s:"{database_host}:$database_host:"
-sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:'
+sed -i /etc/fusionpbx/config.conf -e s:"{database_name}:$database_name:"
-sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:"
+sed -i /etc/fusionpbx/config.conf -e s:"{database_username}:$database_username:"
 sed -i /etc/fusionpbx/config.conf -e s:"{database_password}:$database_password:"
 #add the database schema
 cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1
@ -64,9 +65,9 @@ group_uuid=$(psql --host=$database_host --port=$database_port --username=$databa
 group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')
 #add the user to the group
-group_user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
+user_group_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
 group_name=superadmin
-psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_group_users (group_user_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$group_user_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
+psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
 #update the php configuration
 sed -i 's/user nginx/user freeswitch daemon/g' /etc/nginx/nginx.conf
@ -109,8 +110,10 @@ systemctl enable php-fpm
 systemctl enable nginx
 systemctl enable freeswitch
 systemctl enable memcached
-systemctl enable postgresql-9.4
+systemctl enable postgresql-14
 systemctl daemon-reload
 systemctl restart php-fpm
 systemctl restart nginx
 systemctl restart freeswitch
 #welcome message
@ -130,12 +133,14 @@ echo "   Official FusionPBX Training"
 echo "      Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com."
 echo "      Available online and in person. Includes documentation and recording."
 echo ""
-echo "      Location          Online and Boise,Idaho"
+echo "      Location:               Online"
-echo "      Admin Training    13 - 14 December 2017 (2 Days)"
+echo "      Admin Training:         TBA"
-echo "      Advanced Training 18 - 19 December 2017 (2 Days)"
+echo "      Advanced Training:      TBA"
-echo "      Timezone: https://www.timeanddate.com/worldclock/usa/boise"
+echo "      Continuing Education:   https://www.fusionpbx.com/training"
 echo "      Timezone:               https://www.timeanddate.com/weather/usa/idaho"
 echo ""
 echo "   Additional information."
 echo "      https://fusionpbx.com/members.php"
 echo "      https://fusionpbx.com/training.php"
 echo "      https://fusionpbx.com/support.php"
 echo "      https://www.fusionpbx.com"
--- a/centos/resources/firewall/iptables.sh
+++ b/centos/resources/firewall/iptables.sh
--- a/centos/resources/fusionpbx.sh
+++ b/centos/resources/fusionpbx.sh
@ -31,6 +31,10 @@ else
 	BRANCH="-b $FUSION_VERSION"
 fi
 #add the cache directory
 mkdir -p /var/cache/fusionpbx
 chown -R freeswitch:daemon /var/cache/fusionpbx
 #get the source code
 git clone $BRANCH https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx
--- a/centos/resources/fusionpbx/config.conf
+++ b/centos/resources/fusionpbx/config.conf
@ -0,0 +1,43 @@
 #database system settings
 database.0.type = pgsql
 database.0.host = {database_host}
 database.0.port = 5432
 database.0.sslmode = prefer
 database.0.name = {database_name}
 database.0.username = {database_username}
 database.0.password = {database_password}
 #database switch settings
 database.1.type = sqlite
 database.1.path = /var/lib/freeswitch/db
 database.1.name = core.db
 #general settings
 document.root = /var/www/fusionpbx
 project.path =
 temp.dir = /tmp
 php.dir = /usr/bin
 php.bin = php 
 #cache settings
 cache.method = file
 cache.location = /var/cache/fusionpbx
 cache.settings = true
 #switch settings
 switch.conf.dir = /etc/freeswitch
 switch.sounds.dir = /usr/share/freeswitch/sounds
 switch.database.dir = /var/lib/freeswitch/db
 switch.recordings.dir = /var/lib/freeswitch/recordings
 switch.storage.dir = /var/lib/freeswitch/storage
 switch.voicemail.dir = /var/lib/freeswitch/storage/voicemail
 switch.scripts.dir = /usr/share/freeswitch/scripts
 #switch xml handler
 xml_handler.fs_path = false
 xml_handler.reg_as_number_alias = false
 xml_handler.number_as_presence_id = true
 #error reporting hide show all errors except notices and warnings
 error.reporting = 'E_ALL ^ E_NOTICE ^ E_WARNING'
--- a/centos/resources/fusionpbx/config.php
+++ b/centos/resources/fusionpbx/config.php
@ -1,45 +0,0 @@
 <?php
 /*
 	FusionPBX
 	Version: MPL 1.1
 	The contents of this file are subject to the Mozilla Public License Version
 	1.1 (the "License"); you may not use this file except in compliance with
 	the License. You may obtain a copy of the License at
 	http://www.mozilla.org/MPL/
 	Software distributed under the License is distributed on an "AS IS" basis,
 	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 	for the specific language governing rights and limitations under the
 	License.
 	The Original Code is FusionPBX
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
 	Portions created by the Initial Developer are Copyright (C) 2008-2016
 	the Initial Developer. All Rights Reserved.
 	Contributor(s):
 	Mark J Crane <markjcrane@fusionpbx.com>
 */
 //set the database type
 	$db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection
 //sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here.
 	//$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename
 	//$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable
 //pgsql: database connection information
 	$db_host = 'localhost'; //set the host only if the database is not local
 	$db_port = '5432';
 	$db_name = 'fusionpbx';
 	$db_username = '{database_username}';
 	$db_password = '{database_password}';
 //show errors
 	ini_set('display_errors', '1');
 	//error_reporting (E_ALL); // Report everything
 	error_reporting (E_ALL ^ E_NOTICE); // hide notices
 	//error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings
--- a/centos/resources/ioncube.sh
+++ b/centos/resources/ioncube.sh
@ -0,0 +1,31 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ./config.sh
 . ./colors.sh
 . ./environment.sh
 #make sure unzip is install
 yum install unzip
 #get the ioncube 64 bit loader
 wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.zip
 #uncompress the file
 unzip ioncube_loaders_lin_x86-64.zip
 #remove the zip file
 rm ioncube_loaders_lin_x86-64.zip
 #copy the php extension .so into the php lib directory
 cp ioncube/ioncube_loader_lin_7.1.so /usr/lib64/php/modules
 #add the 00-ioncube.ini file
 echo "zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_7.1.so" > /etc/php.d/00-ioncube.ini
 #restart the service
 #service httpd restart
 service php-fpm restart
--- a/centos/resources/iptables.sh
+++ b/centos/resources/iptables.sh
@ -0,0 +1,45 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 . ./config.sh
 . ./colors.sh
 #send a message
 verbose "Configuring IPTables"
 #run iptables commands
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
 iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
 iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
 iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
 iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
 iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
 iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
 iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
 iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "script " --algo bm --icase
 iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "script " --algo bm --icase
 iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "system " --algo bm --icase
 iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "system " --algo bm --icase
 iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "exec." --algo bm --icase
 iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "exec." --algo bm --icase
 iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
 iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
 iptables -A INPUT -p tcp --dport 443 -j ACCEPT
 iptables -A INPUT -p tcp --dport 7443 -j ACCEPT
 iptables -A INPUT -p tcp --dport 5060:5091 -j ACCEPT
 iptables -A INPUT -p udp --dport 5060:5091 -j ACCEPT
 iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
 iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
 iptables -A INPUT -p udp --dport 1194 -j ACCEPT
 iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46
 iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 26
 iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 26
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
--- a/centos/resources/nginx.sh
+++ b/centos/resources/nginx.sh
@ -11,7 +11,7 @@ cd "$(dirname "$0")"
 verbose "Installing the web server"
 #install dependencies
-yum -y install nginx php-fpm php-gd php-pgsql php-odbc php-curl php-imap php-mcrypt php-opcache php-common php-pdo php-soap php-xml php-xmlrpc php-cli
+yum -y install nginx
 #setup nginx
 mkdir -p /etc/nginx/sites-available
@ -23,5 +23,8 @@ ln -s /etc/nginx/sites-available/fusionpbx.conf /etc/nginx/sites-enabled/fusionp
 awk '/server *{/ {c=1 ; next} c && /{/{c++} c && /}/{c--;next} !c' /etc/nginx/nginx.conf > /etc/nginx/nginx.tmp && mv -f /etc/nginx/nginx.tmp /etc/nginx/nginx.conf && rm -f /etc/nginx/nginx.tmp
 sed -i '/include \/etc\/nginx\/conf\.d\/\*\.conf\;/a \    include \/etc\/nginx\/sites-enabled\/\*\.conf\;' /etc/nginx/nginx.conf
 #set the log permissions
 chmod -R 664 /var/log/nginx/
 #send a message
 verbose "nginx installed"
--- a/centos/resources/nginx/fusionpbx
+++ b/centos/resources/nginx/fusionpbx
@ -2,6 +2,7 @@
 server {
 	listen 127.0.0.1:80;
 	server_name 127.0.0.1;
 	access_log /var/log/nginx/access.log;
 	error_log /var/log/nginx/error.log;
@ -31,11 +32,21 @@ server {
 	location ~^.+.(db)$ {
 			deny all;
 	}
 	location ~ /\.git {
 		deny all;
 	}
 	location ~ /\.lua {
 		deny all;
 	}
 	location ~ /\. {
 		deny all;
 	}
 }
 server {
 	listen 80;
 	server_name fusionpbx;
 	if ($uri !~* ^.*(provision|xml_cdr).*$) {
 		rewrite ^(.*) https://$host$1 permanent;
 		break;
@ -47,8 +58,12 @@ server {
 		break;
 	}
-        #algo
+	#algo
-        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
+	rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
 	#avaya
 	rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
 	rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;
 	#mitel
 	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
@ -90,6 +105,15 @@ server {
 	rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
 	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
 	#Digium
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
 	#Snom
 	rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
 	rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
 	access_log /var/log/nginx/access.log;
 	error_log /var/log/nginx/error.log;
@ -119,12 +143,22 @@ server {
 	location ~^.+.(db)$ {
 		deny all;
 	}
 	location ~ /\.git {
 		deny all;
 	}
 	location ~ /\.lua {
 		deny all;
 	}
 	location ~ /\. {
 		deny all;
 	}
 }
 server {
-	listen 443;
+	listen 443 ssl;
 	server_name fusionpbx;
-	ssl                     on;
+
 	#ssl                     on;
 	ssl_certificate         /etc/ssl/certs/nginx.crt;
 	ssl_certificate_key     /etc/ssl/private/nginx.key;
 	ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
@ -136,8 +170,15 @@ server {
 		break;
 	}
-        #algo
+	#message media
-        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
+	rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;
 	#algo
 	rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
 	#avaya
 	rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
 	rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;
 	#mitel
 	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
@ -179,6 +220,15 @@ server {
 	rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
 	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
 	#Digium
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
 	#Snom
 	rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
 	rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
 	access_log /var/log/nginx/access.log;
 	error_log /var/log/nginx/error.log;
@ -218,4 +268,13 @@ server {
 	location ~^.+.(db)$ {
 		deny all;
 	}
 	location ~ /\.git {
 		deny all;
 	}
 	location ~ /\.lua {
 		deny all;
 	}
 	location ~ /\. {
 		deny all;
 	}
 }
--- a/centos/resources/php.sh
+++ b/centos/resources/php.sh
@ -7,6 +7,17 @@ cd "$(dirname "$0")"
 . ./config.sh
 . ./colors.sh
 #send a message
 verbose "Install PHP and PHP-FPM"
 #set the version of php
 #yum-config-manager --enable remi-php70
 #yum-config-manager --enable remi-php71
 yum-config-manager --enable remi-php72
 #install dependencies
 yum -y install php-fpm php-gd php-pgsql php-odbc php-curl php-imap php-opcache php-common php-pdo php-soap php-xml php-xmlrpc php-cli php-gd
 #send a message
 verbose "Configuring php/nginx/php-fpm and permissions"
@ -17,13 +28,14 @@ TIMEZ=$(timedatectl | grep 'Time zone' | awk '{ print $3 }')
 sed -ie "s#;date.timezone =#date.timezone = $TIMEZ#g" /etc/php.ini
 sed -ie 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php.ini
 sed -ie "s|listen = 127.0.0.1:9000|listen = /var/run/php-fpm/php-fpm.sock|g" /etc/php-fpm.d/www.conf
-sed -ie 's/;listen.owner = nobody/listen.owner = nobody/g' /etc/php-fpm.d/www.conf
+sed -ie 's/;listen.owner = nobody/listen.owner = freeswitch/g' /etc/php-fpm.d/www.conf
-sed -ie 's/;listen.group = nobody/listen.group = nobody/g' /etc/php-fpm.d/www.conf
+sed -ie 's/;listen.group = nobody/listen.group = daemon/g' /etc/php-fpm.d/www.conf
 sed -ie 's/group = apache/group = daemon/g' /etc/php-fpm.d/www.conf
 #update the php.ini
 #sed -ie 's/post_max_size = .*/post_max_size = 80M/g' /etc/php.ini
 #sed -ie 's/upload_max_filesize = .*/upload_max_filesize = 80M/g' /etc/php.ini
 #sed -ie 's/; max_input_vars = .*/max_input_vars = 8000/g' /etc/php.ini
 #make the session directory
 mkdir -p /var/lib/php/session
--- a/centos/resources/postgresql.sh
+++ b/centos/resources/postgresql.sh
@ -8,46 +8,49 @@ cd "$(dirname "$0")"
 . ./colors.sh
 #send a message
-verbose "Installing PostgreSQL 9.4"
+verbose "Installing PostgreSQL"
 #generate a random password
 password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64)
-#included in the distribution
+# Install the repository
-rpm -ivh --quiet http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/pgdg-centos94-9.4-3.noarch.rpm
+sudo yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
-yum -y update
+
-yum -y install postgresql94-server postgresql94-contrib postgresql94
+# Install PostgreSQL:
 sudo yum install -y postgresql14-server postgresql14-contrib postgresql14 postgresql14-libs
 #send a message
 verbose "Initalize PostgreSQL database"
 #initialize the database
-/usr/pgsql-9.4/bin/postgresql94-setup initdb
+sudo /usr/pgsql-14/bin/postgresql-14-setup initdb
 sudo systemctl enable postgresql-14
 sudo systemctl start postgresql-14
 #allow loopback
-sed -i 's/\(host  *all  *all  *127.0.0.1\/32  *\)ident/\1md5/' /var/lib/pgsql/9.4/data/pg_hba.conf
+sed -i 's/\(host  *all  *all  *127.0.0.1\/32  *\)ident/\1md5/' /var/lib/pgsql/14/data/pg_hba.conf
-sed -i 's/\(host  *all  *all  *::1\/128  *\)ident/\1md5/' /var/lib/pgsql/9.4/data/pg_hba.conf
+sed -i 's/\(host  *all  *all  *::1\/128  *\)ident/\1md5/' /var/lib/pgsql/14/data/pg_hba.conf
 #systemd
 systemctl daemon-reload
-systemctl restart postgresql-9.4
+systemctl restart postgresql-14
 #move to /tmp to prevent a red herring error when running sudo with psql
 cwd=$(pwd)
 cd /tmp
 #add the databases, users and grant permissions to them
-sudo -u postgres /usr/pgsql-9.4/bin/psql -d fusionpbx -c "DROP SCHEMA public cascade;";
+sudo -u postgres /usr/bin/psql -d fusionpbx -c "DROP SCHEMA public cascade;";
-sudo -u postgres /usr/pgsql-9.4/bin/psql -d fusionpbx -c "CREATE SCHEMA public;";
+sudo -u postgres /usr/bin/psql -d fusionpbx -c "CREATE SCHEMA public;";
-sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE DATABASE fusionpbx";
+sudo -u postgres /usr/bin/psql -c "CREATE DATABASE fusionpbx";
-sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE DATABASE freeswitch";
+sudo -u postgres /usr/bin/psql -c "CREATE DATABASE freeswitch";
-sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
+sudo -u postgres /usr/bin/psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
-sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
+sudo -u postgres /usr/bin/psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
-sudo -u postgres /usr/pgsql-9.4/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
+sudo -u postgres /usr/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
-sudo -u postgres /usr/pgsql-9.4/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
+sudo -u postgres /usr/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
-sudo -u postgres /usr/pgsql-9.4/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
+sudo -u postgres /usr/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
 #ALTER USER fusionpbx WITH PASSWORD 'newpassword';
 cd $cwd
 #send a message
-verbose "PostgreSQL 9.4 installed"
+verbose "PostgreSQL installed"
--- a/centos/resources/reset_admin_password.sh
+++ b/centos/resources/reset_admin_password.sh
@ -9,14 +9,14 @@ cd "$(dirname "$0")"
 . ./environment.sh
 #count the users
-admin_users=$(sudo -u postgres psql fusionpbx -Atc "select count(*) from v_users JOIN v_group_users USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
+admin_users=$(sudo -u postgres psql fusionpbx -Atc "select count(*) from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
 if [ .$admin_users = .'0' ]; then
 	error "i could not find the user '$system_username' in the database, check your resources/config.sh is correct"
 elif [ .$admin_users = .'' ]; then
 	error "something went wrong, see errors above";
 else
-	admin_uuids=$(sudo -u postgres psql fusionpbx -Atc "select v_users.user_uuid from v_users JOIN v_group_users USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
+	admin_uuids=$(sudo -u postgres psql fusionpbx -Atc "select v_users.user_uuid from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
 	for admin_uuid in $admin_uuids; do
 		user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
 		if [ .$system_password = .'random' ]; then
--- a/centos/resources/switch/conf-copy.sh
+++ b/centos/resources/switch/conf-copy.sh
@ -3,4 +3,4 @@
 #copy the conf directory
 mv /etc/freeswitch /etc/freeswitch.orig
 mkdir /etc/freeswitch
-cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch
+cp -R /var/www/fusionpbx/app/switch/resources/conf/* /etc/freeswitch
--- a/centos/resources/switch/package-release.sh
+++ b/centos/resources/switch/package-release.sh
@ -14,7 +14,13 @@ verbose "Installing FreeSWITCH"
 yum -y install memcached curl gdb
 #install freeswitch packages
-yum install -y http://files.freeswitch.org/freeswitch-release-1-6.noarch.rpm
+#yum install -y https://files.freeswitch.org/repo/yum/centos-release/freeswitch-release-repo-0-1.noarch.rpm epel-release
 echo "signalwire" > /etc/yum/vars/signalwireusername
 echo 'please get your token from this site: https://developer.signalwire.com/freeswitch/FreeSWITCH-Explained/Installation/HOWTO-Create-a-SignalWire-Personal-Access-Token_67240087/#attachments'
 echo "please enter your token:" 
 read token
 echo $token > /etc/yum/vars/signalwiretoken
 yum install -y https://$(< /etc/yum/vars/signalwireusername):$(< /etc/yum/vars/signalwiretoken)@freeswitch.signalwire.com/repo/yum/centos-release/freeswitch-release-repo-0-1.noarch.rpm epel-release
 yum install -y freeswitch-config-vanilla freeswitch-lang-* freeswitch-sounds-* freeswitch-lua freeswitch-xml-cdr
 #remove the music package to protect music on hold from package updates
--- a/centos/resources/switch/source-release.sh
+++ b/centos/resources/switch/source-release.sh
@ -0,0 +1,129 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ../config.sh
 . ../colors.sh
 #upgrade packages
 yum update && yum upgrade -y
 yum -y install memcached curl gdb
 #install build dependencies
 yum install -y autoconf automake libtool gcc-c++ ncurses-devel zlib-devel libjpeg-devel openssl-devel libcurl-devel pcre-devel lua-devel libedit-devel libuuid-devel speex-devel libogg-devel libvorbis-devel curl-devel ldns-devel libsndfile-devel libtheora-devel
 #install additional depdendencies
 yum install -y libjpeg-devel sqlite-devel libpng-devel libtiff-devel libX11-devel e2fsprogs-devel openldap-devel libyuv-devel
 yum install -y sox sqlite3 unzip
 #we are about to move out of the executing directory so we need to preserve it to return after we are done
 CWD=$(pwd)
 #install the following dependencies if the switch version is greater than 1.10.0
 if [ $(echo "$switch_version" | tr -d '.') -gt 1100 ]; then
 	# libks build-requirements
 	apt install -y cmake uuid-dev
 	# libks
 	cd /usr/src
 	git clone https://github.com/signalwire/libks.git libks
 	cd libks
 	cmake .
 	make -j $(getconf _NPROCESSORS_ONLN)
 	make install
 	# libks C includes
 	export C_INCLUDE_PATH=/usr/include/libks
 	# sofia-sip
 	cd /usr/src
 	#git clone https://github.com/freeswitch/sofia-sip.git sofia-sip
 	wget https://github.com/freeswitch/sofia-sip/archive/refs/tags/v$sofia_version.zip
 	unzip v$sofia_version.zip
 	cd sofia-sip-$sofia_version
 	sh autogen.sh
 	./configure --enable-debug
 	make -j $(getconf _NPROCESSORS_ONLN)
 	make install
 	# spandsp
 	cd /usr/src
 	git clone https://github.com/freeswitch/spandsp.git spandsp
 	cd spandsp
 	git reset --hard 0d2e6ac65e0e8f53d652665a743015a88bf048d4
 	#/usr/bin/sed -i 's/AC_PREREQ(\[2\.71\])/AC_PREREQ([2.69])/g' /usr/src/spandsp/configure.ac
 	sh autogen.sh
 	./configure --enable-debug
 	make -j $(getconf _NPROCESSORS_ONLN)
 	make install
 	ldconfig
 fi
 cd /usr/src
 #check for master
 if [ $switch_branch = "master" ]; then
 	#master branch
 	echo "Using version master"
 	rm -r /usr/src/freeswitch
 	git clone https://github.com/signalwire/freeswitch.git
 	cd /usr/src/freeswitch
 	./bootstrap.sh -j
 fi
 #check for stable release
 if [ $switch_branch = "stable" ]; then
 	echo "Using version $switch_version"
 	#1.8 and older
 	if [ $(echo "$switch_version" | tr -d '.') -lt 1100 ]; then
 		wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.zip
 		unzip freeswitch-$switch_version.zip
 		cd /usr/src/freeswitch-$switch_version
 	fi
 	#1.10.0 and newer
 	if [ $(echo "$switch_version" | tr -d '.') -gt 1100 ]; then
 		wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.-release.zip
 		unzip freeswitch-$switch_version.-release.zip
 		mv freeswitch-$switch_version.-release freeswitch-$switch_version
 		cd /usr/src/freeswitch-$switch_version
 		#apply patch
 		#patch -u /usr/src/freeswitch/src/mod/databases/mod_pgsql/mod_pgsql.c -i /usr/src/fusionpbx-install.sh/debian/resources/switch/source/mod_pgsql.patch
 	fi
 fi
 # enable required modules
 #sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_av:formats/mod_av:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_nibblebill:applications/mod_nibblebill:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_translate:applications/mod_translate:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#formats/mod_pgsql:formats/mod_pgsql:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#say/mod_say_es:say/mod_say_es:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#say/mod_say_fr:say/mod_say_fr:'
 #disable module or install dependency libks to compile signalwire
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'applications/mod_signalwire:#applications/mod_signalwire:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'endpoints/mod_skinny:#endpoints/mod_skinny:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'endpoints/mod_verto:#endpoints/mod_verto:'
 # prepare the build
 #./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
 ./configure -C --enable-portable-binary --disable-dependency-tracking --enable-debug \
 --prefix=/usr --localstatedir=/var --sysconfdir=/etc \
 --with-openssl --enable-core-pgsql-support
 # compile and install
 make -j $(getconf _NPROCESSORS_ONLN)
 make install
 #return to the executing directory
 cd $CWD
--- a/debian/install.sh
+++ b/debian/install.sh
@ -13,10 +13,26 @@ sed -i '/cdrom:/d' /etc/apt/sources.list
 #Update to latest packages
 verbose "Update installed packages"
-apt-get update && apt-get upgrade -y --force-yes
+apt-get update && apt-get upgrade -y
 #Add dependencies
 apt-get install -y wget
 apt-get install -y lsb-release
 apt-get install -y systemd
 apt-get install -y systemd-sysv
 apt-get install -y ca-certificates
 apt-get install -y dialog
 apt-get install -y nano
 apt-get install -y net-tools
 apt-get install -y gpg
 #SNMP
 apt-get install -y snmpd
 echo "rocommunity public" > /etc/snmp/snmpd.conf
 service snmpd restart
 #disable vi visual mode
 echo "set mouse-=a" >> ~/.vimrc
 #IPTables
 resources/iptables.sh
@ -24,37 +40,29 @@ resources/iptables.sh
 #sngrep
 resources/sngrep.sh
-#FusionPBX
+#PHP
-resources/fusionpbx.sh
+resources/php.sh
 #NGINX web server
 resources/nginx.sh
-#PHP
+#FusionPBX
-resources/php.sh
+resources/fusionpbx.sh
-#Fail2ban
+#Optional Applications
-resources/fail2ban.sh
+resources/applications.sh
 #FreeSWITCH
 resources/switch.sh
 #Fail2ban
 resources/fail2ban.sh
 #Postgres
 resources/postgresql.sh
 #set the ip address
 server_address=$(hostname -I)
 #restart services
 systemctl daemon-reload
 if [ ."$php_version" = ."5" ]; then
        systemctl restart php5-fpm
 fi
 if [ ."$php_version" = ."7" ]; then
        systemctl restart php7.0-fpm
 fi
 systemctl restart nginx
 systemctl restart fail2ban
 #add the database schema, user and groups
 resources/finish.sh
--- a/debian/pre-install.sh
+++ b/debian/pre-install.sh
@ -1,10 +1,10 @@
 #!/bin/sh
 #upgrade the packages
-apt-get update && apt-get upgrade -y --force-yes
+apt-get update && apt-get upgrade -y
 #install packages
-apt-get install -y --force-yes git lsb-release
+apt-get install -y git lsb-release
 #get the install script
 cd /usr/src && git clone https://github.com/fusionpbx/fusionpbx-install.sh.git
--- a/debian/resources/applications.sh
+++ b/debian/resources/applications.sh
@ -0,0 +1,29 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ./config.sh
 #optional applications
 cd /var/www/fusionpbx/app
 if [ .$application_transcribe = .'true' ]; then
 	git clone https://github.com/fusionpbx/fusionpbx-app-transcribe.git transcribe
 fi
 if [ .$application_speech = .'true' ]; then
 	git clone https://github.com/fusionpbx/fusionpbx-app-speech.git speech
 fi
 if [ .$application_device_logs = .'true' ]; then
 	git clone https://github.com/fusionpbx/fusionpbx-app-device_logs.git device_logs
 fi
 if [ .$application_dialplan_tools = .'true' ]; then
 	git clone https://github.com/fusionpbx/fusionpbx-app-dialplan_tools.git dialplan_tools
 fi
 if [ .$application_edit = .'true' ]; then
 	git clone https://github.com/fusionpbx/fusionpbx-app-edit.git edit
 fi
 if [ .$application_sip_trunks = .'true' ]; then
 	git clone https://github.com/fusionpbx/fusionpbx-app-sip_trunks.git sip_trunks
 fi
 chown -R www-data:www-data /var/www/fusionpbx
--- a/debian/resources/backup/fusionpbx-backup
+++ b/debian/resources/backup/fusionpbx-backup
@ -0,0 +1,27 @@
 #!/bin/sh
 export PGPASSWORD="zzz"
 db_host=127.0.0.1
 db_port=5432
 now=$(date +%Y-%m-%d)
 mkdir -p /var/backups/fusionpbx/postgresql
 echo "Backup Started"
 #delete postgres backups
 find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm -f {} \;
 #delete the main backup
 find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm -f {} \;
 #backup the database
 pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
 #package
 #tar --exclude='/var/lib/freeswitch/recordings/*/archive' -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch /usr/share/freeswitch/sounds/music/
 #source
 #tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf /usr/local/freeswitch/sounds/music/
 echo "Backup Completed"
--- a/debian/resources/backup/fusionpbx-maintenance
+++ b/debian/resources/backup/fusionpbx-maintenance
@ -0,0 +1,177 @@
 #!/bin/sh
 #settings
 export PGPASSWORD="zzz"
 db_host=127.0.0.1
 db_port=5432
 db_name=fusionpbx
 db_username=fusionpbx
 switch_package=true # true or false
 purge_voicemail=false
 purge_call_recordings=false
 purge_cdrs=false
 purge_fax=false
 purge_switch_logs=true
 purge_php_sessions=true
 purge_database_transactions=true
 purge_device_logs=false
 purge_event_guard_logs=false
 purge_user_logs=false
 purge_email_queue=false
 purge_fax_queue=true
 days_keep_voicemail=90
 days_keep_call_recordings=90
 days_keep_cdrs=730
 days_keep_fax=90
 days_keep_switch_logs=7
 days_keep_php_sessions=8
 days_keep_database_transactions=30
 days_keep_device_logs=180
 days_keep_event_guard_logs=180
 days_keep_user_logs=180
 days_keep_email_queue=30
 days_keep_fax_queue=30
 #set the date
 now=$(date +%Y-%m-%d)
 #make sure the directory exists
 if [ -e /var/backups/fusionpbx/postgresql ]; then
 	echo "postgres backup directory exists"
 else
 	mkdir -p /var/backups/fusionpbx/postgresql
 fi
 #show message to the console
 echo "Maintenance Started"
 if [ .$purge_switch_logs = .true ]; then
 	echo "delete freeswitch logs older $days_keep_switch_logs days"
 	if [ .$switch_package = .true ]; then
 		find /var/log/freeswitch/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
 	else
 		find /usr/local/freeswitch/log/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
 	fi
 else
 	echo "not purging Freeswitch logs"
 fi
 if [ .$purge_fax = .true ]; then
 	echo "delete fax file storage older than $days_keep_fax days"
 	if [ .$switch_package = .true ]; then
 		echo ".";
 		find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
 		find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
 	else
 		echo ".";
 		find /usr/local/freeswitch/storage/fax/*  -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
 		find /usr/local/freeswitch/storage/fax/*  -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
 	fi
 	#delete from the database
 	psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
 	psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_fax_logs WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
 else
 	echo "not purging Faxes"
 fi
 if [ .$purge_call_recordings = .true ]; then
 	echo "delete call recordings older than $days_keep_call_recordings days"
 	if [ .$switch_package = .true ]; then
 		find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
 		find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
 		#remove empty folders
 		find /var/lib/freeswitch/recordings/*/archive/* -empty -type d -delete
 	else
 		find /usr/local/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
 		find /usr/local/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
 		#remove empty folders
 		find /usr/local/freeswitch/recordings/*/archive/* -empty -type d -delete
 	fi
 	#Call recordings table uses a view. The data is from v_xml_cdr table. Changed in FusionPBX 5.0.7 and higher. The following line is useful to older versions.
 	#psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_call_recordings WHERE call_recording_date < NOW() - INTERVAL '90 days'"
 else
 	echo "not purging Recordings."
 fi
 if [ .$purge_voicemail = .true ]; then
 	echo "delete voicemail older than $days_keep_voicemail days"
 	if [ .$switch_package = .true ]; then
 		echo ".";
 		find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
 		find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
 	else
 		echo ".";
 		find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
 		find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
 	fi
 	psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '$days_keep_voicemail days'"
 else
 	echo "not purging voicemails."
 fi
 if [ .$purge_cdrs = .true ]; then
 	echo "delete call detail records older $days_keep_cdrs days"
 	psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '$days_keep_cdrs days'"
 	#call detail record - call flow
 	psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_xml_cdr_flow WHERE insert_date < NOW() - INTERVAL '$days_keep_cdrs days'"
 	#call detail record - json
 	psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_xml_cdr_json WHERE insert_date < NOW() - INTERVAL '$days_keep_cdrs days'"
 	#call detail record - call logs
 	psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_xml_cdr_logs WHERE insert_date < NOW() - INTERVAL '$days_keep_cdrs days'"
 else
        echo "not purging CDRs."
 fi
 echo "delete php sessions older than $days_keep_php_sessions days"
 if [ .$purge_php_sessions = .true ]; then
 	find /var/lib/php/sessions/*  -name 'sess_*' -mtime +$days_keep_php_sessions -exec rm {} \;
 else
        echo "not purging PHP Sessions."
 fi
 echo "delete database_transactions older $days_keep_database_transactions days"
 if [ .$purge_database_transactions = .true ]; then
 	psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_database_transactions where transaction_date < NOW() - INTERVAL '$days_keep_database_transactions days'"
 else
        echo "not purging database_transactions."
 fi
 echo "delete device_logs older $days_keep_device_logs days"
 if [ .$purge_device_logs = .true ]; then
        psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_device_logs where timestamp < NOW() - INTERVAL '$days_keep_device_logs days'"
 else
        echo "not purging device_logs."
 fi
 echo "delete event_guard_logs older $days_keep_event_guard_logs days"
 if [ .$purge_event_guard_logs = .true ]; then
        psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_event_guard_logs where log_date < NOW() - INTERVAL '$days_keep_event_guard_logs days'"
 else
        echo "not purging event_guard_logs."
 fi
 echo "delete user_logs older $days_keep_user_logs days"
 if [ .$purge_user_logs = .true ]; then
        psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_user_logs where timestamp < NOW() - INTERVAL '$days_keep_user_logs days'"
 else
        echo "not purging user_logs."
 fi
 echo "delete email_queue older $days_keep_email_queue days"
 if [ .$purge_email_queue = .true ]; then
 	psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_email_queue where email_status = 'sent' and email_date < NOW() - INTERVAL '$days_keep_email_queue days'"
 else
        echo "not purging email_queue."
 fi
 echo "delete fax_queue older $days_keep_fax_queue days"
 if [ .$purge_fax_queue = .true ]; then
 	psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_fax_queue where fax_status = 'sent' and fax_date < NOW() - INTERVAL '$days_keep_fax_queue days'"
 else
        echo "not purging fax_queue."
 fi
 #completed message
 echo "Maintenance Completed";
--- a/debian/resources/backup/fusionpbx-maintenance.sh
+++ b/debian/resources/backup/fusionpbx-maintenance.sh
@ -1,62 +0,0 @@
 #!/bin/sh
 #settings
 #export PGPASSWORD="zzzzz"
 db_host=127.0.0.1
 db_port=5432
 switch_package=true # true or false
 #set the date
 now=$(date +%Y-%m-%d)
 #make sure the directory exists
 mkdir -p /var/backups/fusionpbx/postgresql
 #show message to the console
 echo "Maintenance Started"
 #delete freeswitch logs older 7 days
 if [ .$switch_package = .true ]; then
 	find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;
 else
 	find /usr/local/freeswitch/log/freeswitch.log.* -mtime +7 -exec rm {} \;
 fi
 #delete fax older than 90 days
 if [ .$switch_package = .true ]; then
 	echo ".";
 	#find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \;
 	#find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \;
 else
 	echo ".";
 	#find /usr/local/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \;
 	#find /usr/local/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \;
 fi
 #delete from the database
 #psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '90 days'"
 #delete call recordings older than 90 days
 if [ .$switch_package = .true ]; then
 	find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +90 -exec rm {} \;
 	find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +90 -exec rm {} \;
 else
 	find /usr/local/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +90 -exec rm {} \;
 	find /usr/local/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +90 -exec rm {} \;
 fi
 #delete voicemail older than 90 days
 if [ .$switch_package = .true ]; then
 	echo ".";
 	#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
 	#find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
 else
 	echo ".";
 	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
 	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
 fi
 #psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"
 #delete call detail records older 90 days
 #psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"
 #completed message
 echo "Maintenance Completed";
--- a/debian/resources/config.sh
+++ b/debian/resources/config.sh
@ -1,23 +1,39 @@
 # FusionPBX Settings
-domain_name=ip_address          # hostname, ip_address or a custom value
+domain_name=ip_address                      # hostname, ip_address or a custom value
-system_username=admin           # default username admin
+system_username=admin                       # default username admin
-system_password=random          # random or a custom value
+system_password=random                      # random or a custom value
-system_branch=stable            # master, stable
+system_branch=5.3                           # master, 5.3
 # FreeSWITCH Settings
-switch_branch=stable            # master, stable
+switch_branch=stable                        # master, stable
-switch_source=false             # true or false
+switch_source=true                          # true (source compile) or false (binary package)
-switch_package=true             # true or false
+switch_package=false                        # true (binary package) or false (source compile)
 switch_version=1.10.12                      # which source code to download, only for source
 switch_tls=true                             # true or false
 switch_token=                               # Get the auth token from https://signalwire.com
                                            # Signup or Login -> Profile -> Personal Auth Token
 # Sofia-Sip Settings
 sofia_version=1.13.17                       # release-version for sofia-sip to use
 # Database Settings
-database_password=random        # random or a custom value
+database_name=fusionpbx                     # Database name (safe characters A-Z, a-z, 0-9)
-database_repo=official          # PostgresSQL official, system, 2ndquadrant
+database_username=fusionpbx                 # Database username (safe characters A-Z, a-z, 0-9)
-database_version=latest         # requires repo official
+database_password=random                    # random or a custom value (safe characters A-Z, a-z, 0-9)
-database_host=127.0.0.1         # hostname or IP address
+database_repo=official                      # PostgreSQL official, system
-database_port=5432              # port number
+database_version=17                         # requires repo official
-database_backup=false           # true or false
+database_host=127.0.0.1                     # hostname or IP address
 database_port=5432                          # port number
 database_backup=false                       # true or false
 # General Settings
-php_version=5                   # PHP version 5 or 7
+php_version=8.1                             # PHP version 7.1, 7.3, 7.4, 8.1
-letsencrypt_folder=true        # true or false
+letsencrypt_folder=true                     # true or false
 # Optional Applications
 application_transcribe=true                # Speech to Text
 application_speech=true                    # Text to Speech
 application_device_logs=true               # Log device provision requests
 application_dialplan_tools=false           # Add additional dialplan applications
 application_edit=false                     # Editor for XML, Provision, Scripts, and PHP
 application_sip_trunks=false               # Registration based SIP trunks
--- a/debian/resources/environment.sh
+++ b/debian/resources/environment.sh
@ -13,8 +13,16 @@ cpu_name=$(uname -m)
 cpu_architecture='unknown'
 cpu_mode='unknown'
 #set the environment path
 export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 #check what the CPU and OS are
-if [ .$cpu_name = .'armv7l' ]; then
+if [ .$cpu_name = .'armv6l' ]; then
 	# RaspberryPi Zero
 	os_mode='32'
 	cpu_mode='32'
 	cpu_architecture='arm'
 elif [ .$cpu_name = .'armv7l' ]; then
 	# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
 	os_mode='32'
 	cpu_mode='32'
@ -61,7 +69,6 @@ if [ .$cpu_architecture = .'arm' ]; then
 	if [ .$os_mode = .'32' ]; then
 		verbose "Correct CPU and Operating System detected, using the ARM repo"
 	elif [ .$os_mode = .'64' ]; then
 		error "You are using a 64bit arm OS this is unsupported"
 		switch_source=true
 		switch_package=false
 	else
--- a/debian/resources/fail2ban.sh
+++ b/debian/resources/fail2ban.sh
@ -6,28 +6,32 @@ cd "$(dirname "$0")"
 #includes
 . ./config.sh
 . ./colors.sh
 . ./environment.sh
 #send a message
 verbose "Installing Fail2ban"
 #add the dependencies
-apt-get install -y --force-yes fail2ban
+apt-get install -y fail2ban rsyslog
 #move the filters
 cp fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf
 cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
 cp fail2ban/freeswitch-404.conf /etc/fail2ban/filter.d/freeswitch-404.conf
 cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
 cp fail2ban/freeswitch-acl.conf /etc/fail2ban/filter.d/freeswitch-acl.conf
 cp fail2ban/sip-auth-failure.conf /etc/fail2ban/filter.d/sip-auth-failure.conf
 cp fail2ban/sip-auth-challenge.conf /etc/fail2ban/filter.d/sip-auth-challenge.conf
 cp fail2ban/auth-challenge-ip.conf /etc/fail2ban/filter.d/auth-challenge-ip.conf
 cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
 cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
 cp fail2ban/fusionpbx-mac.conf /etc/fail2ban/filter.d/fusionpbx-mac.conf
 cp fail2ban/fusionpbx-404.conf /etc/fail2ban/filter.d/fusionpbx-404.conf
 cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
 cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
 cp fail2ban/jail.local /etc/fail2ban/jail.local
 #update config if source is being used
-if [ .$switch_source = .true ]; then
+#if [ .$switch_source = .true ]; then
-	sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
+#	sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
-fi
+#fi
 #restart fail2ban
 /usr/sbin/service fail2ban restart
--- a/debian/resources/fail2ban/auth-challenge-ip.conf
+++ b/debian/resources/fail2ban/auth-challenge-ip.conf
@ -0,0 +1,21 @@
 # Fail2Ban configuration file
 #
 [Definition]
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 #[WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [+972592277524@xxx.xxx.xxx.xxx] from ip 209.160.120.12 
 failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((INVITE|REGISTER)\) on sofia profile \'.*\' for \[.*@\d+.\d+.\d+.\d+\] from ip <HOST>
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex =
--- a/debian/resources/fail2ban/fail2ban.local
+++ b/debian/resources/fail2ban/fail2ban.local
@ -0,0 +1,6 @@
 [DEFAULT]
 # Option: allowipv6
 # Notes.: Allows IPv6 interface:
 #       Default: auto
 # Values: [ auto yes (on, true, 1) no (off, false, 0) ] Default: auto
 allowipv6 = auto
--- a/debian/resources/fail2ban/freeswitch-acl.conf
+++ b/debian/resources/fail2ban/freeswitch-acl.conf
@ -0,0 +1,20 @@
 # Fail2Ban configuration file
 #
 [Definition]
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 #2021-02-03 16:27:57.292697 [WARNING] sofia_reg.c:2353 IP 62.210.78.91 Rejected by register acl "domains"
 failregex = \[WARNING\] sofia_reg.c:\d+ IP <HOST> Rejected by register acl
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex =
--- a/debian/resources/fail2ban/freeswitch.conf
+++ b/debian/resources/fail2ban/freeswitch.conf
@ -7,8 +7,8 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
-failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
-            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/debian/resources/fail2ban/freeswitch-404.conf
+++ b/debian/resources/fail2ban/freeswitch-404.conf
--- a/debian/resources/fail2ban/jail.local
+++ b/debian/resources/fail2ban/jail.local
@ -5,87 +5,93 @@ protocol = ssh
 filter   = sshd
 logpath  = /var/log/auth.log
 action   = iptables-allports[name=sshd, protocol=all]
-maxretry = 5
+maxretry = 6
-findtime = 7200
+findtime = 60
 bantime  = 86400
-[freeswitch-udp]
+[freeswitch]
-enabled  = true
+enabled  = false
-port     = 5060:5090
+port     = 5060:5091
 protocol = all
 filter   = freeswitch
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-udp, port="5060:5090", protocol=udp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
-maxretry = 5
+action   = iptables-allports[name=freeswitch, protocol=all]
-findtime = 600
+maxretry = 10
 findtime = 60
 bantime  = 3600
 #          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
-[freeswitch-tcp]
+[freeswitch-acl]
 enabled  = true
 port     = 5060:5090
 protocol = all
 filter   = freeswitch
 logpath  = /var/log/freeswitch/freeswitch.log
 action   = iptables-multiport[name=freeswitch-tcp, port="5060:5090", protocol=tcp]
 maxretry = 5
 findtime = 600
 bantime  = 3600
 #          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
 [freeswitch-ip-tcp]
 enabled  = false
-port     = 5060:5090
+port     = 5060:5091
 protocol = all
 filter   = freeswitch-acl
 logpath  = /var/log/freeswitch/freeswitch.log
 #logpath  = /usr/local/freeswitch/log/freeswitch.log
 action   = iptables-allports[name=freeswitch-acl, protocol=all]
 maxretry = 900
 findtime = 60
 bantime  = 86400
 [freeswitch-ip]
 enabled  = false
 port     = 5060:5091
 protocol = all
 filter   = freeswitch-ip
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-ip-tcp, port="5060:5090", protocol=tcp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
 action   = iptables-allports[name=freeswitch-ip, protocol=all]
 maxretry = 1
-findtime = 30
+findtime = 60
 bantime  = 86400
-[freeswitch-ip-udp]
+[auth-challenge-ip]
 enabled  = false
-port     = 5060:5090
+port     = 5060:5091
 protocol = all
-filter   = freeswitch-ip
+filter   = auth-challenge-ip
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-ip-udp, port="5060:5090", protocol=udp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
 action   = iptables-allports[name=auth-challenge-ip, protocol=all]
 maxretry = 1
-findtime = 30
+findtime = 60
 bantime  = 86400
-[freeswitch-dos-udp]
+[sip-auth-challenge]
-enabled  = true
+enabled  = false
-port     = 5060:5090
+port     = 5060:5091
 protocol = all
-filter   = freeswitch-dos
+filter   = sip-auth-challenge
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-dos-udp, port="5060:5090", protocol=udp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
-maxretry = 50
+action   = iptables-allports[name=sip-auth-challenge, protocol=all]
-findtime = 30
+maxretry = 100
-bantime  = 6000
+findtime = 60
 [freeswitch-dos-tcp]
 enabled  = true
 port     = 5060:5090
 protocol = all
 filter   = freeswitch-dos
 logpath  = /var/log/freeswitch/freeswitch.log
 action   = iptables-multiport[name=freeswitch-dos-tcp, port="5060:5090", protocol=tcp]
 maxretry = 50
 findtime = 30
 bantime  = 7200
-[freeswitch-404]
+[sip-auth-failure]
-enabled  = true
+enabled  = false
-port     = 5060:5090
+port     = 5060:5091
 protocol = all
-filter   = freeswitch-404
+filter   = sip-auth-failure
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-allports[name=freeswitch-404, protocol=all]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
-maxretry = 3
+action   = iptables-allports[name=sip-auth-failure, protocol=all]
-findtime = 300
+maxretry = 6
 findtime = 60
 bantime  = 7200
 [fusionpbx-404]
 enabled  = false
 port     = 5060:5091
 protocol = all
 filter   = fusionpbx-404
 logpath  = /var/log/freeswitch/freeswitch.log
 #logpath  = /usr/local/freeswitch/log/freeswitch.log
 action   = iptables-allports[name=fusionpbx-404, protocol=all]
 maxretry = 6
 findtime = 60
 bantime  = 86400
 [fusionpbx]
@ -94,10 +100,10 @@ port     = 80,443
 protocol = tcp
 filter   = fusionpbx
 logpath  = /var/log/auth.log
-action   = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp]
+action   = iptables-allports[name=fusionpbx, protocol=all]
 #          sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
-maxretry = 10
+maxretry = 20
-findtime = 600
+findtime = 60
 bantime  = 3600
 [fusionpbx-mac]
@ -106,11 +112,11 @@ port     = 80,443
 protocol = tcp
 filter   = fusionpbx-mac
 logpath  = /var/log/syslog
-action   = iptables-multiport[name=fusionpbx-mac, port="http,https", protocol=tcp]
+action   = iptables-allports[name=fusionpbx-mac, protocol=all]
 #          sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed
-maxretry = 5
+maxretry = 10
-findtime = 300
+findtime = 60
-bantime  = -1
+bantime  = 86400
 [nginx-404]
 enabled  = true
@ -118,18 +124,20 @@ port     = 80,443
 protocol = tcp
 filter   = nginx-404
 logpath  = /var/log/nginx/access*.log
 action   = iptables-allports[name=nginx-404, protocol=all]
 bantime  = 3600
 findtime = 60
-maxretry = 120
+maxretry = 300
 [nginx-dos]
 # Based on apache-badbots but a simple IP check (any IP requesting more than
-# 240 pages in 60 seconds, or 4p/s average, is suspicious)
+# 300 pages in 60 seconds, or 5p/s average, is suspicious)
 enabled  = true
 port     = 80,443
 protocol = tcp
 filter   = nginx-dos
 logpath  = /var/log/nginx/access*.log
 action   = iptables-allports[name=nginx-dos, protocol=all]
 findtime = 60
-bantime  = -1
+bantime  = 86400
-maxretry = 240
+maxretry = 800
--- a/debian/resources/fail2ban/sip-auth-challenge.conf
+++ b/debian/resources/fail2ban/sip-auth-challenge.conf
@ -0,0 +1,21 @@
 # Fail2Ban configuration file
 #
 # Author: soapee01
 #
 [Definition]
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((?:REGISTER|INVITE)\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex =
--- a/debian/resources/fail2ban/sip-auth-failure.conf
+++ b/debian/resources/fail2ban/sip-auth-failure.conf
@ -12,7 +12,7 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
-failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/debian/resources/finish.sh
+++ b/debian/resources/finish.sh
@ -8,8 +8,6 @@ cd "$(dirname "$0")"
 . ./colors.sh
 #database details
 database_host=127.0.0.1
 database_port=5432
 database_username=fusionpbx
 if [ .$database_password = .'random' ]; then
 	database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
@ -19,15 +17,26 @@ fi
 export PGPASSWORD=$database_password
 #update the database password
 #sudo -u postgres psql --host=$database_host --port=$database_port --username=$database_username -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
 #sudo -u postgres psql --host=$database_host --port=$database_port --username=$database_username -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
 sudo -u postgres psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
 sudo -u postgres psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
-#add the config.php
+#install the database backup
 cp backup/fusionpbx-backup /etc/cron.daily
 cp backup/fusionpbx-maintenance /etc/cron.daily
 chmod 755 /etc/cron.daily/fusionpbx-backup
 chmod 755 /etc/cron.daily/fusionpbx-maintenance
 sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-backup
 sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-maintenance
 #add the config.conf
 mkdir -p /etc/fusionpbx
-chown -R www-data:www-data /etc/fusionpbx
+cp fusionpbx/config.conf /etc/fusionpbx
-cp fusionpbx/config.php /etc/fusionpbx
+sed -i /etc/fusionpbx/config.conf -e s:"{database_host}:$database_host:"
-sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:'
+sed -i /etc/fusionpbx/config.conf -e s:"{database_name}:$database_name:"
-sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:"
+sed -i /etc/fusionpbx/config.conf -e s:"{database_username}:$database_username:"
 sed -i /etc/fusionpbx/config.conf -e s:"{database_password}:$database_password:"
 #add the database schema
 cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1
@ -49,49 +58,68 @@ domain_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
 psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');"
 #app defaults
-cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
+cd /var/www/fusionpbx && /usr/bin/php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
 #add the user
 user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
 user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
 user_name=$system_username
 if [ .$system_password = .'random' ]; then
-	user_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
+	user_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
 else
 	user_password=$system_password
 fi
-password_hash=$(php -r "echo md5('$user_salt$user_password');");
+password_hash=$(/usr/bin/php -r "echo md5('$user_salt$user_password');");
 psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');"
 #get the superadmin group_uuid
-group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -t -c "select group_uuid from v_groups where group_name = 'superadmin';");
+#echo "psql --host=$database_host --port=$database_port --username=$database_username -qtAX -c \"select group_uuid from v_groups where group_name = 'superadmin';\""
-group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')
+group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -qtAX -c "select group_uuid from v_groups where group_name = 'superadmin';");
 #add the user to the group
-group_user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
+user_group_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
 group_name=superadmin
-psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_group_users (group_user_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$group_user_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
+#echo "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
 psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
 #update xml_cdr url, user and password
-xml_cdr_username=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
+xml_cdr_username=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
-xml_cdr_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
+xml_cdr_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
 sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:"
-sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:127.0.0.1:"
+sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:$database_host:"
 sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::"
 sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:"
 sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:"
 #app defaults
-cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
+cd /var/www/fusionpbx && /usr/bin/php /var/www/fusionpbx/core/upgrade/upgrade.php
 #restart freeswitch
 /bin/systemctl daemon-reload
 /bin/systemctl restart freeswitch
 #install the email_queue service
 cp /var/www/fusionpbx/app/email_queue/resources/service/debian.service /etc/systemd/system/email_queue.service
 systemctl enable email_queue
 systemctl start email_queue
 systemctl daemon-reload
 #install the event_guard service
 cp /var/www/fusionpbx/app/event_guard/resources/service/debian.service /etc/systemd/system/event_guard.service
 /bin/systemctl enable event_guard
 /bin/systemctl start event_guard
 /bin/systemctl daemon-reload
 #add xml cdr import to crontab
 apt install cron
 (crontab -l; echo "* * * * * $(which php) /var/www/fusionpbx/app/xml_cdr/xml_cdr_import.php 300") | crontab
 #welcome message
 echo ""
 echo ""
-verbose "Installation has completed."
+verbose "Installation Notes. "
 echo ""
 echo "   Please save this information and reboot this system to complete the install. "
 echo ""
 echo "   Use a web browser to login."
 echo "      domain name: https://$domain_name"
@ -106,17 +134,16 @@ echo "   Official FusionPBX Training"
 echo "      Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com."
 echo "      Available online and in person. Includes documentation and recording."
 echo ""
-echo "      Location          Online and Boise,Idaho"
+echo "      Location:               Online"
-echo "      Admin Training    13 - 14 December 2017 (2 Days)"
+echo "      Admin Training:          TBA"
-echo "      Advanced Training 18 - 19 December 2017 (2 Days)"
+echo "      Advanced Training:       TBA"
-echo "      Timezone: https://www.timeanddate.com/worldclock/usa/boise"
+echo "      Continuing Education:   https://www.fusionpbx.com/training"
 echo "      Timezone:               https://www.timeanddate.com/weather/usa/idaho"
 echo ""
 echo "   Additional information."
 echo "      https://fusionpbx.com/members.php"
 echo "      https://fusionpbx.com/training.php"
 echo "      https://fusionpbx.com/support.php"
 echo "      https://www.fusionpbx.com"
 echo "      http://docs.fusionpbx.com"
 echo ""
--- a/debian/resources/fusionpbx.sh
+++ b/debian/resources/fusionpbx.sh
@ -11,22 +11,22 @@ cd "$(dirname "$0")"
 verbose "Installing FusionPBX"
 #install dependencies
-apt-get install -y --force-yes vim git dbus haveged ssl-cert
+apt-get install -y vim git dbus haveged ssl-cert qrencode
-apt-get install -y --force-yes ghostscript libtiff5-dev libtiff-tools at
+apt-get install -y ghostscript libtiff5-dev libtiff-tools at
 #get the branch
 if [ .$system_branch = .'master' ]; then
 	verbose "Using master"
 	branch=""
 else
-	system_major=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1)
+	verbose "Using version $system_branch"
-	system_minor=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $system_major.* | cut -d/ -f3 |  grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2)
+	branch="-b $system_branch"
 	system_version=$system_major.$system_minor
 	verbose "Using version $system_version"
 	branch="-b $system_version"
 fi
 #add the cache directory
 mkdir -p /var/cache/fusionpbx
 chown -R www-data:www-data /var/cache/fusionpbx
 #get the source code
 git clone $branch https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx
 chown -R www-data:www-data /var/www/fusionpbx
 chmod -R 755 /var/www/fusionpbx/secure
--- a/debian/resources/fusionpbx/config.conf
+++ b/debian/resources/fusionpbx/config.conf
@ -0,0 +1,44 @@
 #database system settings
 database.0.type = pgsql
 database.0.host = {database_host}
 database.0.port = 5432
 database.0.sslmode = prefer
 database.0.name = {database_name}
 database.0.username = {database_username}
 database.0.password = {database_password}
 #database switch settings
 database.1.type = sqlite
 database.1.path = /var/lib/freeswitch/db
 database.1.name = core.db
 #general settings
 document.root = /var/www/fusionpbx
 project.path =
 temp.dir = /tmp
 php.dir = /usr/bin
 php.bin = php 
 #cache settings
 cache.method = file
 cache.location = /var/cache/fusionpbx
 cache.settings = true
 #switch settings
 switch.conf.dir = /etc/freeswitch
 switch.sounds.dir = /usr/share/freeswitch/sounds
 switch.database.dir = /var/lib/freeswitch/db
 switch.recordings.dir = /var/lib/freeswitch/recordings
 switch.storage.dir = /var/lib/freeswitch/storage
 switch.voicemail.dir = /var/lib/freeswitch/storage/voicemail
 switch.scripts.dir = /usr/share/freeswitch/scripts
 #switch xml handler
 xml_handler.fs_path = false
 xml_handler.reg_as_number_alias = false
 xml_handler.number_as_presence_id = true
 #error reporting options: user,dev,all
 error.reporting = user
--- a/debian/resources/fusionpbx/config.php
+++ b/debian/resources/fusionpbx/config.php
@ -1,45 +0,0 @@
 <?php
 /*
 	FusionPBX
 	Version: MPL 1.1
 	The contents of this file are subject to the Mozilla Public License Version
 	1.1 (the "License"); you may not use this file except in compliance with
 	the License. You may obtain a copy of the License at
 	http://www.mozilla.org/MPL/
 	Software distributed under the License is distributed on an "AS IS" basis,
 	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 	for the specific language governing rights and limitations under the
 	License.
 	The Original Code is FusionPBX
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
 	Portions created by the Initial Developer are Copyright (C) 2008-2016
 	the Initial Developer. All Rights Reserved.
 	Contributor(s):
 	Mark J Crane <markjcrane@fusionpbx.com>
 */
 //set the database type
 	$db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection
 //sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here.
 	//$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename
 	//$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable
 //pgsql: database connection information
 	$db_host = 'localhost'; //set the host only if the database is not local
 	$db_port = '5432';
 	$db_name = 'fusionpbx';
 	$db_username = '{database_username}';
 	$db_password = '{database_password}';
 //show errors
 	ini_set('display_errors', '1');
 	//error_reporting (E_ALL); // Report everything
 	//error_reporting (E_ALL ^ E_NOTICE); // hide notices
 	error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings
--- a/debian/resources/ioncube.sh
+++ b/debian/resources/ioncube.sh
@ -0,0 +1,170 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ./config.sh
 . ./colors.sh
 . ./environment.sh
 #show cpu details
 echo "cpu architecture: $cpu_architecture"
 echo "cpu name: $cpu_name"
 #make sure unzip is install
 apt-get install -y unzip
 #remove the ioncube directory if it exists
 if [ -d "ioncube" ]; then
        rm -Rf ioncube;
 fi
 #get the ioncube load and unzip it
 if [ .$cpu_architecture = .'x86' ]; then
 	#get the ioncube 64 bit loader
 	wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.zip
 	#uncompress the file
 	unzip ioncube_loaders_lin_x86-64.zip
 	#remove the zip file
 	rm ioncube_loaders_lin_x86-64.zip
 elif [ .$cpu_architecture = ."arm" ]; then
 	if [ .$cpu_name = .'armv7l' ]; then
 		#get the ioncube 64 bit loader
 		wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_armv7l.zip
 		#uncompress the file
 		unzip ioncube_loaders_lin_armv7l.zip
 		#remove the zip file
 		rm ioncube_loaders_lin_armv7l.zip
 	fi
 fi
 #set the version of php
 #if [ ."$os_codename" = ."bullseye" ]; then
 #	php_version=8.0
 #fi
 #if [ ."$os_codename" = ."buster" ]; then
 #	php_version=7.4
 #fi
 #if [ ."$os_codename" = ."stretch" ]; then
 #	php_version=7.1
 #fi
 #if [ ."$os_codename" = ."jessie" ]; then
 #	php_version=7.1
 #fi
 #copy the loader to the correct directory
 if [ ."$php_version" = ."5.6" ]; then
        #copy the php extension .so into the php lib directory
        cp ioncube/ioncube_loader_lin_5.6.so /usr/lib/php5/20131226
        #add the 00-ioncube.ini file
 	echo "zend_extension = /usr/lib/php5/20131226/ioncube_loader_lin_5.6.so" > /etc/php5/fpm/conf.d/00-ioncube.ini
 	echo "zend_extension = /usr/lib/php5/20131226/ioncube_loader_lin_5.6.so" > /etc/php5/cli/conf.d/00-ioncube.ini
        #restart the service
        service php5-fpm restart
 fi
 if [ ."$php_version" = ."7.0" ]; then
        #copy the php extension .so into the php lib directory
        cp ioncube/ioncube_loader_lin_7.0.so /usr/lib/php/20151012
        #add the 00-ioncube.ini file
 	echo "zend_extension = /usr/lib/php/20151012/ioncube_loader_lin_7.0.so" > /etc/php/7.0/fpm/conf.d/00-ioncube.ini
 	echo "zend_extension = /usr/lib/php/20151012/ioncube_loader_lin_7.0.so" > /etc/php/7.0/cli/conf.d/00-ioncube.ini
        #restart the service
        service php7.0-fpm restart
 fi
 if [ ."$php_version" = ."7.1" ]; then
        #copy the php extension .so into the php lib directory
        cp ioncube/ioncube_loader_lin_7.1.so /usr/lib/php/20160303
        #add the 00-ioncube.ini file
 	echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/fpm/conf.d/00-ioncube.ini
 	echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/cli/conf.d/00-ioncube.ini
        #restart the service
        service php7.1-fpm restart
 fi
 if [ ."$php_version" = ."7.2" ]; then
        #copy the php extension .so into the php lib directory
        cp ioncube/ioncube_loader_lin_7.2.so /usr/lib/php/20170718
        #add the 00-ioncube.ini file
 	echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/fpm/conf.d/00-ioncube.ini
 	echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/cli/conf.d/00-ioncube.ini
        #restart the service
        service php7.2-fpm restart
 fi
 if [ ."$php_version" = ."7.3" ]; then
        #copy the php extension .so into the php lib directory
        cp ioncube/ioncube_loader_lin_7.3.so /usr/lib/php/20180731
        #add the 00-ioncube.ini file
 	echo "zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so" > /etc/php/7.3/fpm/conf.d/00-ioncube.ini
 	echo "zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so" > /etc/php/7.3/cli/conf.d/00-ioncube.ini
        #restart the service
        service php7.3-fpm restart
 fi
 if [ ."$php_version" = ."7.4" ]; then
        #copy the php extension .so into the php lib directory
        cp ioncube/ioncube_loader_lin_7.4.so /usr/lib/php/20190902
        #add the 00-ioncube.ini file
 	echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/fpm/conf.d/00-ioncube.ini
 	echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/cli/conf.d/00-ioncube.ini
        #restart the service
        service php7.4-fpm restart
 fi
 if [ ."$php_version" = ."8.1" ]; then
        #copy the php extension .so into the php lib directory
        cp ioncube/ioncube_loader_lin_8.1.so /usr/lib/php/20210902
        #add the 00-ioncube.ini file
 	echo "zend_extension = /usr/lib/php/20210902/ioncube_loader_lin_8.1.so" > /etc/php/8.1/fpm/conf.d/00-ioncube.ini
 	echo "zend_extension = /usr/lib/php/20210902/ioncube_loader_lin_8.1.so" > /etc/php/8.1/cli/conf.d/00-ioncube.ini
        #restart the service
        service php8.1-fpm restart
 fi
 if [ ."$php_version" = ."8.2" ]; then
        #copy the php extension .so into the php lib directory
        cp ioncube/ioncube_loader_lin_8.2.so /usr/lib/php/20220829
        #add the 00-ioncube.ini file
 	echo "zend_extension = /usr/lib/php/20220829/ioncube_loader_lin_8.2.so" > /etc/php/8.2/fpm/conf.d/00-ioncube.ini
 	echo "zend_extension = /usr/lib/php/20220829/ioncube_loader_lin_8.2.so" > /etc/php/8.2/cli/conf.d/00-ioncube.ini
        #restart the service
        service php8.2-fpm restart
 fi
 if [ ."$php_version" = ."8.3" ]; then
        #copy the php extension .so into the php lib directory
        cp ioncube/ioncube_loader_lin_8.3.so /usr/lib/php/20230831
        #add the 00-ioncube.ini file
 	echo "zend_extension = /usr/lib/php/20230831/ioncube_loader_lin_8.3.so" > /etc/php/8.3/fpm/conf.d/00-ioncube.ini
 	echo "zend_extension = /usr/lib/php/20230831/ioncube_loader_lin_8.3.so" > /etc/php/8.3/cli/conf.d/00-ioncube.ini
        #restart the service
        service php8.3-fpm restart
 fi
 if [ ."$php_version" = ."8.4" ]; then
        #copy the php extension .so into the php lib directory
        cp ioncube/ioncube_loader_lin_8.4.so /usr/lib/php/20240924
        #add the 00-ioncube.ini file
 	echo "zend_extension = /usr/lib/php/20240924/ioncube_loader_lin_8.4.so" > /etc/php/8.4/fpm/conf.d/00-ioncube.ini
 	echo "zend_extension = /usr/lib/php/20240924/ioncube_loader_lin_8.4.so" > /etc/php/8.4/cli/conf.d/00-ioncube.ini
        #restart the service
        service php8.4-fpm restart
 fi
--- a/debian/resources/iptables.sh
+++ b/debian/resources/iptables.sh
@ -3,39 +3,99 @@
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #add the includes
 . ./config.sh
 . ./colors.sh
 . ./environment.sh
 #send a message
 verbose "Configuring IPTables"
 #defaults to nftables by default this enables iptables
 if [ ."$os_codename" = ."buster" ]; then
 	update-alternatives --set iptables /usr/sbin/iptables-legacy
 	update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
 fi
 if [ ."$os_codename" = ."bullseye" ]; then
 	apt-get install -y iptables
 	update-alternatives --set iptables /usr/sbin/iptables-legacy
 	update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
 fi
 if [ ."$os_codename" = ."bookworm" ]; then
 	apt-get install -y iptables
 	update-alternatives --set iptables /usr/sbin/iptables-legacy
 	update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
 fi
 #remove ufw
 ufw reset
 ufw disable
 apt-get remove -y ufw
 #apt-get purge ufw
 iptables --delete-chain ufw-after-forward
 iptables --delete-chain ufw-after-input
 iptables --delete-chain ufw-after-logging-forward
 iptables --delete-chain ufw-after-logging-input
 iptables --delete-chain ufw-after-logging-output
 iptables --delete-chain ufw-after-output
 iptables --delete-chain ufw-before-forward
 iptables --delete-chain ufw-before-input
 iptables --delete-chain ufw-before-logging-forward
 iptables --delete-chain ufw-before-logging-input
 iptables --delete-chain ufw-before-logging-output
 iptables --delete-chain ufw-before-output
 iptables --delete-chain ufw-reject-forward
 iptables --delete-chain ufw-reject-input
 iptables --delete-chain ufw-reject-output
 iptables --delete-chain ufw-track-forward
 iptables --delete-chain ufw-track-input
 iptables --delete-chain ufw-track-output
 #flush iptables
 iptables -P INPUT ACCEPT
 iptables -P FORWARD ACCEPT
 iptables -P OUTPUT ACCEPT
 iptables -F
 #run iptables commands
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-iptables -A INPUT -j DROP -p udp --dport 5060:5090 -m string --string "friendly-scanner" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
-iptables -A INPUT -j DROP -p udp --dport 5060:5090 -m string --string "sipcli/" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
-iptables -A INPUT -j DROP -p udp --dport 5060:5090 -m string --string "VaxSIPUserAgent/" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
-iptables -A INPUT -j DROP -p tcp --dport 5060:5090 -m string --string "friendly-scanner" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
-iptables -A INPUT -j DROP -p tcp --dport 5060:5090 -m string --string "sipcli/" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
-iptables -A INPUT -j DROP -p tcp --dport 5060:5090 -m string --string "VaxSIPUserAgent/" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
 iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
 iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
 iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "system " --algo bm --icase
 iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "system " --algo bm --icase
 iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "exec." --algo bm --icase
 iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "exec." --algo bm --icase
 iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
 iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
 iptables -A INPUT -p tcp --dport 443 -j ACCEPT
-iptables -A INPUT -p tcp --dport 5060:5090 -j ACCEPT
+iptables -A INPUT -p tcp --dport 7443 -j ACCEPT
-iptables -A INPUT -p udp --dport 5060:5090 -j ACCEPT
+iptables -A INPUT -p tcp --dport 5060:5091 -j ACCEPT
-iptables -A INPUT -p tcp --dport 5080:5090 -j ACCEPT
+iptables -A INPUT -p udp --dport 5060:5091 -j ACCEPT
 iptables -A INPUT -p udp --dport 5080:5090 -j ACCEPT
 iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
 iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
 iptables -A INPUT -p udp --dport 1194 -j ACCEPT
 iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46
-iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5090 -j DSCP --set-dscp 26
+iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 26
-iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5090 -j DSCP --set-dscp 26
+iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 26
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
-#answer the questions for iptables persistent
+#save iptables to make it persistent
 #mkdir /etc/iptables
 #iptables-save > /etc/iptables/rules.v4
 #answer the questions for iptables persistent and save the iptable rules
 echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
 echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
-apt-get install -y --force-yes  iptables-persistent
+apt-get install -y iptables-persistent
--- a/debian/resources/letsencrypt.sh
+++ b/debian/resources/letsencrypt.sh
@ -1,87 +1,130 @@
 #!/bin/sh
 # FusionPBX - Install
 # Mark J Crane <markjcrane@fusionpbx.com>
 # Copyright (C) 2018
 # All Rights Reserved.
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ./config.sh
 #. ./colors.sh
 . ./environment.sh
-#request the domain and email
+#Add dependencies
 apt-get install -y curl
 #remove dehyrdated letsencrypt script
 rm /usr/local/sbin/dehydrated
 rm -R /usr/src/dehydrated
 #rm -R /etc/dehydrated/
 #rm -R /usr/src/dns-01-manual
 #rm -R /var/www/dehydrated
 #request the domain name, email address and wild card domain
 read -p 'Domain Name: ' domain_name
 read -p 'Email Address: ' email_address
 #domain_name=subdomain.domain.com
 #email=username@domain.com
-#remove previous install
+#get and install dehydrated
-rm -R /opt/letsencrypt
+cd /usr/src && git clone https://github.com/dehydrated-io/dehydrated.git
-rm -R /etc/letsencrypt
+cd /usr/src/dehydrated
 cp dehydrated /usr/local/sbin
 mkdir -p /var/www/dehydrated
 mkdir -p /etc/dehydrated/certs
-#use php version 5 for arm
+#wildcard detection
-if [ .$cpu_architecture = .'arm' ]; then
+wildcard_domain=$(echo $domain_name | cut -c1-1)
-        php_version=5
+if [ "$wildcard_domain" = "*" ]; then
 	wildcard_domain="true"
 else
 	wildcard_domain="false"
 fi
-#enable fusionpbx nginx config
+#remove the wildcard and period
-cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
+if [ .$wildcard_domain = ."true" ]; then
-
+      domain_name=$(echo "$domain_name" | cut -c3-255)
 #prepare socket name
 if [ ."$php_version" = ."5" ]; then
        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
 fi
-if [ ."$php_version" = ."7" ]; then
+
-        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
+#manual dns hook
 if [ .$wildcard_domain = ."true" ]; then
    cd /usr/src
    git clone https://github.com/gheja/dns-01-manual.git
    cd /usr/src/dns-01-manual/
    cp hook.sh /etc/dehydrated/hook.sh
    chmod 755 /etc/dehydrated/hook.sh
 fi
 ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
-#read the config
+#copy config and hook.sh into /etc/dehydrated
-/usr/sbin/nginx -t && /usr/sbin/nginx -s reload
+cd /usr/src/dehydrated
 cp docs/examples/config /etc/dehydrated
 #cp docs/examples/hook.sh /etc/dehydrated
-#add jessie backports
+#update the dehydrated config
-echo "deb http://ftp.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/jessie-backports.list
+#sed "s#CONTACT_EMAIL=#CONTACT_EMAIL=$email_address" -i /etc/dehydrated/config
-apt-get update && apt-get upgrade
+sed -i 's/#CONTACT_EMAIL=/CONTACT_EMAIL="'"$email_address"'"/g' /etc/dehydrated/config
-apt-get install certbot -t jessie-backports
+sed -i 's/#WELLKNOWN=/WELLKNOWN=/g' /etc/dehydrated/config
-#install letsencrypt
+#accept the terms
-git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
+./dehydrated --register --accept-terms --config /etc/dehydrated/config
 chmod 755 /opt/letsencrypt/certbot-auto
 /opt/letsencrypt/./certbot-auto certonly
-#make the directories
+#set the domain alias
-mkdir -p /etc/letsencrypt/configs
+domain_alias=$(echo "$domain_name" | head -n1 | cut -d " " -f1)
 mkdir -p /var/www/letsencrypt/
-#cd $pwd
+#create an alias when using wildcard dns
-#cd "$(dirname "$0")"
+if [ .$wildcard_domain = ."true" ]; then
 	echo "*.$domain_name > $domain_name" > /etc/dehydrated/domains.txt
 fi
-#copy the domain conf
+#add the domain name to domains.txt
-cp letsencrypt/domain_name.conf /etc/letsencrypt/configs/$domain_name.conf
+if [ .$wildcard_domain = ."false" ]; then
 	echo "$domain_name" > /etc/dehydrated/domains.txt
 fi
-#update the domain_name and email_address
+#request the certificates
-sed "s#{domain_name}#$domain_name#g" -i /etc/letsencrypt/configs/$domain_name.conf
+if [ .$wildcard_domain = ."true" ]; then
-sed "s#{email_address}#$email_address#g" -i /etc/letsencrypt/configs/$domain_name.conf
+	./dehydrated --cron --domain *.$domain_name --preferred-chain "ISRG Root X1" --algo rsa --alias $domain_alias --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge dns-01 --hook /etc/dehydrated/hook.sh
 fi
 if [ .$wildcard_domain = ."false" ]; then
 	./dehydrated --cron --alias $domain_alias --preferred-chain "ISRG Root X1" --algo rsa --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge http-01
 fi
-#letsencrypt
+#make sure the nginx ssl directory exists
-#sed "s@#letsencrypt@location /.well-known/acme-challenge { root /var/www/letsencrypt; }@g" -i /etc/nginx/sites-available/fusionpbx
+mkdir -p /etc/nginx/ssl
 #get the certs from letsencrypt
 cd /opt/letsencrypt && ./letsencrypt-auto --config /etc/letsencrypt/configs/$domain_name.conf certonly
 #update nginx config
-sed "s@ssl_certificate         /etc/ssl/certs/nginx.crt;@ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx
+sed "s@ssl_certificate[ \t]*/etc/ssl/certs/nginx.crt;@ssl_certificate /etc/dehydrated/certs/$domain_alias/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx
-sed "s@ssl_certificate_key     /etc/ssl/private/nginx.key;@ssl_certificate_key /etc/letsencrypt/live/$domain_name/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx
+sed "s@ssl_certificate_key[ \t]*/etc/ssl/private/nginx.key;@ssl_certificate_key /etc/dehydrated/certs/$domain_alias/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx
 #read the config
 /usr/sbin/nginx -t && /usr/sbin/nginx -s reload
-#combine the certs into all.pem
+#setup freeswitch tls
-cat /etc/letsencrypt/live/$domain_name/cert.pem > /etc/letsencrypt/live/$domain_name/all.pem
+if [ .$switch_tls = ."true" ]; then
 cat /etc/letsencrypt/live/$domain_name/privkey.pem >> /etc/letsencrypt/live/$domain_name/all.pem
 cat /etc/letsencrypt/live/$domain_name/chain.pem >> /etc/letsencrypt/live/$domain_name/all.pem
-#copy the certs to the switch tls directory
+	#make sure the freeswitch directory exists
-mkdir -p /etc/freeswitch/tls
+	mkdir -p /etc/freeswitch/tls
-cp /etc/letsencrypt/live/$domain_name/*.pem /etc/freeswitch/tls
+
-cp /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
+	#make sure the freeswitch certificate directory is empty
-chown -R www-data:www-data /etc/freeswitch
+	rm /etc/freeswitch/tls/*
 	#combine the certs into all.pem
 	cat /etc/dehydrated/certs/$domain_alias/fullchain.pem > /etc/freeswitch/tls/all.pem
 	cat /etc/dehydrated/certs/$domain_alias/privkey.pem >> /etc/freeswitch/tls/all.pem
 	#cat /etc/dehydrated/certs/$domain_alias/chain.pem >> /etc/freeswitch/tls/all.pem
 	#copy the certificates
 	cp /etc/dehydrated/certs/$domain_alias/cert.pem /etc/freeswitch/tls
 	cp /etc/dehydrated/certs/$domain_alias/chain.pem /etc/freeswitch/tls
 	cp /etc/dehydrated/certs/$domain_alias/fullchain.pem /etc/freeswitch/tls
 	cp /etc/dehydrated/certs/$domain_alias/privkey.pem /etc/freeswitch/tls
 	#add symbolic links
 	ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
 	ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
 	ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
 	ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem
 	#set the permissions
 	chown -R www-data:www-data /etc/freeswitch/tls
 fi  
--- a/debian/resources/maintenance/call_recordings.php
+++ b/debian/resources/maintenance/call_recordings.php
@ -0,0 +1,173 @@
 <?php
 /*
 Call Recordings Maintenance
 - Convert WAV to MP3
  - Reduce the file size
 - Move recordings
  - Move the recording from the source to a destination directory.
  - To move files, you will need to add the destination_path as a setting under category: call_recordings
 In my case, I put the file in /usr/src and then run manually like this.
 /usr/bin/php /usr/src/fusionpbx-install.sh/debian/resources/maintenance/call_recordings.php
 Debian
 crontab -e
 0 * * * * /usr/bin/php /usr/src/fusionpbx-install.sh/debian/resources/maintenance/call_recordings.php > /dev/null 2>&1
 */
 //add the document root to the included path
 	if (defined('STDIN')) {
 		$config_glob = glob("{/usr/local/etc,/etc}/fusionpbx/config.conf", GLOB_BRACE);
 		$conf = parse_ini_file($config_glob[0]);
 		set_include_path($conf['document.root']);
 	}
 	else {
 		exit;
 	}
 //set pre-defined variables
 	$debug = true;
 	$action_name = 'convert'; //convert, move or both
 	$action_delay = ''; //number of days before running the action, default empty which means no delay
 	$audio_format = 'wav';
 	$preferred_command = 'lame'; //mpg123, lame, sox
 //includes files
 	require_once "resources/require.php";
 //create the database connection
 	$database = new database;
 //use settings object instead of session
 	$settings = new settings(['database' => $database]);
 //set the source and destination paths
 	$source_path = $settings->get('switch','recordings', '');
 //set the destination_path
 	if ($action_name == 'move' || $action_name == 'both') {
 		$destination_path = $settings->get('call_recordings','destination_path', null);
 	}
 //make sure the directory exists
 	if ($action_name == 'move' || $action_name == 'both') {
 		system('mkdir -p '.$destination_path);
 	}
 //get the XML CDR call recordings.
 	$sql = "select xml_cdr_uuid, domain_uuid, domain_name, ";
 	$sql .= "record_path, record_name, direction, start_stamp, ";
 	$sql .= "caller_id_name, caller_id_number from v_xml_cdr ";
 	//$sql .= "where start_stamp > NOW() - INTERVAL '7 days' ";
 	$sql .= "where true ";
 	if ($action_name == 'convert' || $action_name == 'both') {
 		$sql .= "and record_name like '%.wav' ";
 	}
 	if ($action_name == 'move' || $action_name == 'both') {
 		$sql .= "and length(record_path) > 0 ";
 		$sql .= "and substr(record_path, 1, length(:source_path)) = :source_path ";
 		$parameters['source_path'] = $source_path;
 	}
 	if (!empty($action_delay) && is_numeric($action_delay)) {
 		$sql .= "and start_stamp < NOW() - INTERVAL '".$action_delay." days' ";
 	}
 	$sql .= "order by start_stamp desc ";
 	if ($debug) { echo $sql."\n"; }
 	$call_recordings = $database->select($sql, $parameters, 'all');
 	unset($parameters);
 //process the changes
 	foreach ($call_recordings as $row) {
 		//set the record_name
 		$record_name = $row['record_name'];
 		//set the source_path
 		$source_path = realpath($row['record_path']);
 		//get the file name without the file extension
 		$path_parts = pathinfo($source_path.'/'.$record_name);
 		//convert the audio file from WAV to MP3
 		if ($action_name == 'convert' || $action_name == 'both') {
 			if ($debug) {
 				if (!file_exists($source_path."/".$record_name)) {
 					//echo "file not found: ".$source_path."/".$record_name."\n";
 				}
 				else {
 					echo "found file: ".$source_path."/".$record_name."\n";
 				}
 			}
 			if (file_exists($source_path."/".$record_name)) {
 				//build the sox command
 				if ($preferred_command == 'sox' && !file_exists($source_path."/".$path_parts['filename'].".mp3")) {
 					$command = "sox ".$source_path."/".$record_name." -C 128 ".$source_path."/".$path_parts['filename'].".mp3 \n";
 				}
 				//build and run the mpg123 command
 				if ($preferred_command == 'mpg123' && !file_exists($source_path."/".$path_parts['filename'].".mp3")) {
 					$command = "mpg123 -w ".$source_path."/".$record_name." ".$source_path."/".$path_parts['filename'].".mp3\n";
 				}
 				//build and run the mpg123 command
 				if ($preferred_command == 'lame' && !file_exists($source_path."/".$path_parts['filename'].".mp3")) {
 					$command = "lame -b 128 ".$source_path."/".$record_name." ".$source_path."/".$path_parts['filename'].".mp3\n";
 				}
 				//show debug information
 				if ($debug) { 
 					echo $command."\n";
 				}
 				//run the command
 				if (!empty($command)) {
 					system($command);
 				}
 				//update the record name to use the new file extension
 				if (file_exists($source_path."/".$path_parts['filename'].".mp3")) {
 					//make sure the mp3 file exists and then delete the wav file 
 					unlink($source_path."/".$path_parts['filename'].".wav");
 					//set the record_name with the new file extension
 					$record_name = $path_parts['filename'].".mp3";
 				}
 			}
 		}
 		//move the files
 		if ($action_name == 'move' || $action_name == 'both') {
 			//get breakdown of the date to year, month, and day
 			$start_time = strtotime($row['start_stamp']);
 			$start_year = date("Y", $start_time);
 			$start_month = date("M", $start_time);
 			$start_day = date("d", $start_time);
 			//move the recording from the old to the new directory
 			$old_path = realpath($row['record_path']);
 			$new_path = realpath($destination_path).'/'.$row['domain_name'].'/archive/'.$start_year.'/'.$start_month.'/'.$start_day;
 			if (!file_exists($new_path)) { system('mkdir -p '.$new_path); }
 			$command = "mv ".$old_path."/".$record_name." ".$new_path."/".$record_name;
 			if ($debug) { echo $command."\n"; }
 			system($command);
 		}
 		//update the database to the new directory
 		$sql = "update v_xml_cdr set \n";
 		if ($action_name == 'move' || $action_name == 'both') {
 			$sql .= "record_path = '".$new_path."' \n";
 		}
 		if ($action_name == 'convert' || $action_name == 'both') {
 			$sql .= "record_name = '".$path_parts['filename'].".mp3'\n";
 		}
 		$sql .= "where xml_cdr_uuid = '".$row['xml_cdr_uuid']."';\n";
 		if ($debug) { echo $sql."\n"; }
 		$database->execute($sql);
 	}
 ?>
--- a/debian/resources/monit.sh
+++ b/debian/resources/monit.sh
@ -0,0 +1,19 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ./config.sh
 #install monit
 apt-get install -y monit
 #make the monit shell script executable
 chmod 755 monit/shell.sh
 #copy the freeswitch monit config
 cp monit/freeswitch /etc/monit/conf.d
 #restart monit
 service monit restart
--- a/debian/resources/monit/freeswitch
+++ b/debian/resources/monit/freeswitch
@ -0,0 +1,3 @@
 check process freeswitch with pidfile /run/freeswitch/freeswitch.pid
 start program = "/usr/src/fusionpbx-install.sh/debian/resources/monit/./shell.sh"
 stop program  = "/usr/bin/freeswitch -stop"
--- a/debian/resources/monit/shell.sh
+++ b/debian/resources/monit/shell.sh
@ -0,0 +1,5 @@
 #!/bin/sh
 mkdir -p /var/run/freeswitch
 chown -R www-data:www-data /var/run/freeswitch
 /usr/bin/freeswitch -nc -u www-data -g www-data -nonat
--- a/debian/resources/nftables.sh
+++ b/debian/resources/nftables.sh
@ -0,0 +1,30 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #add the includes
 . ./config.sh
 . ./colors.sh
 . ./environment.sh
 #send a message
 verbose "Configuring nftables"
 #run iptables commands
 nft add rule ip filter INPUT iifname "lo" counter accept
 nft add rule ip filter INPUT ct state related,established  counter accept
 nft add rule ip filter INPUT tcp dport 22 counter accept
 nft add rule ip filter INPUT tcp dport 80 counter accept
 nft add rule ip filter INPUT tcp dport 443 counter accept
 nft add rule ip filter INPUT tcp dport 7443 counter accept
 nft add rule ip filter INPUT tcp dport 5060-5091 counter accept
 nft add rule ip filter INPUT udp dport 5060-5091 counter accept
 nft add rule ip filter INPUT udp dport 16384-32768 counter accept
 nft add rule ip filter INPUT icmp type echo-request counter accept
 nft add rule ip filter INPUT udp dport 1194 counter accept
 nft add rule ip mangle OUTPUT udp sport 16384-32768 counter ip dscp set 0x2e
 nft add rule ip mangle OUTPUT tcp sport 5060-5091 counter ip dscp set 0x1a
 nft add rule ip mangle OUTPUT udp sport 5060-5091 counter ip dscp set 0x1a
--- a/debian/resources/nginx.sh
+++ b/debian/resources/nginx.sh
@ -11,65 +11,53 @@ cd "$(dirname "$0")"
 #send a message
 verbose "Installing the web server"
-#if [ ."$cpu_architecture" = ."arm" ]; then
+#change the version of php for arm
-        #9.x - */stretch/
+if [ ."$cpu_architecture" = ."arm" ]; then
-        #8.x - */jessie/
+ 	#set the version of php
-#fi
+	if [ ."$os_codename" = ."bullseye" ]; then
-if [ ."$php_version" = ."5" ]; then
+		php_version=7.4
-        #verbose "Switching forcefully to php5* packages"
+	fi
        which add-apt-repository || apt-get install -y software-properties-common
        #LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
        #LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php5-compat
 elif [ ."$os_name" = ."Ubuntu" ]; then
        #16.10.x - */yakkety/
        #16.04.x - */xenial/
        #14.04.x - */trusty/
        if [ ."$os_codename" = ."trusty" ]; then
                which add-apt-repository || apt-get install -y software-properties-common
                LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
        fi
 elif [ ."$cpu_architecture" = ."arm" ]; then
        #Pi2 and Pi3 Raspbian
        #Odroid
        if [ ."$os_codename" = ."jessie" ]; then
                echo "deb http://packages.moopi.uk/debian jessie main" > /etc/apt/sources.list.d/moopi.list
                wget -O - http://packages.moopi.uk/debian/moopi.gpg.key | apt-key add -
        fi
 else
        #9.x - */stretch/
        #8.x - */jessie/
        if [ ."$os_codename" = ."jessie" ]; then
                echo "deb http://packages.dotdeb.org $os_codename all" > /etc/apt/sources.list.d/dotdeb.list
                echo "deb-src http://packages.dotdeb.org $os_codename all" >> /etc/apt/sources.list.d/dotdeb.list
                wget -O - https://www.dotdeb.org/dotdeb.gpg | apt-key add -
        fi
 fi
 apt-get update
-#use php version 5 for arm
+#set the version of php
-#if [ .$cpu_architecture = .'arm' ]; then
+#if [ ."$os_codename" = ."bullseye" ]; then
-#        php_version=5
+#	php_version=7.4
 #fi
-
+if [ ."$os_codename" = ."buster" ]; then
-#install dependencies
+	php_version=7.3
 apt-get install -y nginx
 if [ ."$php_version" = ."5" ]; then
        apt-get install -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-mcrypt
 fi
-if [ ."$php_version" = ."7" ]; then
+if [ ."$os_codename" = ."stretch" ]; then
-        apt-get install -y php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-mcrypt php7.0-xml
+	php_version=7.1
 fi
 if [ ."$os_codename" = ."jessie" ]; then
 	php_version=7.1
 fi
 #enable fusionpbx nginx config
 cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
 #prepare socket name
-if [ ."$php_version" = ."5" ]; then
+if [ ."$php_version" = ."5.6" ]; then
        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
 fi
-if [ ."$php_version" = ."7" ]; then
+if [ ."$php_version" = ."7.0" ]; then
        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
 fi
 if [ ."$php_version" = ."7.1" ]; then
        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g'
 fi
 if [ ."$php_version" = ."7.2" ]; then
        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.2-fpm.sock;#g'
 fi
 if [ ."$php_version" = ."7.3" ]; then
        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.3-fpm.sock;#g'
 fi
 if [ ."$php_version" = ."7.4" ]; then
        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.4-fpm.sock;#g'
 fi
 if [ ."$php_version" = ."8.1" ]; then
        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php8.1-fpm.sock;#g'
 fi
 ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
 #self signed certificate
@ -80,14 +68,17 @@ ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt
 rm /etc/nginx/sites-enabled/default
 #update config if LetsEncrypt folder is unwanted
-if [ .$letsencrypt_folder = .false ]; then
+# if [ .$letsencrypt_folder = .false ]; then
-        sed -i '151,155d' /etc/nginx/sites-available/fusionpbx
+#         sed -i '151,155d' /etc/nginx/sites-available/fusionpbx
-fi
+# fi
 #add the letsencrypt directory
 if [ .$letsencrypt_folder = .true ]; then
        mkdir -p /var/www/letsencrypt/
 fi
 #flush systemd cache
 systemctl daemon-reload
 #restart nginx
 service nginx restart
--- a/debian/resources/nginx/fusionpbx
+++ b/debian/resources/nginx/fusionpbx
@ -14,7 +14,7 @@ server {
 	}
 	location ~ \.php$ {
-		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_index index.php;
 		include fastcgi_params;
@ -23,30 +23,49 @@ server {
 	# Allow the upgrade routines to run longer than normal
 	location = /core/upgrade/index.php {
-		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_read_timeout 15m;
 		fastcgi_index index.php;
 		include fastcgi_params;
 		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
 		fastcgi_read_timeout 15m;
 	}
-	# Disable viewing .htaccess & .htpassword & .db
+	# Disable viewing .htaccess & .htpassword & .db & .git
 	location ~ .htaccess {
-			deny all;
+		deny all;
 	}
 	location ~ .htpassword {
-			deny all;
+		deny all;
 	}
 	location ~^.+.(db)$ {
-			deny all;
+		deny all;
 	}
 	location ~ /\.git {
 		deny all;
 	}
 	location ~ /\.lua {
 		deny all;
 	}
 	location ~ /\. {
 		deny all;
 	}
 }
 server {
 	listen [::]:80;
 	listen 80;
 	server_name fusionpbx;
-	if ($uri !~* ^.*(provision|xml_cdr).*$) {
+
 	#redirect letsencrypt to dehydrated
 	location ^~ /.well-known/acme-challenge {
 		default_type "text/plain";
 		auth_basic "off";
 		alias /var/www/dehydrated;
 	}
 	#rewrite rule - send to https with an exception for provisioning
 	if ($uri !~* ^.*(provision|xml_cdr|firmware).*$) {
 		rewrite ^(.*) https://$host$1 permanent;
 		break;
 	}
@ -57,8 +76,12 @@ server {
 		break;
 	}
-        #algo
+	#algo
-        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
+	rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
 	#avaya
 	rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
 	rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;
 	#mitel
 	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
@ -66,111 +89,8 @@ server {
 	#grandstream
 	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
-	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
-	#grandstream-wave softphone by ext because Android doesn't pass MAC.
+	rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
 	rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
 	#aastra
 	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
 	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
 	#yealink
 	#rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
 	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
 	#polycom
 	rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
 	#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
 	rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
 	#rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
 	#cisco
 	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
 	#Escene
 	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
 	rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$"    "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
 	#Vtech
 	rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
 	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
 	access_log /var/log/nginx/access.log;
 	error_log /var/log/nginx/error.log;
 	client_max_body_size 80M;
 	client_body_buffer_size 128k;
 	location / {
 		root /var/www/fusionpbx;
 		index index.php;
 	}
 	location ~ \.php$ {
 		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_index index.php;
 		include fastcgi_params;
 		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
 	}
 	# Allow the upgrade routines to run longer than normal
 	location = /core/upgrade/index.php {
 		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_index index.php;
 		include fastcgi_params;
 		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
 		fastcgi_read_timeout 15m;
 	}
 	# Disable viewing .htaccess & .htpassword & .db
 	location ~ .htaccess {
 		deny all;
 	}
 	location ~ .htpassword {
 		deny all;
 	}
 	location ~^.+.(db)$ {
 		deny all;
 	}
 }
 server {
 	listen 443;
 	server_name fusionpbx;
 	ssl                     on;
 	ssl_certificate         /etc/ssl/certs/nginx.crt;
 	ssl_certificate_key     /etc/ssl/private/nginx.key;
 	ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
 	ssl_ciphers             HIGH:!ADH:!MD5:!aNULL;
 	#ssl_dhparam
 	#letsencrypt
 	location /.well-known/acme-challenge {
        	root /var/www/letsencrypt;
    	}
 	#REST api
 	if ($uri ~* ^.*/api/.*$) {
 		rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
 		break;
 	}
        #algo
        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
 	#mitel
 	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
 	rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
 	#grandstream
 	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
 	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
 	#grandstream-wave softphone by ext because Android doesn't pass MAC.
 	rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
@ -194,6 +114,7 @@ server {
 	#cisco
 	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
 	rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
 	#Escene
 	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
@ -203,6 +124,15 @@ server {
 	rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
 	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
 	#Digium
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
 	#Snom
 	rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
    	rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
    	rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
 	access_log /var/log/nginx/access.log;
 	error_log /var/log/nginx/error.log;
@ -215,8 +145,9 @@ server {
 	}
 	location ~ \.php$ {
-		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_read_timeout 15m;
 		fastcgi_index index.php;
 		include fastcgi_params;
 		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
@ -224,15 +155,15 @@ server {
 	# Allow the upgrade routines to run longer than normal
 	location = /core/upgrade/index.php {
-		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_read_timeout 15m;
 		fastcgi_index index.php;
 		include fastcgi_params;
 		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
 		fastcgi_read_timeout 15m;
 	}
-	# Disable viewing .htaccess & .htpassword & .db
+	# Disable viewing .htaccess & .htpassword & .db & .git
 	location ~ .htaccess {
 		deny all;
 	}
@ -242,4 +173,153 @@ server {
 	location ~^.+.(db)$ {
 		deny all;
 	}
 	location ~ /\.git {
 		deny all;
 	}
 	location ~ /\.lua {
 		deny all;
 	}
 	location ~ /\. {
 		deny all;
 	}
 }
 server {
 	listen [::]:443 ssl;
 	listen 443 ssl;
 	#listen 443 ssl http2;
 	server_name fusionpbx;
 	ssl_certificate         /etc/ssl/certs/nginx.crt;
 	ssl_certificate_key     /etc/ssl/private/nginx.key;
 	#ssl_protocols           TLSv1.2 TLSv1.3;
 	ssl_protocols	        TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
 	ssl_prefer_server_ciphers on;
 	ssl_ciphers             ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA;
 	ssl_session_cache       shared:SSL:40m;
 	ssl_session_timeout     2h;
 	ssl_session_tickets     off;
 	#redirect letsencrypt to dehydrated
 	location ^~ /.well-known/acme-challenge {
 		default_type "text/plain";
 		auth_basic "off";
 		alias /var/www/dehydrated;
 	}
 	#REST api
 	if ($uri ~* ^.*/api/.*$) {
 		rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
 		break;
 	}
 	#message media
 	rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;
 	#algo
 	rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
 	#avaya
 	rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
 	rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;
 	#mitel
 	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
 	rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
 	#grandstream
 	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
 	rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
 	#grandstream-wave softphone by ext because Android doesn't pass MAC.
 	rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
 	#aastra
 	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
 	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
 	#yealink
 	#rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
 	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
 	#polycom
 	rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
 	#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
 	rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
 	#cisco
 	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
 	rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
 	#Escene
 	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
 	rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$"    "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
 	#Vtech
 	rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
 	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
 	#Digium
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
 	#Snom
 	rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
 	rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
    	rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
 	access_log /var/log/nginx/access.log;
 	error_log /var/log/nginx/error.log;
 	client_max_body_size 80M;
 	client_body_buffer_size 128k;
 	location / {
 		root /var/www/fusionpbx;
 		index index.php;
 	}
 	location ~ \.php$ {
 		fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_read_timeout 15m;
 		fastcgi_index index.php;
 		include fastcgi_params;
 		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
 	}
 	# Allow the upgrade routines to run longer than normal
 	location = /core/upgrade/index.php {
 		fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_read_timeout 15m;
 		fastcgi_index index.php;
 		include fastcgi_params;
 		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
 	}
 	# Disable viewing .htaccess & .htpassword & .db & .git
 	location ~ .htaccess {
 		deny all;
 	}
 	location ~ .htpassword {
 		deny all;
 	}
 	location ~^.+.(db)$ {
 		deny all;
 	}
 	location ~ /\.git {
 		deny all;
 	}
 	location ~ /\.lua {
 		deny all;
 	}
 	location ~ /\. {
 		deny all;
 	}
 }
--- a/debian/resources/php.sh
+++ b/debian/resources/php.sh
@ -6,30 +6,226 @@ cd "$(dirname "$0")"
 #includes
 . ./config.sh
 . ./colors.sh
 . ./environment.sh
 #send a message
 verbose "Configuring PHP"
 #add the repository
 if [ ."$os_name" = ."Ubuntu" ]; then
        #16.10.x - */yakkety/
        #16.04.x - */xenial/
        #14.04.x - */trusty/
        if [ ."$os_codename" = ."trusty" ]; then
                which add-apt-repository || apt-get install -y software-properties-common
                LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
        fi
 elif [ ."$cpu_architecture" = ."arm" ]; then
 	#Pi2 and Pi3 Raspbian, #Odroid
 	#if [ ."$os_codename" = ."stretch" ]; then
 	#      php_version=7.0
 	#fi
 	if [ ."$os_codename" = ."buster" ]; then
 	      php_version=7.3
 	fi
 	if [ ."$os_codename" = ."bullseye" ]; then
 	      php_version=7.4
 	fi
 	if [ ."$os_codename" = ."bookworm" ]; then
 	      php_version=8.2
 	fi
 else
 	#11.x - bullseye
 	#10.x - buster
 	#9.x  - stretch
 	#8.x  - jessie
 	apt-get -y install apt-transport-https lsb-release ca-certificates
 	#make sure keyrings directory exits
 	mkdir /etc/apt/keyrings
 	if [ ."$os_codename" = ."jessie" ]; then
 		wget -O - https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /etc/apt/keyrings/php.gpg
 		sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 	fi
 	if [ ."$os_codename" = ."stretch" ]; then
 		wget -O - https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /etc/apt/keyrings/php.gpg
 		sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 	fi
 	if [ ."$os_codename" = ."buster" ]; then
 		wget -O - https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /etc/apt/keyrings/php.gpg
 		sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 	fi
 	if [ ."$os_codename" = ."bullseye" ]; then
 		if [ ."$php_version" = ."8.1" ]; then
 			/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
 			/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
 			/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 		fi
 		if [ ."$php_version" = ."8.2" ]; then
 			/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
 			/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
 			/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 		fi
 		if [ ."$php_version" = ."8.3" ]; then
 			/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
 			/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
 			/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 		fi
 		if [ ."$php_version" = ."8.4" ]; then
 			/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
 			/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
 			/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 		fi
 	fi
 	if [ ."$os_codename" = ."bookworm" ]; then
 		if [ ."$php_version" = ."8.1" ]; then
 			/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
 			/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
   			/usr/bin/chmod 644 /etc/apt/keyrings/sury-php-8.x.gpg
 			/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 		fi
 		if [ ."$php_version" = ."8.2" ]; then
 			/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
 			/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
   			/usr/bin/chmod 644 /etc/apt/keyrings/sury-php-8.x.gpg
 			/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 		fi
 		if [ ."$php_version" = ."8.3" ]; then
 			/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
 			/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
   			/usr/bin/chmod 644 /etc/apt/keyrings/sury-php-8.x.gpg
 			/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 		fi
 		if [ ."$php_version" = ."8.4" ]; then
 			/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
 			/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
   			/usr/bin/chmod 644 /etc/apt/keyrings/sury-php-8.x.gpg
 			/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 		fi
 	fi
 fi
 apt-get update -y
 #install dependencies
 apt-get install -y nginx
 if [ ."$php_version" = ."" ]; then
 	apt-get install -y php php-cli php-fpm php-pgsql php-sqlite3 php-odbc php-curl php-imap php-xml php-gd php-inotify
 fi
 if [ ."$php_version" = ."5.6" ]; then
 	apt-get install -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-gd
 fi
 if [ ."$php_version" = ."7.0" ]; then
 	apt-get install -y --no-install-recommends php7.0 php7.0-common php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-xml php7.0-gd php7.0-mbstring php7.0-inotify
 fi
 if [ ."$php_version" = ."7.1" ]; then
 	apt-get install -y --no-install-recommends php7.1 php7.1-common php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd php7.1-mbstring php7.1-inotify
 fi
 if [ ."$php_version" = ."7.2" ]; then
 	apt-get install -y --no-install-recommends php7.2 php7.2-common php7.2-cli php7.2-fpm php7.2-pgsql php7.2-sqlite3 php7.2-odbc php7.2-curl php7.2-imap php7.2-xml php7.2-gd php7.2-mbstring php7.2-inotify
 fi
 if [ ."$php_version" = ."7.3" ]; then
 	apt-get install -y --no-install-recommends php7.3 php7.3-common php7.3-cli php7.3-fpm php7.3-pgsql php7.3-sqlite3 php7.3-odbc php7.3-curl php7.3-imap php7.3-xml php7.3-gd php7.3-mbstring php7.3-inotify
 fi
 if [ ."$php_version" = ."7.4" ]; then
 	apt-get install -y --no-install-recommends php7.4 php7.4-common php7.4-cli php7.4-dev php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd php7.4-mbstring php7.4-inotify
 fi
 if [ ."$php_version" = ."8.1" ]; then
 	apt-get install -y --no-install-recommends php8.1 php8.1-common php8.1-cli php8.1-dev php8.1-fpm php8.1-pgsql php8.1-sqlite3 php8.1-odbc php8.1-curl php8.1-imap php8.1-xml php8.1-gd php8.1-mbstring php8.1-ldap php8.1-inotify
 fi
 if [ ."$php_version" = ."8.2" ]; then
 	apt-get install -y --no-install-recommends php8.2 php8.2-common php8.2-cli php8.2-dev php8.2-fpm php8.2-pgsql php8.2-sqlite3 php8.2-odbc php8.2-curl php8.2-imap php8.2-xml php8.2-gd php8.2-mbstring php8.2-ldap php8.2-inotify
 fi
 if [ ."$php_version" = ."8.3" ]; then
 	apt-get install -y --no-install-recommends php8.3 php8.3-common php8.3-cli php8.3-dev php8.3-fpm php8.3-pgsql php8.3-sqlite3 php8.3-odbc php8.3-curl php8.3-imap php8.3-xml php8.3-gd php8.3-mbstring php8.3-ldap php8.3-inotify
 fi
 if [ ."$php_version" = ."8.4" ]; then
 	apt-get install -y --no-install-recommends php8.4 php8.4-common php8.4-cli php8.4-dev php8.4-fpm php8.4-pgsql php8.4-sqlite3 php8.4-odbc php8.4-curl php8.4-imap php8.4-xml php8.4-gd php8.4-mbstring php8.4-ldap php8.4-inotify
 fi
 #update config if source is being used
 if [ ."$php_version" = ."5" ]; then
        verbose "version 5.x"
        php_ini_file='/etc/php5/fpm/php.ini'
 fi
-if [ ."$php_version" = ."7" ]; then
+if [ ."$php_version" = ."7.0" ]; then
        verbose "version 7.0"
        php_ini_file='/etc/php/7.0/fpm/php.ini'
 fi
 if [ ."$php_version" = ."7.1" ]; then
        verbose "version 7.1"
        php_ini_file='/etc/php/7.1/fpm/php.ini'
 fi
 if [ ."$php_version" = ."7.2" ]; then
        verbose "version 7.2"
        php_ini_file='/etc/php/7.2/fpm/php.ini'
 fi
 if [ ."$php_version" = ."7.3" ]; then
        verbose "version 7.3"
        php_ini_file='/etc/php/7.3/fpm/php.ini'
 fi
 if [ ."$php_version" = ."7.4" ]; then
        verbose "version 7.4"
        php_ini_file='/etc/php/7.4/fpm/php.ini'
 fi
 if [ ."$php_version" = ."8.1" ]; then
        verbose "version 8.1"
        php_ini_file='/etc/php/8.1/fpm/php.ini'
 fi
 if [ ."$php_version" = ."8.2" ]; then
        verbose "version 8.2"
        php_ini_file='/etc/php/8.2/fpm/php.ini'
 fi
 if [ ."$php_version" = ."8.3" ]; then
        verbose "version 8.3"
        php_ini_file='/etc/php/8.3/fpm/php.ini'
 fi
 if [ ."$php_version" = ."8.4" ]; then
        verbose "version 8.4"
        php_ini_file='/etc/php/8.4/fpm/php.ini'
 fi
 sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file
 sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file
 sed 's#;max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
 sed 's#; max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
 #install ioncube
 if [ .$cpu_architecture = .'x86' ]; then
 	. ./ioncube.sh
 fi
 #restart php-fpm
-#systemd
+systemctl daemon-reload
-if [ ."$php_version" = ."5" ]; then
+if [ ."$php_version" = ."5.6" ]; then
        systemctl restart php5-fpm
 fi
-if [ ."$php_version" = ."7" ]; then
+if [ ."$php_version" = ."7.0" ]; then
        systemctl restart php7.0-fpm
 fi
 if [ ."$php_version" = ."7.1" ]; then
        systemctl restart php7.1-fpm
 fi
 if [ ."$php_version" = ."7.2" ]; then
        systemctl restart php7.2-fpm
 fi
 if [ ."$php_version" = ."7.3" ]; then
        systemctl restart php7.3-fpm
 fi
 if [ ."$php_version" = ."7.4" ]; then
        systemctl restart php7.4-fpm
 fi
 if [ ."$php_version" = ."8.1" ]; then
        systemctl restart php8.1-fpm
 fi
 if [ ."$php_version" = ."8.2" ]; then
        systemctl restart php8.2-fpm
 fi
 if [ ."$php_version" = ."8.3" ]; then
        systemctl restart php8.3-fpm
 fi
 if [ ."$php_version" = ."8.3" ]; then
        systemctl restart php8.3-fpm
 fi
 #init.d
 #/usr/sbin/service php5-fpm restart
--- a/debian/resources/postgresql.sh
+++ b/debian/resources/postgresql.sh
@ -19,58 +19,95 @@ echo "Install PostgreSQL and create the database and users\n"
 #included in the distribution
 if [ ."$database_repo" = ."system" ]; then
-	apt-get install -y --force-yes sudo postgresql
+	if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
 		apt-get install -y sudo postgresql
 	else
 		apt-get install -y sudo postgresql-client
 	fi
 fi
 #make sure keyrings directory exits
 mkdir /etc/apt/keyrings
 #postgres official repository
 if [ ."$database_repo" = ."official" ]; then
-	echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' > /etc/apt/sources.list.d/postgresql.list
+	apt install -y gpg
-	wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
+	sh -c 'echo "deb [signed-by=/etc/apt/keyrings/pgdg.gpg] http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
 	wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/keyrings/pgdg.gpg
 	chmod 644 /etc/apt/keyrings/pgdg.gpg
 	apt-get update && apt-get upgrade -y
-	if [ ."$database_version" = ."latest" ]; then
+	if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
-                apt-get install -y --force-yes sudo postgresql
+		if [ ."$database_version" = ."latest" ]; then
 			apt-get install -y sudo postgresql
                else
                        apt-get install -y sudo postgresql-$database_version
                fi
 	else
 		apt-get install -y sudo postgresql-client
 	fi
 	if [ ."$database_version" = ."9.6" ]; then
                apt-get install -y --force-yes sudo postgresql-$database_version
        fi
 fi
 #add PostgreSQL and 2ndquadrant repos
 if [ ."$database_repo" = ."2ndquadrant" ]; then
-	echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' > /etc/apt/sources.list.d/postgresql.list
+	if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
-	echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' > /etc/apt/sources.list.d/2ndquadrant.list
+		apt install -y curl
-	/usr/bin/wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add -
+		curl https://dl.2ndquadrant.com/default/release/get/deb | bash
-	/usr/bin/wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add -
+		if [ ."$os_codename" = ."buster" ]; then
-	apt-get update && apt-get upgrade -y
+			sed -i /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list -e 's#buster#stretch#g'
-	apt-get install -y --force-yes sudo postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4
+		fi
 		if [ ."$os_codename" = ."bullseye" ]; then
 			sed -i /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list -e 's#bullseye#stretch#g'
 		fi
 		apt update
 		apt-get install -y sudo postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4	
 	fi
 fi
 #install the database backup
 #cp backup/fusionpbx-backup /etc/cron.daily
 #cp backup/fusionpbx-maintenance /etc/cron.daily
 #chmod 755 /etc/cron.daily/fusionpbx-backup
 #chmod 755 /etc/cron.daily/fusionpbx-maintenance
 #sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-backup
 #sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-maintenance
 #initialize the database
 pg_createcluster $database_version main
 #replace scram-sha-256 with md5
 sed -i /etc/postgresql/$database_version/main/pg_hba.conf -e '/^#/!s/scram-sha-256/md5/g'
 #systemd
-systemctl daemon-reload
+if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
-systemctl restart postgresql
+	systemctl daemon-reload
 	systemctl restart postgresql
 fi
 #init.d
 #/usr/sbin/service postgresql restart
 #install the database backup
 cp backup/fusionpbx-backup.sh /etc/cron.daily
 chmod 755 /etc/cron.daily/fusionpbx-backup.sh
 sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-backup.sh
 #move to /tmp to prevent a red herring error when running sudo with psql
 cwd=$(pwd)
 cd /tmp
-#add the databases, users and grant permissions to them
+if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
-sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
+	#reload the config
-sudo -u postgres psql -c "CREATE DATABASE freeswitch;";
+  	sudo -u postgres psql -c "SELECT pg_reload_conf();"
-sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
+
-sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
+	#set client encoding
-sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
+	sudo -u postgres psql -c "SET client_encoding = 'UTF8';";
-sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
+
-sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
+	#add the database users and databases
-#ALTER USER fusionpbx WITH PASSWORD 'newpassword';
+	sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
 	#add the users and grant permissions
 	sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
 	sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
 	#update the fusionpbx user password
 	#ALTER USER fusionpbx WITH PASSWORD 'newpassword';
 fi
 cd $cwd
 #set the ip address
--- a/debian/resources/postgresql/create.sh
+++ b/debian/resources/postgresql/create.sh
@ -11,18 +11,17 @@ cwd=$(pwd)
 cd /tmp
 #set client encoding
-sudo -u postgres psql -c "SET client_encoding = 'UTF8';";
+sudo -u postgres psql -p $database_port -c "SET client_encoding = 'UTF8';";
 #add the database users and databases
-sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
+sudo -u postgres psql -p $database_port -c "CREATE DATABASE fusionpbx;";
 sudo -u postgres psql -c "CREATE DATABASE freeswitch;";
 #add the users and grant permissions
-sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';"
+sudo -u postgres psql -p $database_port -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';"
-sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$database_password';"
+sudo -u postgres psql -p $database_port -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
-sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
+
-sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
+#reload the config
-sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
+sudo -u postgres psql -p $database_port -c "SELECT pg_reload_conf();"
 #restart postgres
-service postgresql restart
+#systemctl restart postgresql
--- a/debian/resources/postgresql/dsn.sh
+++ b/debian/resources/postgresql/dsn.sh
@ -43,9 +43,9 @@ sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<!-- <param name="
 sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "update v_sip_profile_settings set sip_profile_setting_enabled = 'true' where sip_profile_setting_name = 'odbc-dsn';";
 #add the dsn variables
-sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_cat, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
+sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
-sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_cat, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'pgsql://hostaddr=$database_host port=$database_port dbname=freeswitch user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
+sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'pgsql://hostaddr=$database_host port=$database_port dbname=freeswitch user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
-sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_cat, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///var/lib/freeswitch/db/callcenter.db', 'DSN', 'true', '0', null, null);";
+sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///var/lib/freeswitch/db/callcenter.db', 'DSN', 'true', '0', null, null);";
 #add the 
 echo "<!-- DSN -->" >> /etc/freeswitch/vars.xml
--- a/debian/resources/postgresql/empty.sh
+++ b/debian/resources/postgresql/empty.sh
@ -20,7 +20,7 @@ now=$(date +%Y-%m-%d)
 mkdir -p /var/backups/fusionpbx/postgresql
 #backup the database
-pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
+pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_auto_$now.sql
 #empty the fusionpbx database
 sudo -u postgres psql -d fusionpbx -c "drop schema public cascade;";
--- a/debian/resources/postgresql/iptables.sh
+++ b/debian/resources/postgresql/iptables.sh
@ -0,0 +1,54 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ../config.sh
 #set the date
 now=$(date +%Y-%m-%d)
 #show this server's addresses
 server_address=$(hostname -I);
 echo "This Server Address: $server_address"
 #nodes addresses
 read -p "Enter all Node IP Addresses: " nodes
 #determine whether to add iptable rules
 read -p 'Add iptable rules (y/n): ' iptables_add
 #settings summary
 echo "-----------------------------";
 echo " Summary";
 echo "-----------------------------";
 echo "All Node IP Addresses: $nodes";
 echo "Add iptable rules: $iptables_add";
 echo "";
 #verify
 read -p 'Is the information correct (y/n): ' verified 
 if [ .$verified != ."y" ]; then
 	echo "Goodbye";
 	exit 0;
 fi
 #iptables rules
 if [ .$iptables_add = ."y" ]; then
 	for node in $nodes; do
 		/usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32
 		/usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 22000 -s ${node}/32
 	done
 	apt-get remove iptables-persistent -y
 	echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
 	echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
 	apt-get install -y iptables-persistent
 fi
 #set the working directory
 cwd=$(pwd)
 cd /tmp
 #message to user
 echo "Completed"
--- a/debian/resources/postgresql/node.sh
+++ b/debian/resources/postgresql/node.sh
@ -9,11 +9,6 @@ cd "$(dirname "$0")"
 #set the date
 now=$(date +%Y-%m-%d)
 #set the database password
 if [ .$database_password = .'random' ]; then
        database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
 fi
 #show this server's addresses
 server_address=$(hostname -I);
 echo "This Server Address: $server_address"
@ -21,61 +16,69 @@ echo "This Server Address: $server_address"
 #nodes addresses
 read -p "Enter all Node IP Addresses: " nodes
-#request the domain and email
+#replication method options: logical (default), or bdr
-read -p 'Create Group (true/false): ' group_create
+read -p "Enter the replication method. (logical,bdr): " replication_method
-if [ .$group_create = .true ]; then
+
-	read -p 'Enter this Nodes Address: ' node_1;
+#request group_create, node_1 and node_2
-else
+if [ .$replication_method = ."bdr" ]; then
-	read -p 'Join using node already in group: ' node_1;
+	read -p 'Create Group (y,n): ' group_create
-	read -p 'Enter this Nodes Address: ' node_2;
+	if [ .$group_create = ."y" ]; then
 		read -p 'Enter this Nodes Address: ' node_1;
 	else
 		read -p 'Join using node already in group: ' node_1;
 		read -p 'Enter this Nodes Address: ' node_2;
 	fi
 fi
-#determine which database to replicate
+if [ .$replication_method = ."bdr" ]; then
-read -p 'Replicate the FusionPBX Database (true/false): ' system_replicate
+	#determine which database to replicate
 	read -p 'Replicate the FusionPBX Database (y,n): ' system_replicate
 	#determine which database to replicate
 	read -p 'Replicate the FreeSWITCH Database (y,n): ' switch_replicate
 fi
-#determine which database to replicate
+#determine whether to add iptable rules
-read -p 'Replicate the FreeSWITCH Database (true/false): ' switch_replicate
+read -p 'Add iptable rules (y,n): ' iptables_add
 #settings summary
 echo "-----------------------------";
 echo " Summary";
 echo "-----------------------------";
 echo "Create Group: $group_create";
 echo "All Node IP Addresses: $nodes";
-if [ .$group_create = .true ]; then
+if [ .$replication_method = ."bdr" ]; then
-	echo "This Nodes Address: $node_1";
+	echo "Create Group: $group_create";
-else
+	if [ .$group_create = ."y" ]; then
-	echo "Join using node in group: $node_1";
+		echo "This Nodes Address: $node_1";
-	echo "This Node Address: $node_2";
+	else
 		echo "Join using node in group: $node_1";
 		echo "This Node Address: $node_2";
 	fi
 	echo "Replicate the FusionPBX Database: $system_replicate";
 	echo "Replicate the FreeSWITCH Database: $switch_replicate";
 fi
-echo "Replicate the FusionPBX Database: $system_replicate";
+echo "Add iptable rules: $iptables_add";
 echo "Replicate the FreeSWITCH Database: $switch_replicate";
 echo "";
 #verify
-read -p 'Is the information correct (y/n): ' verified 
+read -p 'Is the information correct (y,n): ' verified 
 if [ .$verified != ."y" ]; then
 	echo "Goodbye";
 	exit 0;
 fi
 #add the 2ndquadrant repo
 if [ ."$database_version" = ."9.6" ]; then
 	echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' > /etc/apt/sources.list.d/2ndquadrant.list
 	/usr/bin/wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add -
 	apt-get update && apt-get upgrade -y
 	apt-get install -y --force-yes sudo postgresql-9.6-bdr-plugin
 fi
 #iptables rules
-for node in $nodes; do
+if [ .$iptables_add = ."y" ]; then
-        iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32
+	for node in $nodes; do
-        iptables -A INPUT -j ACCEPT -p tcp --dport 22000 -s ${node}/32
+		/usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32
-done
+		/usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 22000 -s ${node}/32
-apt-get remove iptables-persistent -y --force-yes
+	done
-echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+	apt-get remove iptables-persistent -y
-echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+	echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
-apt-get install -y --force-yes iptables-persistent
+	echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
 	apt-get install -y iptables-persistent
 	systemctl restart fail2ban
 fi
 #setup ssl
 sed -i /etc/postgresql/$database_version/main/postgresql.conf -e s:'snakeoil.key:snakeoil-postgres.key:'
@ -86,15 +89,17 @@ chmod 600 /etc/ssl/private/ssl-cert-snakeoil-postgres.key
 #postgresql.conf - append settings
 cp /etc/postgresql/$database_version/main/postgresql.conf /etc/postgresql/$database_version/main/postgresql.conf-$now
 #cat ../postgresql/postgresql.conf > /etc/postgresql/$database_version/main/postgresql.conf
 echo "listen_addresses = '*'" >> /etc/postgresql/$database_version/main/postgresql.conf
 echo "#listen_addresses = '127.0.0.1,xxx.xxx.xxx.xxx'" >> /etc/postgresql/$database_version/main/postgresql.conf
-echo "shared_preload_libraries = 'bdr'" >> /etc/postgresql/$database_version/main/postgresql.conf
+echo "listen_addresses = '*'" >> /etc/postgresql/$database_version/main/postgresql.conf
 echo "wal_level = 'logical'" >> /etc/postgresql/$database_version/main/postgresql.conf
 echo "track_commit_timestamp = on" >> /etc/postgresql/$database_version/main/postgresql.conf
 echo "max_connections = 100" >> /etc/postgresql/$database_version/main/postgresql.conf
 echo "max_wal_senders = 10" >> /etc/postgresql/$database_version/main/postgresql.conf
 echo "max_replication_slots = 48" >> /etc/postgresql/$database_version/main/postgresql.conf
 echo "max_worker_processes = 48" >> /etc/postgresql/$database_version/main/postgresql.conf
 if [ .$replication_method = ."bdr" ]; then
 	echo "shared_preload_libraries = 'bdr'" >> /etc/postgresql/$database_version/main/postgresql.conf
 fi
 #pg_hba.conf - append settings
 cp /etc/postgresql/$database_version/main/pg_hba.conf /etc/postgresql/$database_version/main/pg_hba.conf-$now
@ -113,52 +118,69 @@ done
 #reload configuration
 systemctl daemon-reload
 #reload the config
 sudo -u postgres psql -p $database_port -c "SELECT pg_reload_conf();"
 #restart postgres
-service postgresql restart
+systemctl restart postgresql
 #set the working directory
 cwd=$(pwd)
 cd /tmp
-#add the postgres extensions
+#add the bdr repo
-sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION btree_gist;";
+if [ .$replication_method = ."bdr" ]; then
-sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION bdr;";
+	if [ .$database_version = ."9.6" ]; then
-sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION btree_gist;";
+		echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' > /etc/apt/sources.list.d/2ndquadrant.list
-sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION bdr;";
+		/usr/bin/wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add -
-
+		apt-get update && apt-get upgrade -y
-#add master nodes
+		apt-get install -y sudo postgresql-9.6-bdr-plugin
 if [ .$group_create = .true ]; then
 	#add first node
 	if [ .$system_replicate = .true ]; then
 		sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
 	fi
 	if [ .$switch_replicate = .true ]; then
 		sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
 	fi
 else
 	#add additional master nodes
 	if [ .$system_replicate = .true ]; then
 		sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
 	fi
 	if [ .$switch_replicate = .true ]; then
 		sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
 	fi
 fi
-#load the freeswitch database
+#add the postgres extensions
-#sudo -u postgres psql -d freeswitch -f /var/www/fusionpbx/resources/install/sql/switch.sql -L /tmp/switch-sql.log
+if [ .$replication_method = ."bdr" ]; then
 	sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION btree_gist;";
 	sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION bdr;";
 	sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION btree_gist;";
 	sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION bdr;";
 fi
-#sleeping
+#add master nodes
-if [ .$group_create = .false ]; then
+if [ .$replication_method = ."bdr" ]; then
-	echo "Sleeping for 15 seconds";
+	if [ .$group_create = ."y" ]; then
-	for i in `seq 1 15`; do
+		#add first node
-		echo $i
+		if [ .$system_replicate = ."y" ]; then
-		sleep 1
+			sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
-	done
+		fi
 		if [ .$switch_replicate = ."y" ]; then
 			sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
 		fi
 	else
 		#add additional master nodes
 		if [ .$system_replicate = ."y" ]; then
 			sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
 		fi
 		if [ .$switch_replicate = ."y" ]; then
 			sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
 		fi
 	fi
 	#load the freeswitch database
 	#sudo -u postgres psql -d freeswitch -f /var/www/fusionpbx/resources/install/sql/switch.sql -L /tmp/switch-sql.log
 	#sleeping
 	if [ .$group_create = ."n" ]; then
 		echo "Sleeping for 15 seconds";
 		for i in `seq 1 15`; do
 			echo $i
 			sleep 1
 		done
 	fi
 fi
 #add extension pgcrypto
-if [ .$group_create = .false ]; then
+if [ .$group_create = ."n" ]; then
 	sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION pgcrypto;";
 fi
--- a/debian/resources/postgresql/pg_hba.sh
+++ b/debian/resources/postgresql/pg_hba.sh
@ -0,0 +1,62 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ../config.sh
 #set the date
 now=$(date +%Y-%m-%d)
 #show this server's addresses
 server_address=$(hostname -I);
 echo "This Server Address: $server_address"
 #nodes addresses
 read -p "Enter all Node IP Addresses: " nodes
 #determine whether to add iptable rules
 read -p 'Add ip address to pg_hba (y/n): ' pg_hba_add
 #settings summary
 echo "-----------------------------";
 echo " Summary";
 echo "-----------------------------";
 echo "All Node IP Addresses: $nodes";
 echo "Add ip addresses to pg_hba: $pg_hba_add";
 echo "";
 #verify
 read -p 'Is the information correct (y/n): ' verified 
 if [ .$verified != ."y" ]; then
 	echo "Goodbye";
 	exit 0;
 fi
 #pg_hba.conf - append settings
 cp /etc/postgresql/$database_version/main/pg_hba.conf /etc/postgresql/$database_version/main/pg_hba.conf-$now
 cat ../postgresql/pg_hba.conf > /etc/postgresql/$database_version/main/pg_hba.conf
 #chmod 640 /etc/postgresql/$database_version/main/pg_hba.conf
 #chown -R postgres:postgres /etc/postgresql/$database_version/main
 echo "host    all             all            127.0.0.1/32              trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
 echo "hostssl all             all            127.0.0.1/32              trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
 echo "hostssl replication     postgres       127.0.0.1/32              trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
 for node in $nodes; do
        echo "host    all             all            ${node}/32              trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
        echo "hostssl all             all            ${node}/32              trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
        echo "hostssl replication     postgres       ${node}/32              trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
 done
 #reload configuration
 systemctl daemon-reload
 #restart postgres
 service postgresql restart
 #set the working directory
 cwd=$(pwd)
 cd /tmp
 #message to user
 echo "Completed"
--- a/debian/resources/reboot_phones.sh
+++ b/debian/resources/reboot_phones.sh
@ -21,11 +21,22 @@ ARR=()
 IFS=","
 INPUT=$FILE
-#Loop through the registrations and reboot
+#loop through the registrations and reboot
 [ ! -f $INPUT ] &while read reg_user realm extra
 do
-        if [ ."$realm" = ."$domain" ]; then
+	#option reboot all phones
 	if [ ."$domain" = ."all" ]; then
 		echo "$reg_user@$realm $vendor"
                eval 'fs_cli -x "luarun app.lua event_notify internal reboot $reg_user@$realm $vendor"'
                if [ "$pausetime" > 0 ]; then
                	sleep $pausetime
                fi
 	fi
 	#option reboot phones on a specific domain
        if [ ."$realm" = ."$domain" ]; then
 		echo "$reg_user@$realm $vendor"
                eval 'fs_cli -x "luarun app.lua event_notify internal reboot $reg_user@$realm $vendor"'
 		echo ""
 		if [ "$pausetime" > 0 ]; then
 			sleep $pausetime
        	fi
--- a/debian/resources/reset_admin_password.sh
+++ b/debian/resources/reset_admin_password.sh
@ -8,14 +8,14 @@ cd "$(dirname "$0")"
 . ./colors.sh
 #count the users
-admin_users=$(sudo -u postgres psql fusionpbx -Atc "select count(*) from v_users JOIN v_group_users USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
+admin_users=$(sudo -u postgres psql fusionpbx -Atc "select count(*) from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
 if [ .$admin_users = .'0' ]; then
 	error "i could not find the user '$system_username' in the database, check your resources/config.sh is correct"
 elif [ .$admin_users = .'' ]; then
 	error "something went wrong, see errors above";
 else
-	admin_uuids=$(sudo -u postgres psql fusionpbx -Atc "select v_users.user_uuid from v_users JOIN v_group_users USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
+	admin_uuids=$(sudo -u postgres psql fusionpbx -Atc "select v_users.user_uuid from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
 	for admin_uuid in $admin_uuids; do
 		user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
 		if [ .$system_password = .'random' ]; then
--- a/debian/resources/sngrep.sh
+++ b/debian/resources/sngrep.sh
@ -11,15 +11,17 @@ cd "$(dirname "$0")"
 #add sngrep
 if [ ."$cpu_architecture" = ."arm" ]; then
 	#source install
-	apt-get install -y --force-yes git autoconf automake gcc make libncurses5-dev libpcap-dev libssl-dev libpcre3-dev
+	apt-get install -y git autoconf automake gcc make libncurses5-dev libpcap-dev libssl-dev libpcre3-dev
 	cd /usr/src && git clone https://github.com/irontec/sngrep
 	cd /usr/src/sngrep && ./bootstrap.sh
 	cd /usr/src/sngrep && ./configure
 	cd /usr/src/sngrep && make install
 else
 	#package install
-	echo 'deb http://packages.irontec.com/debian jessie main' > /etc/apt/sources.list.d/sngrep.list
+	if [ ."$os_codename" = ."jessie" ]; then
-	wget http://packages.irontec.com/public.key -q -O - | apt-key add -
+		echo "deb http://packages.irontec.com/debian $os_codename main" > /etc/apt/sources.list.d/sngrep.list
-	apt-get update
+		wget http://packages.irontec.com/public.key -q -O - | apt-key add -
-	apt-get install -y --force-yes sngrep
+  		apt-get update
 	fi
 	apt-get install -y sngrep
 fi
--- a/debian/resources/switch.sh
+++ b/debian/resources/switch.sh
@ -5,6 +5,7 @@ cd "$(dirname "$0")"
 #includes
 . ./config.sh
 . ./environment.sh
 if [ .$switch_source = .true ]; then
 	if [ ."$switch_branch" = "master" ]; then
@ -13,14 +14,19 @@ if [ .$switch_source = .true ]; then
 		switch/source-release.sh
 	fi
 	#add sounds and music files
 	switch/source-sounds.sh
 	#copy the switch conf files to /etc/freeswitch
 	switch/conf-copy.sh
 	#set the file permissions
-	switch/source-permissions.sh
+	#switch/source-permissions.sh
 	switch/package-permissions.sh
 	#systemd service
-	switch/source-systemd.sh
+	#switch/source-systemd.sh
 	switch/package-systemd.sh
 fi
 if [ .$switch_package = .true ]; then
--- a/debian/resources/switch/conf-copy.sh
+++ b/debian/resources/switch/conf-copy.sh
@ -1,3 +1,3 @@
 mv /etc/freeswitch /etc/freeswitch.orig
 mkdir /etc/freeswitch
-cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch
+cp -R /var/www/fusionpbx/app/switch/resources/conf/* /etc/freeswitch
--- a/debian/resources/switch/dsn.sh
+++ b/debian/resources/switch/dsn.sh
@ -0,0 +1,63 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ../config.sh
 #set the date
 now=$(date +%Y-%m-%d)
 #get the database password
 if [ .$database_password = .'random' ]; then
       read -p "Enter the database password: " database_password
 fi
 #set PGPASSWORD
 #export PGPASSWORD=$database_password
 #enable auto create schemas
 sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<!-- <param name="auto-create-schemas" value="true"/> -->:<param name="auto-create-schemas" value="true"/>:'
 sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<param name="auto-create-schemas" value="false"/>:<param name="auto-create-schemas" value="true"/>:'
 #enable odbc-dsn in the xml
 sed -i /etc/freeswitch/autoload_configs/db.conf.xml -e s:'<!--<param name="odbc-dsn" value="$${dsn}"/>-->:<param name="odbc-dsn" value="$${dsn}"/>:'
 sed -i /etc/freeswitch/autoload_configs/fifo.conf.xml -e s:'<!--<param name="odbc-dsn" value="$${dsn}"/>-->:<param name="odbc-dsn" value="$${dsn}"/>:'
 sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<!-- <param name="core-db-dsn" value="$${dsn}" /> -->:<param name="core-db-dsn" value="$${dsn}" />:'
 #update the switch database directory
 sed -i /etc/fusionpbx/config.conf -e s:'/var/lib/freeswitch/db:/dev/shm:'
 #enable odbc-dsn in the sip profiles
 sudo -u postgres psql fusionpbx -c "update v_sip_profile_settings set sip_profile_setting_enabled = 'true' where sip_profile_setting_name = 'odbc-dsn';";
 #update the switch db directory in default settings
 sudo -u postgres psql fusionpbx -c "update v_default_settings set default_setting_value = '/dev/shm' where default_setting_category = 'switch' and default_setting_subcategory = 'db';";
 #add the dsn variables
 sudo -u postgres psql fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
 sudo -u postgres psql fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'sqlite:///dev/shm/core.db', 'DSN', 'true', '0', null, null);";
 sudo -u postgres psql fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///dev/shm/callcenter.db', 'DSN', 'true', '0', null, null);";
 #update the vars.xml file
 echo "<!-- DSN -->" >> /etc/freeswitch/vars.xml
 echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn_system=pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=\" />" >> /etc/freeswitch/vars.xml
 echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn=sqlite:///dev/shm/core.db\" />" >> /etc/freeswitch/vars.xml
 echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn_callcenter=sqlite:///dev/shm/callcenter.db\" />" >> /etc/freeswitch/vars.xml
 #remove the sqlite database files
 dbs="/var/lib/freeswitch/db/core.db /var/lib/freeswitch/db/fifo.db /var/lib/freeswitch/db/call_limit.db /var/lib/freeswitch/db/sofia_reg_*"
 for db in ${dbs};
 do
  if [ -f $db ]; then
    echo "Deleting $db";
    rm $db
  fi
 done
 #flush the cache
 rm -R /var/cache/fusionpbx/*
 #restart freeswitch
 /usr/sbin/service freeswitch restart
--- a/debian/resources/switch/package-all.sh
+++ b/debian/resources/switch/package-all.sh
@ -7,18 +7,21 @@ cd "$(dirname "$0")"
 . ../config.sh
 . ../colors.sh
 . ../environment.sh
 . ../arguments.sh
-apt-get update && apt-get install -y --force-yes ntp curl memcached haveged
+apt-get update && apt-get install -y ntp curl memcached haveged apt-transport-https
 apt-get update && apt-get install -y wget lsb-release gnupg2
-if [ ."$cpu_architecture" = ."arm" ]; then
+if [ ."$cpu_architecture" = ."x86" ]; then
-        echo "deb http://repo.sip247.com/debian/freeswitch-stable-armhf/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+	wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add -
-        curl http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add -
+	echo "deb http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
-else
+	echo "deb-src http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
        echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
        curl http://files.freeswitch.org/repo/deb/freeswitch-1.6/key.gpg | apt-key add -
 fi
-apt-get update && apt-get install -y --force-yes freeswitch-meta-all freeswitch-all-dbg gdb
+if [ ."$cpu_architecture" = ."arm" ]; then
 	wget -O - https://files.freeswitch.org/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add -
 	echo "deb http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
 	echo "deb-src http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
 fi
 apt-get update && apt-get install -y freeswitch-meta-all freeswitch-all-dbg gdb
 #make sure that postgresql is started before starting freeswitch
 sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:'
--- a/debian/resources/switch/package-master-all.sh
+++ b/debian/resources/switch/package-master-all.sh
@ -1,9 +1,9 @@
 #!/bin/sh
-apt-get update && apt-get install -y --force-yes ntp curl memcached haveged
+apt-get update && apt-get install -y ntp curl memcached haveged
 curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
 echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
 echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list
-apt-get update && apt-get install -y --force-yes freeswitch-meta-all freeswitch-all-dbg gdb
+apt-get update && apt-get install -y freeswitch-meta-all freeswitch-all-dbg gdb
 #make sure that postgresql is started before starting freeswitch
 sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:'
--- a/debian/resources/switch/package-master.sh
+++ b/debian/resources/switch/package-master.sh
@ -1,20 +1,23 @@
 #!/bin/sh
-apt-get update && apt-get install -y --force-yes curl memcached haveged
+apt-get update && apt-get install -y curl memcached haveged
 curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
 echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
 echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list
 apt-get update
-apt-get install -y --force-yes ntp gdb
+apt-get install -y gnupg gnupg2
-apt-get install -y --force-yes freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor
+apt-get install -y wget lsb-release
-apt-get install -y --force-yes freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
+apt-get install -y ntp gdb
-apt-get install -y --force-yes freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
+apt-get install -y freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor
-apt-get install -y --force-yes freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi
+apt-get install -y freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
-apt-get install -y --force-yes freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
+apt-get install -y freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
-apt-get install -y --force-yes freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
+apt-get install -y freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi
-apt-get install -y --force-yes freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
+apt-get install -y freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
-apt-get install -y --force-yes freeswitch-mod-skypopen freeswitch-mod-skypopen-dbg freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
+apt-get install -y freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
-apt-get install -y --force-yes freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite
+apt-get install -y freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
-apt-get install -y --force-yes freeswitch-music-default
+apt-get install -y freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
 apt-get install -y freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite
 apt-get install -y freeswitch-mod-pgsql
 apt-get install -y freeswitch-music-default
 #make sure that postgresql is started before starting freeswitch
 sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:'
@ -22,7 +25,7 @@ sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.tar
 #remove the music package to protect music on hold from package updates
 mkdir -p /usr/share/freeswitch/sounds/temp
 mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
-apt-get remove -y --force-yes freeswitch-music-default
+apt-get remove -y freeswitch-music-default
 mkdir -p /usr/share/freeswitch/sounds/music/default
 mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
 rm -R /usr/share/freeswitch/sounds/temp
--- a/debian/resources/switch/package-permissions.sh
+++ b/debian/resources/switch/package-permissions.sh
@ -1,6 +1,13 @@
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ../config.sh
 #default permissions
 chown -R www-data:www-data /etc/freeswitch
 chown -R www-data:www-data /var/lib/freeswitch
 chown -R www-data:www-data /usr/share/freeswitch
 chown -R www-data:www-data /var/log/freeswitch
 chown -R www-data:www-data /var/run/freeswitch
 chown -R www-data:www-data /var/cache/fusionpbx
--- a/debian/resources/switch/package-release.sh
+++ b/debian/resources/switch/package-release.sh
@ -8,27 +8,40 @@ cd "$(dirname "$0")"
 . ../colors.sh
 . ../environment.sh
-apt-get update && apt-get install -y --force-yes curl memcached haveged
+apt-get update && apt-get install -y curl memcached haveged apt-transport-https
-if [ ."$cpu_architecture" = ."arm" ]; then
+apt-get update && apt-get install -y gnupg gnupg2
-        echo "deb https://repo.fusionpbx.com/armhf jessie main" > /etc/apt/sources.list.d/freeswitch.list
+apt-get update && apt-get install -y wget lsb-release sox
-        curl https://repo.fusionpbx.com/public.key | apt-key add -
+
-else
+if [ ."$cpu_architecture" = ."x86" ]; then
-        echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+	wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/debian-release/signalwire-freeswitch-repo.gpg
-        curl http://files.freeswitch.org/repo/deb/freeswitch-1.6/key.gpg | apt-key add -
+	echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
 	echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
 	echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
 fi
 if [ ."$cpu_architecture" = ."arm" ]; then
 	wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub
 	echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
 	echo "deb [signed-by=/etc/apt/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
 	echo "deb-src [signed-by=/etc/apt/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
 fi
 apt-get update
-apt-get install -y --force-yes gdb ntp
+apt-get install -y gdb ntp
-apt-get install -y --force-yes freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-mod-console freeswitch-mod-logfile
+apt-get install -y freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-mod-console freeswitch-mod-logfile
-apt-get install -y --force-yes freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
+apt-get install -y freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
-apt-get install -y --force-yes freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
+apt-get install -y freeswitch-sounds-es-ar-mario freeswitch-mod-say-es freeswitch-mod-say-es-ar
-apt-get install -y --force-yes freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo freeswitch-mod-httapi
+apt-get install -y freeswitch-sounds-fr-ca-june freeswitch-mod-say-fr
-apt-get install -y --force-yes freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
+apt-get install -y freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
-apt-get install -y --force-yes freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
+apt-get install -y freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo freeswitch-mod-httapi
-apt-get install -y --force-yes freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
+apt-get install -y freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
-apt-get install -y --force-yes freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
+apt-get install -y freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
-apt-get install -y --force-yes freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory
+apt-get install -y freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
-apt-get install -y --force-yes freeswitch-mod-skypopen freeswitch-mod-skypopen-dbg freeswitch-mod-flite libyuv-dev freeswitch-mod-distributor freeswitch-meta-codecs
+apt-get install -y freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
-apt-get install -y --force-yes freeswitch-music-default
+apt-get install -y freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory
 apt-get install -y freeswitch-mod-av freeswitch-mod-flite freeswitch-mod-distributor freeswitch-meta-codecs
 apt-get install -y freeswitch-mod-pgsql
 apt-get install -y freeswitch-music-default
 apt-get install -y libyuv-dev
 #make sure that postgresql is started before starting freeswitch
 sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:'
@ -36,7 +49,8 @@ sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.tar
 #remove the music package to protect music on hold from package updates
 mkdir -p /usr/share/freeswitch/sounds/temp
 mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
-apt-get remove -y --force-yes freeswitch-music-default
+mv /usr/share/freeswitch/sounds/music/default/*000 /usr/share/freeswitch/sounds/temp
 apt-get remove -y freeswitch-music-default
 mkdir -p /usr/share/freeswitch/sounds/music/default
 mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
 rm -R /usr/share/freeswitch/sounds/temp
--- a/debian/resources/switch/package-systemd.sh
+++ b/debian/resources/switch/package-systemd.sh
@ -1,4 +1,4 @@
-apt-get remove -y --force-yes freeswitch-systemd
+apt-get remove -y freeswitch-systemd
 cp "$(dirname $0)/source/freeswitch.service.package" /lib/systemd/system/freeswitch.service
 cp "$(dirname $0)/source/etc.default.freeswitch.package" /etc/default/freeswitch
 chmod 644 /lib/systemd/system/freeswitch.service 
--- a/debian/resources/switch/repo.sh
+++ b/debian/resources/switch/repo.sh
@ -0,0 +1,25 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ../config.sh
 . ../colors.sh
 . ../environment.sh
 apt-get update && apt-get install -y curl memcached haveged apt-transport-https
 apt-get update && apt-get install -y gnupg gnupg2
 apt-get update && apt-get install -y wget lsb-release
 if [ ."$cpu_architecture" = ."x86" ]; then
 	wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/debian-release/signalwire-freeswitch-repo.gpg
 	echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
 	echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
 	echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
 fi
 if [ ."$cpu_architecture" = ."arm" ]; then
 	wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://files.freeswitch.org/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub
 	echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
 	echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
 fi
--- a/debian/resources/switch/source-master.sh
+++ b/debian/resources/switch/source-master.sh
@ -1,14 +1,14 @@
 #!/bin/sh
 echo "Installing the FreeSWITCH source"
-DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y --force-yes  ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev
+DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev
-apt-get install -y --force-yes unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev
+apt-get install -y unzip libpq-dev libvlc-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev
-apt-get update && apt-get install -y --force-yes ntp curl haveged
+apt-get update && apt-get install -y ntp curl haveged
 curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
 echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
 echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
 apt-get update && apt-get upgrade
-apt-get install -y --force-yes freeswitch-video-deps-most
+apt-get install -y freeswitch-video-deps-most
 git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch
 cd /usr/src/freeswitch
@ -19,12 +19,13 @@ sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applic
 sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
 sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
 sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
 sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_pgsql:formats/mod_pgsql:'
 ./bootstrap.sh -j
 #./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs
 ./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
 #make mod_shout-install
-make
+make -j $(getconf _NPROCESSORS_ONLN)
 rm -rf /usr/local/freeswitch/{lib,mod,bin}/*
 make install
 make sounds-install moh-install
--- a/debian/resources/switch/source-permissions.sh
+++ b/debian/resources/switch/source-permissions.sh
@ -1,5 +1,24 @@
 #old
 #setup owner and group, permissions and sticky
-chmod -R ug+rw /usr/local/freeswitch
+#chmod -R ug+rw /usr/local/freeswitch
-touch /usr/local/freeswitch/freeswitch.log
+#touch /usr/local/freeswitch/freeswitch.log
-chown -R www-data:www-data /usr/local/freeswitch
+#chown -R www-data:www-data /usr/local/freeswitch
-find /usr/local/freeswitch -type d -exec chmod 2770 {} \;
+#find /usr/local/freeswitch -type d -exec chmod 2770 {} \;
 #current (same paths as package)
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ../config.sh
 #default permissions
 chown -R www-data:www-data /etc/freeswitch
 chown -R www-data:www-data /var/lib/freeswitch
 chown -R www-data:www-data /usr/share/freeswitch
 chown -R www-data:www-data /var/log/freeswitch
 chown -R www-data:www-data /var/run/freeswitch
 chown -R www-data:www-data /var/cache/fusionpbx
--- a/debian/resources/switch/source-release.sh
+++ b/debian/resources/switch/source-release.sh
@ -1,51 +1,155 @@
 #!/bin/sh
-echo "Installing the FreeSWITCH source"
+#move to script directory so all relative paths work
-DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y --force-yes  ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev
+cd "$(dirname "$0")"
 apt-get install -y --force-yes ntp unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev
-apt-get update && apt-get install -y --force-yes curl haveged
+#includes
-curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
+. ../config.sh
-echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+. ../environment.sh
-apt-get update && apt-get upgrade
+
-apt-get install -y --force-yes freeswitch-video-deps-most
+#upgrade packages
 apt update && apt upgrade -y
 # install dependencies
 apt install -y autoconf automake devscripts g++ git-core libncurses5-dev libtool make libjpeg-dev
 apt install -y pkg-config flac  libgdbm-dev libdb-dev gettext sudo equivs mlocate git dpkg-dev libpq-dev
 apt install -y liblua5.2-dev libtiff5-dev libperl-dev libcurl4-openssl-dev libsqlite3-dev libpcre3-dev
 apt install -y devscripts libspeexdsp-dev libspeex-dev libldns-dev libedit-dev libopus-dev libmemcached-dev
 apt install -y libshout3-dev libmpg123-dev libmp3lame-dev yasm nasm libsndfile1-dev libuv1-dev libvpx-dev
 apt install -y libavformat-dev libswscale-dev libvlc-dev python3-distutils sox libsox-fmt-all
 #install dependencies that depend on the operating system version
 if [ ."$os_codename" = ."stretch" ]; then
 	apt install -y libvpx4 swig3.0
 fi
 if [ ."$os_codename" = ."buster" ]; then
 	apt install -y libvpx5 swig3.0
 fi
 if [ ."$os_codename" = ."bullseye" ]; then
 	apt install -y libvpx6 swig4.0
 fi
 # additional dependencies
 apt install -y sqlite3 unzip
 #we are about to move out of the executing directory so we need to preserve it to return after we are done
 CWD=$(pwd)
-SWITCH_VERSION=1.6.19
+
-echo "Using version $SWITCH_VERSION"
+#install the following dependencies if the switch version is greater than 1.10.0
 if [ $(echo "$switch_version" | tr -d '.') -gt 1100 ]; then
 	# libks build-requirements
 	apt install -y cmake uuid-dev
 	# libks
 	cd /usr/src
 	git clone https://github.com/signalwire/libks.git libks
 	cd libks
 	cmake .
 	make -j $(getconf _NPROCESSORS_ONLN)
 	make install
 	# libks C includes
 	export C_INCLUDE_PATH=/usr/include/libks
 	# sofia-sip
 	cd /usr/src
 	#git clone https://github.com/freeswitch/sofia-sip.git sofia-sip
 	wget https://github.com/freeswitch/sofia-sip/archive/refs/tags/v$sofia_version.zip
 	unzip v$sofia_version.zip
 	cd sofia-sip-$sofia_version
 	sh autogen.sh
 	./configure --enable-debug
 	make -j $(getconf _NPROCESSORS_ONLN)
 	make install
 	# spandsp
 	cd /usr/src
 	git clone https://github.com/freeswitch/spandsp.git spandsp
 	cd spandsp
 	git reset --hard 0d2e6ac65e0e8f53d652665a743015a88bf048d4
 	#/usr/bin/sed -i 's/AC_PREREQ(\[2\.71\])/AC_PREREQ([2.69])/g' /usr/src/spandsp/configure.ac
 	sh autogen.sh
 	./configure --enable-debug
 	make -j $(getconf _NPROCESSORS_ONLN)
 	make install
 	ldconfig
 fi
 cd /usr/src
 #git clone -b v1.6 https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch
 wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$SWITCH_VERSION.zip
 unzip freeswitch-$SWITCH_VERSION.zip
 rm -R freeswitch
 mv freeswitch-$SWITCH_VERSION freeswitch
 cd freeswitch
-#./bootstrap.sh -j
+#check for master
-sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:'
+if [ $switch_branch = "master" ]; then
-sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:'
+	#master branch
-sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:'
+	echo "Using version master"
-sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
+	rm -r /usr/src/freeswitch
-sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
+	git clone https://github.com/signalwire/freeswitch.git
-sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
+	cd /usr/src/freeswitch
-#./configure --help
+	./bootstrap.sh -j
-#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs
+fi
-./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
+
-#make mod_shout-install
+#check for stable release
-make
+if [ $switch_branch = "stable" ]; then
-rm -rf /usr/local/freeswitch/{lib,mod,bin}/*
+	echo "Using version $switch_version"
 	#1.8 and older
 	if [ $(echo "$switch_version" | tr -d '.') -lt 1100 ]; then
 		wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.zip
 		unzip freeswitch-$switch_version.zip
 		cd /usr/src/freeswitch-$switch_version
 	fi
 	#1.10.0 and newer
 	if [ $(echo "$switch_version" | tr -d '.') -gt 1100 ]; then
 		git clone -b $switch_version --single-branch https://github.com/fusionpbx/freeswitch freeswitch-$switch_version
  		git checkout $switch_version
 		#wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.-release.zip
 		#unzip freeswitch-$switch_version.-release.zip
 		#mv freeswitch-$switch_version.-release freeswitch-$switch_version
 		cd /usr/src/freeswitch-$switch_version
 		# bootstrap is needed if using git
 		./bootstrap.sh -j
 		#apply rtp timestamp patch - Fix RTP audio issues use the following for additional information. https://github.com/briteback/freeswitch/commit/9f8968ccabb8a4e0353016d4ea0ff99561b005f1
 		#patch -u /usr/src/freeswitch-$switch_version/src/switch_rtp.c -i /usr/src/fusionpbx-install.sh/debian/resources/switch/source/switch_rtp.diff
 		#apply pull request 2300 to Fix session deadlock that results in stale or stuck calls. https://github.com/signalwire/freeswitch/pull/2300
 		#patch -d /usr/src/freeswitch-$switch_version/src -i /usr/src/fusionpbx-install.sh/debian/resources/switch/source/pull_2300.diff
 		#apply mod_pgsql patch
 		#patch -u /usr/src/freeswitch-$switch_version/src/mod/databases/mod_pgsql/mod_pgsql.c -i /usr/src/fusionpbx-install.sh/debian/resources/switch/source/mod_pgsql.patch
 	fi
 fi
 # enable required modules
 #sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_av:formats/mod_av:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_nibblebill:applications/mod_nibblebill:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_translate:applications/mod_translate:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#formats/mod_pgsql:formats/mod_pgsql:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#say/mod_say_es:say/mod_say_es:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#say/mod_say_fr:say/mod_say_fr:'
 #disable module or install dependency libks to compile signalwire
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'applications/mod_signalwire:#applications/mod_signalwire:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'endpoints/mod_skinny:#endpoints/mod_skinny:'
 sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'endpoints/mod_verto:#endpoints/mod_verto:'
 # prepare the build
 #./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
 ./configure -C --enable-portable-binary --disable-dependency-tracking --enable-debug \
 --prefix=/usr --localstatedir=/var --sysconfdir=/etc \
 --with-openssl --enable-core-pgsql-support
 # compile and install
 make -j $(getconf _NPROCESSORS_ONLN)
 make install
 make sounds-install moh-install
 make hd-sounds-install hd-moh-install
 make cd-sounds-install cd-moh-install
 #move the music into music/default directory
 mkdir -p /usr/local/freeswitch/sounds/music/default
 mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default
 #return to the executing directory
 cd $CWD
 #symbolic link for fs_cli
 ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli
--- a/debian/resources/switch/source-sounds.sh
+++ b/debian/resources/switch/source-sounds.sh
@ -0,0 +1,20 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ../config.sh
 . ../environment.sh
 # change the working directory
 cd /usr/src/freeswitch-$switch_version
 # compile and install the sounds
 make sounds-install moh-install
 make hd-sounds-install hd-moh-install
 make cd-sounds-install cd-moh-install
 #move the music into music/default directory
 mkdir -p /usr/share/freeswitch/sounds/music/default
 mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/music/default
--- a/debian/resources/switch/source-systemd.sh
+++ b/debian/resources/switch/source-systemd.sh
@ -12,3 +12,4 @@ fi
 systemctl enable freeswitch
 systemctl unmask freeswitch.service
 systemctl daemon-reload
 systemctl start freeswitch
--- a/debian/resources/switch/source/etc.default.freeswitch.package
+++ b/debian/resources/switch/source/etc.default.freeswitch.package
@ -1,4 +1,2 @@
 # /etc/default/freeswitch
-FS_USER="www-data"
+DAEMON_OPTS="-nonat"
 FS_GROUP="www-data"
 DAEMON_OPTS="-nonat -ncwait -u www-data -g www-data -run /var/run/freeswitch"
--- a/debian/resources/switch/source/etc.default.freeswitch.source
+++ b/debian/resources/switch/source/etc.default.freeswitch.source
--- a/debian/resources/switch/source/freeswitch.service.package
+++ b/debian/resources/switch/source/freeswitch.service.package
@ -2,22 +2,27 @@
 [Unit]
 Description=freeswitch
-After=syslog.target network.target local-fs.target postgresql.service
+Wants=network-online.target
 Requires=network.target local-fs.target
 After=network.target network-online.target local-fs.target
 [Service]
 ; service
 Type=forking
 PIDFile=/run/freeswitch/freeswitch.pid
 Environment="DAEMON_OPTS=-nonat"
 Environment="USER=www-data"
 Environment="GROUP=www-data"
 EnvironmentFile=-/etc/default/freeswitch
-ExecStartPre=/bin/mkdir -p /var/run/freeswitch/
+ExecStartPre=/bin/mkdir -p /var/run/freeswitch
-ExecStartPre=/bin/chown -R www-data:www-data /var/run/freeswitch/
+ExecStartPre=/bin/chown -R ${USER}:${GROUP} /var/lib/freeswitch /var/log/freeswitch /etc/freeswitch /usr/share/freeswitch /var/run/freeswitch
-ExecStart=/usr/bin/freeswitch -u www-data -g www-data -ncwait $DAEMON_OPTS
+ExecStartPre=/bin/sleep 10
 ExecStart=/usr/bin/freeswitch -u ${USER} -g ${GROUP} -ncwait ${DAEMON_OPTS}
 TimeoutSec=45s
 Restart=always
 ; exec
-User=root
+;User=${USER}
-Group=daemon
+;Group=${GROUP}
 LimitCORE=infinity
 LimitNOFILE=100000
 LimitNPROC=60000
@ -29,6 +34,7 @@ IOSchedulingPriority=2
 CPUSchedulingPolicy=rr
 CPUSchedulingPriority=89
 UMask=0007
 NoNewPrivileges=false
 ; alternatives which you can enforce by placing a unit drop-in into
 ; /etc/systemd/system/freeswitch.service.d/*.conf:
--- a/debian/resources/switch/source/mod_pgsql.patch
+++ b/debian/resources/switch/source/mod_pgsql.patch
@ -0,0 +1,53 @@
 --- mod_pgsql.c	2021-10-24 14:22:28.000000000 -0400
 +++ mod_pgsql.c.new	2022-08-08 21:16:02.000000000 -0400
@@ -36,6 +36,7 @@
 #include <switch.h>
 #include <libpq-fe.h>
 +#include <pg_config.h>
 #ifndef _WIN32
 #include <poll.h>
@@ -597,7 +598,7 @@
 		goto done;
 	} else {
 		switch (result->status) {
 -#if POSTGRESQL_MAJOR_VERSION >= 9 && POSTGRESQL_MINOR_VERSION >= 2
 +#if PG_VERSION_NUM >= 90002
 		case PGRES_SINGLE_TUPLE:
 			/* Added in PostgreSQL 9.2 */
 #endif
@@ -756,24 +757,29 @@
 		*result_out = res;
 		res->status = PQresultStatus(res->result);
 		switch (res->status) {
 -//#if (POSTGRESQL_MAJOR_VERSION == 9 && POSTGRESQL_MINOR_VERSION >= 2) || POSTGRESQL_MAJOR_VERSION > 9
 +#if PG_VERSION_NUM >= 90002
 		case PGRES_SINGLE_TUPLE:
 			/* Added in PostgreSQL 9.2 */
 -//#endif
 +#endif
 		case PGRES_TUPLES_OK:
 		{
 			res->rows = PQntuples(res->result);
 			res->cols = PQnfields(res->result);
 		}
 		break;
 -//#if (POSTGRESQL_MAJOR_VERSION == 9 && POSTGRESQL_MINOR_VERSION >= 1) || POSTGRESQL_MAJOR_VERSION > 9
 +#if PG_VERSION_NUM >= 90001
 		case PGRES_COPY_BOTH:
 			/* Added in PostgreSQL 9.1 */
 -//#endif
 +#endif
 		case PGRES_COPY_OUT:
 		case PGRES_COPY_IN:
 		case PGRES_COMMAND_OK:
 			break;
 +#if PG_VERSION_NUM >= 140001
 +		case PGRES_PIPELINE_ABORTED:
 +		case PGRES_PIPELINE_SYNC:
 +			break;
 +#endif
 		case PGRES_EMPTY_QUERY:
 			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Query (%s) returned PGRES_EMPTY_QUERY\n", handle->sql);
 		case PGRES_BAD_RESPONSE:
--- a/debian/resources/switch/source/pull_2300.diff
+++ b/debian/resources/switch/source/pull_2300.diff
@ -0,0 +1,169 @@
 diff --git a/src/switch_core_io.c b/src/switch_core_io.c
 index 9931f0f3ef7..ee968b63dd9 100644
 --- a/src/switch_core_io.c
 +++ b/src/switch_core_io.c
@@ -146,13 +146,15 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_read_frame(switch_core_sessi
 	if (session->read_codec && !session->track_id && session->track_duration) {
 		if (session->read_frame_count == 0) {
 			switch_event_t *event;
 -			switch_core_session_message_t msg = { 0 };
 +			switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
 			session->read_frame_count = (session->read_impl.samples_per_second / session->read_impl.samples_per_packet) * session->track_duration;
 -			msg.message_id = SWITCH_MESSAGE_HEARTBEAT_EVENT;
 -			msg.numeric_arg = session->track_duration;
 -			switch_core_session_receive_message(session, &msg);
 +			msg->message_id = SWITCH_MESSAGE_HEARTBEAT_EVENT;
 +			msg->numeric_arg = session->track_duration;
 +			MESSAGE_STAMP_FFL(msg);
 +			switch_core_session_queue_message(session, msg);
 +
 			switch_event_create(&event, SWITCH_EVENT_SESSION_HEARTBEAT);
 			switch_channel_event_set_data(session->channel, event);
@@ -410,10 +412,10 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_read_frame(switch_core_sessi
 		switch_set_flag(session, SSF_READ_TRANSCODE);
 		if (!switch_test_flag(session, SSF_WARN_TRANSCODE)) {
 -			switch_core_session_message_t msg = { 0 };
 -
 -			msg.message_id = SWITCH_MESSAGE_INDICATE_TRANSCODING_NECESSARY;
 -			switch_core_session_receive_message(session, &msg);
 +			switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
 +			msg->message_id = SWITCH_MESSAGE_INDICATE_TRANSCODING_NECESSARY;
 +			MESSAGE_STAMP_FFL(msg);
 +			switch_core_session_queue_message(session, msg);
 			switch_set_flag(session, SSF_WARN_TRANSCODE);
 		}
@@ -562,10 +564,11 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_read_frame(switch_core_sessi
 						status = SWITCH_STATUS_FALSE;
 						goto done;
 					} else {
 -						switch_core_session_message_t msg = { 0 };
 -						msg.numeric_arg = 1;
 -						msg.message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
 -						switch_core_session_receive_message(session, &msg);
 +						switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
 +						msg->message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
 +						msg->numeric_arg = 1;
 +						MESSAGE_STAMP_FFL(msg);
 +						switch_core_session_queue_message(session, msg);
 						switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_NOTICE, "Activating read resampler\n");
 					}
@@ -597,10 +600,12 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_read_frame(switch_core_sessi
 					switch_mutex_unlock(session->resample_mutex);
 					{
 -						switch_core_session_message_t msg = { 0 };
 -						msg.numeric_arg = 0;
 -						msg.message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
 -						switch_core_session_receive_message(session, &msg);
 +						switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
 +						msg->message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
 +						msg->numeric_arg = 0;
 +						MESSAGE_STAMP_FFL(msg);
 +						switch_core_session_queue_message(session, msg);
 +
 					}
 				}
 diff --git a/src/switch_core_media.c b/src/switch_core_media.c
 index 4b6d8aff8b6..e09242ee0d5 100644
 --- a/src/switch_core_media.c
 +++ b/src/switch_core_media.c
@@ -15945,12 +15945,12 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_write_frame(switch_core_sess
 	}
 	if (!switch_test_flag(session, SSF_WARN_TRANSCODE)) {
 -		switch_core_session_message_t msg = { 0 };
 -
 -		msg.message_id = SWITCH_MESSAGE_INDICATE_TRANSCODING_NECESSARY;
 -		switch_core_session_receive_message(session, &msg);
 +		switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
 +		msg->message_id = SWITCH_MESSAGE_INDICATE_TRANSCODING_NECESSARY;
 +		MESSAGE_STAMP_FFL(msg);
 +		switch_core_session_queue_message(session, msg);
 		switch_set_flag(session, SSF_WARN_TRANSCODE);
 -	}
 +		}
 	if (frame->codec) {
 		session->raw_write_frame.datalen = session->raw_write_frame.buflen;
@@ -15993,10 +15993,12 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_write_frame(switch_core_sess
 				if (status != SWITCH_STATUS_SUCCESS) {
 					goto done;
 				} else {
 -					switch_core_session_message_t msg = { 0 };
 -					msg.numeric_arg = 1;
 -					msg.message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
 -					switch_core_session_receive_message(session, &msg);
 +					switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
 +					msg->message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
 +					msg->numeric_arg = 1;
 +					MESSAGE_STAMP_FFL(msg);
 +					switch_core_session_queue_message(session, msg);
 +
 					switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_NOTICE, "Activating write resampler\n");
 				}
@@ -16029,10 +16031,11 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_write_frame(switch_core_sess
 				switch_mutex_unlock(session->resample_mutex);
 				{
 -					switch_core_session_message_t msg = { 0 };
 -					msg.numeric_arg = 0;
 -					msg.message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
 -					switch_core_session_receive_message(session, &msg);
 +					switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
 +					msg->message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
 +					msg->numeric_arg = 0;
 +					MESSAGE_STAMP_FFL(msg);
 +					switch_core_session_queue_message(session, msg);
 				}
 			}
@@ -16329,11 +16332,11 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_write_frame(switch_core_sess
 						if (status != SWITCH_STATUS_SUCCESS) {
 							goto done;
 						} else {
 -							switch_core_session_message_t msg = { 0 };
 -							msg.numeric_arg = 1;
 -							msg.message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
 -							switch_core_session_receive_message(session, &msg);
 -
 +							switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
 +							msg->message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
 +							msg->numeric_arg = 1;
 +							MESSAGE_STAMP_FFL(msg);
 +							switch_core_session_queue_message(session, msg);
 							switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_NOTICE, "Activating write resampler\n");
 						}
@@ -16351,7 +16354,7 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_write_frame(switch_core_sess
 					break;
 				case SWITCH_STATUS_NOOP:
 					if (session->write_resampler) {
 -						switch_core_session_message_t msg = { 0 };
 +
 						int ok = 0;
 						switch_mutex_lock(session->resample_mutex);
@@ -16363,9 +16366,12 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_write_frame(switch_core_sess
 						switch_mutex_unlock(session->resample_mutex);
 						if (ok) {
 -							msg.numeric_arg = 0;
 -							msg.message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
 -							switch_core_session_receive_message(session, &msg);
 +							switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
 +							msg->message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
 +							msg->numeric_arg = 0;
 +							MESSAGE_STAMP_FFL(msg);
 +							switch_core_session_queue_message(session, msg);
 +
 						}
 					}
--- a/debian/resources/switch/source/switch_rtp.diff
+++ b/debian/resources/switch/source/switch_rtp.diff
@ -0,0 +1,12 @@
 diff --git a/src/switch_rtp.c b/src/switch_rtp.c
 index 1125e2f59bc..7ff161383aa 100644
 --- a/src/switch_rtp.c
 +++ b/src/switch_rtp.c
@@ -8904,6 +8904,7 @@ SWITCH_DECLARE(int) switch_rtp_write_frame(switch_rtp_t *rtp_session, switch_fra
 		data = frame->data;
 		len = frame->datalen;
 		ts = rtp_session->flags[SWITCH_RTP_FLAG_RAW_WRITE] ? (uint32_t) frame->timestamp : 0;
 +		if (!ts) ts = rtp_session->last_write_ts + rtp_session->samples_per_interval;
 	}
 	/*
--- a/debian/resources/upgrade/php.sh
+++ b/debian/resources/upgrade/php.sh
@ -0,0 +1,127 @@
 #!/bin/sh
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 #includes
 . ../config.sh
 #remove php5
 /usr/bin/apt remove -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-gd
 #remove php 7.0
 /usr/bin/apt remove -y php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-xml php7.0-gd
 #remove php 7.1
 /usr/bin/apt remove -y php7.1 php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd
 #remove php 7.2
 /usr/bin/apt remove -y php7.2 php7.2-cli php7.2-fpm php7.2-pgsql php7.2-sqlite3 php7.2-odbc php7.2-curl php7.2-imap php7.2-xml php7.2-gd
 #remove php 7.3
 /usr/bin/apt remove -y php7.3 php7.3-cli php7.3-fpm php7.3-pgsql php7.3-sqlite3 php7.3-odbc php7.3-curl php7.3-imap php7.3-xml php7.3-gd
 #remove php 7.4
 /usr/bin/apt remove -y php7.4 php7.4-cli php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd
 #remove php 8.1
 /usr/bin/apt remove -y php8.1 php8.1-cli php8.1-dev php8.1-fpm php8.1-pgsql php8.1-sqlite3 php8.1-odbc php8.1-curl php8.1-imap php8.1-xml php8.1-gd php8.1-mbstring php8.1-ldap
 #remove php 8.2
 /usr/bin/apt remove -y php8.2 php8.2-cli php8.2-dev php8.2-fpm php8.2-pgsql php8.2-sqlite3 php8.2-odbc php8.2-curl php8.2-imap php8.2-xml php8.2-gd php8.2-mbstring php8.2-ldap
 #remove php 8.3
 /usr/bin/apt remove -y php8.3 php8.3-cli php8.3-dev php8.3-fpm php8.3-pgsql php8.3-sqlite3 php8.3-odbc php8.3-curl php8.3-imap php8.3-xml php8.3-gd php8.3-mbstring php8.3-ldap
 #remove php 8.4
 /usr/bin/apt remove -y php8.4 php8.4-cli php8.4-dev php8.4-fpm php8.4-pgsql php8.4-sqlite3 php8.4-odbc php8.4-curl php8.4-imap php8.4-xml php8.4-gd php8.4-mbstring php8.4-ldap
 #install php update and set the unix socket
 if [ ."$php_version" = ."8.4" ]; then
 	#add a repo for php 8.x
 	/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
 	/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
 	/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 	/usr/bin/apt-get update
 	#install php 8.4
 	apt-get install -y php8.4 php8.4-cli php8.4-dev php8.4-fpm php8.4-pgsql php8.4-sqlite3 php8.4-odbc php8.4-curl php8.4-imap php8.4-xml php8.4-gd php8.4-mbstring php8.4-ldap
 	#update the unix socket name
 	/usr/bin/sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php8.2-fpm.sock;#g'
 	#set the PHP ini file path
 	php_ini_file='/etc/php/8.4/fpm/php.ini'
 fi
 if [ ."$php_version" = ."8.3" ]; then
 	#add a repo for php 8.x
 	/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
 	/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
 	/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 	/usr/bin/apt-get update
 	#install php 8.2
 	apt-get install -y php8.3 php8.3-cli php8.3-dev php8.3-fpm php8.3-pgsql php8.3-sqlite3 php8.3-odbc php8.3-curl php8.3-imap php8.3-xml php8.3-gd php8.3-mbstring php8.3-ldap
 	#update the unix socket name
 	/usr/bin/sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php8.2-fpm.sock;#g'
 	#set the PHP ini file path
 	php_ini_file='/etc/php/8.3/fpm/php.ini'
 fi
 if [ ."$php_version" = ."8.2" ]; then
 	#add a repo for php 8.x
 	/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
 	/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
 	/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 	/usr/bin/apt-get update
 	#install php 8.2
 	apt-get install -y php8.2 php8.2-cli php8.2-dev php8.2-fpm php8.2-pgsql php8.2-sqlite3 php8.2-odbc php8.2-curl php8.2-imap php8.2-xml php8.2-gd php8.2-mbstring php8.2-ldap
 	#update the unix socket name
 	/usr/bin/sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php8.2-fpm.sock;#g'
 	#set the PHP ini file path
 	php_ini_file='/etc/php/8.2/fpm/php.ini'
 fi
 if [ ."$php_version" = ."8.1" ]; then
 	#add a repo for php 7.x
 	/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
 	/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
 	/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 	/usr/bin/apt-get update
 	#install php 8.1
 	/usr/bin/apt-get install -y php8.1 php8.1-cli php8.1-dev php8.1-fpm php8.1-pgsql php8.1-sqlite3 php8.1-odbc php8.1-curl php8.1-imap php8.1-xml php8.1-gd php8.1-mbstring php8.1-ldap
  	#update the unix socket name
 	/usr/bin/sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php8.1-fpm.sock;#g'
 	#set the PHP ini file path
 	php_ini_file='/etc/php/8.1/fpm/php.ini'
 fi
 if [ ."$php_version" = ."7.4" ]; then
 	#remove the sury PHP repo
 	/usr/bin/rm -f -- /etc/apt/sources.list.d/php.list
 	/usr/bin/apt update
 	#install php 7.4
 	/usr/bin/apt-get install -y php7.4 php7.4-cli php7.4-dev php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd php7.4-mbstring php7.4-ldap
  	#update the unix socket name
 	/usr/bin/sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.4-fpm.sock;#g'
 	#set the PHP ini file path
 	php_ini_file='/etc/php/7.4/fpm/php.ini'
 fi
 #update config if source is being used
 /usr/bin/sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file
 /usr/bin/sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file
 /usr/bin/sed 's#;max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
 /usr/bin/sed 's#; max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
 #restart nginx
 /usr/sbin/service nginx restart
--- a/devuan/install.sh
+++ b/devuan/install.sh
@ -15,19 +15,35 @@ verbose "Update installed packages"
 apt-get -q update && apt-get -q --assume-yes upgrade
 #Add dependencies
-apt-get install -q -y lsb-release sudo
+apt-get install -y wget
 apt-get install -y lsb-release
 apt-get install -y ca-certificates
 apt-get install -y dialog
 apt-get install -y nano
 apt-get install -y net-tools
 #SNMP
 apt-get install -y snmpd
 echo "rocommunity public" > /etc/snmp/snmpd.conf
 service snmpd restart
 #IPTables
 resources/iptables.sh
 #Optional CLI SIP monitoring tool
 resources/sngrep.sh
 #FusionPBX
 resources/fusionpbx.sh
 #PHP
 resources/php.sh
 #NGINX web server
 resources/nginx.sh
-#PHP
+#Postgres
-resources/php.sh
+resources/postgresql.sh
 #FreeSWITCH
 resources/switch.sh
@ -35,22 +51,8 @@ resources/switch.sh
 #Fail2ban
 resources/fail2ban.sh
-#Optional CLI SIP monitoring tool
+#set the ip address
-resources/sngrep.sh
+server_address=$(hostname -I)
 #Postgres
 resources/postgresql.sh
 #restart services
 if [ ."$php_version" = ."5" ]; then
        service php5-fpm restart
 fi
 if [ ."$php_version" = ."7" ]; then
        service php7.0-fpm restart
 fi
 service nginx restart
 service fail2ban restart
 #add the database schema, user and groups
 resources/finish.sh
--- a/devuan/resources/backup/fusionpbx-backup.sh
+++ b/devuan/resources/backup/fusionpbx-backup.sh
@ -19,9 +19,9 @@ find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm {} \;
 pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
 #package
-tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch
+#tar --exclude='/var/lib/freeswitch/recordings/*/archive' -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch /usr/share/freeswitch/sounds/music/
 #source
-#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf
+#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf /usr/local/freeswitch/sounds/music/
 echo "Backup Completed"
--- a/devuan/resources/backup/fusionpbx-maintenance
+++ b/devuan/resources/backup/fusionpbx-maintenance
@ -0,0 +1,119 @@
 #!/bin/sh
 #settings
 export PGPASSWORD="zzz"
 db_host=127.0.0.1
 db_port=5432
 switch_package=true # true or false
 purge_voicemail=false
 purge_call_recordings=false
 purge_cdrs=false
 purge_fax=false
 purge_switch_logs=true
 purge_php_sessions=true
 purge_database_transactions=true
 days_keep_voicemail=90
 days_keep_call_recordings=90
 days_keep_cdrs=90
 days_keep_fax=90
 days_keep_switch_logs=7
 days_keep_php_sessions=8
 days_keep_database_transactions=30
 #set the date
 now=$(date +%Y-%m-%d)
 #make sure the directory exists
 if [ -e /var/backups/fusionpbx/postgresql ]; then
 	echo "postgres backup directory exists"
 else
 	mkdir -p /var/backups/fusionpbx/postgresql
 fi
 #show message to the console
 echo "Maintenance Started"
 if [ .$purge_switch_logs = .true ]; then
 	#delete freeswitch logs older 7 days
 	if [ .$switch_package = .true ]; then
 		find /var/log/freeswitch/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
 	else
 		find /usr/local/freeswitch/log/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
 	fi
 else
 	echo "not purging Freeswitch logs"
 fi
 if [ .$purge_fax = .true ]; then
 	#delete fax older than 90 days
 	if [ .$switch_package = .true ]; then
 		echo ".";
 		find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
 		find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
 	else
 		echo ".";
 		find /usr/local/freeswitch/storage/fax/*  -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
 		find /usr/local/freeswitch/storage/fax/*  -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
 	fi
 	#delete from the database
 	psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
 	psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_logs WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
 else
 	echo "not purging Faxes"
 fi
 if [ .$purge_call_recordings = .true ]; then
 	#delete call recordings older than 90 days
 	if [ .$switch_package = .true ]; then
 		find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
 		find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
 	else
 		find /usr/local/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
 		find /usr/local/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
 	fi
 	psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_call_recordings WHERE call_recording_date < NOW() - INTERVAL '90 days'"
 else
 	echo "not purging Recordings."
 fi
 if [ .$purge_voicemail = .true ]; then
 	#delete voicemail older than 90 days
 	if [ .$switch_package = .true ]; then
 		echo ".";
 		find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
 		find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
 	else
 		echo ".";
 		find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
 		find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
 	fi
 	psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '$days_keep_voicemail days'"
 else
 	echo "not purging voicemails."
 fi
 if [ .$purge_cdrs = .true ]; then
 	#delete call detail records older 90 days
 	psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '$days_keep_cdrs days'"
 else
        echo "not purging CDRs."
 fi
 #delete php sessions
 if [ .$purge_php_sessions = .true ]; then
 	find /var/lib/php/sessions/*  -name 'sess_*' -mtime +$days_keep_php_sessions -exec rm {} \;
 else
        echo "not purging PHP Sessions."
 fi
 #delete database_transactions older 90 days
 if [ .$purge_database_transactions = .true ]; then
 	psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_database_transactions where transaction_date < NOW() - INTERVAL '$days_keep_database_transactions days'"
 else
        echo "not purging database_transactions."
 fi
 #completed message
 echo "Maintenance Completed";
--- a/devuan/resources/backup/fusionpbx-maintenance.sh
+++ b/devuan/resources/backup/fusionpbx-maintenance.sh
@ -1,53 +0,0 @@
 #!/bin/sh
 #settings
 #export PGPASSWORD="zzzzz"
 db_host=127.0.0.1
 db_port=5432
 switch_package=true # true or false
 #set the date
 now=$(date +%Y-%m-%d)
 #make sure the directory exists
 mkdir -p /var/backups/fusionpbx/postgresql
 #show message to the console
 echo "Maintenance Started"
 #delete freeswitch logs older 7 days
 if [ .$switch_package = .true ]; then
 	find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;
 else
 	find /usr/local/freeswitch/log/freeswitch.log.* -mtime +7 -exec rm {} \;
 fi
 #delete fax older than 90 days
 if [ .$switch_package = .true ]; then
 	echo ".";
 	#find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \;
 	#find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \;
 else
 	echo ".";
 	#find /usr/local/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \;
 	#find /usr/local/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \;
 fi
 #delete from the database
 #psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '90 days'"
 #delete voicemail older than 90 days
 if [ .$switch_package = .true ]; then
 	echo ".";
 	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
 	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
 else
 	echo ".";
 	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
 	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
 fi
 #psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"
 #delete call detail records older 90 days
 #psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"
 #completed message
 echo "Maintenance Completed";
--- a/devuan/resources/config.sh
+++ b/devuan/resources/config.sh
@ -1,18 +1,26 @@
 # FusionPBX Settings
-system_username=admin           # default username admin
+domain_name=ip_address                      # hostname, ip_address or a custom value
-system_password=random          # random or as a pre-set value
+system_username=admin                       # default username admin
-system_branch=stable            # master, stable
+system_password=random                      # random or a custom value
 system_branch=master                        # master, stable
 # FreeSWITCH Settings
-switch_branch=stable            # master, stable
+switch_branch=stable                        # master, stable
-switch_source=false             # true or false
+switch_source=false                         # true (source compile) or false (binary package)
-switch_package=true             # true or false
+switch_package=true                         # true (binary package) or false (source compile)
-
+switch_version=1.10.7                       # which source code to download, only for source
 switch_tls=true                             # true or false
 switch_token=                               # Get the auth token from https://signalwire.com
                                            # Signup or Login -> Profile -> Personal Auth Token
 # Database Settings
-database_password=random        # random or as a pre-set value
+database_password=random                    # random or a custom value (safe characters A-Z, a-z, 0-9)
-database_repo=system            # PostgresSQL official, system, 2ndquadrant
+database_repo=system                        # PostgreSQL official, system, 2ndquadrant
-database_backup=false           # true or false
+database_version=latest                     # requires repo official
 database_host=127.0.0.1                     # hostname or IP address
 database_port=5432                          # port number
 database_backup=false                       # true or false
 # General Settings
-php_version=7                   # PHP version 5 or 7
+php_version=7.4                             # PHP version 7.3, 7.4
 letsencrypt_folder=false                    # true or false
--- a/devuan/resources/environment.sh
+++ b/devuan/resources/environment.sh
@ -10,8 +10,25 @@ cpu_name=$(uname -m)
 cpu_architecture='unknown'
 cpu_mode='unknown'
 #set the environment path
 export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 #debian release name
 if [ .$os_codename = .'chimaera' ]; then
    os_codename_debian='bullseye'
 elif [ .$os_codename = .'beowulf' ]; then
    os_codename_debian='buster'
 else
    warning "couldn't set a matching debian codename, are you using an old devuan release?"
 fi
 #check what the CPU and OS are
-if [ .$cpu_name = .'armv7l' ]; then
+if [ .$cpu_name = .'armv6l' ]; then
 	# RaspberryPi Zero
 	os_mode='32'
 	cpu_mode='32'
 	cpu_architecture='arm'
 elif [ .$cpu_name = .'armv7l' ]; then
 	# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
 	os_mode='32'
 	cpu_mode='32'
@ -21,6 +38,10 @@ elif [ .$cpu_name = .'armv8l' ]; then
 	os_mode='unknown'
 	cpu_mode='64'
 	cpu_architecture='arm'
 elif [ .$cpu_name = .'aarch64' ]; then
 	os_mode='64'
 	cpu_mode='64'
 	cpu_architecture='arm'
 elif [ .$cpu_name = .'i386' ]; then
 	os_mode='32'
 	if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
--- a/devuan/resources/fail2ban.sh
+++ b/devuan/resources/fail2ban.sh
@ -15,20 +15,23 @@ verbose "Installing Fail2ban"
 apt-get -q -y install fail2ban
 #move the filters
 cp fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf
 cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
 cp fail2ban/freeswitch-404.conf /etc/fail2ban/filter.d/freeswitch-404.conf
 cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
 cp fail2ban/freeswitch-acl.conf /etc/fail2ban/filter.d/freeswitch-acl.conf
 cp fail2ban/sip-auth-failure.conf /etc/fail2ban/filter.d/sip-auth-failure.conf
 cp fail2ban/sip-auth-challenge.conf /etc/fail2ban/filter.d/sip-auth-challenge.conf
 cp fail2ban/auth-challenge-ip.conf /etc/fail2ban/filter.d/auth-challenge-ip.conf
 cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
 cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
 cp fail2ban/fusionpbx-mac.conf /etc/fail2ban/filter.d/fusionpbx-mac.conf
 cp fail2ban/fusionpbx-404.conf /etc/fail2ban/filter.d/fusionpbx-404.conf
 cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
 cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
 cp fail2ban/jail.local /etc/fail2ban/jail.local
 #update config if source is being used
-if [ .$switch_source = .true ]; then
+#if [ .$switch_source = .true ]; then
-	sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
+#	sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
-fi
+#fi
 #restart fail2ban
 /usr/sbin/service fail2ban restart
 # missing log file will show error
--- a/devuan/resources/fail2ban/auth-challenge-ip.conf
+++ b/devuan/resources/fail2ban/auth-challenge-ip.conf
@ -0,0 +1,21 @@
 # Fail2Ban configuration file
 #
 [Definition]
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 #[WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [+972592277524@xxx.xxx.xxx.xxx] from ip 209.160.120.12 
 failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((INVITE|REGISTER)\) on sofia profile \'.*\' for \[.*@\d+.\d+.\d+.\d+\] from ip <HOST>
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex =
--- a/devuan/resources/fail2ban/freeswitch-acl.conf
+++ b/devuan/resources/fail2ban/freeswitch-acl.conf
@ -0,0 +1,20 @@
 # Fail2Ban configuration file
 #
 [Definition]
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 #2021-02-03 16:27:57.292697 [WARNING] sofia_reg.c:2353 IP 62.210.78.91 Rejected by register acl "domains"
 failregex = \[WARNING\] sofia_reg.c:\d+ IP <HOST> Rejected by register acl
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex =
--- a/devuan/resources/fail2ban/freeswitch.conf
+++ b/devuan/resources/fail2ban/freeswitch.conf
@ -7,8 +7,8 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
-failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
-            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/devuan/resources/fail2ban/freeswitch-404.conf
+++ b/devuan/resources/fail2ban/freeswitch-404.conf
--- a/devuan/resources/fail2ban/fusionpbx-mac.conf
+++ b/devuan/resources/fail2ban/fusionpbx-mac.conf
@ -0,0 +1,20 @@
 # Fail2Ban configuration file
 #
 [Definition]
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 #Oct  9 02:56:16 m1 fusionpbx-provision[28628]: [10.0.0.1] invalid mac address 000000000000
 failregex = \[<HOST>\] invalid mac address 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex =
--- a/devuan/resources/fail2ban/jail.local
+++ b/devuan/resources/fail2ban/jail.local
@ -1,80 +1,97 @@
-[freeswitch-udp]
+[ssh]
 enabled  = true
-port     = 5060,5061,5080,5081
+port     = 22
 protocol = ssh
 filter   = sshd
 logpath  = /var/log/auth.log
 action   = iptables-allports[name=sshd, protocol=all]
 maxretry = 6
 findtime = 60
 bantime  = 86400
 [freeswitch]
 enabled  = true
 port     = 5060:5091
 protocol = all
 filter   = freeswitch
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
-maxretry = 5
+action   = iptables-allports[name=freeswitch, protocol=all]
-findtime = 600
+maxretry = 10
-bantime  = 600
+findtime = 60
 bantime  = 3600
 #          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
-[freeswitch-tcp]
+[freeswitch-acl]
 enabled  = true
-port     = 5060,5061,5080,5081
+port     = 5060:5091
 protocol = all
-filter   = freeswitch
+filter   = freeswitch-acl
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
-maxretry = 5
+action   = iptables-allports[name=freeswitch-acl, protocol=all]
-findtime = 600
+maxretry = 900
-bantime  = 600
+findtime = 60
-#          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
+bantime  = 86400
-[freeswitch-ip-tcp]
+[freeswitch-ip]
 enabled  = false
-port     = 5060,5061,5080,5081
+port     = 5060:5091
 protocol = all
 filter   = freeswitch-ip
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
 action   = iptables-allports[name=freeswitch-ip, protocol=all]
 maxretry = 1
-findtime = 30
+findtime = 60
 bantime  = 86400
-[freeswitch-ip-udp]
+[auth-challenge-ip]
 enabled  = false
-port     = 5060,5061,5080,5081
+port     = 5060:5091
 protocol = all
-filter   = freeswitch-ip
+filter   = auth-challenge-ip
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
 action   = iptables-allports[name=auth-challenge-ip, protocol=all]
 maxretry = 1
-findtime = 30
+findtime = 60
 bantime  = 86400
-[freeswitch-dos-udp]
+[sip-auth-challenge]
-enabled  = true
+enabled  = false
-port     = 5060,5061,5080,5081
+port     = 5060:5091
 protocol = all
-filter   = freeswitch-dos
+filter   = sip-auth-challenge
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-dos-udp, port="5060,5061,5080,5081", protocol=udp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
-maxretry = 50
+action   = iptables-allports[name=sip-auth-challenge, protocol=all]
-findtime = 30
+maxretry = 100
-bantime  = 6000
+findtime = 60
 bantime  = 7200
-[freeswitch-dos-tcp]
+[sip-auth-failure]
 enabled  = true
-port     = 5060,5061,5080,5081
+port     = 5060:5091
 protocol = all
-filter   = freeswitch-dos
+filter   = sip-auth-failure
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-dos-tcp, port="5060,5061,5080,5081", protocol=tcp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
-maxretry = 50
+action   = iptables-allports[name=sip-auth-failure, protocol=all]
-findtime = 30
+maxretry = 6
-bantime  = 6000
+findtime = 60
 bantime  = 7200
-[freeswitch-404]
+[fusionpbx-404]
-enabled  = true
+enabled  = false
-port     = 5060,5061,5080,5081
+port     = 5060:5091
 protocol = all
-filter   = freeswitch-404
+filter   = fusionpbx-404
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-allports[name=freeswitch-404, protocol=all]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
-maxretry = 3
+action   = iptables-allports[name=fusionpbx-404, protocol=all]
-findtime = 300
+maxretry = 6
 findtime = 60
 bantime  = 86400
 [fusionpbx]
@ -83,11 +100,23 @@ port     = 80,443
 protocol = tcp
 filter   = fusionpbx
 logpath  = /var/log/auth.log
-action   = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp]
+action   = iptables-allports[name=fusionpbx, protocol=all]
 #          sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
 maxretry = 20
 findtime = 60
 bantime  = 3600
 [fusionpbx-mac]
 enabled  = true
 port     = 80,443
 protocol = tcp
 filter   = fusionpbx-mac
 logpath  = /var/log/syslog
 action   = iptables-allports[name=fusionpbx-mac, protocol=all]
 #          sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed
 maxretry = 10
-findtime = 600
+findtime = 60
-bantime  = 600
+bantime  = 86400
 [nginx-404]
 enabled  = true
@ -95,19 +124,20 @@ port     = 80,443
 protocol = tcp
 filter   = nginx-404
 logpath  = /var/log/nginx/access*.log
-bantime  = 600
+action   = iptables-allports[name=nginx-404, protocol=all]
 bantime  = 3600
 findtime = 60
-maxretry = 120
+maxretry = 300
 [nginx-dos]
 # Based on apache-badbots but a simple IP check (any IP requesting more than
-# 240 pages in 60 seconds, or 4p/s average, is suspicious)
+# 300 pages in 60 seconds, or 5p/s average, is suspicious)
 # Block for two full days.
 enabled  = true
 port     = 80,443
 protocol = tcp
 filter   = nginx-dos
 logpath  = /var/log/nginx/access*.log
 action   = iptables-allports[name=nginx-dos, protocol=all]
 findtime = 60
-bantime  = 172800
+bantime  = 86400
-maxretry = 240
+maxretry = 800
--- a/devuan/resources/fail2ban/sip-auth-challenge.conf
+++ b/devuan/resources/fail2ban/sip-auth-challenge.conf
@ -0,0 +1,21 @@
 # Fail2Ban configuration file
 #
 # Author: soapee01
 #
 [Definition]
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex =
--- a/devuan/resources/fail2ban/sip-auth-failure.conf
+++ b/devuan/resources/fail2ban/sip-auth-failure.conf
@ -0,0 +1,21 @@
 # Fail2Ban configuration file
 #
 # Author: soapee01
 #
 [Definition]
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex =
--- a/Show More
+++ b/Show More