/bin/fuser

Installing Asterisk on a clean install CentOS is a retively painless process. First off grab an installation CentOS 5.x cd (5.5 being the curent) from one of the mirror sites.

While preforming the install you can just unselect all package groups and under advanced just leave base selected. After the install is completed make sure in the firewall configuration set SELinux to Disabled

With CentOS running perform your first intital update while logged on as root:

yum -y update

Now to add the EPEL and Zultron repositories:

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
rpm -i http://distro.zultron.com/pub/centos/5/i386/RPMS/zultron-repo-1-1.el5.zult.noarch.rpm

EPEL is a Fedora community based package collection to RHEL, think of it as an equivelent to Debian’s backports. Zultron is repository currently release RHEL5 compatible Asterisk and FreePBX RPM’s. Once the repositories are installed preform another update:

yum -y update

Now you have a choice to use Zultron’s lighttpd install or use Apache, in my case Apache.

yum -y install asterisk mysql-server php freepbx httpd

Before we preform the installation and configuration of Asterisk/AMP we have to prep the MySQL server

/sbin/chkconfig mysqld on
/sbin/service mysqld restart

This will generate a warning message that you should secure your MySQL installation. So lets do that now by setting a root password. Before you proceed make sure to replace ‘something‘ with a password and replace pbx.binfuser.com on the second line with your servers FQDN.

/usr/bin/mysqladmin -u root password ‘something’
/usr/bin/mysqladmin -u root -p -h pbx.binfuser.com password ‘something’

So now that your database is secure (and hopefully you will remember your password) lets create the databases for Asterisk. Note: you will be prompted for a password after each line, this password is the root password you set by the previous commands.

/usr/bin/mysqladmin -p create asterisk
/usr/bin/mysqladmin -p create asteriskcdrdb

Great you have the databases created so now you have to populate it with the schema so the tables are correctly setup as expected by Asterisk, FreePBX and AMP. Note: you will be prompted for a password after each line, this password is the root password you set by the previous commands.

/usr/bin/mysql -p asterisk < /usr/lib/freepbx/SQL/newinstall.sql
/usr/bin/mysql -p asteriskcdrdb < /usr/lib/freepbx/SQL/cdr_mysql_table.sql

Now that you have the database’s created and populated with tables lets setup a non root user to connect with. We need to attach to the MySQL database to create the users with the following command. Note: you will be prompted for a password after each line, this password is the root password you set by the previous commands.

/usr/bin/mysql -p mysql

Once your connected you will see a mysql> prompt. You will now run some grant statements which will provide a username and password for software to login and preform transactions on the database. Before you proceed make sure to replace ‘something‘ with a password, you will require it in a few steps.

GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY ‘something’;
GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY ‘something’;

You can confirm the grant statements were processed fine if it reports “Query OK, 0 rows affected“. If something failed check your lines and quotes around your password, also make sure you used a semi colon at the end of each line. Once your accounts are correctly setup you have to preform a command so the MySQL database will reload the database account rights. Once this command is entered we will also exit the database client with the \q line.

flush privileges;
\q

The Asterisk management portal is scripted in PHP. In order to properlly read all the files we will setup Apache to run as the Asterisk user account. One side effect is that proper permissions need to be set on the session directory or your logins will fail so lets fix that now:

/bin/chgrp asterisk /var/lib/php/session/

Where Apache under CentOS defaults to the “apache” user and group we have to edit its configuration file and change the default user group, replace VI with your favorite editor:

vi /etc/httpd/conf/httpd.conf

Search the file for the line “User” and change it and the following “Group” line to look like the following:

User asterisk
Group asterisk

Save the file and exit your editor. Now another issue we have to fix is the memory limit in PHP. On a default install the limit is set too low for the AMP portal. So in order to fix it we have to edit the PHP configuration file.

vi /etc/php.ini

Search for the line “memory_limit =” and set the new limit to be 100m. Change the line to look like

memory_limit = 100M ; Maximum amount of memory a script may consume

Great, that’s a lot of the tinkering and prep work done. Now lets start up our new PBX!

/etc/init.d/asterisk start

Once Asterisk has launced and reports an “Ok” we have to setup the AMP web interface. We have to change to the install directory and run the installer:

cd /usr/lib/freepbx
./install_amp –no-files

At this point the AMP installer will prompt you configuration information.

Enter a USERNAME to connect to the Asterisk Manager interface:
[admin]

Choose a username you wish to use but admin is fine.

Enter a PASSWORD to connect to the Asterisk Manager interface:
[amp111]

Choose a password you wish to use for the interface the default is NOT recommended.

Enter the IP ADDRESS or hostname used to access the AMP web-admin:
[xx.xx.xx.xx] pbx.binfuser.com

This is very important to put in your FQDN that your want your Apache server to awnser on.

Enter a PASSWORD to perform call transfers with the Flash Operator Panel:
[passw0rd]

I generally turn off the flash operator panel so the default is fine.

Now your ready to preform some cleanup of file permissions for the portal. Run the following command

/usr/sbin/amportal chown

Speaking of file cleanup, lets do some optional stuff. The first line will turn off the Flash Operator Panel which is totally useless in my setup. The second line will install additional software modules to FreePBX which will generally increase the RAM usage but has some minor features you might find usefull. You can find a full list of the modules here.

/sbin/chkconfig fop-server off
/usr/bin/yum -y install freepbx-modules

If you preformed the install and tweeks or not you have to restart Asterisk at this point, so run the following command:

/sbin/service asterisk restart

So now for the final parts, setting up your Web based access with Apache. So lets edit the Apache configuration file now  with your favorite editor:

vi /etc/httpd/conf/httpd.conf

Find the line “NameVirtualHost” and uncomment it so it looks like:

NameVirtualHost *:80 So Lets setup a Virtual Host so you can have the portal on a nice isolated instance from the rest of your server. So go to the end of the end of the Apache configuration file. Note: you have to change the ServerName to match the FQDN that you used to setup a few options back, also change the ServerAdmin line to your own proper email address.

<VirtualHost *:80>
ServerName pbx.binfuser.com
ServerAdmin admin@pbx.binfuser.com
DocumentRoot /usr/share/freepbx
ErrorLog /var/log/httpd/pbx_error.log
CustomLog /var/log/httpd/pbx_access.log combined
ServerSignature On
<Location ~ “(/admin|/panel)”>
AuthName “Registered User”
AuthUserFile /etc/httpd/pbx_passwords
AuthType basic
Require valid-user
</Location>
</VirtualHost>

Something you should notice inside of that is a security access line. This will  setup a password to the panel and admin section of the website. Now we have to create a password, which you will be prompted for after running this line:

/usr/bin/htpasswd -c /etc/httpd/pbx_passwords admin

Great, we’re done the Apache configuration so let’s restart the daemon:

/sbin/service httpd restart

The last thing we have to do is allow remote access to the appropiate services as iptables by default will be blocking access. This is configured with the /etc/sysconfig/iptables file so lets edit it in your favorite editor.

vi /etc/sysconfig/iptables

Now your going to want to paste the bold section below before the line that has “ESTABLISHED,RELATED” related on it. Your file should look close to this when done:

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp –dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
# Post install
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 10000:60000 -j ACCEPT
# Place me before ESTABLISHED,RELATED line
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT

The bold lines allow the following services, 80 allows HTTP access, 443 allows HTTPS access, 5060 allows SIP access, and 10000:60000 allows the RTP data access. Reload the firewall rules with the following command:

/sbin/service iptables restart

That’s it you should now be able to access the web interface on the server via your favorite browser and the FQDN you previously entered.

In the next installment we will configure your SIP trunks and dialing!