dbxe
/
fusionpbx-install.sh
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: dbxe:master
Branches Tags
dbxe:master
dbxe:2.0
..
compare: dbxe:2.0
Branches Tags
dbxe:master
dbxe:2.0

No commits in common. "master" and "2.0" have entirely different histories.
master ... 2.0

241 changed files with 1968 additions and 9682 deletions
Show Stats Expand all files Collapse all files

42
README.md Normal file → Executable file
View File

@ -1,31 +1,23 @@
FusionPBX Install
--------------------------------------
A quick install guide & scripts for installing FusionPBX. It is recommended to start with a minimal install of the operating system. Notes on further tweaking your configuration are at end of the file.
A quick install guide for a FusionPBX install. It is recommended to start the install on a minimal install of the operating system.
## Operating Systems
### Debian and Raspberry OS
Debian is the preferred operating system by the FreeSWITCH developers. It supports the latest video dependencies and should be used if you want to do video mixing. Download Debian at https://cdimage.debian.org/cdimage/release/current/
### Debian
Debian 8 is the preferred operating system by the FreeSWITCH developers. It supports the latest video dependencies. If you want to do video mixing use Debian. Download Debian 8 Jessie from here https://cdimage.debian.org/cdimage/archive/
```sh
wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/debian/pre-install.sh | sh;
wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/debian/pre-install.sh | sh
cd /usr/src/fusionpbx-install.sh/debian && ./install.sh
```
### Ubuntu and Raspberry OS
```sh
wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/ubuntu/pre-install.sh | sh;
cd /usr/src/fusionpbx-install.sh/ubuntu && ./install.sh
```
### Devuan
If you like Debian but rather not bother with systemd, Devuan is a "drop in" replacement.
Devuan ASCII is based on Stretch, so you will find most of the same packages available.
Version 1 is bassed on Jessie. So you will find the same packages available.
Please note that the source installation and installation on ARM is not fully tested.
```sh
wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/devuan/pre-install.sh | sh;
wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/devuan/pre-install.sh | sh
cd /usr/src/fusionpbx-install.sh/devuan && ./install.sh
```
@ -48,21 +40,13 @@ cd /usr/src/fusionpbx-install.sh/centos && ./install.sh
```
### Windows
* This powershell install for windows is currently in a "beta stage".
* mod_lua is missing from builds after 1.6.14. Script will download it from github.
* Click to download the zip file and extract it.
* Extract the zip file
* Navigate to install.ps1
* Click on install.ps1 then right click on install.ps1 then choose Run with Powershell
* If you are not already Administrator you will have to choose run as Administrator
Don't expect everything to work. Testing is required.
mod_lua is missing from builds after 1.6.14. Script will download it from github.
Open PowerShell as Administrator and run commands
```sh
Master https://github.com/fusionpbx/fusionpbx-install.sh/archive/master.zip
Set-Location "$env:PUBLIC\Downloads"
Invoke-WebRequest https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/windows/install.ps1 -OutFile install.ps1
#run the script
.\install.ps1
```
## Security Considerations
Fail2ban is installed and pre-configured for all operating systems this repository works on besides Windows, but the default settings may not be ideal depending on your needs. Please take a look at the jail file (/etc/fail2ban/jail.local on Debian/Devuan) to configure it to suit your application and security model!
## ISSUES
If you find a bug sign up for an account on www.fusionpbx.com to report the issue.

5
centos/install.sh
View File

@ -13,11 +13,8 @@ cd "$(dirname "$0")"
verbose "Updating CentOS"
yum -y update && yum -y upgrade
# Add additional repository
yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
# Installing basics packages
yum -y install ntp yum-utils net-tools epel-release htop vim openssl
yum -y install ntp htop epel-release vim openssl
# Disable SELinux
resources/selinux.sh

4
centos/resources/backup/fusionpbx-backup.sh
View File

@ -10,10 +10,10 @@ mkdir -p /var/backups/fusionpbx/postgresql
echo "Backup Started"
#delete postgres backups
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm -f {} \;
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;
#delete the main backup
find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm -f {} \;
find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm {} \;
#backup the database
pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql

10
centos/resources/config.sh
View File

@ -2,7 +2,7 @@
# FusionPBX Settings
system_username=admin # default username admin
system_password=random # random or as a pre-set value
system_branch=master # master, stable
system_branch=stable # master, stable
# FreeSWITCH Settings
switch_branch=stable # master, stable
@ -10,10 +10,4 @@ switch_source=false # true or false
switch_package=true # true or false
# Database Settings
database_name=fusionpbx # Database name (safe characters A-Z, a-z, 0-9)
database_username=fusionpbx # Database username (safe characters A-Z, a-z, 0-9)
database_password=random # random or a custom value (safe characters A-Z, a-z, 0-9)
database_repo=official # PostgreSQL official, system, 2ndquadrant
database_host=127.0.0.1 # hostname or IP address
database_port=5432 # port number
database_backup=false # true or false
database_password=random # random or as a pre-set value

4
centos/resources/fail2ban/freeswitch.conf
View File

@ -7,8 +7,8 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.

10
centos/resources/fail2ban/jail.local
View File

@ -67,7 +67,7 @@ findtime = 30
bantime = 6000
[freeswitch-404]
enabled = false
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch-404
@ -95,13 +95,13 @@ port = 80,443
protocol = tcp
filter = nginx-404
logpath = /var/log/nginx/access*.log
bantime = 3600
bantime = 600
findtime = 60
maxretry = 120
[nginx-dos]
# Based on apache-badbots but a simple IP check (any IP requesting more than
# 300 pages in 60 seconds, or 5p/s average, is suspicious)
# 240 pages in 60 seconds, or 4p/s average, is suspicious)
# Block for two full days.
enabled = true
port = 80,443
@ -109,5 +109,5 @@ protocol = tcp
filter = nginx-dos
logpath = /var/log/nginx/access*.log
findtime = 60
bantime = 86400
maxretry = 300
bantime = 172800
maxretry = 240

35
centos/resources/finish.sh
View File

@ -19,16 +19,15 @@ fi
export PGPASSWORD=$database_password
#update the database password
sudo -u postgres /usr/bin/psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
sudo -u postgres /usr/bin/psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
#add the config.conf
mkdir -p /etc/fusionpbx/
cp fusionpbx/config.conf /etc/fusionpbx/
sed -i /etc/fusionpbx/config.conf -e s:"{database_host}:$database_host:"
sed -i /etc/fusionpbx/config.conf -e s:"{database_name}:$database_name:"
sed -i /etc/fusionpbx/config.conf -e s:"{database_username}:$database_username:"
sed -i /etc/fusionpbx/config.conf -e s:"{database_password}:$database_password:"
#add the config.php
mkdir -p /etc/fusionpbx
chown -R freeswitch:daemon /etc/fusionpbx
cp fusionpbx/config.php /etc/fusionpbx
sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:'
sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:"
#add the database schema
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1
@ -65,9 +64,9 @@ group_uuid=$(psql --host=$database_host --port=$database_port --username=$databa
group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')
#add the user to the group
user_group_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
group_user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
group_name=superadmin
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_group_users (group_user_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$group_user_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
#update the php configuration
sed -i 's/user nginx/user freeswitch daemon/g' /etc/nginx/nginx.conf
@ -110,10 +109,8 @@ systemctl enable php-fpm
systemctl enable nginx
systemctl enable freeswitch
systemctl enable memcached
systemctl enable postgresql-14
systemctl enable postgresql-9.4
systemctl daemon-reload
systemctl restart php-fpm
systemctl restart nginx
systemctl restart freeswitch
#welcome message
@ -133,14 +130,12 @@ echo " Official FusionPBX Training"
echo " Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com."
echo " Available online and in person. Includes documentation and recording."
echo ""
echo " Location: Online"
echo " Admin Training: TBA"
echo " Advanced Training: TBA"
echo " Continuing Education: https://www.fusionpbx.com/training"
echo " Timezone: https://www.timeanddate.com/weather/usa/idaho"
echo " Location Online and Boise,Idaho"
echo " Admin Training 13 - 14 December 2017 (2 Days)"
echo " Advanced Training 18 - 19 December 2017 (2 Days)"
echo " Timezone: https://www.timeanddate.com/worldclock/usa/boise"
echo ""
echo " Additional information."
echo " https://fusionpbx.com/members.php"
echo " https://fusionpbx.com/training.php"
echo " https://fusionpbx.com/support.php"
echo " https://www.fusionpbx.com"

0
centos/resources/firewall/iptables.sh Executable file → Normal file
View File

4
centos/resources/fusionpbx.sh
View File

@ -31,10 +31,6 @@ else
BRANCH="-b $FUSION_VERSION"
fi
#add the cache directory
mkdir -p /var/cache/fusionpbx
chown -R freeswitch:daemon /var/cache/fusionpbx
#get the source code
git clone $BRANCH https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx

43
centos/resources/fusionpbx/config.conf
View File

@ -1,43 +0,0 @@
#database system settings
database.0.type = pgsql
database.0.host = {database_host}
database.0.port = 5432
database.0.sslmode = prefer
database.0.name = {database_name}
database.0.username = {database_username}
database.0.password = {database_password}
#database switch settings
database.1.type = sqlite
database.1.path = /var/lib/freeswitch/db
database.1.name = core.db
#general settings
document.root = /var/www/fusionpbx
project.path =
temp.dir = /tmp
php.dir = /usr/bin
php.bin = php
#cache settings
cache.method = file
cache.location = /var/cache/fusionpbx
cache.settings = true
#switch settings
switch.conf.dir = /etc/freeswitch
switch.sounds.dir = /usr/share/freeswitch/sounds
switch.database.dir = /var/lib/freeswitch/db
switch.recordings.dir = /var/lib/freeswitch/recordings
switch.storage.dir = /var/lib/freeswitch/storage
switch.voicemail.dir = /var/lib/freeswitch/storage/voicemail
switch.scripts.dir = /usr/share/freeswitch/scripts
#switch xml handler
xml_handler.fs_path = false
xml_handler.reg_as_number_alias = false
xml_handler.number_as_presence_id = true
#error reporting hide show all errors except notices and warnings
error.reporting = 'E_ALL ^ E_NOTICE ^ E_WARNING'

45
centos/resources/fusionpbx/config.php Executable file
View File

@ -0,0 +1,45 @@
<?php
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2016
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
//set the database type
$db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection
//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here.
//$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename
//$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable
//pgsql: database connection information
$db_host = 'localhost'; //set the host only if the database is not local
$db_port = '5432';
$db_name = 'fusionpbx';
$db_username = '{database_username}';
$db_password = '{database_password}';
//show errors
ini_set('display_errors', '1');
//error_reporting (E_ALL); // Report everything
error_reporting (E_ALL ^ E_NOTICE); // hide notices
//error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings

31
centos/resources/ioncube.sh
View File

@ -1,31 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#make sure unzip is install
yum install unzip
#get the ioncube 64 bit loader
wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.zip
#uncompress the file
unzip ioncube_loaders_lin_x86-64.zip
#remove the zip file
rm ioncube_loaders_lin_x86-64.zip
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_7.1.so /usr/lib64/php/modules
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_7.1.so" > /etc/php.d/00-ioncube.ini
#restart the service
#service httpd restart
service php-fpm restart

45
centos/resources/iptables.sh
View File

@ -1,45 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
. ./config.sh
. ./colors.sh
#send a message
verbose "Configuring IPTables"
#run iptables commands
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "script " --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "script " --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "system " --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "system " --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "exec." --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "exec." --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 7443 -j ACCEPT
iptables -A INPUT -p tcp --dport 5060:5091 -j ACCEPT
iptables -A INPUT -p udp --dport 5060:5091 -j ACCEPT
iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46
iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 26
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 26
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

5
centos/resources/nginx.sh
View File

@ -11,7 +11,7 @@ cd "$(dirname "$0")"
verbose "Installing the web server"
#install dependencies
yum -y install nginx
yum -y install nginx php-fpm php-gd php-pgsql php-odbc php-curl php-imap php-mcrypt php-opcache php-common php-pdo php-soap php-xml php-xmlrpc php-cli
#setup nginx
mkdir -p /etc/nginx/sites-available
@ -23,8 +23,5 @@ ln -s /etc/nginx/sites-available/fusionpbx.conf /etc/nginx/sites-enabled/fusionp
awk '/server *{/ {c=1 ; next} c && /{/{c++} c && /}/{c--;next} !c' /etc/nginx/nginx.conf > /etc/nginx/nginx.tmp && mv -f /etc/nginx/nginx.tmp /etc/nginx/nginx.conf && rm -f /etc/nginx/nginx.tmp
sed -i '/include \/etc\/nginx\/conf\.d\/\*\.conf\;/a \ include \/etc\/nginx\/sites-enabled\/\*\.conf\;' /etc/nginx/nginx.conf
#set the log permissions
chmod -R 664 /var/log/nginx/
#send a message
verbose "nginx installed"

63
centos/resources/nginx/fusionpbx
View File

@ -2,7 +2,6 @@
server {
listen 127.0.0.1:80;
server_name 127.0.0.1;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
@ -32,21 +31,11 @@ server {
location ~^.+.(db)$ {
deny all;
}
location ~ /\.git {
deny all;
}
location ~ /\.lua {
deny all;
}
location ~ /\. {
deny all;
}
}
server {
listen 80;
server_name fusionpbx;
if ($uri !~* ^.*(provision|xml_cdr).*$) {
rewrite ^(.*) https://$host$1 permanent;
break;
@ -61,10 +50,6 @@ server {
#algo
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
#avaya
rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;
#mitel
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
@ -105,15 +90,6 @@ server {
rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
#Digium
rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
#Snom
rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
@ -143,22 +119,12 @@ server {
location ~^.+.(db)$ {
deny all;
}
location ~ /\.git {
deny all;
}
location ~ /\.lua {
deny all;
}
location ~ /\. {
deny all;
}
}
server {
listen 443 ssl;
listen 443;
server_name fusionpbx;
#ssl on;
ssl on;
ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
@ -170,16 +136,9 @@ server {
break;
}
#message media
rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;
#algo
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
#avaya
rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;
#mitel
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
@ -220,15 +179,6 @@ server {
rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
#Digium
rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
#Snom
rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
@ -268,13 +218,4 @@ server {
location ~^.+.(db)$ {
deny all;
}
location ~ /\.git {
deny all;
}
location ~ /\.lua {
deny all;
}
location ~ /\. {
deny all;
}
}

16
centos/resources/php.sh
View File

@ -7,17 +7,6 @@ cd "$(dirname "$0")"
. ./config.sh
. ./colors.sh
#send a message
verbose "Install PHP and PHP-FPM"
#set the version of php
#yum-config-manager --enable remi-php70
#yum-config-manager --enable remi-php71
yum-config-manager --enable remi-php72
#install dependencies
yum -y install php-fpm php-gd php-pgsql php-odbc php-curl php-imap php-opcache php-common php-pdo php-soap php-xml php-xmlrpc php-cli php-gd
#send a message
verbose "Configuring php/nginx/php-fpm and permissions"
@ -28,14 +17,13 @@ TIMEZ=$(timedatectl | grep 'Time zone' | awk '{ print $3 }')
sed -ie "s#;date.timezone =#date.timezone = $TIMEZ#g" /etc/php.ini
sed -ie 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php.ini
sed -ie "s|listen = 127.0.0.1:9000|listen = /var/run/php-fpm/php-fpm.sock|g" /etc/php-fpm.d/www.conf
sed -ie 's/;listen.owner = nobody/listen.owner = freeswitch/g' /etc/php-fpm.d/www.conf
sed -ie 's/;listen.group = nobody/listen.group = daemon/g' /etc/php-fpm.d/www.conf
sed -ie 's/;listen.owner = nobody/listen.owner = nobody/g' /etc/php-fpm.d/www.conf
sed -ie 's/;listen.group = nobody/listen.group = nobody/g' /etc/php-fpm.d/www.conf
sed -ie 's/group = apache/group = daemon/g' /etc/php-fpm.d/www.conf
#update the php.ini
#sed -ie 's/post_max_size = .*/post_max_size = 80M/g' /etc/php.ini
#sed -ie 's/upload_max_filesize = .*/upload_max_filesize = 80M/g' /etc/php.ini
#sed -ie 's/; max_input_vars = .*/max_input_vars = 8000/g' /etc/php.ini
#make the session directory
mkdir -p /var/lib/php/session

41
centos/resources/postgresql.sh
View File

@ -8,49 +8,46 @@ cd "$(dirname "$0")"
. ./colors.sh
#send a message
verbose "Installing PostgreSQL"
verbose "Installing PostgreSQL 9.4"
#generate a random password
password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64)
# Install the repository
sudo yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
# Install PostgreSQL:
sudo yum install -y postgresql14-server postgresql14-contrib postgresql14 postgresql14-libs
#included in the distribution
rpm -ivh --quiet http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/pgdg-centos94-9.4-3.noarch.rpm
yum -y update
yum -y install postgresql94-server postgresql94-contrib postgresql94
#send a message
verbose "Initalize PostgreSQL database"
#initialize the database
sudo /usr/pgsql-14/bin/postgresql-14-setup initdb
sudo systemctl enable postgresql-14
sudo systemctl start postgresql-14
/usr/pgsql-9.4/bin/postgresql94-setup initdb
#allow loopback
sed -i 's/\(host *all *all *127.0.0.1\/32 *\)ident/\1md5/' /var/lib/pgsql/14/data/pg_hba.conf
sed -i 's/\(host *all *all *::1\/128 *\)ident/\1md5/' /var/lib/pgsql/14/data/pg_hba.conf
sed -i 's/\(host *all *all *127.0.0.1\/32 *\)ident/\1md5/' /var/lib/pgsql/9.4/data/pg_hba.conf
sed -i 's/\(host *all *all *::1\/128 *\)ident/\1md5/' /var/lib/pgsql/9.4/data/pg_hba.conf
#systemd
systemctl daemon-reload
systemctl restart postgresql-14
systemctl restart postgresql-9.4
#move to /tmp to prevent a red herring error when running sudo with psql
cwd=$(pwd)
cd /tmp
#add the databases, users and grant permissions to them
sudo -u postgres /usr/bin/psql -d fusionpbx -c "DROP SCHEMA public cascade;";
sudo -u postgres /usr/bin/psql -d fusionpbx -c "CREATE SCHEMA public;";
sudo -u postgres /usr/bin/psql -c "CREATE DATABASE fusionpbx";
sudo -u postgres /usr/bin/psql -c "CREATE DATABASE freeswitch";
sudo -u postgres /usr/bin/psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres /usr/bin/psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres /usr/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres /usr/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
sudo -u postgres /usr/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
sudo -u postgres /usr/pgsql-9.4/bin/psql -d fusionpbx -c "DROP SCHEMA public cascade;";
sudo -u postgres /usr/pgsql-9.4/bin/psql -d fusionpbx -c "CREATE SCHEMA public;";
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE DATABASE fusionpbx";
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE DATABASE freeswitch";
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
sudo -u postgres /usr/pgsql-9.4/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
#ALTER USER fusionpbx WITH PASSWORD 'newpassword';
cd $cwd
#send a message
verbose "PostgreSQL installed"
verbose "PostgreSQL 9.4 installed"

4
centos/resources/reset_admin_password.sh
View File

@ -9,14 +9,14 @@ cd "$(dirname "$0")"
. ./environment.sh
#count the users
admin_users=$(sudo -u postgres psql fusionpbx -Atc "select count(*) from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
admin_users=$(sudo -u postgres psql fusionpbx -Atc "select count(*) from v_users JOIN v_group_users USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
if [ .$admin_users = .'0' ]; then
error "i could not find the user '$system_username' in the database, check your resources/config.sh is correct"
elif [ .$admin_users = .'' ]; then
error "something went wrong, see errors above";
else
admin_uuids=$(sudo -u postgres psql fusionpbx -Atc "select v_users.user_uuid from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
admin_uuids=$(sudo -u postgres psql fusionpbx -Atc "select v_users.user_uuid from v_users JOIN v_group_users USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
for admin_uuid in $admin_uuids; do
user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
if [ .$system_password = .'random' ]; then

2
centos/resources/switch/conf-copy.sh
View File

@ -3,4 +3,4 @@
#copy the conf directory
mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/fusionpbx/app/switch/resources/conf/* /etc/freeswitch
cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch

8
centos/resources/switch/package-release.sh
View File

@ -14,13 +14,7 @@ verbose "Installing FreeSWITCH"
yum -y install memcached curl gdb
#install freeswitch packages
#yum install -y https://files.freeswitch.org/repo/yum/centos-release/freeswitch-release-repo-0-1.noarch.rpm epel-release
echo "signalwire" > /etc/yum/vars/signalwireusername
echo 'please get your token from this site: https://developer.signalwire.com/freeswitch/FreeSWITCH-Explained/Installation/HOWTO-Create-a-SignalWire-Personal-Access-Token_67240087/#attachments'
echo "please enter your token:"
read token
echo $token > /etc/yum/vars/signalwiretoken
yum install -y https://$(< /etc/yum/vars/signalwireusername):$(< /etc/yum/vars/signalwiretoken)@freeswitch.signalwire.com/repo/yum/centos-release/freeswitch-release-repo-0-1.noarch.rpm epel-release
yum install -y http://files.freeswitch.org/freeswitch-release-1-6.noarch.rpm
yum install -y freeswitch-config-vanilla freeswitch-lang-* freeswitch-sounds-* freeswitch-lua freeswitch-xml-cdr
#remove the music package to protect music on hold from package updates

129
centos/resources/switch/source-release.sh
View File

@ -1,129 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ../config.sh
. ../colors.sh
#upgrade packages
yum update && yum upgrade -y
yum -y install memcached curl gdb
#install build dependencies
yum install -y autoconf automake libtool gcc-c++ ncurses-devel zlib-devel libjpeg-devel openssl-devel libcurl-devel pcre-devel lua-devel libedit-devel libuuid-devel speex-devel libogg-devel libvorbis-devel curl-devel ldns-devel libsndfile-devel libtheora-devel
#install additional depdendencies
yum install -y libjpeg-devel sqlite-devel libpng-devel libtiff-devel libX11-devel e2fsprogs-devel openldap-devel libyuv-devel
yum install -y sox sqlite3 unzip
#we are about to move out of the executing directory so we need to preserve it to return after we are done
CWD=$(pwd)
#install the following dependencies if the switch version is greater than 1.10.0
if [ $(echo "$switch_version" | tr -d '.') -gt 1100 ]; then
# libks build-requirements
apt install -y cmake uuid-dev
# libks
cd /usr/src
git clone https://github.com/signalwire/libks.git libks
cd libks
cmake .
make -j $(getconf _NPROCESSORS_ONLN)
make install
# libks C includes
export C_INCLUDE_PATH=/usr/include/libks
# sofia-sip
cd /usr/src
#git clone https://github.com/freeswitch/sofia-sip.git sofia-sip
wget https://github.com/freeswitch/sofia-sip/archive/refs/tags/v$sofia_version.zip
unzip v$sofia_version.zip
cd sofia-sip-$sofia_version
sh autogen.sh
./configure --enable-debug
make -j $(getconf _NPROCESSORS_ONLN)
make install
# spandsp
cd /usr/src
git clone https://github.com/freeswitch/spandsp.git spandsp
cd spandsp
git reset --hard 0d2e6ac65e0e8f53d652665a743015a88bf048d4
#/usr/bin/sed -i 's/AC_PREREQ(\[2\.71\])/AC_PREREQ([2.69])/g' /usr/src/spandsp/configure.ac
sh autogen.sh
./configure --enable-debug
make -j $(getconf _NPROCESSORS_ONLN)
make install
ldconfig
fi
cd /usr/src
#check for master
if [ $switch_branch = "master" ]; then
#master branch
echo "Using version master"
rm -r /usr/src/freeswitch
git clone https://github.com/signalwire/freeswitch.git
cd /usr/src/freeswitch
./bootstrap.sh -j
fi
#check for stable release
if [ $switch_branch = "stable" ]; then
echo "Using version $switch_version"
#1.8 and older
if [ $(echo "$switch_version" | tr -d '.') -lt 1100 ]; then
wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.zip
unzip freeswitch-$switch_version.zip
cd /usr/src/freeswitch-$switch_version
fi
#1.10.0 and newer
if [ $(echo "$switch_version" | tr -d '.') -gt 1100 ]; then
wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.-release.zip
unzip freeswitch-$switch_version.-release.zip
mv freeswitch-$switch_version.-release freeswitch-$switch_version
cd /usr/src/freeswitch-$switch_version
#apply patch
#patch -u /usr/src/freeswitch/src/mod/databases/mod_pgsql/mod_pgsql.c -i /usr/src/fusionpbx-install.sh/debian/resources/switch/source/mod_pgsql.patch
fi
fi
# enable required modules
#sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_av:formats/mod_av:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_nibblebill:applications/mod_nibblebill:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_translate:applications/mod_translate:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#formats/mod_pgsql:formats/mod_pgsql:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#say/mod_say_es:say/mod_say_es:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#say/mod_say_fr:say/mod_say_fr:'
#disable module or install dependency libks to compile signalwire
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'applications/mod_signalwire:#applications/mod_signalwire:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'endpoints/mod_skinny:#endpoints/mod_skinny:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'endpoints/mod_verto:#endpoints/mod_verto:'
# prepare the build
#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
./configure -C --enable-portable-binary --disable-dependency-tracking --enable-debug \
--prefix=/usr --localstatedir=/var --sysconfdir=/etc \
--with-openssl --enable-core-pgsql-support
# compile and install
make -j $(getconf _NPROCESSORS_ONLN)
make install
#return to the executing directory
cd $CWD

46
debian/install.sh vendored
View File

@ -13,26 +13,10 @@ sed -i '/cdrom:/d' /etc/apt/sources.list
#Update to latest packages
verbose "Update installed packages"
apt-get update && apt-get upgrade -y
apt-get update && apt-get upgrade -y --force-yes
#Add dependencies
apt-get install -y wget
apt-get install -y lsb-release
apt-get install -y systemd
apt-get install -y systemd-sysv
apt-get install -y ca-certificates
apt-get install -y dialog
apt-get install -y nano
apt-get install -y net-tools
apt-get install -y gpg
#SNMP
apt-get install -y snmpd
echo "rocommunity public" > /etc/snmp/snmpd.conf
service snmpd restart
#disable vi visual mode
echo "set mouse-=a" >> ~/.vimrc
#IPTables
resources/iptables.sh
@ -40,29 +24,37 @@ resources/iptables.sh
#sngrep
resources/sngrep.sh
#PHP
resources/php.sh
#FusionPBX
resources/fusionpbx.sh
#NGINX web server
resources/nginx.sh
#FusionPBX
resources/fusionpbx.sh
#Optional Applications
resources/applications.sh
#FreeSWITCH
resources/switch.sh
#PHP
resources/php.sh
#Fail2ban
resources/fail2ban.sh
#FreeSWITCH
resources/switch.sh
#Postgres
resources/postgresql.sh
#set the ip address
server_address=$(hostname -I)
#restart services
systemctl daemon-reload
if [ ."$php_version" = ."5" ]; then
systemctl restart php5-fpm
fi
if [ ."$php_version" = ."7" ]; then
systemctl restart php7.0-fpm
fi
systemctl restart nginx
systemctl restart fail2ban
#add the database schema, user and groups
resources/finish.sh

4
debian/pre-install.sh vendored
View File

@ -1,10 +1,10 @@
#!/bin/sh
#upgrade the packages
apt-get update && apt-get upgrade -y
apt-get update && apt-get upgrade -y --force-yes
#install packages
apt-get install -y git lsb-release
apt-get install -y --force-yes git lsb-release
#get the install script
cd /usr/src && git clone https://github.com/fusionpbx/fusionpbx-install.sh.git

29
debian/resources/applications.sh vendored
View File

@ -1,29 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
#optional applications
cd /var/www/fusionpbx/app
if [ .$application_transcribe = .'true' ]; then
git clone https://github.com/fusionpbx/fusionpbx-app-transcribe.git transcribe
fi
if [ .$application_speech = .'true' ]; then
git clone https://github.com/fusionpbx/fusionpbx-app-speech.git speech
fi
if [ .$application_device_logs = .'true' ]; then
git clone https://github.com/fusionpbx/fusionpbx-app-device_logs.git device_logs
fi
if [ .$application_dialplan_tools = .'true' ]; then
git clone https://github.com/fusionpbx/fusionpbx-app-dialplan_tools.git dialplan_tools
fi
if [ .$application_edit = .'true' ]; then
git clone https://github.com/fusionpbx/fusionpbx-app-edit.git edit
fi
if [ .$application_sip_trunks = .'true' ]; then
git clone https://github.com/fusionpbx/fusionpbx-app-sip_trunks.git sip_trunks
fi
chown -R www-data:www-data /var/www/fusionpbx

27
debian/resources/backup/fusionpbx-backup vendored
View File

@ -1,27 +0,0 @@
#!/bin/sh
export PGPASSWORD="zzz"
db_host=127.0.0.1
db_port=5432
now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql
echo "Backup Started"
#delete postgres backups
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm -f {} \;
#delete the main backup
find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm -f {} \;
#backup the database
pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
#package
#tar --exclude='/var/lib/freeswitch/recordings/*/archive' -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch /usr/share/freeswitch/sounds/music/
#source
#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf /usr/local/freeswitch/sounds/music/
echo "Backup Completed"

10
ubuntu/resources/backup/fusionpbx-backup → debian/resources/backup/fusionpbx-backup.sh vendored
View File

@ -1,6 +1,6 @@
#!/bin/sh
export PGPASSWORD="zzz"
#export PGPASSWORD="zzz"
db_host=127.0.0.1
db_port=5432
@ -10,18 +10,18 @@ mkdir -p /var/backups/fusionpbx/postgresql
echo "Backup Started"
#delete postgres backups
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm -f {} \;
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;
#delete the main backup
find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm -f {} \;
find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm {} \;
#backup the database
pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
#package
tar --exclude='/var/lib/freeswitch/recordings/*/archive' -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch /usr/share/freeswitch/sounds/music/
tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch
#source
#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf /usr/local/freeswitch/sounds/music/
#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf
echo "Backup Completed"

177
debian/resources/backup/fusionpbx-maintenance vendored
View File

@ -1,177 +0,0 @@
#!/bin/sh
#settings
export PGPASSWORD="zzz"
db_host=127.0.0.1
db_port=5432
db_name=fusionpbx
db_username=fusionpbx
switch_package=true # true or false
purge_voicemail=false
purge_call_recordings=false
purge_cdrs=false
purge_fax=false
purge_switch_logs=true
purge_php_sessions=true
purge_database_transactions=true
purge_device_logs=false
purge_event_guard_logs=false
purge_user_logs=false
purge_email_queue=false
purge_fax_queue=true
days_keep_voicemail=90
days_keep_call_recordings=90
days_keep_cdrs=730
days_keep_fax=90
days_keep_switch_logs=7
days_keep_php_sessions=8
days_keep_database_transactions=30
days_keep_device_logs=180
days_keep_event_guard_logs=180
days_keep_user_logs=180
days_keep_email_queue=30
days_keep_fax_queue=30
#set the date
now=$(date +%Y-%m-%d)
#make sure the directory exists
if [ -e /var/backups/fusionpbx/postgresql ]; then
echo "postgres backup directory exists"
else
mkdir -p /var/backups/fusionpbx/postgresql
fi
#show message to the console
echo "Maintenance Started"
if [ .$purge_switch_logs = .true ]; then
echo "delete freeswitch logs older $days_keep_switch_logs days"
if [ .$switch_package = .true ]; then
find /var/log/freeswitch/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
else
find /usr/local/freeswitch/log/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
fi
else
echo "not purging Freeswitch logs"
fi
if [ .$purge_fax = .true ]; then
echo "delete fax file storage older than $days_keep_fax days"
if [ .$switch_package = .true ]; then
echo ".";
find /var/lib/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
find /var/lib/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
else
echo ".";
find /usr/local/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
find /usr/local/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
fi
#delete from the database
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_fax_logs WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
else
echo "not purging Faxes"
fi
if [ .$purge_call_recordings = .true ]; then
echo "delete call recordings older than $days_keep_call_recordings days"
if [ .$switch_package = .true ]; then
find /var/lib/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
find /var/lib/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
#remove empty folders
find /var/lib/freeswitch/recordings/*/archive/* -empty -type d -delete
else
find /usr/local/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
find /usr/local/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
#remove empty folders
find /usr/local/freeswitch/recordings/*/archive/* -empty -type d -delete
fi
#Call recordings table uses a view. The data is from v_xml_cdr table. Changed in FusionPBX 5.0.7 and higher. The following line is useful to older versions.
#psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_call_recordings WHERE call_recording_date < NOW() - INTERVAL '90 days'"
else
echo "not purging Recordings."
fi
if [ .$purge_voicemail = .true ]; then
echo "delete voicemail older than $days_keep_voicemail days"
if [ .$switch_package = .true ]; then
echo ".";
find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
else
echo ".";
find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
fi
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '$days_keep_voicemail days'"
else
echo "not purging voicemails."
fi
if [ .$purge_cdrs = .true ]; then
echo "delete call detail records older $days_keep_cdrs days"
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '$days_keep_cdrs days'"
#call detail record - call flow
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_xml_cdr_flow WHERE insert_date < NOW() - INTERVAL '$days_keep_cdrs days'"
#call detail record - json
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_xml_cdr_json WHERE insert_date < NOW() - INTERVAL '$days_keep_cdrs days'"
#call detail record - call logs
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_xml_cdr_logs WHERE insert_date < NOW() - INTERVAL '$days_keep_cdrs days'"
else
echo "not purging CDRs."
fi
echo "delete php sessions older than $days_keep_php_sessions days"
if [ .$purge_php_sessions = .true ]; then
find /var/lib/php/sessions/* -name 'sess_*' -mtime +$days_keep_php_sessions -exec rm {} \;
else
echo "not purging PHP Sessions."
fi
echo "delete database_transactions older $days_keep_database_transactions days"
if [ .$purge_database_transactions = .true ]; then
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_database_transactions where transaction_date < NOW() - INTERVAL '$days_keep_database_transactions days'"
else
echo "not purging database_transactions."
fi
echo "delete device_logs older $days_keep_device_logs days"
if [ .$purge_device_logs = .true ]; then
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_device_logs where timestamp < NOW() - INTERVAL '$days_keep_device_logs days'"
else
echo "not purging device_logs."
fi
echo "delete event_guard_logs older $days_keep_event_guard_logs days"
if [ .$purge_event_guard_logs = .true ]; then
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_event_guard_logs where log_date < NOW() - INTERVAL '$days_keep_event_guard_logs days'"
else
echo "not purging event_guard_logs."
fi
echo "delete user_logs older $days_keep_user_logs days"
if [ .$purge_user_logs = .true ]; then
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_user_logs where timestamp < NOW() - INTERVAL '$days_keep_user_logs days'"
else
echo "not purging user_logs."
fi
echo "delete email_queue older $days_keep_email_queue days"
if [ .$purge_email_queue = .true ]; then
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_email_queue where email_status = 'sent' and email_date < NOW() - INTERVAL '$days_keep_email_queue days'"
else
echo "not purging email_queue."
fi
echo "delete fax_queue older $days_keep_fax_queue days"
if [ .$purge_fax_queue = .true ]; then
psql $db_name --port $db_port --host=$db_host --username=$db_username -c "delete from v_fax_queue where fax_status = 'sent' and fax_date < NOW() - INTERVAL '$days_keep_fax_queue days'"
else
echo "not purging fax_queue."
fi
#completed message
echo "Maintenance Completed";

62
debian/resources/backup/fusionpbx-maintenance.sh vendored Executable file
View File

@ -0,0 +1,62 @@
#!/bin/sh
#settings
#export PGPASSWORD="zzzzz"
db_host=127.0.0.1
db_port=5432
switch_package=true # true or false
#set the date
now=$(date +%Y-%m-%d)
#make sure the directory exists
mkdir -p /var/backups/fusionpbx/postgresql
#show message to the console
echo "Maintenance Started"
#delete freeswitch logs older 7 days
if [ .$switch_package = .true ]; then
find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;
else
find /usr/local/freeswitch/log/freeswitch.log.* -mtime +7 -exec rm {} \;
fi
#delete fax older than 90 days
if [ .$switch_package = .true ]; then
echo ".";
#find /var/lib/freeswitch/storage/fax/* -name '*.tif' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/fax/* -name '*.pdf' -mtime +90 -exec rm {} \;
else
echo ".";
#find /usr/local/freeswitch/storage/fax/* -name '*.tif' -mtime +90 -exec rm {} \;
#find /usr/local/freeswitch/storage/fax/* -name '*.pdf' -mtime +90 -exec rm {} \;
fi
#delete from the database
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '90 days'"
#delete call recordings older than 90 days
if [ .$switch_package = .true ]; then
find /var/lib/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +90 -exec rm {} \;
find /var/lib/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +90 -exec rm {} \;
else
find /usr/local/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +90 -exec rm {} \;
find /usr/local/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +90 -exec rm {} \;
fi
#delete voicemail older than 90 days
if [ .$switch_package = .true ]; then
echo ".";
#find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
else
echo ".";
#find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
fi
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"
#delete call detail records older 90 days
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"
#completed message
echo "Maintenance Completed";

30
debian/resources/config.sh vendored
View File

@ -3,37 +3,21 @@
domain_name=ip_address # hostname, ip_address or a custom value
system_username=admin # default username admin
system_password=random # random or a custom value
system_branch=5.3 # master, 5.3
system_branch=stable # master, stable
# FreeSWITCH Settings
switch_branch=stable # master, stable
switch_source=true # true (source compile) or false (binary package)
switch_package=false # true (binary package) or false (source compile)
switch_version=1.10.12 # which source code to download, only for source
switch_tls=true # true or false
switch_token= # Get the auth token from https://signalwire.com
# Signup or Login -> Profile -> Personal Auth Token
# Sofia-Sip Settings
sofia_version=1.13.17 # release-version for sofia-sip to use
switch_source=false # true or false
switch_package=true # true or false
# Database Settings
database_name=fusionpbx # Database name (safe characters A-Z, a-z, 0-9)
database_username=fusionpbx # Database username (safe characters A-Z, a-z, 0-9)
database_password=random # random or a custom value (safe characters A-Z, a-z, 0-9)
database_repo=official # PostgreSQL official, system
database_version=17 # requires repo official
database_password=random # random or a custom value
database_repo=official # PostgresSQL official, system, 2ndquadrant
database_version=latest # requires repo official
database_host=127.0.0.1 # hostname or IP address
database_port=5432 # port number
database_backup=false # true or false
# General Settings
php_version=8.1 # PHP version 7.1, 7.3, 7.4, 8.1
php_version=5 # PHP version 5 or 7
letsencrypt_folder=true # true or false
# Optional Applications
application_transcribe=true # Speech to Text
application_speech=true # Text to Speech
application_device_logs=true # Log device provision requests
application_dialplan_tools=false # Add additional dialplan applications
application_edit=false # Editor for XML, Provision, Scripts, and PHP
application_sip_trunks=false # Registration based SIP trunks

11
debian/resources/environment.sh vendored
View File

@ -13,16 +13,8 @@ cpu_name=$(uname -m)
cpu_architecture='unknown'
cpu_mode='unknown'
#set the environment path
export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
#check what the CPU and OS are
if [ .$cpu_name = .'armv6l' ]; then
# RaspberryPi Zero
os_mode='32'
cpu_mode='32'
cpu_architecture='arm'
elif [ .$cpu_name = .'armv7l' ]; then
if [ .$cpu_name = .'armv7l' ]; then
# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
os_mode='32'
cpu_mode='32'
@ -69,6 +61,7 @@ if [ .$cpu_architecture = .'arm' ]; then
if [ .$os_mode = .'32' ]; then
verbose "Correct CPU and Operating System detected, using the ARM repo"
elif [ .$os_mode = .'64' ]; then
error "You are using a 64bit arm OS this is unsupported"
switch_source=true
switch_package=false
else

18
debian/resources/fail2ban.sh vendored
View File

@ -6,32 +6,28 @@ cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Installing Fail2ban"
#add the dependencies
apt-get install -y fail2ban rsyslog
apt-get install -y --force-yes fail2ban
#move the filters
cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
cp fail2ban/freeswitch-acl.conf /etc/fail2ban/filter.d/freeswitch-acl.conf
cp fail2ban/sip-auth-failure.conf /etc/fail2ban/filter.d/sip-auth-failure.conf
cp fail2ban/sip-auth-challenge.conf /etc/fail2ban/filter.d/sip-auth-challenge.conf
cp fail2ban/auth-challenge-ip.conf /etc/fail2ban/filter.d/auth-challenge-ip.conf
cp fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf
cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
cp fail2ban/freeswitch-404.conf /etc/fail2ban/filter.d/freeswitch-404.conf
cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
cp fail2ban/fusionpbx-mac.conf /etc/fail2ban/filter.d/fusionpbx-mac.conf
cp fail2ban/fusionpbx-404.conf /etc/fail2ban/filter.d/fusionpbx-404.conf
cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
cp fail2ban/jail.local /etc/fail2ban/jail.local
#update config if source is being used
#if [ .$switch_source = .true ]; then
# sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
#fi
if [ .$switch_source = .true ]; then
sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
fi
#restart fail2ban
/usr/sbin/service fail2ban restart

21
debian/resources/fail2ban/auth-challenge-ip.conf vendored
View File

@ -1,21 +0,0 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#[WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [+972592277524@xxx.xxx.xxx.xxx] from ip 209.160.120.12
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((INVITE|REGISTER)\) on sofia profile \'.*\' for \[.*@\d+.\d+.\d+.\d+\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

6
debian/resources/fail2ban/fail2ban.local vendored
View File

@ -1,6 +0,0 @@
[DEFAULT]
# Option: allowipv6
# Notes.: Allows IPv6 interface:
# Default: auto
# Values: [ auto yes (on, true, 1) no (off, false, 0) ] Default: auto
allowipv6 = auto

0
debian/resources/fail2ban/fusionpbx-404.conf → debian/resources/fail2ban/freeswitch-404.conf vendored
View File

20
debian/resources/fail2ban/freeswitch-acl.conf vendored
View File

@ -1,20 +0,0 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#2021-02-03 16:27:57.292697 [WARNING] sofia_reg.c:2353 IP 62.210.78.91 Rejected by register acl "domains"
failregex = \[WARNING\] sofia_reg.c:\d+ IP <HOST> Rejected by register acl
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

2
devuan/resources/fail2ban/sip-auth-failure.conf → debian/resources/fail2ban/freeswitch-dos.conf vendored
View File

@ -12,7 +12,7 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.

4
debian/resources/fail2ban/freeswitch.conf vendored
View File

@ -7,8 +7,8 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.

132
debian/resources/fail2ban/jail.local vendored
View File

@ -5,93 +5,87 @@ protocol = ssh
filter = sshd
logpath = /var/log/auth.log
action = iptables-allports[name=sshd, protocol=all]
maxretry = 6
findtime = 60
maxretry = 5
findtime = 7200
bantime = 86400
[freeswitch]
enabled = false
port = 5060:5091
[freeswitch-udp]
enabled = true
port = 5060:5090
protocol = all
filter = freeswitch
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch, protocol=all]
maxretry = 10
findtime = 60
action = iptables-multiport[name=freeswitch-udp, port="5060:5090", protocol=udp]
maxretry = 5
findtime = 600
bantime = 3600
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
[freeswitch-acl]
enabled = false
port = 5060:5091
[freeswitch-tcp]
enabled = true
port = 5060:5090
protocol = all
filter = freeswitch-acl
filter = freeswitch
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch-acl, protocol=all]
maxretry = 900
findtime = 60
bantime = 86400
action = iptables-multiport[name=freeswitch-tcp, port="5060:5090", protocol=tcp]
maxretry = 5
findtime = 600
bantime = 3600
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
[freeswitch-ip]
[freeswitch-ip-tcp]
enabled = false
port = 5060:5091
port = 5060:5090
protocol = all
filter = freeswitch-ip
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch-ip, protocol=all]
action = iptables-multiport[name=freeswitch-ip-tcp, port="5060:5090", protocol=tcp]
maxretry = 1
findtime = 60
findtime = 30
bantime = 86400
[auth-challenge-ip]
[freeswitch-ip-udp]
enabled = false
port = 5060:5091
port = 5060:5090
protocol = all
filter = auth-challenge-ip
filter = freeswitch-ip
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=auth-challenge-ip, protocol=all]
action = iptables-multiport[name=freeswitch-ip-udp, port="5060:5090", protocol=udp]
maxretry = 1
findtime = 60
findtime = 30
bantime = 86400
[sip-auth-challenge]
enabled = false
port = 5060:5091
[freeswitch-dos-udp]
enabled = true
port = 5060:5090
protocol = all
filter = sip-auth-challenge
filter = freeswitch-dos
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=sip-auth-challenge, protocol=all]
maxretry = 100
findtime = 60
action = iptables-multiport[name=freeswitch-dos-udp, port="5060:5090", protocol=udp]
maxretry = 50
findtime = 30
bantime = 6000
[freeswitch-dos-tcp]
enabled = true
port = 5060:5090
protocol = all
filter = freeswitch-dos
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-dos-tcp, port="5060:5090", protocol=tcp]
maxretry = 50
findtime = 30
bantime = 7200
[sip-auth-failure]
enabled = false
port = 5060:5091
[freeswitch-404]
enabled = true
port = 5060:5090
protocol = all
filter = sip-auth-failure
filter = freeswitch-404
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=sip-auth-failure, protocol=all]
maxretry = 6
findtime = 60
bantime = 7200
[fusionpbx-404]
enabled = false
port = 5060:5091
protocol = all
filter = fusionpbx-404
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=fusionpbx-404, protocol=all]
maxretry = 6
findtime = 60
action = iptables-allports[name=freeswitch-404, protocol=all]
maxretry = 3
findtime = 300
bantime = 86400
[fusionpbx]
@ -100,10 +94,10 @@ port = 80,443
protocol = tcp
filter = fusionpbx
logpath = /var/log/auth.log
action = iptables-allports[name=fusionpbx, protocol=all]
action = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp]
# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
maxretry = 20
findtime = 60
maxretry = 10
findtime = 600
bantime = 3600
[fusionpbx-mac]
@ -112,11 +106,11 @@ port = 80,443
protocol = tcp
filter = fusionpbx-mac
logpath = /var/log/syslog
action = iptables-allports[name=fusionpbx-mac, protocol=all]
action = iptables-multiport[name=fusionpbx-mac, port="http,https", protocol=tcp]
# sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed
maxretry = 10
findtime = 60
bantime = 86400
maxretry = 5
findtime = 300
bantime = -1
[nginx-404]
enabled = true
@ -124,20 +118,18 @@ port = 80,443
protocol = tcp
filter = nginx-404
logpath = /var/log/nginx/access*.log
action = iptables-allports[name=nginx-404, protocol=all]
bantime = 3600
findtime = 60
maxretry = 300
maxretry = 120
[nginx-dos]
# Based on apache-badbots but a simple IP check (any IP requesting more than
# 300 pages in 60 seconds, or 5p/s average, is suspicious)
# 240 pages in 60 seconds, or 4p/s average, is suspicious)
enabled = true
port = 80,443
protocol = tcp
filter = nginx-dos
logpath = /var/log/nginx/access*.log
action = iptables-allports[name=nginx-dos, protocol=all]
findtime = 60
bantime = 86400
maxretry = 800
bantime = -1
maxretry = 240

21
debian/resources/fail2ban/sip-auth-challenge.conf vendored
View File

@ -1,21 +0,0 @@
# Fail2Ban configuration file
#
# Author: soapee01
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((?:REGISTER|INVITE)\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

21
debian/resources/fail2ban/sip-auth-failure.conf vendored
View File

@ -1,21 +0,0 @@
# Fail2Ban configuration file
#
# Author: soapee01
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

79
debian/resources/finish.sh vendored
View File

@ -8,6 +8,8 @@ cd "$(dirname "$0")"
. ./colors.sh
#database details
database_host=127.0.0.1
database_port=5432
database_username=fusionpbx
if [ .$database_password = .'random' ]; then
database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
@ -17,26 +19,15 @@ fi
export PGPASSWORD=$database_password
#update the database password
#sudo -u postgres psql --host=$database_host --port=$database_port --username=$database_username -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
#sudo -u postgres psql --host=$database_host --port=$database_port --username=$database_username -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
sudo -u postgres psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
sudo -u postgres psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
#install the database backup
cp backup/fusionpbx-backup /etc/cron.daily
cp backup/fusionpbx-maintenance /etc/cron.daily
chmod 755 /etc/cron.daily/fusionpbx-backup
chmod 755 /etc/cron.daily/fusionpbx-maintenance
sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-backup
sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-maintenance
#add the config.conf
#add the config.php
mkdir -p /etc/fusionpbx
cp fusionpbx/config.conf /etc/fusionpbx
sed -i /etc/fusionpbx/config.conf -e s:"{database_host}:$database_host:"
sed -i /etc/fusionpbx/config.conf -e s:"{database_name}:$database_name:"
sed -i /etc/fusionpbx/config.conf -e s:"{database_username}:$database_username:"
sed -i /etc/fusionpbx/config.conf -e s:"{database_password}:$database_password:"
chown -R www-data:www-data /etc/fusionpbx
cp fusionpbx/config.php /etc/fusionpbx
sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:'
sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:"
#add the database schema
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1
@ -58,68 +49,49 @@ domain_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');"
#app defaults
cd /var/www/fusionpbx && /usr/bin/php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
#add the user
user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
user_name=$system_username
if [ .$system_password = .'random' ]; then
user_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
user_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
else
user_password=$system_password
fi
password_hash=$(/usr/bin/php -r "echo md5('$user_salt$user_password');");
password_hash=$(php -r "echo md5('$user_salt$user_password');");
psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');"
#get the superadmin group_uuid
#echo "psql --host=$database_host --port=$database_port --username=$database_username -qtAX -c \"select group_uuid from v_groups where group_name = 'superadmin';\""
group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -qtAX -c "select group_uuid from v_groups where group_name = 'superadmin';");
group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -t -c "select group_uuid from v_groups where group_name = 'superadmin';");
group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')
#add the user to the group
user_group_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
group_user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
group_name=superadmin
#echo "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_group_users (group_user_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$group_user_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
#update xml_cdr url, user and password
xml_cdr_username=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
xml_cdr_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
xml_cdr_username=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
xml_cdr_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:$database_host:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:127.0.0.1:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:"
#app defaults
cd /var/www/fusionpbx && /usr/bin/php /var/www/fusionpbx/core/upgrade/upgrade.php
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
#restart freeswitch
/bin/systemctl daemon-reload
/bin/systemctl restart freeswitch
#install the email_queue service
cp /var/www/fusionpbx/app/email_queue/resources/service/debian.service /etc/systemd/system/email_queue.service
systemctl enable email_queue
systemctl start email_queue
systemctl daemon-reload
#install the event_guard service
cp /var/www/fusionpbx/app/event_guard/resources/service/debian.service /etc/systemd/system/event_guard.service
/bin/systemctl enable event_guard
/bin/systemctl start event_guard
/bin/systemctl daemon-reload
#add xml cdr import to crontab
apt install cron
(crontab -l; echo "* * * * * $(which php) /var/www/fusionpbx/app/xml_cdr/xml_cdr_import.php 300") | crontab
#welcome message
echo ""
echo ""
verbose "Installation Notes. "
echo ""
echo " Please save this information and reboot this system to complete the install. "
verbose "Installation has completed."
echo ""
echo " Use a web browser to login."
echo " domain name: https://$domain_name"
@ -134,16 +106,17 @@ echo " Official FusionPBX Training"
echo " Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com."
echo " Available online and in person. Includes documentation and recording."
echo ""
echo " Location: Online"
echo " Admin Training: TBA"
echo " Advanced Training: TBA"
echo " Continuing Education: https://www.fusionpbx.com/training"
echo " Timezone: https://www.timeanddate.com/weather/usa/idaho"
echo " Location Online and Boise,Idaho"
echo " Admin Training 13 - 14 December 2017 (2 Days)"
echo " Advanced Training 18 - 19 December 2017 (2 Days)"
echo " Timezone: https://www.timeanddate.com/worldclock/usa/boise"
echo ""
echo " Additional information."
echo " https://fusionpbx.com/members.php"
echo " https://fusionpbx.com/training.php"
echo " https://fusionpbx.com/support.php"
echo " https://www.fusionpbx.com"
echo " http://docs.fusionpbx.com"
echo ""

16
debian/resources/fusionpbx.sh vendored
View File

@ -11,22 +11,22 @@ cd "$(dirname "$0")"
verbose "Installing FusionPBX"
#install dependencies
apt-get install -y vim git dbus haveged ssl-cert qrencode
apt-get install -y ghostscript libtiff5-dev libtiff-tools at
apt-get install -y --force-yes vim git dbus haveged ssl-cert
apt-get install -y --force-yes ghostscript libtiff5-dev libtiff-tools at
#get the branch
if [ .$system_branch = .'master' ]; then
verbose "Using master"
branch=""
else
verbose "Using version $system_branch"
branch="-b $system_branch"
system_major=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1)
system_minor=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $system_major.* | cut -d/ -f3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2)
system_version=$system_major.$system_minor
verbose "Using version $system_version"
branch="-b $system_version"
fi
#add the cache directory
mkdir -p /var/cache/fusionpbx
chown -R www-data:www-data /var/cache/fusionpbx
#get the source code
git clone $branch https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx
chown -R www-data:www-data /var/www/fusionpbx
chmod -R 755 /var/www/fusionpbx/secure

44
debian/resources/fusionpbx/config.conf vendored
View File

@ -1,44 +0,0 @@
#database system settings
database.0.type = pgsql
database.0.host = {database_host}
database.0.port = 5432
database.0.sslmode = prefer
database.0.name = {database_name}
database.0.username = {database_username}
database.0.password = {database_password}
#database switch settings
database.1.type = sqlite
database.1.path = /var/lib/freeswitch/db
database.1.name = core.db
#general settings
document.root = /var/www/fusionpbx
project.path =
temp.dir = /tmp
php.dir = /usr/bin
php.bin = php
#cache settings
cache.method = file
cache.location = /var/cache/fusionpbx
cache.settings = true
#switch settings
switch.conf.dir = /etc/freeswitch
switch.sounds.dir = /usr/share/freeswitch/sounds
switch.database.dir = /var/lib/freeswitch/db
switch.recordings.dir = /var/lib/freeswitch/recordings
switch.storage.dir = /var/lib/freeswitch/storage
switch.voicemail.dir = /var/lib/freeswitch/storage/voicemail
switch.scripts.dir = /usr/share/freeswitch/scripts
#switch xml handler
xml_handler.fs_path = false
xml_handler.reg_as_number_alias = false
xml_handler.number_as_presence_id = true
#error reporting options: user,dev,all
error.reporting = user

45
debian/resources/fusionpbx/config.php vendored Executable file
View File

@ -0,0 +1,45 @@
<?php
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2016
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
//set the database type
$db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection
//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here.
//$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename
//$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable
//pgsql: database connection information
$db_host = 'localhost'; //set the host only if the database is not local
$db_port = '5432';
$db_name = 'fusionpbx';
$db_username = '{database_username}';
$db_password = '{database_password}';
//show errors
ini_set('display_errors', '1');
//error_reporting (E_ALL); // Report everything
//error_reporting (E_ALL ^ E_NOTICE); // hide notices
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings

170
debian/resources/ioncube.sh vendored
View File

@ -1,170 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#show cpu details
echo "cpu architecture: $cpu_architecture"
echo "cpu name: $cpu_name"
#make sure unzip is install
apt-get install -y unzip
#remove the ioncube directory if it exists
if [ -d "ioncube" ]; then
rm -Rf ioncube;
fi
#get the ioncube load and unzip it
if [ .$cpu_architecture = .'x86' ]; then
#get the ioncube 64 bit loader
wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.zip
#uncompress the file
unzip ioncube_loaders_lin_x86-64.zip
#remove the zip file
rm ioncube_loaders_lin_x86-64.zip
elif [ .$cpu_architecture = ."arm" ]; then
if [ .$cpu_name = .'armv7l' ]; then
#get the ioncube 64 bit loader
wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_armv7l.zip
#uncompress the file
unzip ioncube_loaders_lin_armv7l.zip
#remove the zip file
rm ioncube_loaders_lin_armv7l.zip
fi
fi
#set the version of php
#if [ ."$os_codename" = ."bullseye" ]; then
# php_version=8.0
#fi
#if [ ."$os_codename" = ."buster" ]; then
# php_version=7.4
#fi
#if [ ."$os_codename" = ."stretch" ]; then
# php_version=7.1
#fi
#if [ ."$os_codename" = ."jessie" ]; then
# php_version=7.1
#fi
#copy the loader to the correct directory
if [ ."$php_version" = ."5.6" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_5.6.so /usr/lib/php5/20131226
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php5/20131226/ioncube_loader_lin_5.6.so" > /etc/php5/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php5/20131226/ioncube_loader_lin_5.6.so" > /etc/php5/cli/conf.d/00-ioncube.ini
#restart the service
service php5-fpm restart
fi
if [ ."$php_version" = ."7.0" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_7.0.so /usr/lib/php/20151012
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20151012/ioncube_loader_lin_7.0.so" > /etc/php/7.0/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20151012/ioncube_loader_lin_7.0.so" > /etc/php/7.0/cli/conf.d/00-ioncube.ini
#restart the service
service php7.0-fpm restart
fi
if [ ."$php_version" = ."7.1" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_7.1.so /usr/lib/php/20160303
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/cli/conf.d/00-ioncube.ini
#restart the service
service php7.1-fpm restart
fi
if [ ."$php_version" = ."7.2" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_7.2.so /usr/lib/php/20170718
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/cli/conf.d/00-ioncube.ini
#restart the service
service php7.2-fpm restart
fi
if [ ."$php_version" = ."7.3" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_7.3.so /usr/lib/php/20180731
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so" > /etc/php/7.3/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so" > /etc/php/7.3/cli/conf.d/00-ioncube.ini
#restart the service
service php7.3-fpm restart
fi
if [ ."$php_version" = ."7.4" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_7.4.so /usr/lib/php/20190902
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/cli/conf.d/00-ioncube.ini
#restart the service
service php7.4-fpm restart
fi
if [ ."$php_version" = ."8.1" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_8.1.so /usr/lib/php/20210902
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20210902/ioncube_loader_lin_8.1.so" > /etc/php/8.1/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20210902/ioncube_loader_lin_8.1.so" > /etc/php/8.1/cli/conf.d/00-ioncube.ini
#restart the service
service php8.1-fpm restart
fi
if [ ."$php_version" = ."8.2" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_8.2.so /usr/lib/php/20220829
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20220829/ioncube_loader_lin_8.2.so" > /etc/php/8.2/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20220829/ioncube_loader_lin_8.2.so" > /etc/php/8.2/cli/conf.d/00-ioncube.ini
#restart the service
service php8.2-fpm restart
fi
if [ ."$php_version" = ."8.3" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_8.3.so /usr/lib/php/20230831
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20230831/ioncube_loader_lin_8.3.so" > /etc/php/8.3/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20230831/ioncube_loader_lin_8.3.so" > /etc/php/8.3/cli/conf.d/00-ioncube.ini
#restart the service
service php8.3-fpm restart
fi
if [ ."$php_version" = ."8.4" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_8.4.so /usr/lib/php/20240924
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20240924/ioncube_loader_lin_8.4.so" > /etc/php/8.4/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20240924/ioncube_loader_lin_8.4.so" > /etc/php/8.4/cli/conf.d/00-ioncube.ini
#restart the service
service php8.4-fpm restart
fi

88
debian/resources/iptables.sh vendored
View File

@ -3,99 +3,39 @@
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#add the includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Configuring IPTables"
#defaults to nftables by default this enables iptables
if [ ."$os_codename" = ."buster" ]; then
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
fi
if [ ."$os_codename" = ."bullseye" ]; then
apt-get install -y iptables
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
fi
if [ ."$os_codename" = ."bookworm" ]; then
apt-get install -y iptables
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
fi
#remove ufw
ufw reset
ufw disable
apt-get remove -y ufw
#apt-get purge ufw
iptables --delete-chain ufw-after-forward
iptables --delete-chain ufw-after-input
iptables --delete-chain ufw-after-logging-forward
iptables --delete-chain ufw-after-logging-input
iptables --delete-chain ufw-after-logging-output
iptables --delete-chain ufw-after-output
iptables --delete-chain ufw-before-forward
iptables --delete-chain ufw-before-input
iptables --delete-chain ufw-before-logging-forward
iptables --delete-chain ufw-before-logging-input
iptables --delete-chain ufw-before-logging-output
iptables --delete-chain ufw-before-output
iptables --delete-chain ufw-reject-forward
iptables --delete-chain ufw-reject-input
iptables --delete-chain ufw-reject-output
iptables --delete-chain ufw-track-forward
iptables --delete-chain ufw-track-input
iptables --delete-chain ufw-track-output
#flush iptables
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
#run iptables commands
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "system " --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "system " --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "exec." --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "exec." --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5090 -m string --string "friendly-scanner" --algo bm
iptables -A INPUT -j DROP -p udp --dport 5060:5090 -m string --string "sipcli/" --algo bm
iptables -A INPUT -j DROP -p udp --dport 5060:5090 -m string --string "VaxSIPUserAgent/" --algo bm
iptables -A INPUT -j DROP -p tcp --dport 5060:5090 -m string --string "friendly-scanner" --algo bm
iptables -A INPUT -j DROP -p tcp --dport 5060:5090 -m string --string "sipcli/" --algo bm
iptables -A INPUT -j DROP -p tcp --dport 5060:5090 -m string --string "VaxSIPUserAgent/" --algo bm
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 7443 -j ACCEPT
iptables -A INPUT -p tcp --dport 5060:5091 -j ACCEPT
iptables -A INPUT -p udp --dport 5060:5091 -j ACCEPT
iptables -A INPUT -p tcp --dport 5060:5090 -j ACCEPT
iptables -A INPUT -p udp --dport 5060:5090 -j ACCEPT
iptables -A INPUT -p tcp --dport 5080:5090 -j ACCEPT
iptables -A INPUT -p udp --dport 5080:5090 -j ACCEPT
iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46
iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 26
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 26
iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5090 -j DSCP --set-dscp 26
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5090 -j DSCP --set-dscp 26
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#save iptables to make it persistent
#mkdir /etc/iptables
#iptables-save > /etc/iptables/rules.v4
#answer the questions for iptables persistent and save the iptable rules
#answer the questions for iptables persistent
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
apt-get install -y iptables-persistent
apt-get install -y --force-yes iptables-persistent

167
debian/resources/letsencrypt.sh vendored
View File

@ -1,130 +1,87 @@
#!/bin/sh
# FusionPBX - Install
# Mark J Crane <markjcrane@fusionpbx.com>
# Copyright (C) 2018
# All Rights Reserved.
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
#. ./colors.sh
. ./environment.sh
#Add dependencies
apt-get install -y curl
#remove dehyrdated letsencrypt script
rm /usr/local/sbin/dehydrated
rm -R /usr/src/dehydrated
#rm -R /etc/dehydrated/
#rm -R /usr/src/dns-01-manual
#rm -R /var/www/dehydrated
#request the domain name, email address and wild card domain
#request the domain and email
read -p 'Domain Name: ' domain_name
read -p 'Email Address: ' email_address
#domain_name=subdomain.domain.com
#email=username@domain.com
#get and install dehydrated
cd /usr/src && git clone https://github.com/dehydrated-io/dehydrated.git
cd /usr/src/dehydrated
cp dehydrated /usr/local/sbin
mkdir -p /var/www/dehydrated
mkdir -p /etc/dehydrated/certs
#remove previous install
rm -R /opt/letsencrypt
rm -R /etc/letsencrypt
#wildcard detection
wildcard_domain=$(echo $domain_name | cut -c1-1)
if [ "$wildcard_domain" = "*" ]; then
wildcard_domain="true"
else
wildcard_domain="false"
#use php version 5 for arm
if [ .$cpu_architecture = .'arm' ]; then
php_version=5
fi
#remove the wildcard and period
if [ .$wildcard_domain = ."true" ]; then
domain_name=$(echo "$domain_name" | cut -c3-255)
#enable fusionpbx nginx config
cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
#prepare socket name
if [ ."$php_version" = ."5" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
fi
#manual dns hook
if [ .$wildcard_domain = ."true" ]; then
cd /usr/src
git clone https://github.com/gheja/dns-01-manual.git
cd /usr/src/dns-01-manual/
cp hook.sh /etc/dehydrated/hook.sh
chmod 755 /etc/dehydrated/hook.sh
if [ ."$php_version" = ."7" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
fi
#copy config and hook.sh into /etc/dehydrated
cd /usr/src/dehydrated
cp docs/examples/config /etc/dehydrated
#cp docs/examples/hook.sh /etc/dehydrated
#update the dehydrated config
#sed "s#CONTACT_EMAIL=#CONTACT_EMAIL=$email_address" -i /etc/dehydrated/config
sed -i 's/#CONTACT_EMAIL=/CONTACT_EMAIL="'"$email_address"'"/g' /etc/dehydrated/config
sed -i 's/#WELLKNOWN=/WELLKNOWN=/g' /etc/dehydrated/config
#accept the terms
./dehydrated --register --accept-terms --config /etc/dehydrated/config
#set the domain alias
domain_alias=$(echo "$domain_name" | head -n1 | cut -d " " -f1)
#create an alias when using wildcard dns
if [ .$wildcard_domain = ."true" ]; then
echo "*.$domain_name > $domain_name" > /etc/dehydrated/domains.txt
fi
#add the domain name to domains.txt
if [ .$wildcard_domain = ."false" ]; then
echo "$domain_name" > /etc/dehydrated/domains.txt
fi
#request the certificates
if [ .$wildcard_domain = ."true" ]; then
./dehydrated --cron --domain *.$domain_name --preferred-chain "ISRG Root X1" --algo rsa --alias $domain_alias --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge dns-01 --hook /etc/dehydrated/hook.sh
fi
if [ .$wildcard_domain = ."false" ]; then
./dehydrated --cron --alias $domain_alias --preferred-chain "ISRG Root X1" --algo rsa --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge http-01
fi
#make sure the nginx ssl directory exists
mkdir -p /etc/nginx/ssl
#update nginx config
sed "s@ssl_certificate[ \t]*/etc/ssl/certs/nginx.crt;@ssl_certificate /etc/dehydrated/certs/$domain_alias/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx
sed "s@ssl_certificate_key[ \t]*/etc/ssl/private/nginx.key;@ssl_certificate_key /etc/dehydrated/certs/$domain_alias/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx
ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
#read the config
/usr/sbin/nginx -t && /usr/sbin/nginx -s reload
#setup freeswitch tls
if [ .$switch_tls = ."true" ]; then
#add jessie backports
echo "deb http://ftp.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/jessie-backports.list
apt-get update && apt-get upgrade
apt-get install certbot -t jessie-backports
#make sure the freeswitch directory exists
mkdir -p /etc/freeswitch/tls
#install letsencrypt
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
chmod 755 /opt/letsencrypt/certbot-auto
/opt/letsencrypt/./certbot-auto certonly
#make sure the freeswitch certificate directory is empty
rm /etc/freeswitch/tls/*
#make the directories
mkdir -p /etc/letsencrypt/configs
mkdir -p /var/www/letsencrypt/
#cd $pwd
#cd "$(dirname "$0")"
#copy the domain conf
cp letsencrypt/domain_name.conf /etc/letsencrypt/configs/$domain_name.conf
#update the domain_name and email_address
sed "s#{domain_name}#$domain_name#g" -i /etc/letsencrypt/configs/$domain_name.conf
sed "s#{email_address}#$email_address#g" -i /etc/letsencrypt/configs/$domain_name.conf
#letsencrypt
#sed "s@#letsencrypt@location /.well-known/acme-challenge { root /var/www/letsencrypt; }@g" -i /etc/nginx/sites-available/fusionpbx
#get the certs from letsencrypt
cd /opt/letsencrypt && ./letsencrypt-auto --config /etc/letsencrypt/configs/$domain_name.conf certonly
#update nginx config
sed "s@ssl_certificate /etc/ssl/certs/nginx.crt;@ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx
sed "s@ssl_certificate_key /etc/ssl/private/nginx.key;@ssl_certificate_key /etc/letsencrypt/live/$domain_name/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx
#read the config
/usr/sbin/nginx -t && /usr/sbin/nginx -s reload
#combine the certs into all.pem
cat /etc/dehydrated/certs/$domain_alias/fullchain.pem > /etc/freeswitch/tls/all.pem
cat /etc/dehydrated/certs/$domain_alias/privkey.pem >> /etc/freeswitch/tls/all.pem
#cat /etc/dehydrated/certs/$domain_alias/chain.pem >> /etc/freeswitch/tls/all.pem
cat /etc/letsencrypt/live/$domain_name/cert.pem > /etc/letsencrypt/live/$domain_name/all.pem
cat /etc/letsencrypt/live/$domain_name/privkey.pem >> /etc/letsencrypt/live/$domain_name/all.pem
cat /etc/letsencrypt/live/$domain_name/chain.pem >> /etc/letsencrypt/live/$domain_name/all.pem
#copy the certificates
cp /etc/dehydrated/certs/$domain_alias/cert.pem /etc/freeswitch/tls
cp /etc/dehydrated/certs/$domain_alias/chain.pem /etc/freeswitch/tls
cp /etc/dehydrated/certs/$domain_alias/fullchain.pem /etc/freeswitch/tls
cp /etc/dehydrated/certs/$domain_alias/privkey.pem /etc/freeswitch/tls
#add symbolic links
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem
#set the permissions
chown -R www-data:www-data /etc/freeswitch/tls
fi
#copy the certs to the switch tls directory
mkdir -p /etc/freeswitch/tls
cp /etc/letsencrypt/live/$domain_name/*.pem /etc/freeswitch/tls
cp /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
chown -R www-data:www-data /etc/freeswitch

173
debian/resources/maintenance/call_recordings.php vendored
View File

@ -1,173 +0,0 @@
<?php
/*
Call Recordings Maintenance
- Convert WAV to MP3
- Reduce the file size
- Move recordings
- Move the recording from the source to a destination directory.
- To move files, you will need to add the destination_path as a setting under category: call_recordings
In my case, I put the file in /usr/src and then run manually like this.
/usr/bin/php /usr/src/fusionpbx-install.sh/debian/resources/maintenance/call_recordings.php
Debian
crontab -e
0 * * * * /usr/bin/php /usr/src/fusionpbx-install.sh/debian/resources/maintenance/call_recordings.php > /dev/null 2>&1
*/
//add the document root to the included path
if (defined('STDIN')) {
$config_glob = glob("{/usr/local/etc,/etc}/fusionpbx/config.conf", GLOB_BRACE);
$conf = parse_ini_file($config_glob[0]);
set_include_path($conf['document.root']);
}
else {
exit;
}
//set pre-defined variables
$debug = true;
$action_name = 'convert'; //convert, move or both
$action_delay = ''; //number of days before running the action, default empty which means no delay
$audio_format = 'wav';
$preferred_command = 'lame'; //mpg123, lame, sox
//includes files
require_once "resources/require.php";
//create the database connection
$database = new database;
//use settings object instead of session
$settings = new settings(['database' => $database]);
//set the source and destination paths
$source_path = $settings->get('switch','recordings', '');
//set the destination_path
if ($action_name == 'move' || $action_name == 'both') {
$destination_path = $settings->get('call_recordings','destination_path', null);
}
//make sure the directory exists
if ($action_name == 'move' || $action_name == 'both') {
system('mkdir -p '.$destination_path);
}
//get the XML CDR call recordings.
$sql = "select xml_cdr_uuid, domain_uuid, domain_name, ";
$sql .= "record_path, record_name, direction, start_stamp, ";
$sql .= "caller_id_name, caller_id_number from v_xml_cdr ";
//$sql .= "where start_stamp > NOW() - INTERVAL '7 days' ";
$sql .= "where true ";
if ($action_name == 'convert' || $action_name == 'both') {
$sql .= "and record_name like '%.wav' ";
}
if ($action_name == 'move' || $action_name == 'both') {
$sql .= "and length(record_path) > 0 ";
$sql .= "and substr(record_path, 1, length(:source_path)) = :source_path ";
$parameters['source_path'] = $source_path;
}
if (!empty($action_delay) && is_numeric($action_delay)) {
$sql .= "and start_stamp < NOW() - INTERVAL '".$action_delay." days' ";
}
$sql .= "order by start_stamp desc ";
if ($debug) { echo $sql."\n"; }
$call_recordings = $database->select($sql, $parameters, 'all');
unset($parameters);
//process the changes
foreach ($call_recordings as $row) {
//set the record_name
$record_name = $row['record_name'];
//set the source_path
$source_path = realpath($row['record_path']);
//get the file name without the file extension
$path_parts = pathinfo($source_path.'/'.$record_name);
//convert the audio file from WAV to MP3
if ($action_name == 'convert' || $action_name == 'both') {
if ($debug) {
if (!file_exists($source_path."/".$record_name)) {
//echo "file not found: ".$source_path."/".$record_name."\n";
}
else {
echo "found file: ".$source_path."/".$record_name."\n";
}
}
if (file_exists($source_path."/".$record_name)) {
//build the sox command
if ($preferred_command == 'sox' && !file_exists($source_path."/".$path_parts['filename'].".mp3")) {
$command = "sox ".$source_path."/".$record_name." -C 128 ".$source_path."/".$path_parts['filename'].".mp3 \n";
}
//build and run the mpg123 command
if ($preferred_command == 'mpg123' && !file_exists($source_path."/".$path_parts['filename'].".mp3")) {
$command = "mpg123 -w ".$source_path."/".$record_name." ".$source_path."/".$path_parts['filename'].".mp3\n";
}
//build and run the mpg123 command
if ($preferred_command == 'lame' && !file_exists($source_path."/".$path_parts['filename'].".mp3")) {
$command = "lame -b 128 ".$source_path."/".$record_name." ".$source_path."/".$path_parts['filename'].".mp3\n";
}
//show debug information
if ($debug) {
echo $command."\n";
}
//run the command
if (!empty($command)) {
system($command);
}
//update the record name to use the new file extension
if (file_exists($source_path."/".$path_parts['filename'].".mp3")) {
//make sure the mp3 file exists and then delete the wav file
unlink($source_path."/".$path_parts['filename'].".wav");
//set the record_name with the new file extension
$record_name = $path_parts['filename'].".mp3";
}
}
}
//move the files
if ($action_name == 'move' || $action_name == 'both') {
//get breakdown of the date to year, month, and day
$start_time = strtotime($row['start_stamp']);
$start_year = date("Y", $start_time);
$start_month = date("M", $start_time);
$start_day = date("d", $start_time);
//move the recording from the old to the new directory
$old_path = realpath($row['record_path']);
$new_path = realpath($destination_path).'/'.$row['domain_name'].'/archive/'.$start_year.'/'.$start_month.'/'.$start_day;
if (!file_exists($new_path)) { system('mkdir -p '.$new_path); }
$command = "mv ".$old_path."/".$record_name." ".$new_path."/".$record_name;
if ($debug) { echo $command."\n"; }
system($command);
}
//update the database to the new directory
$sql = "update v_xml_cdr set \n";
if ($action_name == 'move' || $action_name == 'both') {
$sql .= "record_path = '".$new_path."' \n";
}
if ($action_name == 'convert' || $action_name == 'both') {
$sql .= "record_name = '".$path_parts['filename'].".mp3'\n";
}
$sql .= "where xml_cdr_uuid = '".$row['xml_cdr_uuid']."';\n";
if ($debug) { echo $sql."\n"; }
$database->execute($sql);
}
?>

19
debian/resources/monit.sh vendored
View File

@ -1,19 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
#install monit
apt-get install -y monit
#make the monit shell script executable
chmod 755 monit/shell.sh
#copy the freeswitch monit config
cp monit/freeswitch /etc/monit/conf.d
#restart monit
service monit restart

3
debian/resources/monit/freeswitch vendored
View File

@ -1,3 +0,0 @@
check process freeswitch with pidfile /run/freeswitch/freeswitch.pid
start program = "/usr/src/fusionpbx-install.sh/debian/resources/monit/./shell.sh"
stop program = "/usr/bin/freeswitch -stop"

5
debian/resources/monit/shell.sh vendored
View File

@ -1,5 +0,0 @@
#!/bin/sh
mkdir -p /var/run/freeswitch
chown -R www-data:www-data /var/run/freeswitch
/usr/bin/freeswitch -nc -u www-data -g www-data -nonat

30
debian/resources/nftables.sh vendored
View File

@ -1,30 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#add the includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Configuring nftables"
#run iptables commands
nft add rule ip filter INPUT iifname "lo" counter accept
nft add rule ip filter INPUT ct state related,established counter accept
nft add rule ip filter INPUT tcp dport 22 counter accept
nft add rule ip filter INPUT tcp dport 80 counter accept
nft add rule ip filter INPUT tcp dport 443 counter accept
nft add rule ip filter INPUT tcp dport 7443 counter accept
nft add rule ip filter INPUT tcp dport 5060-5091 counter accept
nft add rule ip filter INPUT udp dport 5060-5091 counter accept
nft add rule ip filter INPUT udp dport 16384-32768 counter accept
nft add rule ip filter INPUT icmp type echo-request counter accept
nft add rule ip filter INPUT udp dport 1194 counter accept
nft add rule ip mangle OUTPUT udp sport 16384-32768 counter ip dscp set 0x2e
nft add rule ip mangle OUTPUT tcp sport 5060-5091 counter ip dscp set 0x1a
nft add rule ip mangle OUTPUT udp sport 5060-5091 counter ip dscp set 0x1a

89
debian/resources/nginx.sh vendored
View File

@ -11,53 +11,65 @@ cd "$(dirname "$0")"
#send a message
verbose "Installing the web server"
#change the version of php for arm
if [ ."$cpu_architecture" = ."arm" ]; then
#set the version of php
if [ ."$os_codename" = ."bullseye" ]; then
php_version=7.4
fi
fi
#set the version of php
#if [ ."$os_codename" = ."bullseye" ]; then
# php_version=7.4
#if [ ."$cpu_architecture" = ."arm" ]; then
#9.x - */stretch/
#8.x - */jessie/
#fi
if [ ."$os_codename" = ."buster" ]; then
php_version=7.3
fi
if [ ."$os_codename" = ."stretch" ]; then
php_version=7.1
if [ ."$php_version" = ."5" ]; then
#verbose "Switching forcefully to php5* packages"
which add-apt-repository || apt-get install -y software-properties-common
#LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
#LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php5-compat
elif [ ."$os_name" = ."Ubuntu" ]; then
#16.10.x - */yakkety/
#16.04.x - */xenial/
#14.04.x - */trusty/
if [ ."$os_codename" = ."trusty" ]; then
which add-apt-repository || apt-get install -y software-properties-common
LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
fi
elif [ ."$cpu_architecture" = ."arm" ]; then
#Pi2 and Pi3 Raspbian
#Odroid
if [ ."$os_codename" = ."jessie" ]; then
php_version=7.1
echo "deb http://packages.moopi.uk/debian jessie main" > /etc/apt/sources.list.d/moopi.list
wget -O - http://packages.moopi.uk/debian/moopi.gpg.key | apt-key add -
fi
else
#9.x - */stretch/
#8.x - */jessie/
if [ ."$os_codename" = ."jessie" ]; then
echo "deb http://packages.dotdeb.org $os_codename all" > /etc/apt/sources.list.d/dotdeb.list
echo "deb-src http://packages.dotdeb.org $os_codename all" >> /etc/apt/sources.list.d/dotdeb.list
wget -O - https://www.dotdeb.org/dotdeb.gpg | apt-key add -
fi
fi
apt-get update
#use php version 5 for arm
#if [ .$cpu_architecture = .'arm' ]; then
# php_version=5
#fi
#install dependencies
apt-get install -y nginx
if [ ."$php_version" = ."5" ]; then
apt-get install -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-mcrypt
fi
if [ ."$php_version" = ."7" ]; then
apt-get install -y php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-mcrypt php7.0-xml
fi
#enable fusionpbx nginx config
cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
#prepare socket name
if [ ."$php_version" = ."5.6" ]; then
if [ ."$php_version" = ."5" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
fi
if [ ."$php_version" = ."7.0" ]; then
if [ ."$php_version" = ."7" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
fi
if [ ."$php_version" = ."7.1" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g'
fi
if [ ."$php_version" = ."7.2" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.2-fpm.sock;#g'
fi
if [ ."$php_version" = ."7.3" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.3-fpm.sock;#g'
fi
if [ ."$php_version" = ."7.4" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.4-fpm.sock;#g'
fi
if [ ."$php_version" = ."8.1" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php8.1-fpm.sock;#g'
fi
ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
#self signed certificate
@ -68,17 +80,14 @@ ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt
rm /etc/nginx/sites-enabled/default
#update config if LetsEncrypt folder is unwanted
# if [ .$letsencrypt_folder = .false ]; then
# sed -i '151,155d' /etc/nginx/sites-available/fusionpbx
# fi
if [ .$letsencrypt_folder = .false ]; then
sed -i '151,155d' /etc/nginx/sites-available/fusionpbx
fi
#add the letsencrypt directory
if [ .$letsencrypt_folder = .true ]; then
mkdir -p /var/www/letsencrypt/
fi
#flush systemd cache
systemctl daemon-reload
#restart nginx
service nginx restart

128
debian/resources/nginx/fusionpbx vendored
View File

@ -14,7 +14,7 @@ server {
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
@ -23,15 +23,15 @@ server {
# Allow the upgrade routines to run longer than normal
location = /core/upgrade/index.php {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 15m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
fastcgi_read_timeout 15m;
}
# Disable viewing .htaccess & .htpassword & .db & .git
# Disable viewing .htaccess & .htpassword & .db
location ~ .htaccess {
deny all;
}
@ -41,31 +41,12 @@ server {
location ~^.+.(db)$ {
deny all;
}
location ~ /\.git {
deny all;
}
location ~ /\.lua {
deny all;
}
location ~ /\. {
deny all;
}
}
server {
listen [::]:80;
listen 80;
server_name fusionpbx;
#redirect letsencrypt to dehydrated
location ^~ /.well-known/acme-challenge {
default_type "text/plain";
auth_basic "off";
alias /var/www/dehydrated;
}
#rewrite rule - send to https with an exception for provisioning
if ($uri !~* ^.*(provision|xml_cdr|firmware).*$) {
if ($uri !~* ^.*(provision|xml_cdr).*$) {
rewrite ^(.*) https://$host$1 permanent;
break;
}
@ -79,18 +60,13 @@ server {
#algo
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
#avaya
rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;
#mitel
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
#grandstream
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
#grandstream-wave softphone by ext because Android doesn't pass MAC.
rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
@ -108,13 +84,12 @@ server {
#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
#rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
#cisco
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
#Escene
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
@ -124,15 +99,6 @@ server {
rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
#Digium
rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
#Snom
rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
@ -145,9 +111,8 @@ server {
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 15m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
@ -155,15 +120,15 @@ server {
# Allow the upgrade routines to run longer than normal
location = /core/upgrade/index.php {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 15m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
fastcgi_read_timeout 15m;
}
# Disable viewing .htaccess & .htpassword & .db & .git
# Disable viewing .htaccess & .htpassword & .db
location ~ .htaccess {
deny all;
}
@ -173,38 +138,21 @@ server {
location ~^.+.(db)$ {
deny all;
}
location ~ /\.git {
deny all;
}
location ~ /\.lua {
deny all;
}
location ~ /\. {
deny all;
}
}
server {
listen [::]:443 ssl;
listen 443 ssl;
#listen 443 ssl http2;
listen 443;
server_name fusionpbx;
ssl on;
ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
#ssl_protocols TLSv1.2 TLSv1.3;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA;
ssl_session_cache shared:SSL:40m;
ssl_session_timeout 2h;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!ADH:!MD5:!aNULL;
#ssl_dhparam
#redirect letsencrypt to dehydrated
location ^~ /.well-known/acme-challenge {
default_type "text/plain";
auth_basic "off";
alias /var/www/dehydrated;
#letsencrypt
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
#REST api
@ -213,24 +161,16 @@ server {
break;
}
#message media
rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;
#algo
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
#avaya
rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;
#mitel
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
#grandstream
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
#grandstream-wave softphone by ext because Android doesn't pass MAC.
rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
@ -254,7 +194,6 @@ server {
#cisco
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
#Escene
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
@ -264,15 +203,6 @@ server {
rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
#Digium
rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
#Snom
rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
@ -285,9 +215,8 @@ server {
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 15m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
@ -295,15 +224,15 @@ server {
# Allow the upgrade routines to run longer than normal
location = /core/upgrade/index.php {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 15m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
fastcgi_read_timeout 15m;
}
# Disable viewing .htaccess & .htpassword & .db & .git
# Disable viewing .htaccess & .htpassword & .db
location ~ .htaccess {
deny all;
}
@ -313,13 +242,4 @@ server {
location ~^.+.(db)$ {
deny all;
}
location ~ /\.git {
deny all;
}
location ~ /\.lua {
deny all;
}
location ~ /\. {
deny all;
}
}

204
debian/resources/php.sh vendored
View File

@ -6,226 +6,30 @@ cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Configuring PHP"
#add the repository
if [ ."$os_name" = ."Ubuntu" ]; then
#16.10.x - */yakkety/
#16.04.x - */xenial/
#14.04.x - */trusty/
if [ ."$os_codename" = ."trusty" ]; then
which add-apt-repository || apt-get install -y software-properties-common
LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
fi
elif [ ."$cpu_architecture" = ."arm" ]; then
#Pi2 and Pi3 Raspbian, #Odroid
#if [ ."$os_codename" = ."stretch" ]; then
# php_version=7.0
#fi
if [ ."$os_codename" = ."buster" ]; then
php_version=7.3
fi
if [ ."$os_codename" = ."bullseye" ]; then
php_version=7.4
fi
if [ ."$os_codename" = ."bookworm" ]; then
php_version=8.2
fi
else
#11.x - bullseye
#10.x - buster
#9.x - stretch
#8.x - jessie
apt-get -y install apt-transport-https lsb-release ca-certificates
#make sure keyrings directory exits
mkdir /etc/apt/keyrings
if [ ."$os_codename" = ."jessie" ]; then
wget -O - https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /etc/apt/keyrings/php.gpg
sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
fi
if [ ."$os_codename" = ."stretch" ]; then
wget -O - https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /etc/apt/keyrings/php.gpg
sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
fi
if [ ."$os_codename" = ."buster" ]; then
wget -O - https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /etc/apt/keyrings/php.gpg
sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
fi
if [ ."$os_codename" = ."bullseye" ]; then
if [ ."$php_version" = ."8.1" ]; then
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
fi
if [ ."$php_version" = ."8.2" ]; then
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
fi
if [ ."$php_version" = ."8.3" ]; then
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
fi
if [ ."$php_version" = ."8.4" ]; then
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
fi
fi
if [ ."$os_codename" = ."bookworm" ]; then
if [ ."$php_version" = ."8.1" ]; then
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/chmod 644 /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
fi
if [ ."$php_version" = ."8.2" ]; then
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/chmod 644 /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
fi
if [ ."$php_version" = ."8.3" ]; then
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/chmod 644 /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
fi
if [ ."$php_version" = ."8.4" ]; then
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/chmod 644 /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
fi
fi
fi
apt-get update -y
#install dependencies
apt-get install -y nginx
if [ ."$php_version" = ."" ]; then
apt-get install -y php php-cli php-fpm php-pgsql php-sqlite3 php-odbc php-curl php-imap php-xml php-gd php-inotify
fi
if [ ."$php_version" = ."5.6" ]; then
apt-get install -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-gd
fi
if [ ."$php_version" = ."7.0" ]; then
apt-get install -y --no-install-recommends php7.0 php7.0-common php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-xml php7.0-gd php7.0-mbstring php7.0-inotify
fi
if [ ."$php_version" = ."7.1" ]; then
apt-get install -y --no-install-recommends php7.1 php7.1-common php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd php7.1-mbstring php7.1-inotify
fi
if [ ."$php_version" = ."7.2" ]; then
apt-get install -y --no-install-recommends php7.2 php7.2-common php7.2-cli php7.2-fpm php7.2-pgsql php7.2-sqlite3 php7.2-odbc php7.2-curl php7.2-imap php7.2-xml php7.2-gd php7.2-mbstring php7.2-inotify
fi
if [ ."$php_version" = ."7.3" ]; then
apt-get install -y --no-install-recommends php7.3 php7.3-common php7.3-cli php7.3-fpm php7.3-pgsql php7.3-sqlite3 php7.3-odbc php7.3-curl php7.3-imap php7.3-xml php7.3-gd php7.3-mbstring php7.3-inotify
fi
if [ ."$php_version" = ."7.4" ]; then
apt-get install -y --no-install-recommends php7.4 php7.4-common php7.4-cli php7.4-dev php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd php7.4-mbstring php7.4-inotify
fi
if [ ."$php_version" = ."8.1" ]; then
apt-get install -y --no-install-recommends php8.1 php8.1-common php8.1-cli php8.1-dev php8.1-fpm php8.1-pgsql php8.1-sqlite3 php8.1-odbc php8.1-curl php8.1-imap php8.1-xml php8.1-gd php8.1-mbstring php8.1-ldap php8.1-inotify
fi
if [ ."$php_version" = ."8.2" ]; then
apt-get install -y --no-install-recommends php8.2 php8.2-common php8.2-cli php8.2-dev php8.2-fpm php8.2-pgsql php8.2-sqlite3 php8.2-odbc php8.2-curl php8.2-imap php8.2-xml php8.2-gd php8.2-mbstring php8.2-ldap php8.2-inotify
fi
if [ ."$php_version" = ."8.3" ]; then
apt-get install -y --no-install-recommends php8.3 php8.3-common php8.3-cli php8.3-dev php8.3-fpm php8.3-pgsql php8.3-sqlite3 php8.3-odbc php8.3-curl php8.3-imap php8.3-xml php8.3-gd php8.3-mbstring php8.3-ldap php8.3-inotify
fi
if [ ."$php_version" = ."8.4" ]; then
apt-get install -y --no-install-recommends php8.4 php8.4-common php8.4-cli php8.4-dev php8.4-fpm php8.4-pgsql php8.4-sqlite3 php8.4-odbc php8.4-curl php8.4-imap php8.4-xml php8.4-gd php8.4-mbstring php8.4-ldap php8.4-inotify
fi
#update config if source is being used
if [ ."$php_version" = ."5" ]; then
verbose "version 5.x"
php_ini_file='/etc/php5/fpm/php.ini'
fi
if [ ."$php_version" = ."7.0" ]; then
if [ ."$php_version" = ."7" ]; then
verbose "version 7.0"
php_ini_file='/etc/php/7.0/fpm/php.ini'
fi
if [ ."$php_version" = ."7.1" ]; then
verbose "version 7.1"
php_ini_file='/etc/php/7.1/fpm/php.ini'
fi
if [ ."$php_version" = ."7.2" ]; then
verbose "version 7.2"
php_ini_file='/etc/php/7.2/fpm/php.ini'
fi
if [ ."$php_version" = ."7.3" ]; then
verbose "version 7.3"
php_ini_file='/etc/php/7.3/fpm/php.ini'
fi
if [ ."$php_version" = ."7.4" ]; then
verbose "version 7.4"
php_ini_file='/etc/php/7.4/fpm/php.ini'
fi
if [ ."$php_version" = ."8.1" ]; then
verbose "version 8.1"
php_ini_file='/etc/php/8.1/fpm/php.ini'
fi
if [ ."$php_version" = ."8.2" ]; then
verbose "version 8.2"
php_ini_file='/etc/php/8.2/fpm/php.ini'
fi
if [ ."$php_version" = ."8.3" ]; then
verbose "version 8.3"
php_ini_file='/etc/php/8.3/fpm/php.ini'
fi
if [ ."$php_version" = ."8.4" ]; then
verbose "version 8.4"
php_ini_file='/etc/php/8.4/fpm/php.ini'
fi
sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file
sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file
sed 's#;max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
sed 's#; max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
#install ioncube
if [ .$cpu_architecture = .'x86' ]; then
. ./ioncube.sh
fi
#restart php-fpm
systemctl daemon-reload
if [ ."$php_version" = ."5.6" ]; then
#systemd
if [ ."$php_version" = ."5" ]; then
systemctl restart php5-fpm
fi
if [ ."$php_version" = ."7.0" ]; then
if [ ."$php_version" = ."7" ]; then
systemctl restart php7.0-fpm
fi
if [ ."$php_version" = ."7.1" ]; then
systemctl restart php7.1-fpm
fi
if [ ."$php_version" = ."7.2" ]; then
systemctl restart php7.2-fpm
fi
if [ ."$php_version" = ."7.3" ]; then
systemctl restart php7.3-fpm
fi
if [ ."$php_version" = ."7.4" ]; then
systemctl restart php7.4-fpm
fi
if [ ."$php_version" = ."8.1" ]; then
systemctl restart php8.1-fpm
fi
if [ ."$php_version" = ."8.2" ]; then
systemctl restart php8.2-fpm
fi
if [ ."$php_version" = ."8.3" ]; then
systemctl restart php8.3-fpm
fi
if [ ."$php_version" = ."8.3" ]; then
systemctl restart php8.3-fpm
fi
#init.d
#/usr/sbin/service php5-fpm restart

81
debian/resources/postgresql.sh vendored
View File

@ -19,95 +19,58 @@ echo "Install PostgreSQL and create the database and users\n"
#included in the distribution
if [ ."$database_repo" = ."system" ]; then
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
apt-get install -y sudo postgresql
else
apt-get install -y sudo postgresql-client
apt-get install -y --force-yes sudo postgresql
fi
fi
#make sure keyrings directory exits
mkdir /etc/apt/keyrings
#postgres official repository
if [ ."$database_repo" = ."official" ]; then
apt install -y gpg
sh -c 'echo "deb [signed-by=/etc/apt/keyrings/pgdg.gpg] http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/keyrings/pgdg.gpg
chmod 644 /etc/apt/keyrings/pgdg.gpg
echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' > /etc/apt/sources.list.d/postgresql.list
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
apt-get update && apt-get upgrade -y
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
if [ ."$database_version" = ."latest" ]; then
apt-get install -y sudo postgresql
else
apt-get install -y sudo postgresql-$database_version
apt-get install -y --force-yes sudo postgresql
fi
else
apt-get install -y sudo postgresql-client
if [ ."$database_version" = ."9.6" ]; then
apt-get install -y --force-yes sudo postgresql-$database_version
fi
fi
#add PostgreSQL and 2ndquadrant repos
if [ ."$database_repo" = ."2ndquadrant" ]; then
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
apt install -y curl
curl https://dl.2ndquadrant.com/default/release/get/deb | bash
if [ ."$os_codename" = ."buster" ]; then
sed -i /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list -e 's#buster#stretch#g'
fi
if [ ."$os_codename" = ."bullseye" ]; then
sed -i /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list -e 's#bullseye#stretch#g'
fi
apt update
apt-get install -y sudo postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4
fi
echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' > /etc/apt/sources.list.d/postgresql.list
echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' > /etc/apt/sources.list.d/2ndquadrant.list
/usr/bin/wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add -
/usr/bin/wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add -
apt-get update && apt-get upgrade -y
apt-get install -y --force-yes sudo postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4
fi
#install the database backup
#cp backup/fusionpbx-backup /etc/cron.daily
#cp backup/fusionpbx-maintenance /etc/cron.daily
#chmod 755 /etc/cron.daily/fusionpbx-backup
#chmod 755 /etc/cron.daily/fusionpbx-maintenance
#sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-backup
#sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-maintenance
#initialize the database
pg_createcluster $database_version main
#replace scram-sha-256 with md5
sed -i /etc/postgresql/$database_version/main/pg_hba.conf -e '/^#/!s/scram-sha-256/md5/g'
#systemd
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
systemctl daemon-reload
systemctl restart postgresql
fi
#init.d
#/usr/sbin/service postgresql restart
#install the database backup
cp backup/fusionpbx-backup.sh /etc/cron.daily
chmod 755 /etc/cron.daily/fusionpbx-backup.sh
sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-backup.sh
#move to /tmp to prevent a red herring error when running sudo with psql
cwd=$(pwd)
cd /tmp
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
#reload the config
sudo -u postgres psql -c "SELECT pg_reload_conf();"
#set client encoding
sudo -u postgres psql -c "SET client_encoding = 'UTF8';";
#add the database users and databases
#add the databases, users and grant permissions to them
sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
#add the users and grant permissions
sudo -u postgres psql -c "CREATE DATABASE freeswitch;";
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
#update the fusionpbx user password
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
#ALTER USER fusionpbx WITH PASSWORD 'newpassword';
fi
cd $cwd
#set the ip address

17
debian/resources/postgresql/create.sh vendored Executable file → Normal file
View File

@ -11,17 +11,18 @@ cwd=$(pwd)
cd /tmp
#set client encoding
sudo -u postgres psql -p $database_port -c "SET client_encoding = 'UTF8';";
sudo -u postgres psql -c "SET client_encoding = 'UTF8';";
#add the database users and databases
sudo -u postgres psql -p $database_port -c "CREATE DATABASE fusionpbx;";
sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
sudo -u postgres psql -c "CREATE DATABASE freeswitch;";
#add the users and grant permissions
sudo -u postgres psql -p $database_port -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';"
sudo -u postgres psql -p $database_port -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
#reload the config
sudo -u postgres psql -p $database_port -c "SELECT pg_reload_conf();"
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';"
sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$database_password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
#restart postgres
#systemctl restart postgresql
service postgresql restart

6
debian/resources/postgresql/dsn.sh vendored
View File

@ -43,9 +43,9 @@ sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<!-- <param name="
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "update v_sip_profile_settings set sip_profile_setting_enabled = 'true' where sip_profile_setting_name = 'odbc-dsn';";
#add the dsn variables
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'pgsql://hostaddr=$database_host port=$database_port dbname=freeswitch user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///var/lib/freeswitch/db/callcenter.db', 'DSN', 'true', '0', null, null);";
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_cat, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_cat, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'pgsql://hostaddr=$database_host port=$database_port dbname=freeswitch user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_cat, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///var/lib/freeswitch/db/callcenter.db', 'DSN', 'true', '0', null, null);";
#add the
echo "<!-- DSN -->" >> /etc/freeswitch/vars.xml

2
debian/resources/postgresql/empty.sh vendored
View File

@ -20,7 +20,7 @@ now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql
#backup the database
pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_auto_$now.sql
pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
#empty the fusionpbx database
sudo -u postgres psql -d fusionpbx -c "drop schema public cascade;";

54
debian/resources/postgresql/iptables.sh vendored
View File

@ -1,54 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ../config.sh
#set the date
now=$(date +%Y-%m-%d)
#show this server's addresses
server_address=$(hostname -I);
echo "This Server Address: $server_address"
#nodes addresses
read -p "Enter all Node IP Addresses: " nodes
#determine whether to add iptable rules
read -p 'Add iptable rules (y/n): ' iptables_add
#settings summary
echo "-----------------------------";
echo " Summary";
echo "-----------------------------";
echo "All Node IP Addresses: $nodes";
echo "Add iptable rules: $iptables_add";
echo "";
#verify
read -p 'Is the information correct (y/n): ' verified
if [ .$verified != ."y" ]; then
echo "Goodbye";
exit 0;
fi
#iptables rules
if [ .$iptables_add = ."y" ]; then
for node in $nodes; do
/usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32
/usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 22000 -s ${node}/32
done
apt-get remove iptables-persistent -y
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
apt-get install -y iptables-persistent
fi
#set the working directory
cwd=$(pwd)
cd /tmp
#message to user
echo "Completed"

94
debian/resources/postgresql/node.sh vendored
View File

@ -9,6 +9,11 @@ cd "$(dirname "$0")"
#set the date
now=$(date +%Y-%m-%d)
#set the database password
if [ .$database_password = .'random' ]; then
database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
fi
#show this server's addresses
server_address=$(hostname -I);
echo "This Server Address: $server_address"
@ -16,39 +21,28 @@ echo "This Server Address: $server_address"
#nodes addresses
read -p "Enter all Node IP Addresses: " nodes
#replication method options: logical (default), or bdr
read -p "Enter the replication method. (logical,bdr): " replication_method
#request group_create, node_1 and node_2
if [ .$replication_method = ."bdr" ]; then
read -p 'Create Group (y,n): ' group_create
if [ .$group_create = ."y" ]; then
#request the domain and email
read -p 'Create Group (true/false): ' group_create
if [ .$group_create = .true ]; then
read -p 'Enter this Nodes Address: ' node_1;
else
read -p 'Join using node already in group: ' node_1;
read -p 'Enter this Nodes Address: ' node_2;
fi
fi
if [ .$replication_method = ."bdr" ]; then
#determine which database to replicate
read -p 'Replicate the FusionPBX Database (y,n): ' system_replicate
#determine which database to replicate
read -p 'Replicate the FreeSWITCH Database (y,n): ' switch_replicate
fi
read -p 'Replicate the FusionPBX Database (true/false): ' system_replicate
#determine whether to add iptable rules
read -p 'Add iptable rules (y,n): ' iptables_add
#determine which database to replicate
read -p 'Replicate the FreeSWITCH Database (true/false): ' switch_replicate
#settings summary
echo "-----------------------------";
echo " Summary";
echo "-----------------------------";
echo "All Node IP Addresses: $nodes";
if [ .$replication_method = ."bdr" ]; then
echo "Create Group: $group_create";
if [ .$group_create = ."y" ]; then
echo "All Node IP Addresses: $nodes";
if [ .$group_create = .true ]; then
echo "This Nodes Address: $node_1";
else
echo "Join using node in group: $node_1";
@ -56,29 +50,32 @@ if [ .$replication_method = ."bdr" ]; then
fi
echo "Replicate the FusionPBX Database: $system_replicate";
echo "Replicate the FreeSWITCH Database: $switch_replicate";
fi
echo "Add iptable rules: $iptables_add";
echo "";
#verify
read -p 'Is the information correct (y,n): ' verified
read -p 'Is the information correct (y/n): ' verified
if [ .$verified != ."y" ]; then
echo "Goodbye";
exit 0;
fi
#add the 2ndquadrant repo
if [ ."$database_version" = ."9.6" ]; then
echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' > /etc/apt/sources.list.d/2ndquadrant.list
/usr/bin/wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add -
apt-get update && apt-get upgrade -y
apt-get install -y --force-yes sudo postgresql-9.6-bdr-plugin
fi
#iptables rules
if [ .$iptables_add = ."y" ]; then
for node in $nodes; do
/usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32
/usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 22000 -s ${node}/32
iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32
iptables -A INPUT -j ACCEPT -p tcp --dport 22000 -s ${node}/32
done
apt-get remove iptables-persistent -y
apt-get remove iptables-persistent -y --force-yes
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
apt-get install -y iptables-persistent
systemctl restart fail2ban
fi
apt-get install -y --force-yes iptables-persistent
#setup ssl
sed -i /etc/postgresql/$database_version/main/postgresql.conf -e s:'snakeoil.key:snakeoil-postgres.key:'
@ -89,17 +86,15 @@ chmod 600 /etc/ssl/private/ssl-cert-snakeoil-postgres.key
#postgresql.conf - append settings
cp /etc/postgresql/$database_version/main/postgresql.conf /etc/postgresql/$database_version/main/postgresql.conf-$now
#cat ../postgresql/postgresql.conf > /etc/postgresql/$database_version/main/postgresql.conf
echo "#listen_addresses = '127.0.0.1,xxx.xxx.xxx.xxx'" >> /etc/postgresql/$database_version/main/postgresql.conf
echo "listen_addresses = '*'" >> /etc/postgresql/$database_version/main/postgresql.conf
echo "#listen_addresses = '127.0.0.1,xxx.xxx.xxx.xxx'" >> /etc/postgresql/$database_version/main/postgresql.conf
echo "shared_preload_libraries = 'bdr'" >> /etc/postgresql/$database_version/main/postgresql.conf
echo "wal_level = 'logical'" >> /etc/postgresql/$database_version/main/postgresql.conf
echo "track_commit_timestamp = on" >> /etc/postgresql/$database_version/main/postgresql.conf
echo "max_connections = 100" >> /etc/postgresql/$database_version/main/postgresql.conf
echo "max_wal_senders = 10" >> /etc/postgresql/$database_version/main/postgresql.conf
echo "max_replication_slots = 48" >> /etc/postgresql/$database_version/main/postgresql.conf
echo "max_worker_processes = 48" >> /etc/postgresql/$database_version/main/postgresql.conf
if [ .$replication_method = ."bdr" ]; then
echo "shared_preload_libraries = 'bdr'" >> /etc/postgresql/$database_version/main/postgresql.conf
fi
#pg_hba.conf - append settings
cp /etc/postgresql/$database_version/main/pg_hba.conf /etc/postgresql/$database_version/main/pg_hba.conf-$now
@ -118,50 +113,34 @@ done
#reload configuration
systemctl daemon-reload
#reload the config
sudo -u postgres psql -p $database_port -c "SELECT pg_reload_conf();"
#restart postgres
systemctl restart postgresql
service postgresql restart
#set the working directory
cwd=$(pwd)
cd /tmp
#add the bdr repo
if [ .$replication_method = ."bdr" ]; then
if [ .$database_version = ."9.6" ]; then
echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' > /etc/apt/sources.list.d/2ndquadrant.list
/usr/bin/wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add -
apt-get update && apt-get upgrade -y
apt-get install -y sudo postgresql-9.6-bdr-plugin
fi
fi
#add the postgres extensions
if [ .$replication_method = ."bdr" ]; then
sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION btree_gist;";
sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION bdr;";
sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION btree_gist;";
sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION bdr;";
fi
#add master nodes
if [ .$replication_method = ."bdr" ]; then
if [ .$group_create = ."y" ]; then
if [ .$group_create = .true ]; then
#add first node
if [ .$system_replicate = ."y" ]; then
if [ .$system_replicate = .true ]; then
sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
fi
if [ .$switch_replicate = ."y" ]; then
if [ .$switch_replicate = .true ]; then
sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
fi
else
#add additional master nodes
if [ .$system_replicate = ."y" ]; then
if [ .$system_replicate = .true ]; then
sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
fi
if [ .$switch_replicate = ."y" ]; then
if [ .$switch_replicate = .true ]; then
sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
fi
fi
@ -170,17 +149,16 @@ if [ .$replication_method = ."bdr" ]; then
#sudo -u postgres psql -d freeswitch -f /var/www/fusionpbx/resources/install/sql/switch.sql -L /tmp/switch-sql.log
#sleeping
if [ .$group_create = ."n" ]; then
if [ .$group_create = .false ]; then
echo "Sleeping for 15 seconds";
for i in `seq 1 15`; do
echo $i
sleep 1
done
fi
fi
#add extension pgcrypto
if [ .$group_create = ."n" ]; then
if [ .$group_create = .false ]; then
sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION pgcrypto;";
fi

62
debian/resources/postgresql/pg_hba.sh vendored
View File

@ -1,62 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ../config.sh
#set the date
now=$(date +%Y-%m-%d)
#show this server's addresses
server_address=$(hostname -I);
echo "This Server Address: $server_address"
#nodes addresses
read -p "Enter all Node IP Addresses: " nodes
#determine whether to add iptable rules
read -p 'Add ip address to pg_hba (y/n): ' pg_hba_add
#settings summary
echo "-----------------------------";
echo " Summary";
echo "-----------------------------";
echo "All Node IP Addresses: $nodes";
echo "Add ip addresses to pg_hba: $pg_hba_add";
echo "";
#verify
read -p 'Is the information correct (y/n): ' verified
if [ .$verified != ."y" ]; then
echo "Goodbye";
exit 0;
fi
#pg_hba.conf - append settings
cp /etc/postgresql/$database_version/main/pg_hba.conf /etc/postgresql/$database_version/main/pg_hba.conf-$now
cat ../postgresql/pg_hba.conf > /etc/postgresql/$database_version/main/pg_hba.conf
#chmod 640 /etc/postgresql/$database_version/main/pg_hba.conf
#chown -R postgres:postgres /etc/postgresql/$database_version/main
echo "host all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
echo "hostssl all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
echo "hostssl replication postgres 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
for node in $nodes; do
echo "host all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
echo "hostssl all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
echo "hostssl replication postgres ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
done
#reload configuration
systemctl daemon-reload
#restart postgres
service postgresql restart
#set the working directory
cwd=$(pwd)
cd /tmp
#message to user
echo "Completed"

13
debian/resources/reboot_phones.sh vendored
View File

@ -21,22 +21,11 @@ ARR=()
IFS=","
INPUT=$FILE
#loop through the registrations and reboot
#Loop through the registrations and reboot
[ ! -f $INPUT ] &while read reg_user realm extra
do
#option reboot all phones
if [ ."$domain" = ."all" ]; then
echo "$reg_user@$realm $vendor"
eval 'fs_cli -x "luarun app.lua event_notify internal reboot $reg_user@$realm $vendor"'
if [ "$pausetime" > 0 ]; then
sleep $pausetime
fi
fi
#option reboot phones on a specific domain
if [ ."$realm" = ."$domain" ]; then
echo "$reg_user@$realm $vendor"
eval 'fs_cli -x "luarun app.lua event_notify internal reboot $reg_user@$realm $vendor"'
echo ""
if [ "$pausetime" > 0 ]; then
sleep $pausetime
fi

4
debian/resources/reset_admin_password.sh vendored
View File

@ -8,14 +8,14 @@ cd "$(dirname "$0")"
. ./colors.sh
#count the users
admin_users=$(sudo -u postgres psql fusionpbx -Atc "select count(*) from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
admin_users=$(sudo -u postgres psql fusionpbx -Atc "select count(*) from v_users JOIN v_group_users USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
if [ .$admin_users = .'0' ]; then
error "i could not find the user '$system_username' in the database, check your resources/config.sh is correct"
elif [ .$admin_users = .'' ]; then
error "something went wrong, see errors above";
else
admin_uuids=$(sudo -u postgres psql fusionpbx -Atc "select v_users.user_uuid from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
admin_uuids=$(sudo -u postgres psql fusionpbx -Atc "select v_users.user_uuid from v_users JOIN v_group_users USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
for admin_uuid in $admin_uuids; do
user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
if [ .$system_password = .'random' ]; then

8
debian/resources/sngrep.sh vendored
View File

@ -11,17 +11,15 @@ cd "$(dirname "$0")"
#add sngrep
if [ ."$cpu_architecture" = ."arm" ]; then
#source install
apt-get install -y git autoconf automake gcc make libncurses5-dev libpcap-dev libssl-dev libpcre3-dev
apt-get install -y --force-yes git autoconf automake gcc make libncurses5-dev libpcap-dev libssl-dev libpcre3-dev
cd /usr/src && git clone https://github.com/irontec/sngrep
cd /usr/src/sngrep && ./bootstrap.sh
cd /usr/src/sngrep && ./configure
cd /usr/src/sngrep && make install
else
#package install
if [ ."$os_codename" = ."jessie" ]; then
echo "deb http://packages.irontec.com/debian $os_codename main" > /etc/apt/sources.list.d/sngrep.list
echo 'deb http://packages.irontec.com/debian jessie main' > /etc/apt/sources.list.d/sngrep.list
wget http://packages.irontec.com/public.key -q -O - | apt-key add -
apt-get update
fi
apt-get install -y sngrep
apt-get install -y --force-yes sngrep
fi

10
debian/resources/switch.sh vendored
View File

@ -5,7 +5,6 @@ cd "$(dirname "$0")"
#includes
. ./config.sh
. ./environment.sh
if [ .$switch_source = .true ]; then
if [ ."$switch_branch" = "master" ]; then
@ -14,19 +13,14 @@ if [ .$switch_source = .true ]; then
switch/source-release.sh
fi
#add sounds and music files
switch/source-sounds.sh
#copy the switch conf files to /etc/freeswitch
switch/conf-copy.sh
#set the file permissions
#switch/source-permissions.sh
switch/package-permissions.sh
switch/source-permissions.sh
#systemd service
#switch/source-systemd.sh
switch/package-systemd.sh
switch/source-systemd.sh
fi
if [ .$switch_package = .true ]; then

2
debian/resources/switch/conf-copy.sh vendored
View File

@ -1,3 +1,3 @@
mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/fusionpbx/app/switch/resources/conf/* /etc/freeswitch
cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch

63
debian/resources/switch/dsn.sh vendored
View File

@ -1,63 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ../config.sh
#set the date
now=$(date +%Y-%m-%d)
#get the database password
if [ .$database_password = .'random' ]; then
read -p "Enter the database password: " database_password
fi
#set PGPASSWORD
#export PGPASSWORD=$database_password
#enable auto create schemas
sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<!-- <param name="auto-create-schemas" value="true"/> -->:<param name="auto-create-schemas" value="true"/>:'
sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<param name="auto-create-schemas" value="false"/>:<param name="auto-create-schemas" value="true"/>:'
#enable odbc-dsn in the xml
sed -i /etc/freeswitch/autoload_configs/db.conf.xml -e s:'<!--<param name="odbc-dsn" value="$${dsn}"/>-->:<param name="odbc-dsn" value="$${dsn}"/>:'
sed -i /etc/freeswitch/autoload_configs/fifo.conf.xml -e s:'<!--<param name="odbc-dsn" value="$${dsn}"/>-->:<param name="odbc-dsn" value="$${dsn}"/>:'
sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<!-- <param name="core-db-dsn" value="$${dsn}" /> -->:<param name="core-db-dsn" value="$${dsn}" />:'
#update the switch database directory
sed -i /etc/fusionpbx/config.conf -e s:'/var/lib/freeswitch/db:/dev/shm:'
#enable odbc-dsn in the sip profiles
sudo -u postgres psql fusionpbx -c "update v_sip_profile_settings set sip_profile_setting_enabled = 'true' where sip_profile_setting_name = 'odbc-dsn';";
#update the switch db directory in default settings
sudo -u postgres psql fusionpbx -c "update v_default_settings set default_setting_value = '/dev/shm' where default_setting_category = 'switch' and default_setting_subcategory = 'db';";
#add the dsn variables
sudo -u postgres psql fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
sudo -u postgres psql fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'sqlite:///dev/shm/core.db', 'DSN', 'true', '0', null, null);";
sudo -u postgres psql fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///dev/shm/callcenter.db', 'DSN', 'true', '0', null, null);";
#update the vars.xml file
echo "<!-- DSN -->" >> /etc/freeswitch/vars.xml
echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn_system=pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=\" />" >> /etc/freeswitch/vars.xml
echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn=sqlite:///dev/shm/core.db\" />" >> /etc/freeswitch/vars.xml
echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn_callcenter=sqlite:///dev/shm/callcenter.db\" />" >> /etc/freeswitch/vars.xml
#remove the sqlite database files
dbs="/var/lib/freeswitch/db/core.db /var/lib/freeswitch/db/fifo.db /var/lib/freeswitch/db/call_limit.db /var/lib/freeswitch/db/sofia_reg_*"
for db in ${dbs};
do
if [ -f $db ]; then
echo "Deleting $db";
rm $db
fi
done
#flush the cache
rm -R /var/cache/fusionpbx/*
#restart freeswitch
/usr/sbin/service freeswitch restart

19
debian/resources/switch/package-all.sh vendored
View File

@ -7,21 +7,18 @@ cd "$(dirname "$0")"
. ../config.sh
. ../colors.sh
. ../environment.sh
. ../arguments.sh
apt-get update && apt-get install -y ntp curl memcached haveged apt-transport-https
apt-get update && apt-get install -y wget lsb-release gnupg2
apt-get update && apt-get install -y --force-yes ntp curl memcached haveged
if [ ."$cpu_architecture" = ."x86" ]; then
wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb-src http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
fi
if [ ."$cpu_architecture" = ."arm" ]; then
wget -O - https://files.freeswitch.org/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb-src http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
echo "deb http://repo.sip247.com/debian/freeswitch-stable-armhf/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
curl http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add -
else
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
curl http://files.freeswitch.org/repo/deb/freeswitch-1.6/key.gpg | apt-key add -
fi
apt-get update && apt-get install -y freeswitch-meta-all freeswitch-all-dbg gdb
apt-get update && apt-get install -y --force-yes freeswitch-meta-all freeswitch-all-dbg gdb
#make sure that postgresql is started before starting freeswitch
sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:'

4
debian/resources/switch/package-master-all.sh vendored
View File

@ -1,9 +1,9 @@
#!/bin/sh
apt-get update && apt-get install -y ntp curl memcached haveged
apt-get update && apt-get install -y --force-yes ntp curl memcached haveged
curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list
apt-get update && apt-get install -y freeswitch-meta-all freeswitch-all-dbg gdb
apt-get update && apt-get install -y --force-yes freeswitch-meta-all freeswitch-all-dbg gdb
#make sure that postgresql is started before starting freeswitch
sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:'

29
debian/resources/switch/package-master.sh vendored
View File

@ -1,23 +1,20 @@
#!/bin/sh
apt-get update && apt-get install -y curl memcached haveged
apt-get update && apt-get install -y --force-yes curl memcached haveged
curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list
apt-get update
apt-get install -y gnupg gnupg2
apt-get install -y wget lsb-release
apt-get install -y ntp gdb
apt-get install -y freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor
apt-get install -y freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
apt-get install -y freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
apt-get install -y freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi
apt-get install -y freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
apt-get install -y freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
apt-get install -y freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
apt-get install -y freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
apt-get install -y freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite
apt-get install -y freeswitch-mod-pgsql
apt-get install -y freeswitch-music-default
apt-get install -y --force-yes ntp gdb
apt-get install -y --force-yes freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor
apt-get install -y --force-yes freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
apt-get install -y --force-yes freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
apt-get install -y --force-yes freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi
apt-get install -y --force-yes freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
apt-get install -y --force-yes freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
apt-get install -y --force-yes freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
apt-get install -y --force-yes freeswitch-mod-skypopen freeswitch-mod-skypopen-dbg freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
apt-get install -y --force-yes freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite
apt-get install -y --force-yes freeswitch-music-default
#make sure that postgresql is started before starting freeswitch
sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:'
@ -25,7 +22,7 @@ sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.tar
#remove the music package to protect music on hold from package updates
mkdir -p /usr/share/freeswitch/sounds/temp
mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
apt-get remove -y freeswitch-music-default
apt-get remove -y --force-yes freeswitch-music-default
mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
rm -R /usr/share/freeswitch/sounds/temp

7
debian/resources/switch/package-permissions.sh vendored
View File

@ -1,13 +1,6 @@
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ../config.sh
#default permissions
chown -R www-data:www-data /etc/freeswitch
chown -R www-data:www-data /var/lib/freeswitch
chown -R www-data:www-data /usr/share/freeswitch
chown -R www-data:www-data /var/log/freeswitch
chown -R www-data:www-data /var/run/freeswitch
chown -R www-data:www-data /var/cache/fusionpbx

52
debian/resources/switch/package-release.sh vendored
View File

@ -8,40 +8,27 @@ cd "$(dirname "$0")"
. ../colors.sh
. ../environment.sh
apt-get update && apt-get install -y curl memcached haveged apt-transport-https
apt-get update && apt-get install -y gnupg gnupg2
apt-get update && apt-get install -y wget lsb-release sox
if [ ."$cpu_architecture" = ."x86" ]; then
wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/debian-release/signalwire-freeswitch-repo.gpg
echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
fi
apt-get update && apt-get install -y --force-yes curl memcached haveged
if [ ."$cpu_architecture" = ."arm" ]; then
wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub
echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
echo "deb [signed-by=/etc/apt/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb-src [signed-by=/etc/apt/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
echo "deb https://repo.fusionpbx.com/armhf jessie main" > /etc/apt/sources.list.d/freeswitch.list
curl https://repo.fusionpbx.com/public.key | apt-key add -
else
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
curl http://files.freeswitch.org/repo/deb/freeswitch-1.6/key.gpg | apt-key add -
fi
apt-get update
apt-get install -y gdb ntp
apt-get install -y freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-mod-console freeswitch-mod-logfile
apt-get install -y freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
apt-get install -y freeswitch-sounds-es-ar-mario freeswitch-mod-say-es freeswitch-mod-say-es-ar
apt-get install -y freeswitch-sounds-fr-ca-june freeswitch-mod-say-fr
apt-get install -y freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
apt-get install -y freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo freeswitch-mod-httapi
apt-get install -y freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
apt-get install -y freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
apt-get install -y freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
apt-get install -y freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
apt-get install -y freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory
apt-get install -y freeswitch-mod-av freeswitch-mod-flite freeswitch-mod-distributor freeswitch-meta-codecs
apt-get install -y freeswitch-mod-pgsql
apt-get install -y freeswitch-music-default
apt-get install -y libyuv-dev
apt-get install -y --force-yes gdb ntp
apt-get install -y --force-yes freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-mod-console freeswitch-mod-logfile
apt-get install -y --force-yes freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
apt-get install -y --force-yes freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
apt-get install -y --force-yes freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo freeswitch-mod-httapi
apt-get install -y --force-yes freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
apt-get install -y --force-yes freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
apt-get install -y --force-yes freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
apt-get install -y --force-yes freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
apt-get install -y --force-yes freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory
apt-get install -y --force-yes freeswitch-mod-skypopen freeswitch-mod-skypopen-dbg freeswitch-mod-flite libyuv-dev freeswitch-mod-distributor freeswitch-meta-codecs
apt-get install -y --force-yes freeswitch-music-default
#make sure that postgresql is started before starting freeswitch
sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:'
@ -49,8 +36,7 @@ sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.tar
#remove the music package to protect music on hold from package updates
mkdir -p /usr/share/freeswitch/sounds/temp
mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
mv /usr/share/freeswitch/sounds/music/default/*000 /usr/share/freeswitch/sounds/temp
apt-get remove -y freeswitch-music-default
apt-get remove -y --force-yes freeswitch-music-default
mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
rm -R /usr/share/freeswitch/sounds/temp

2
debian/resources/switch/package-systemd.sh vendored
View File

@ -1,4 +1,4 @@
apt-get remove -y freeswitch-systemd
apt-get remove -y --force-yes freeswitch-systemd
cp "$(dirname $0)/source/freeswitch.service.package" /lib/systemd/system/freeswitch.service
cp "$(dirname $0)/source/etc.default.freeswitch.package" /etc/default/freeswitch
chmod 644 /lib/systemd/system/freeswitch.service

25
debian/resources/switch/repo.sh vendored
View File

@ -1,25 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ../config.sh
. ../colors.sh
. ../environment.sh
apt-get update && apt-get install -y curl memcached haveged apt-transport-https
apt-get update && apt-get install -y gnupg gnupg2
apt-get update && apt-get install -y wget lsb-release
if [ ."$cpu_architecture" = ."x86" ]; then
wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/debian-release/signalwire-freeswitch-repo.gpg
echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
fi
if [ ."$cpu_architecture" = ."arm" ]; then
wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://files.freeswitch.org/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub
echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
fi

11
debian/resources/switch/source-master.sh vendored
View File

@ -1,14 +1,14 @@
#!/bin/sh
echo "Installing the FreeSWITCH source"
DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev
apt-get install -y unzip libpq-dev libvlc-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev
DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y --force-yes ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev
apt-get install -y --force-yes unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev
apt-get update && apt-get install -y ntp curl haveged
apt-get update && apt-get install -y --force-yes ntp curl haveged
curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
apt-get update && apt-get upgrade
apt-get install -y freeswitch-video-deps-most
apt-get install -y --force-yes freeswitch-video-deps-most
git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch
cd /usr/src/freeswitch
@ -19,13 +19,12 @@ sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applic
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_pgsql:formats/mod_pgsql:'
./bootstrap.sh -j
#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs
./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
#make mod_shout-install
make -j $(getconf _NPROCESSORS_ONLN)
make
rm -rf /usr/local/freeswitch/{lib,mod,bin}/*
make install
make sounds-install moh-install

27
debian/resources/switch/source-permissions.sh vendored
View File

@ -1,24 +1,5 @@
#old
#setup owner and group, permissions and sticky
#chmod -R ug+rw /usr/local/freeswitch
#touch /usr/local/freeswitch/freeswitch.log
#chown -R www-data:www-data /usr/local/freeswitch
#find /usr/local/freeswitch -type d -exec chmod 2770 {} \;
#current (same paths as package)
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ../config.sh
#default permissions
chown -R www-data:www-data /etc/freeswitch
chown -R www-data:www-data /var/lib/freeswitch
chown -R www-data:www-data /usr/share/freeswitch
chown -R www-data:www-data /var/log/freeswitch
chown -R www-data:www-data /var/run/freeswitch
chown -R www-data:www-data /var/cache/fusionpbx
chmod -R ug+rw /usr/local/freeswitch
touch /usr/local/freeswitch/freeswitch.log
chown -R www-data:www-data /usr/local/freeswitch
find /usr/local/freeswitch -type d -exec chmod 2770 {} \;

182
debian/resources/switch/source-release.sh vendored
View File

@ -1,155 +1,51 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
echo "Installing the FreeSWITCH source"
DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y --force-yes ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev
apt-get install -y --force-yes ntp unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev
#includes
. ../config.sh
. ../environment.sh
#upgrade packages
apt update && apt upgrade -y
# install dependencies
apt install -y autoconf automake devscripts g++ git-core libncurses5-dev libtool make libjpeg-dev
apt install -y pkg-config flac libgdbm-dev libdb-dev gettext sudo equivs mlocate git dpkg-dev libpq-dev
apt install -y liblua5.2-dev libtiff5-dev libperl-dev libcurl4-openssl-dev libsqlite3-dev libpcre3-dev
apt install -y devscripts libspeexdsp-dev libspeex-dev libldns-dev libedit-dev libopus-dev libmemcached-dev
apt install -y libshout3-dev libmpg123-dev libmp3lame-dev yasm nasm libsndfile1-dev libuv1-dev libvpx-dev
apt install -y libavformat-dev libswscale-dev libvlc-dev python3-distutils sox libsox-fmt-all
#install dependencies that depend on the operating system version
if [ ."$os_codename" = ."stretch" ]; then
apt install -y libvpx4 swig3.0
fi
if [ ."$os_codename" = ."buster" ]; then
apt install -y libvpx5 swig3.0
fi
if [ ."$os_codename" = ."bullseye" ]; then
apt install -y libvpx6 swig4.0
fi
# additional dependencies
apt install -y sqlite3 unzip
apt-get update && apt-get install -y --force-yes curl haveged
curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
apt-get update && apt-get upgrade
apt-get install -y --force-yes freeswitch-video-deps-most
#we are about to move out of the executing directory so we need to preserve it to return after we are done
CWD=$(pwd)
#install the following dependencies if the switch version is greater than 1.10.0
if [ $(echo "$switch_version" | tr -d '.') -gt 1100 ]; then
# libks build-requirements
apt install -y cmake uuid-dev
# libks
SWITCH_VERSION=1.6.19
echo "Using version $SWITCH_VERSION"
cd /usr/src
git clone https://github.com/signalwire/libks.git libks
cd libks
cmake .
make -j $(getconf _NPROCESSORS_ONLN)
#git clone -b v1.6 https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch
wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$SWITCH_VERSION.zip
unzip freeswitch-$SWITCH_VERSION.zip
rm -R freeswitch
mv freeswitch-$SWITCH_VERSION freeswitch
cd freeswitch
#./bootstrap.sh -j
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
#./configure --help
#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs
./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
#make mod_shout-install
make
rm -rf /usr/local/freeswitch/{lib,mod,bin}/*
make install
make sounds-install moh-install
make hd-sounds-install hd-moh-install
make cd-sounds-install cd-moh-install
# libks C includes
export C_INCLUDE_PATH=/usr/include/libks
# sofia-sip
cd /usr/src
#git clone https://github.com/freeswitch/sofia-sip.git sofia-sip
wget https://github.com/freeswitch/sofia-sip/archive/refs/tags/v$sofia_version.zip
unzip v$sofia_version.zip
cd sofia-sip-$sofia_version
sh autogen.sh
./configure --enable-debug
make -j $(getconf _NPROCESSORS_ONLN)
make install
# spandsp
cd /usr/src
git clone https://github.com/freeswitch/spandsp.git spandsp
cd spandsp
git reset --hard 0d2e6ac65e0e8f53d652665a743015a88bf048d4
#/usr/bin/sed -i 's/AC_PREREQ(\[2\.71\])/AC_PREREQ([2.69])/g' /usr/src/spandsp/configure.ac
sh autogen.sh
./configure --enable-debug
make -j $(getconf _NPROCESSORS_ONLN)
make install
ldconfig
fi
cd /usr/src
#check for master
if [ $switch_branch = "master" ]; then
#master branch
echo "Using version master"
rm -r /usr/src/freeswitch
git clone https://github.com/signalwire/freeswitch.git
cd /usr/src/freeswitch
./bootstrap.sh -j
fi
#check for stable release
if [ $switch_branch = "stable" ]; then
echo "Using version $switch_version"
#1.8 and older
if [ $(echo "$switch_version" | tr -d '.') -lt 1100 ]; then
wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.zip
unzip freeswitch-$switch_version.zip
cd /usr/src/freeswitch-$switch_version
fi
#1.10.0 and newer
if [ $(echo "$switch_version" | tr -d '.') -gt 1100 ]; then
git clone -b $switch_version --single-branch https://github.com/fusionpbx/freeswitch freeswitch-$switch_version
git checkout $switch_version
#wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.-release.zip
#unzip freeswitch-$switch_version.-release.zip
#mv freeswitch-$switch_version.-release freeswitch-$switch_version
cd /usr/src/freeswitch-$switch_version
# bootstrap is needed if using git
./bootstrap.sh -j
#apply rtp timestamp patch - Fix RTP audio issues use the following for additional information. https://github.com/briteback/freeswitch/commit/9f8968ccabb8a4e0353016d4ea0ff99561b005f1
#patch -u /usr/src/freeswitch-$switch_version/src/switch_rtp.c -i /usr/src/fusionpbx-install.sh/debian/resources/switch/source/switch_rtp.diff
#apply pull request 2300 to Fix session deadlock that results in stale or stuck calls. https://github.com/signalwire/freeswitch/pull/2300
#patch -d /usr/src/freeswitch-$switch_version/src -i /usr/src/fusionpbx-install.sh/debian/resources/switch/source/pull_2300.diff
#apply mod_pgsql patch
#patch -u /usr/src/freeswitch-$switch_version/src/mod/databases/mod_pgsql/mod_pgsql.c -i /usr/src/fusionpbx-install.sh/debian/resources/switch/source/mod_pgsql.patch
fi
fi
# enable required modules
#sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_av:formats/mod_av:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_nibblebill:applications/mod_nibblebill:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#applications/mod_translate:applications/mod_translate:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#formats/mod_pgsql:formats/mod_pgsql:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#say/mod_say_es:say/mod_say_es:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'#say/mod_say_fr:say/mod_say_fr:'
#disable module or install dependency libks to compile signalwire
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'applications/mod_signalwire:#applications/mod_signalwire:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'endpoints/mod_skinny:#endpoints/mod_skinny:'
sed -i /usr/src/freeswitch-$switch_version/modules.conf -e s:'endpoints/mod_verto:#endpoints/mod_verto:'
# prepare the build
#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
./configure -C --enable-portable-binary --disable-dependency-tracking --enable-debug \
--prefix=/usr --localstatedir=/var --sysconfdir=/etc \
--with-openssl --enable-core-pgsql-support
# compile and install
make -j $(getconf _NPROCESSORS_ONLN)
make install
#move the music into music/default directory
mkdir -p /usr/local/freeswitch/sounds/music/default
mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default
#return to the executing directory
cd $CWD
#symbolic link for fs_cli
ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli

20
debian/resources/switch/source-sounds.sh vendored
View File

@ -1,20 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ../config.sh
. ../environment.sh
# change the working directory
cd /usr/src/freeswitch-$switch_version
# compile and install the sounds
make sounds-install moh-install
make hd-sounds-install hd-moh-install
make cd-sounds-install cd-moh-install
#move the music into music/default directory
mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/music/default

1
debian/resources/switch/source-systemd.sh vendored
View File

@ -12,4 +12,3 @@ fi
systemctl enable freeswitch
systemctl unmask freeswitch.service
systemctl daemon-reload
systemctl start freeswitch

4
debian/resources/switch/source/etc.default.freeswitch.package vendored
View File

@ -1,2 +1,4 @@
# /etc/default/freeswitch
DAEMON_OPTS="-nonat"
FS_USER="www-data"
FS_GROUP="www-data"
DAEMON_OPTS="-nonat -ncwait -u www-data -g www-data -run /var/run/freeswitch"

0
debian/resources/switch/source/etc.default.freeswitch.source vendored Executable file → Normal file
View File

18
debian/resources/switch/source/freeswitch.service.package vendored
View File

@ -2,27 +2,22 @@
[Unit]
Description=freeswitch
Wants=network-online.target
Requires=network.target local-fs.target
After=network.target network-online.target local-fs.target
After=syslog.target network.target local-fs.target postgresql.service
[Service]
; service
Type=forking
PIDFile=/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-nonat"
Environment="USER=www-data"
Environment="GROUP=www-data"
EnvironmentFile=-/etc/default/freeswitch
ExecStartPre=/bin/mkdir -p /var/run/freeswitch
ExecStartPre=/bin/chown -R ${USER}:${GROUP} /var/lib/freeswitch /var/log/freeswitch /etc/freeswitch /usr/share/freeswitch /var/run/freeswitch
ExecStartPre=/bin/sleep 10
ExecStart=/usr/bin/freeswitch -u ${USER} -g ${GROUP} -ncwait ${DAEMON_OPTS}
ExecStartPre=/bin/mkdir -p /var/run/freeswitch/
ExecStartPre=/bin/chown -R www-data:www-data /var/run/freeswitch/
ExecStart=/usr/bin/freeswitch -u www-data -g www-data -ncwait $DAEMON_OPTS
TimeoutSec=45s
Restart=always
; exec
;User=${USER}
;Group=${GROUP}
User=root
Group=daemon
LimitCORE=infinity
LimitNOFILE=100000
LimitNPROC=60000
@ -34,7 +29,6 @@ IOSchedulingPriority=2
CPUSchedulingPolicy=rr
CPUSchedulingPriority=89
UMask=0007
NoNewPrivileges=false
; alternatives which you can enforce by placing a unit drop-in into
; /etc/systemd/system/freeswitch.service.d/*.conf:

53
debian/resources/switch/source/mod_pgsql.patch vendored
View File

@ -1,53 +0,0 @@
--- mod_pgsql.c 2021-10-24 14:22:28.000000000 -0400
+++ mod_pgsql.c.new 2022-08-08 21:16:02.000000000 -0400
@@ -36,6 +36,7 @@
#include <switch.h>
#include <libpq-fe.h>
+#include <pg_config.h>
#ifndef _WIN32
#include <poll.h>
@@ -597,7 +598,7 @@
goto done;
} else {
switch (result->status) {
-#if POSTGRESQL_MAJOR_VERSION >= 9 && POSTGRESQL_MINOR_VERSION >= 2
+#if PG_VERSION_NUM >= 90002
case PGRES_SINGLE_TUPLE:
/* Added in PostgreSQL 9.2 */
#endif
@@ -756,24 +757,29 @@
*result_out = res;
res->status = PQresultStatus(res->result);
switch (res->status) {
-//#if (POSTGRESQL_MAJOR_VERSION == 9 && POSTGRESQL_MINOR_VERSION >= 2) || POSTGRESQL_MAJOR_VERSION > 9
+#if PG_VERSION_NUM >= 90002
case PGRES_SINGLE_TUPLE:
/* Added in PostgreSQL 9.2 */
-//#endif
+#endif
case PGRES_TUPLES_OK:
{
res->rows = PQntuples(res->result);
res->cols = PQnfields(res->result);
}
break;
-//#if (POSTGRESQL_MAJOR_VERSION == 9 && POSTGRESQL_MINOR_VERSION >= 1) || POSTGRESQL_MAJOR_VERSION > 9
+#if PG_VERSION_NUM >= 90001
case PGRES_COPY_BOTH:
/* Added in PostgreSQL 9.1 */
-//#endif
+#endif
case PGRES_COPY_OUT:
case PGRES_COPY_IN:
case PGRES_COMMAND_OK:
break;
+#if PG_VERSION_NUM >= 140001
+ case PGRES_PIPELINE_ABORTED:
+ case PGRES_PIPELINE_SYNC:
+ break;
+#endif
case PGRES_EMPTY_QUERY:
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Query (%s) returned PGRES_EMPTY_QUERY\n", handle->sql);
case PGRES_BAD_RESPONSE:

169
debian/resources/switch/source/pull_2300.diff vendored
View File

@ -1,169 +0,0 @@
diff --git a/src/switch_core_io.c b/src/switch_core_io.c
index 9931f0f3ef7..ee968b63dd9 100644
--- a/src/switch_core_io.c
+++ b/src/switch_core_io.c
@@ -146,13 +146,15 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_read_frame(switch_core_sessi
if (session->read_codec && !session->track_id && session->track_duration) {
if (session->read_frame_count == 0) {
switch_event_t *event;
- switch_core_session_message_t msg = { 0 };
+ switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
session->read_frame_count = (session->read_impl.samples_per_second / session->read_impl.samples_per_packet) * session->track_duration;
- msg.message_id = SWITCH_MESSAGE_HEARTBEAT_EVENT;
- msg.numeric_arg = session->track_duration;
- switch_core_session_receive_message(session, &msg);
+ msg->message_id = SWITCH_MESSAGE_HEARTBEAT_EVENT;
+ msg->numeric_arg = session->track_duration;
+ MESSAGE_STAMP_FFL(msg);
+ switch_core_session_queue_message(session, msg);
+
switch_event_create(&event, SWITCH_EVENT_SESSION_HEARTBEAT);
switch_channel_event_set_data(session->channel, event);
@@ -410,10 +412,10 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_read_frame(switch_core_sessi
switch_set_flag(session, SSF_READ_TRANSCODE);
if (!switch_test_flag(session, SSF_WARN_TRANSCODE)) {
- switch_core_session_message_t msg = { 0 };
-
- msg.message_id = SWITCH_MESSAGE_INDICATE_TRANSCODING_NECESSARY;
- switch_core_session_receive_message(session, &msg);
+ switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
+ msg->message_id = SWITCH_MESSAGE_INDICATE_TRANSCODING_NECESSARY;
+ MESSAGE_STAMP_FFL(msg);
+ switch_core_session_queue_message(session, msg);
switch_set_flag(session, SSF_WARN_TRANSCODE);
}
@@ -562,10 +564,11 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_read_frame(switch_core_sessi
status = SWITCH_STATUS_FALSE;
goto done;
} else {
- switch_core_session_message_t msg = { 0 };
- msg.numeric_arg = 1;
- msg.message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
- switch_core_session_receive_message(session, &msg);
+ switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
+ msg->message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
+ msg->numeric_arg = 1;
+ MESSAGE_STAMP_FFL(msg);
+ switch_core_session_queue_message(session, msg);
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_NOTICE, "Activating read resampler\n");
}
@@ -597,10 +600,12 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_read_frame(switch_core_sessi
switch_mutex_unlock(session->resample_mutex);
{
- switch_core_session_message_t msg = { 0 };
- msg.numeric_arg = 0;
- msg.message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
- switch_core_session_receive_message(session, &msg);
+ switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
+ msg->message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
+ msg->numeric_arg = 0;
+ MESSAGE_STAMP_FFL(msg);
+ switch_core_session_queue_message(session, msg);
+
}
}
diff --git a/src/switch_core_media.c b/src/switch_core_media.c
index 4b6d8aff8b6..e09242ee0d5 100644
--- a/src/switch_core_media.c
+++ b/src/switch_core_media.c
@@ -15945,12 +15945,12 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_write_frame(switch_core_sess
}
if (!switch_test_flag(session, SSF_WARN_TRANSCODE)) {
- switch_core_session_message_t msg = { 0 };
-
- msg.message_id = SWITCH_MESSAGE_INDICATE_TRANSCODING_NECESSARY;
- switch_core_session_receive_message(session, &msg);
+ switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
+ msg->message_id = SWITCH_MESSAGE_INDICATE_TRANSCODING_NECESSARY;
+ MESSAGE_STAMP_FFL(msg);
+ switch_core_session_queue_message(session, msg);
switch_set_flag(session, SSF_WARN_TRANSCODE);
- }
+ }
if (frame->codec) {
session->raw_write_frame.datalen = session->raw_write_frame.buflen;
@@ -15993,10 +15993,12 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_write_frame(switch_core_sess
if (status != SWITCH_STATUS_SUCCESS) {
goto done;
} else {
- switch_core_session_message_t msg = { 0 };
- msg.numeric_arg = 1;
- msg.message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
- switch_core_session_receive_message(session, &msg);
+ switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
+ msg->message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
+ msg->numeric_arg = 1;
+ MESSAGE_STAMP_FFL(msg);
+ switch_core_session_queue_message(session, msg);
+
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_NOTICE, "Activating write resampler\n");
}
@@ -16029,10 +16031,11 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_write_frame(switch_core_sess
switch_mutex_unlock(session->resample_mutex);
{
- switch_core_session_message_t msg = { 0 };
- msg.numeric_arg = 0;
- msg.message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
- switch_core_session_receive_message(session, &msg);
+ switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
+ msg->message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
+ msg->numeric_arg = 0;
+ MESSAGE_STAMP_FFL(msg);
+ switch_core_session_queue_message(session, msg);
}
}
@@ -16329,11 +16332,11 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_write_frame(switch_core_sess
if (status != SWITCH_STATUS_SUCCESS) {
goto done;
} else {
- switch_core_session_message_t msg = { 0 };
- msg.numeric_arg = 1;
- msg.message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
- switch_core_session_receive_message(session, &msg);
-
+ switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
+ msg->message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
+ msg->numeric_arg = 1;
+ MESSAGE_STAMP_FFL(msg);
+ switch_core_session_queue_message(session, msg);
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_NOTICE, "Activating write resampler\n");
}
@@ -16351,7 +16354,7 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_write_frame(switch_core_sess
break;
case SWITCH_STATUS_NOOP:
if (session->write_resampler) {
- switch_core_session_message_t msg = { 0 };
+
int ok = 0;
switch_mutex_lock(session->resample_mutex);
@@ -16363,9 +16366,12 @@ SWITCH_DECLARE(switch_status_t) switch_core_session_write_frame(switch_core_sess
switch_mutex_unlock(session->resample_mutex);
if (ok) {
- msg.numeric_arg = 0;
- msg.message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
- switch_core_session_receive_message(session, &msg);
+ switch_core_session_message_t *msg = switch_core_session_alloc(session, sizeof(*msg));
+ msg->message_id = SWITCH_MESSAGE_RESAMPLE_EVENT;
+ msg->numeric_arg = 0;
+ MESSAGE_STAMP_FFL(msg);
+ switch_core_session_queue_message(session, msg);
+
}
}

12
debian/resources/switch/source/switch_rtp.diff vendored
View File

@ -1,12 +0,0 @@
diff --git a/src/switch_rtp.c b/src/switch_rtp.c
index 1125e2f59bc..7ff161383aa 100644
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -8904,6 +8904,7 @@ SWITCH_DECLARE(int) switch_rtp_write_frame(switch_rtp_t *rtp_session, switch_fra
data = frame->data;
len = frame->datalen;
ts = rtp_session->flags[SWITCH_RTP_FLAG_RAW_WRITE] ? (uint32_t) frame->timestamp : 0;
+ if (!ts) ts = rtp_session->last_write_ts + rtp_session->samples_per_interval;
}
/*

127
debian/resources/upgrade/php.sh vendored
View File

@ -1,127 +0,0 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ../config.sh
#remove php5
/usr/bin/apt remove -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-gd
#remove php 7.0
/usr/bin/apt remove -y php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-xml php7.0-gd
#remove php 7.1
/usr/bin/apt remove -y php7.1 php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd
#remove php 7.2
/usr/bin/apt remove -y php7.2 php7.2-cli php7.2-fpm php7.2-pgsql php7.2-sqlite3 php7.2-odbc php7.2-curl php7.2-imap php7.2-xml php7.2-gd
#remove php 7.3
/usr/bin/apt remove -y php7.3 php7.3-cli php7.3-fpm php7.3-pgsql php7.3-sqlite3 php7.3-odbc php7.3-curl php7.3-imap php7.3-xml php7.3-gd
#remove php 7.4
/usr/bin/apt remove -y php7.4 php7.4-cli php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd
#remove php 8.1
/usr/bin/apt remove -y php8.1 php8.1-cli php8.1-dev php8.1-fpm php8.1-pgsql php8.1-sqlite3 php8.1-odbc php8.1-curl php8.1-imap php8.1-xml php8.1-gd php8.1-mbstring php8.1-ldap
#remove php 8.2
/usr/bin/apt remove -y php8.2 php8.2-cli php8.2-dev php8.2-fpm php8.2-pgsql php8.2-sqlite3 php8.2-odbc php8.2-curl php8.2-imap php8.2-xml php8.2-gd php8.2-mbstring php8.2-ldap
#remove php 8.3
/usr/bin/apt remove -y php8.3 php8.3-cli php8.3-dev php8.3-fpm php8.3-pgsql php8.3-sqlite3 php8.3-odbc php8.3-curl php8.3-imap php8.3-xml php8.3-gd php8.3-mbstring php8.3-ldap
#remove php 8.4
/usr/bin/apt remove -y php8.4 php8.4-cli php8.4-dev php8.4-fpm php8.4-pgsql php8.4-sqlite3 php8.4-odbc php8.4-curl php8.4-imap php8.4-xml php8.4-gd php8.4-mbstring php8.4-ldap
#install php update and set the unix socket
if [ ."$php_version" = ."8.4" ]; then
#add a repo for php 8.x
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
/usr/bin/apt-get update
#install php 8.4
apt-get install -y php8.4 php8.4-cli php8.4-dev php8.4-fpm php8.4-pgsql php8.4-sqlite3 php8.4-odbc php8.4-curl php8.4-imap php8.4-xml php8.4-gd php8.4-mbstring php8.4-ldap
#update the unix socket name
/usr/bin/sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php8.2-fpm.sock;#g'
#set the PHP ini file path
php_ini_file='/etc/php/8.4/fpm/php.ini'
fi
if [ ."$php_version" = ."8.3" ]; then
#add a repo for php 8.x
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
/usr/bin/apt-get update
#install php 8.2
apt-get install -y php8.3 php8.3-cli php8.3-dev php8.3-fpm php8.3-pgsql php8.3-sqlite3 php8.3-odbc php8.3-curl php8.3-imap php8.3-xml php8.3-gd php8.3-mbstring php8.3-ldap
#update the unix socket name
/usr/bin/sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php8.2-fpm.sock;#g'
#set the PHP ini file path
php_ini_file='/etc/php/8.3/fpm/php.ini'
fi
if [ ."$php_version" = ."8.2" ]; then
#add a repo for php 8.x
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
/usr/bin/apt-get update
#install php 8.2
apt-get install -y php8.2 php8.2-cli php8.2-dev php8.2-fpm php8.2-pgsql php8.2-sqlite3 php8.2-odbc php8.2-curl php8.2-imap php8.2-xml php8.2-gd php8.2-mbstring php8.2-ldap
#update the unix socket name
/usr/bin/sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php8.2-fpm.sock;#g'
#set the PHP ini file path
php_ini_file='/etc/php/8.2/fpm/php.ini'
fi
if [ ."$php_version" = ."8.1" ]; then
#add a repo for php 7.x
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
/usr/bin/apt-get update
#install php 8.1
/usr/bin/apt-get install -y php8.1 php8.1-cli php8.1-dev php8.1-fpm php8.1-pgsql php8.1-sqlite3 php8.1-odbc php8.1-curl php8.1-imap php8.1-xml php8.1-gd php8.1-mbstring php8.1-ldap
#update the unix socket name
/usr/bin/sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php8.1-fpm.sock;#g'
#set the PHP ini file path
php_ini_file='/etc/php/8.1/fpm/php.ini'
fi
if [ ."$php_version" = ."7.4" ]; then
#remove the sury PHP repo
/usr/bin/rm -f -- /etc/apt/sources.list.d/php.list
/usr/bin/apt update
#install php 7.4
/usr/bin/apt-get install -y php7.4 php7.4-cli php7.4-dev php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd php7.4-mbstring php7.4-ldap
#update the unix socket name
/usr/bin/sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.4-fpm.sock;#g'
#set the PHP ini file path
php_ini_file='/etc/php/7.4/fpm/php.ini'
fi
#update config if source is being used
/usr/bin/sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file
/usr/bin/sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file
/usr/bin/sed 's#;max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
/usr/bin/sed 's#; max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
#restart nginx
/usr/sbin/service nginx restart

40
devuan/install.sh
View File

@ -15,35 +15,19 @@ verbose "Update installed packages"
apt-get -q update && apt-get -q --assume-yes upgrade
#Add dependencies
apt-get install -y wget
apt-get install -y lsb-release
apt-get install -y ca-certificates
apt-get install -y dialog
apt-get install -y nano
apt-get install -y net-tools
#SNMP
apt-get install -y snmpd
echo "rocommunity public" > /etc/snmp/snmpd.conf
service snmpd restart
apt-get install -q -y lsb-release sudo
#IPTables
resources/iptables.sh
#Optional CLI SIP monitoring tool
resources/sngrep.sh
#FusionPBX
resources/fusionpbx.sh
#PHP
resources/php.sh
#NGINX web server
resources/nginx.sh
#Postgres
resources/postgresql.sh
#PHP
resources/php.sh
#FreeSWITCH
resources/switch.sh
@ -51,8 +35,22 @@ resources/switch.sh
#Fail2ban
resources/fail2ban.sh
#set the ip address
server_address=$(hostname -I)
#Optional CLI SIP monitoring tool
resources/sngrep.sh
#Postgres
resources/postgresql.sh
#restart services
if [ ."$php_version" = ."5" ]; then
service php5-fpm restart
fi
if [ ."$php_version" = ."7" ]; then
service php7.0-fpm restart
fi
service nginx restart
service fail2ban restart
#add the database schema, user and groups
resources/finish.sh

4
devuan/resources/backup/fusionpbx-backup → devuan/resources/backup/fusionpbx-backup.sh
View File

@ -19,9 +19,9 @@ find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm {} \;
pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
#package
#tar --exclude='/var/lib/freeswitch/recordings/*/archive' -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch /usr/share/freeswitch/sounds/music/
tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch
#source
#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf /usr/local/freeswitch/sounds/music/
#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf
echo "Backup Completed"

119
devuan/resources/backup/fusionpbx-maintenance
View File

@ -1,119 +0,0 @@
#!/bin/sh
#settings
export PGPASSWORD="zzz"
db_host=127.0.0.1
db_port=5432
switch_package=true # true or false
purge_voicemail=false
purge_call_recordings=false
purge_cdrs=false
purge_fax=false
purge_switch_logs=true
purge_php_sessions=true
purge_database_transactions=true
days_keep_voicemail=90
days_keep_call_recordings=90
days_keep_cdrs=90
days_keep_fax=90
days_keep_switch_logs=7
days_keep_php_sessions=8
days_keep_database_transactions=30
#set the date
now=$(date +%Y-%m-%d)
#make sure the directory exists
if [ -e /var/backups/fusionpbx/postgresql ]; then
echo "postgres backup directory exists"
else
mkdir -p /var/backups/fusionpbx/postgresql
fi
#show message to the console
echo "Maintenance Started"
if [ .$purge_switch_logs = .true ]; then
#delete freeswitch logs older 7 days
if [ .$switch_package = .true ]; then
find /var/log/freeswitch/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
else
find /usr/local/freeswitch/log/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
fi
else
echo "not purging Freeswitch logs"
fi
if [ .$purge_fax = .true ]; then
#delete fax older than 90 days
if [ .$switch_package = .true ]; then
echo ".";
find /var/lib/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
find /var/lib/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
else
echo ".";
find /usr/local/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
find /usr/local/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
fi
#delete from the database
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_logs WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
else
echo "not purging Faxes"
fi
if [ .$purge_call_recordings = .true ]; then
#delete call recordings older than 90 days
if [ .$switch_package = .true ]; then
find /var/lib/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
find /var/lib/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
else
find /usr/local/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
find /usr/local/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
fi
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_call_recordings WHERE call_recording_date < NOW() - INTERVAL '90 days'"
else
echo "not purging Recordings."
fi
if [ .$purge_voicemail = .true ]; then
#delete voicemail older than 90 days
if [ .$switch_package = .true ]; then
echo ".";
find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
else
echo ".";
find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
fi
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '$days_keep_voicemail days'"
else
echo "not purging voicemails."
fi
if [ .$purge_cdrs = .true ]; then
#delete call detail records older 90 days
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '$days_keep_cdrs days'"
else
echo "not purging CDRs."
fi
#delete php sessions
if [ .$purge_php_sessions = .true ]; then
find /var/lib/php/sessions/* -name 'sess_*' -mtime +$days_keep_php_sessions -exec rm {} \;
else
echo "not purging PHP Sessions."
fi
#delete database_transactions older 90 days
if [ .$purge_database_transactions = .true ]; then
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_database_transactions where transaction_date < NOW() - INTERVAL '$days_keep_database_transactions days'"
else
echo "not purging database_transactions."
fi
#completed message
echo "Maintenance Completed";

53
devuan/resources/backup/fusionpbx-maintenance.sh Executable file
View File

@ -0,0 +1,53 @@
#!/bin/sh
#settings
#export PGPASSWORD="zzzzz"
db_host=127.0.0.1
db_port=5432
switch_package=true # true or false
#set the date
now=$(date +%Y-%m-%d)
#make sure the directory exists
mkdir -p /var/backups/fusionpbx/postgresql
#show message to the console
echo "Maintenance Started"
#delete freeswitch logs older 7 days
if [ .$switch_package = .true ]; then
find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;
else
find /usr/local/freeswitch/log/freeswitch.log.* -mtime +7 -exec rm {} \;
fi
#delete fax older than 90 days
if [ .$switch_package = .true ]; then
echo ".";
#find /var/lib/freeswitch/storage/fax/* -name '*.tif' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/fax/* -name '*.pdf' -mtime +90 -exec rm {} \;
else
echo ".";
#find /usr/local/freeswitch/storage/fax/* -name '*.tif' -mtime +90 -exec rm {} \;
#find /usr/local/freeswitch/storage/fax/* -name '*.pdf' -mtime +90 -exec rm {} \;
fi
#delete from the database
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '90 days'"
#delete voicemail older than 90 days
if [ .$switch_package = .true ]; then
echo ".";
#find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
else
echo ".";
#find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
fi
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"
#delete call detail records older 90 days
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"
#completed message
echo "Maintenance Completed";

24
devuan/resources/config.sh
View File

@ -1,26 +1,18 @@
# FusionPBX Settings
domain_name=ip_address # hostname, ip_address or a custom value
system_username=admin # default username admin
system_password=random # random or a custom value
system_branch=master # master, stable
system_password=random # random or as a pre-set value
system_branch=stable # master, stable
# FreeSWITCH Settings
switch_branch=stable # master, stable
switch_source=false # true (source compile) or false (binary package)
switch_package=true # true (binary package) or false (source compile)
switch_version=1.10.7 # which source code to download, only for source
switch_tls=true # true or false
switch_token= # Get the auth token from https://signalwire.com
# Signup or Login -> Profile -> Personal Auth Token
switch_source=false # true or false
switch_package=true # true or false
# Database Settings
database_password=random # random or a custom value (safe characters A-Z, a-z, 0-9)
database_repo=system # PostgreSQL official, system, 2ndquadrant
database_version=latest # requires repo official
database_host=127.0.0.1 # hostname or IP address
database_port=5432 # port number
database_password=random # random or as a pre-set value
database_repo=system # PostgresSQL official, system, 2ndquadrant
database_backup=false # true or false
# General Settings
php_version=7.4 # PHP version 7.3, 7.4
letsencrypt_folder=false # true or false
php_version=7 # PHP version 5 or 7

23
devuan/resources/environment.sh
View File

@ -10,25 +10,8 @@ cpu_name=$(uname -m)
cpu_architecture='unknown'
cpu_mode='unknown'
#set the environment path
export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
#debian release name
if [ .$os_codename = .'chimaera' ]; then
os_codename_debian='bullseye'
elif [ .$os_codename = .'beowulf' ]; then
os_codename_debian='buster'
else
warning "couldn't set a matching debian codename, are you using an old devuan release?"
fi
#check what the CPU and OS are
if [ .$cpu_name = .'armv6l' ]; then
# RaspberryPi Zero
os_mode='32'
cpu_mode='32'
cpu_architecture='arm'
elif [ .$cpu_name = .'armv7l' ]; then
if [ .$cpu_name = .'armv7l' ]; then
# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
os_mode='32'
cpu_mode='32'
@ -38,10 +21,6 @@ elif [ .$cpu_name = .'armv8l' ]; then
os_mode='unknown'
cpu_mode='64'
cpu_architecture='arm'
elif [ .$cpu_name = .'aarch64' ]; then
os_mode='64'
cpu_mode='64'
cpu_architecture='arm'
elif [ .$cpu_name = .'i386' ]; then
os_mode='32'
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then

19
devuan/resources/fail2ban.sh
View File

@ -15,23 +15,20 @@ verbose "Installing Fail2ban"
apt-get -q -y install fail2ban
#move the filters
cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
cp fail2ban/freeswitch-acl.conf /etc/fail2ban/filter.d/freeswitch-acl.conf
cp fail2ban/sip-auth-failure.conf /etc/fail2ban/filter.d/sip-auth-failure.conf
cp fail2ban/sip-auth-challenge.conf /etc/fail2ban/filter.d/sip-auth-challenge.conf
cp fail2ban/auth-challenge-ip.conf /etc/fail2ban/filter.d/auth-challenge-ip.conf
cp fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf
cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
cp fail2ban/freeswitch-404.conf /etc/fail2ban/filter.d/freeswitch-404.conf
cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
cp fail2ban/fusionpbx-mac.conf /etc/fail2ban/filter.d/fusionpbx-mac.conf
cp fail2ban/fusionpbx-404.conf /etc/fail2ban/filter.d/fusionpbx-404.conf
cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
cp fail2ban/jail.local /etc/fail2ban/jail.local
#update config if source is being used
#if [ .$switch_source = .true ]; then
# sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
#fi
if [ .$switch_source = .true ]; then
sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
fi
#restart fail2ban
/usr/sbin/service fail2ban restart
# missing log file will show error

21
devuan/resources/fail2ban/auth-challenge-ip.conf
View File

@ -1,21 +0,0 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#[WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [+972592277524@xxx.xxx.xxx.xxx] from ip 209.160.120.12
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((INVITE|REGISTER)\) on sofia profile \'.*\' for \[.*@\d+.\d+.\d+.\d+\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

0
devuan/resources/fail2ban/fusionpbx-404.conf → devuan/resources/fail2ban/freeswitch-404.conf
View File

20
devuan/resources/fail2ban/freeswitch-acl.conf
View File

@ -1,20 +0,0 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#2021-02-03 16:27:57.292697 [WARNING] sofia_reg.c:2353 IP 62.210.78.91 Rejected by register acl "domains"
failregex = \[WARNING\] sofia_reg.c:\d+ IP <HOST> Rejected by register acl
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

0
freebsd/resources/fail2ban/sip-auth-challenge.conf → devuan/resources/fail2ban/freeswitch-dos.conf
View File

4
devuan/resources/fail2ban/freeswitch.conf
View File

@ -7,8 +7,8 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.

20
devuan/resources/fail2ban/fusionpbx-mac.conf
View File

@ -1,20 +0,0 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#Oct 9 02:56:16 m1 fusionpbx-provision[28628]: [10.0.0.1] invalid mac address 000000000000
failregex = \[<HOST>\] invalid mac address
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

Some files were not shown because too many files have changed in this diff Show More