Asterisk ? ??? ??????????? FreePBX ?? Debian Jessie

????????? ???????????
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ jessie main

aptitude update
aptitude install asterisk asterisk-dahdi asterisk-mp3 asterisk-core-sounds-ru asterisk-moh-opsound-wav libpri1.4 apache2 mysql-server bind9 bison flex php5 php5-curl php5-cli php5-mysql php-pear php-db php5-gd curl sox libncurses5-dev libssl-dev libmysqlclient-dev mpg123 libxml2-dev libnewt-dev sqlite3 libsqlite3-dev libasound2-dev libogg-dev libvorbis-dev libcurl4-openssl-dev libical-dev libneon27-dev libsrtp0-dev libspandsp-dev libiksemel3 iptables-persistent

?????????? ???????????????? ???? asterisk ??? logrotate, ????? ????? ?????? ??????

error: skipping "/var/log/asterisk/..." because parent directory has insecure permissions

vim /etc/logrotate.d/asterisk:

/var/log/asterisk/debug /var/log/asterisk/messages /var/log/asterisk/full /var/log/asterisk/*_log {
        su asterisk asterisk
        size 40M
        missingok
        rotate 20
        compress
        sharedscripts
        create 0640 asterisk asterisk
        postrotate
                /usr/sbin/invoke-rc.d asterisk logger-reload > /dev/null 2> /dev/null
        endscript
}

????????? apache ?? ???????????? asterisk
vim /etc/apache2/apache2.conf:

User asterisk
Group asterisk

vim /etc/apache2/envvars:

export APACHE_RUN_USER=asterisk
export APACHE_RUN_GROUP=asterisk

?????? ???? ?????? ??? FreePBX
mysql -u root -p
create database asterisk;
create database asteriskcdrdb;
GRANT ALL PRIVILEGES ON asterisk.* TO asterisk@localhost IDENTIFIED BY 'asteriskpasswd';
GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asterisk@localhost IDENTIFIED BY 'asteriskpasswd';
quit

wget http://mirror.freepbx.org/freepbx-12.0.43.tgz
tar xzf freepbx-12.0.43.tgz
cd freepbx
./start_asterisk restart
./install_amp --installdb --username=asterisk --password=asteriskpasswd --webroot=/var/www/freepbx/
amportal chown
amportal a ma installall
amportal a reload
amportal a ma refreshsignatures
amportal chown

????????? ? ?????????? FreePBX
vim /etc/rc.local

amportal start

?????????? ????????????? ??????????? ??? SSL
cd /etc/ssl/private
openssl genrsa -des3 -out example.com.key 2048
openssl rsa -in server.key -out example.com.key
openssl req -new -days 36500 -key example.com.key -out example.com.csr
openssl x509 -in example.com.csr -out example.com.crt -req -signkey example.com.key -days 3650
chmod 400 example.com.*

??????????? FreePBX ?? ??????????? ????
vim /etc/apache2/sites-available/freepbx.conf:

<VirtualHost *:443>
    ServerName fpbx.example.com
    ServerAdmin admin@example.com
    ErrorLog /var/log/apache2/freepbx-error.log
    CustomLog /var/log/apache2/freepbx-access.log combined
    DocumentRoot /var/www/freepbx
    <Directory /var/www/freepbx>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    <Directory /var/www/freepbx/admin>
        Require all granted
    </Directory>
    SSLEngine on
    SSLCertificateFile /etc/ssl/private/example.com.crt
    SSLCertificateKeyFile /etc/ssl/private/example.com.key
</VirtualHost>

a2ensite freepbx
invoke-rc.d apache2 restart

???????? ??????? ???? ? FreePBX
vim /usr/share/locale/locale.alias:

#russian         ru_RU.KOI8-R
russian ru
ru ru_RU
ru_RU ru_RU.UTF-8

locale-gen ru_RU.UTF-8

??????????? DNS ?????? ? chroot ??????
vim /etc/default/bind9:

OPTIONS="-u bind -t /var/bind9/chroot -4"

mkdir -p /var/bind9/chroot/{etc,dev,var/cache/bind,var/run/named}
mknod /var/bind9/chroot/dev/null c 1 3
mknod /var/bind9/chroot/dev/random c 1 8
chmod 660 /var/bind9/chroot/dev/{null,random}
mv /etc/bind /var/bind9/chroot/etc
ln -s /var/bind9/chroot/etc/bind /etc/bind
chown -R bind:bind /etc/bind/*
chmod 775 /var/bind9/chroot/var/{cache/bind,run/named}
chgrp bind /var/bind9/chroot/var/{cache/bind,run/named}

vim /etc/init.d/bind9:

PIDFILE=/var/bind9/chroot/var/run/named/named.pid

vim /var/bind9/chroot/etc/bind/named.conf.options:

options {
        directory "/var/cache/bind";
        dnssec-validation auto;
        auth-nxdomain no;
        listen-on-v6 { none; };
        listen-on { 127.0.0.1; 192.168.40.1; };
        allow-query { any; };
        recursion yes;
        allow-recursion { 127.0.0.1;192.168.40.0/24; };
        version "my dns server";
};

vim /etc/rsyslog.d/bind-chroot.conf:

$AddUnixListenSocket /var/bind9/chroot/dev/log

invoke-rc.d rsyslog restart

vim /var/bind9/chroot/etc/bind/named.conf.local:

zone "example.com" IN {
        type master;
        file "/etc/bind/example.com";
        allow-update { none; };
};
include "/etc/bind/zones.rfc1918";

vim /var/bind9/chroot/etc/bind/example.com:

$TTL 3600       ; 1 hour
@               IN      SOA     ns.example.com.      admin.example.com. (
                                2013090608 ; serial
                                3600       ; refresh (1 hour)
                                900        ; retry (15 minutes)
                                360000     ; expire (4 days 4 hours)
                                3600       ; minimum (1 hour)
)
                IN                      NS      ns.example.com.
                IN                      A       192.168.40.1
ns                   IN      A       192.168.40.1
example.com.         IN      A       192.168.40.1
fbpx                 IN      A       192.168.40.1

invoke-rc.d bind9 restart

????????????? ?? ???? DNS ??????
vim /etc/resolv.conf:

nameserver 127.0.0.1

FreePBX ????? ???????? ?? https://fpbx.example.com

????????? ??????????? ?? ????? ????? ??????????? ?????? ??? asterisk
vim /etc/php5/apache2/php.ini:

upload_max_filesize = 40M

??????? ? ??????????? asterisk, ??? ??? ??? ????????? FreePBX
insserv -r asterisk

????????? ?????
iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -s 192.168.40.0/24 -d 192.168.40.1 -i eth0 -p tcp -m state --state NEW -m multiport --dports 443,2000,5038 -j ACCEPT
iptables -I INPUT 3 -s 192.168.40.0/24 -d 192.168.40.1 -i eth0 -p udp -m multiport --dports 53,2727,4520,4569,5000,5036,5060,10000:20000 -j ACCEPT
invoke-rc.d netfilter-persistent save

Asterisk ? ??? ??????????? FreePBX ?? Debian Jessie: 4 комментария

  1. ??? ??????? ?????????
    openssl rsa -in server.key -out example.com.key
    ???????Error opening Private Key server.key
    139674176718480:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen(‘server.key’,’r’)
    139674176718480:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
    unable to load Private Key

    1. ??? ?????
      $ openssl genrsa -des3 -out server.pass.key 2048
      $ openssl rsa -in server.pass.key -out server.key
      ? ?????? ?? ??????????
      ?????? ?????? ???? ?? ????????.
      a2enmod ssl
      service apache2 restart
      ?????? ????????.

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *