Difference between revisions of "FreeBSD Install"
(→Freebsd + Freeswitch + FusionPbx - Installation Script) |
m (nginx config: Remove spurios \$ escapes, and duplicate sections in 443 (i.e. wrong ssl configuration & second location ~ \.php$) both cause errors) |
||
(73 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
+ | |||
<br> | <br> | ||
==My Goal== | ==My Goal== | ||
− | My Goal is to make a easy to install PBX Based on Freebsd & Freeswitch & Fusionpbx .<br> | + | My Goal is to make a easy to install a PBX Based on Freebsd & Freeswitch & Fusionpbx .<br> |
+ | <br> | ||
+ | I am tired of iso's that don't work/install correctly. So I Have taken the time to walk you <br> | ||
+ | through a base install.<br> | ||
<br> | <br> | ||
− | + | By Default this install is based on Freebsd 9.x, freeswitch, nginx, sqlite3, php5, and fusionpbx.<br> | |
− | |||
− | |||
<br> | <br> | ||
− | |||
− | |||
If you need Apache or another web server you will have to do this yourself. (Please take the time to Document it below if you do.)<br> | If you need Apache or another web server you will have to do this yourself. (Please take the time to Document it below if you do.)<br> | ||
− | If you wish to use mysql or Postgresql then you can select them when the nginx port | + | <br> |
− | + | If you wish to use mysql or Postgresql then you can select them when the nginx port build it only installs the connector clients.<br> | |
+ | <br> | ||
You will have to install the mysql or postgresql server either on the same box or a remote<br> | You will have to install the mysql or postgresql server either on the same box or a remote<br> | ||
server of your choice and configure it properly.<br> | server of your choice and configure it properly.<br> | ||
− | |||
− | |||
− | |||
<br> | <br> | ||
− | |||
<br> | <br> | ||
− | + | Please contact:<br> | |
− | |||
− | |||
− | |||
− | Please contact<br> | ||
email: r.neese@gmail.com<br> | email: r.neese@gmail.com<br> | ||
irc: efnet: rneese on #bsdports<br> | irc: efnet: rneese on #bsdports<br> | ||
irc: freenode: rneese in #fusionpbx and #freeswitch<br> | irc: freenode: rneese in #fusionpbx and #freeswitch<br> | ||
− | == | + | ==modules not currenly supported in port== |
− | + | The following modules are not in the freebsd-core port on BSD with reasons why.<BR> | |
− | |||
− | |||
− | |||
− | |||
<BR> | <BR> | ||
− | + | #applications/mod_osp (needs further devel on bsd) | |
− | + | #applications/mod_redis (needs further testing) | |
− | + | #applications/mod_stress (dead module) | |
− | + | #applications/mod_snipe_hunt (joke module) | |
+ | #codecs/mod_sangoma_codec (not supported on bsd) | ||
+ | #codecs/mod_dahdi_codec (needs further testing on bsd | ||
+ | #directories/mod_ldap (dead) | ||
+ | #endpoints/mod_alsa ( not used on bsd) | ||
+ | #endpoints/mod_opal (currently broken on bsd) | ||
+ | #endpoints/mod_skypopen (not supported on bsd) | ||
+ | #endpoints/mod_h323 (does not build on bsd) | ||
+ | #../../libs/openzap/mod_openzap (dead renamed freetdm) | ||
+ | #asr_tts/mod_cepstral(not supported on bsd) | ||
+ | #event_handlers/mod_cdr_mongodb (make file issues)(requires mod_mongo) (build issues) | ||
+ | #event_handlers/mod_radius_cdr (needs further work on bsd) | ||
+ | #languages/mod_yaml (dead) | ||
+ | #languages/mod_java requires java . looking at the opensource ver. | ||
+ | #timers/mod_timerfd (linux) | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | ==FreeBSD 9.x iso's For Installing== | |
+ | |||
+ | Download a Freebsd 9.x install iso and burn it to a disc.<br> | ||
+ | ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-i386-disc1.iso<br> | ||
+ | ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-amd64-disc1.iso<br> | ||
+ | ftp://ftp.freebsd.org/pub/FreeBSD/releases/ia64/ia64/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-ia64-release.iso<BR> | ||
+ | <br> | ||
− | + | ==FreeBSD 9.x Minimal Install== | |
+ | '''In 9.x the installer changes.''' <br> | ||
− | + | Freebsd 9.0 New installer Basic Setup<br> | |
− | + | 1) select install<br> | |
− | + | 2) select United States iso-8895-1 <br> | |
− | + | ||
− | + | 3) set hostname<br> | |
− | + | ||
− | + | 4) when prompter for docs and ports and src deselect all.<br> | |
− | + | ||
− | <br> | + | 5) select guided and full partition<br> |
− | + | ||
− | + | 6) and then goto exit<br> | |
− | + | ||
− | + | 7) hit save.<br> | |
+ | |||
+ | 8) set root passwd<br> | ||
+ | |||
+ | 9) setup network interface<br> | ||
+ | |||
+ | 10) set up clock / ntpdate<br> | ||
+ | |||
+ | 11) setp daemons ssh and ntpd is all thats needed at this point<br> | ||
− | + | 12) next add a user if you wish<br> | |
− | |||
− | + | 13) next go to exit and reboot<br> | |
− | + | After reboot<br> | |
− | + | Login : root / password<br> | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | for root ssh (security hole)(enable at own risk) | |
− | + | ee or vi /etc/ssh/sshd_conf<br> | |
− | + | rm the # from infront of PermitRootLogin and change no to yes<br> | |
− | then /etc/rc.d/sshd restart<br> | + | save<br> |
+ | then run<br> | ||
+ | /etc/rc.d/sshd restart<br> | ||
now you can ssh into the box.<br> | now you can ssh into the box.<br> | ||
− | + | ==Install ports-tree & Freebsd-base-src== | |
− | + | pkg_add -r fastest-cvsup<br> | |
− | + | base src (needed if you whant mod_freetdm) (required for dahdi build)<br> | |
− | + | csup -h `fastest_cvsup -c tld -q` -L2 /usr/share/examples/cvsup/src-supfile | |
− | |||
− | |||
− | + | ports tree<br> | |
+ | csup -h `fastest_cvsup -c tld -q` -L2 /usr/share/examples/cvsup/ports-supfile | ||
− | + | cd /usr/ports/net/freeswitch-devel (FreeSwitch Meta Port) | |
+ | make install clean | ||
− | + | cd /usr/ports/www/nginx | |
+ | make install clean | ||
− | + | cd /usr/ports/www/fusionpbx | |
+ | make install clean | ||
− | + | When it gets to the point of building php be sure to select php-fpm. | |
+ | <br> | ||
+ | when all is installed: | ||
+ | edit /etc/rc.conf add 3 lines | ||
+ | |||
+ | freeswitch_enable="YES" | ||
+ | php_fpm_enable="YES" | ||
+ | nginx_enable="YES" | ||
+ | |||
+ | --DO NOT REBOOT UNTIL YOUR FINISHED CONFIGURING....... | ||
+ | |||
+ | ==Setup Nginx & ssl keys== | ||
+ | '''NGINX'''<BR> | ||
+ | Replace /usr/local/etc/nginx/nginx.conf with the bellow configuration. | ||
+ | <br> | ||
+ | ---(start cut here)--- | ||
+ | #user www; | ||
+ | worker_processes 1; | ||
+ | |||
+ | #pid logs/nginx.pid; | ||
+ | |||
+ | events { | ||
+ | worker_connections 1024; | ||
+ | } | ||
+ | |||
+ | http { | ||
+ | include mime.types; | ||
+ | default_type application/octet-stream; | ||
+ | |||
+ | #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | ||
+ | # '$status $body_bytes_sent "$http_referer" ' | ||
+ | # '"$http_user_agent" "$http_x_forwarded_for"'; | ||
+ | |||
+ | #access_log logs/access.log main; | ||
+ | |||
+ | sendfile on; | ||
+ | #tcp_nopush on; | ||
+ | |||
+ | #keepalive_timeout 0; | ||
+ | keepalive_timeout 65; | ||
+ | |||
+ | #gzip on; | ||
+ | |||
+ | server{ | ||
+ | listen 127.0.0.1:80; | ||
+ | server_name 127.0.0.1; | ||
+ | access_log /var/log/nginx/access.log; | ||
+ | error_log /var/log/nginx/error.log; | ||
+ | |||
+ | client_max_body_size 10M; | ||
+ | client_body_buffer_size 128k; | ||
+ | |||
+ | |||
+ | location / { | ||
+ | root /usr/local/www/fusionpbx; | ||
+ | index index.php; | ||
+ | } | ||
+ | |||
+ | location ~ \.php$ { | ||
+ | fastcgi_pass 127.0.0.1:9000; | ||
+ | fastcgi_index index.php; | ||
+ | include fastcgi_params; | ||
+ | fastcgi_param SCRIPT_FILENAME /usr/local/www/fusionpbx$fastcgi_script_name; | ||
+ | } | ||
+ | |||
+ | # Disable viewing .htaccess & .htpassword & .db | ||
+ | location ~ .htaccess { | ||
+ | deny all; | ||
+ | } | ||
+ | location ~ .htpassword { | ||
+ | deny all; | ||
+ | } | ||
+ | location ~^.+.(db)$ { | ||
+ | deny all; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | server{ | ||
+ | listen 80; | ||
+ | server_name fusionpbx; | ||
+ | if (\$uri !~* ^.*provision.*$) { | ||
+ | rewrite ^(.*) https://$host$1 permanent; | ||
+ | break; | ||
+ | } | ||
+ | access_log /var/log/nginx/access.log; | ||
+ | error_log /var/log/nginx/.error.log; | ||
+ | |||
+ | client_max_body_size 10M; | ||
+ | client_body_buffer_size 128k; | ||
+ | |||
+ | |||
+ | location / { | ||
+ | root /usr/local/www/fusionpbx; | ||
+ | index index.php; | ||
+ | } | ||
+ | |||
+ | location ~ \.php$ { | ||
+ | fastcgi_pass 127.0.0.1:9000; | ||
+ | fastcgi_index index.php; | ||
+ | include fastcgi_params; | ||
+ | fastcgi_param SCRIPT_FILENAME /usr/local/www/fusionpbx$fastcgi_script_name; | ||
+ | } | ||
+ | |||
+ | # Disable viewing .htaccess & .htpassword & .db | ||
+ | location ~ .htaccess { | ||
+ | deny all; | ||
+ | } | ||
+ | location ~ .htpassword { | ||
+ | deny all; | ||
+ | } | ||
+ | location ~^.+.(db)$ { | ||
+ | deny all; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | server{ | ||
+ | listen 443; | ||
+ | server_name fusionpbx; | ||
+ | |||
+ | access_log /var/log/nginx/access.log; | ||
+ | error_log /var/log/nginx/.error.log; | ||
+ | |||
+ | client_max_body_size 10M; | ||
+ | client_body_buffer_size 128k; | ||
+ | |||
+ | |||
+ | location / { | ||
+ | root /usr/local/www/fusionpbx; | ||
+ | index index.php; | ||
+ | } | ||
+ | |||
+ | # Disable viewing .htaccess & .htpassword & .db | ||
+ | location ~ .htaccess { | ||
+ | deny all; | ||
+ | } | ||
+ | location ~ .htpassword { | ||
+ | deny all; | ||
+ | } | ||
+ | location ~^.+.(db)$ { | ||
+ | deny all; | ||
+ | } | ||
+ | |||
+ | #error_page 404 /404.html; | ||
+ | |||
+ | # redirect server error pages to the static page /50x.html | ||
+ | # | ||
+ | #error_page 500 502 503 504 /50x.html; | ||
+ | location = /50x.html { | ||
+ | root /usr/local/www/nginx-dist; | ||
+ | } | ||
+ | |||
+ | location ~ \.php$ { | ||
+ | root /usr/local/www/fusionpbx; | ||
+ | fastcgi_pass 127.0.0.1:9000; | ||
+ | fastcgi_index index.php; | ||
+ | fastcgi_param SCRIPT_FILENAME /usr/local/www/fusionpbx/$fastcgi_script_name; | ||
+ | include fastcgi_params; | ||
+ | } | ||
+ | |||
+ | ssl on; | ||
+ | ssl_certificate /etc/ssl/www/fusionpbx/cert.pem; | ||
+ | ssl_certificate_key /etc/ssl/www/fusionpbx/key.pem; | ||
+ | ssl_session_timeout 5m; | ||
+ | ssl_protocols SSLv2 SSLv3 TLSv1; | ||
+ | ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; | ||
+ | ssl_prefer_server_ciphers on; | ||
+ | |||
+ | client_max_body_size 25m; | ||
+ | } | ||
+ | } | ||
+ | ---(end cut here)---<br> | ||
+ | '''SSL Key Generation''' | ||
+ | |||
+ | mkdir -p /etc/ssl/www/fusionpbx | ||
+ | |||
+ | cd /etc/ssl/www/fusionpbx | ||
+ | |||
+ | openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 365 | ||
+ | |||
+ | chmod 640 /etc/ssl/www/fusionpbx/*.pem | ||
+ | |||
+ | /usr/local/etc/rc.d/nginx start | ||
+ | |||
+ | ==Monit & Fail2Ban== | ||
+ | '''Monit''' | ||
+ | cd /usr/ports/security/monit | ||
+ | make install clean | ||
+ | |||
+ | '''Fail2Ban''' | ||
+ | cd /usr/ports/security/py-fail2ban | ||
+ | make install clean | ||
==Postgresql Server Setup (localhost)== | ==Postgresql Server Setup (localhost)== | ||
\----'''Fresh pgsql install'''----/<br> | \----'''Fresh pgsql install'''----/<br> | ||
− | cd /usr/ports/database/postgresql84-server | + | <br> |
+ | cd /usr/ports/database/postgresql84-server<br> | ||
+ | make install clean<br> | ||
To set and configure PgSQL for use with FusionPBX,<br> | To set and configure PgSQL for use with FusionPBX,<br> | ||
Follow this line for line.<br> | Follow this line for line.<br> | ||
Line 147: | Line 319: | ||
initdb -D /usr/local/pgsql/data<br> | initdb -D /usr/local/pgsql/data<br> | ||
postmaster -D /usr/local/pgsql/data >logfile 2>&1 & <br> | postmaster -D /usr/local/pgsql/data >logfile 2>&1 & <br> | ||
− | createuser - | + | createuser -s -e FusionPBX<br> |
createdb -O FusionPBX FusionPBX<br> | createdb -O FusionPBX FusionPBX<br> | ||
psql -d FusionPBX -U FusionPBX<br> | psql -d FusionPBX -U FusionPBX<br> | ||
− | alter user FusionPBX with password ' | + | alter user FusionPBX with password 'password';or any passwordd you want ";" required<br> |
psql -f /usr/local/www/fusionpbx/includes/install/sql/pgsql.sql FusionPBX<br> | psql -f /usr/local/www/fusionpbx/includes/install/sql/pgsql.sql FusionPBX<br> | ||
exit from su<br> | exit from su<br> | ||
Line 156: | Line 328: | ||
'''For a existiting pgsql database install follow:'''<br> | '''For a existiting pgsql database install follow:'''<br> | ||
su pgsql<br> | su pgsql<br> | ||
− | createuser - | + | createuser -s -e FusionPBX<br> |
createdb -O FusionPBX FusionPBX<br> | createdb -O FusionPBX FusionPBX<br> | ||
psql -d FusionPBX -U FusionPBX<br> | psql -d FusionPBX -U FusionPBX<br> | ||
− | ALTER USER FusionPBX with PASSWORD ' | + | ALTER USER FusionPBX with PASSWORD 'password'; or any password you want, ";" required<br> |
+ | |||
+ | Now enable it in /etc/rc.conf<br> | ||
+ | echo postgres_enable="YES" > /etc/rc.conf | ||
==MySql Setup (localhost)== | ==MySql Setup (localhost)== | ||
mysql install via ports<br> | mysql install via ports<br> | ||
− | cd /usr/ports/databases/ | + | cd /usr/ports/databases/mysql55-server<br> |
make install clean<br> | make install clean<br> | ||
echo mysql_enable="yes" >> /etc/rc.conf<br> | echo mysql_enable="yes" >> /etc/rc.conf<br> | ||
Line 173: | Line 348: | ||
https://ip.of.the.pbx<br> | https://ip.of.the.pbx<br> | ||
or <br> | or <br> | ||
− | https://domain.name.box<br> | + | https://domain.name.box (Requires dns)<br> |
<br> | <br> | ||
− | == | + | ==Install & Setup Script== |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | = | ||
− |
Latest revision as of 04:38, 29 January 2013
Contents
- 1 My Goal
- 2 modules not currenly supported in port
- 3 FreeBSD 9.x iso's For Installing
- 4 FreeBSD 9.x Minimal Install
- 5 Install ports-tree & Freebsd-base-src
- 6 Setup Nginx & ssl keys
- 7 Monit & Fail2Ban
- 8 Postgresql Server Setup (localhost)
- 9 MySql Setup (localhost)
- 10 Final Step
- 11 Install & Setup Script
My Goal
My Goal is to make a easy to install a PBX Based on Freebsd & Freeswitch & Fusionpbx .
I am tired of iso's that don't work/install correctly. So I Have taken the time to walk you
through a base install.
By Default this install is based on Freebsd 9.x, freeswitch, nginx, sqlite3, php5, and fusionpbx.
If you need Apache or another web server you will have to do this yourself. (Please take the time to Document it below if you do.)
If you wish to use mysql or Postgresql then you can select them when the nginx port build it only installs the connector clients.
You will have to install the mysql or postgresql server either on the same box or a remote
server of your choice and configure it properly.
Please contact:
email: r.neese@gmail.com
irc: efnet: rneese on #bsdports
irc: freenode: rneese in #fusionpbx and #freeswitch
modules not currenly supported in port
The following modules are not in the freebsd-core port on BSD with reasons why.
#applications/mod_osp (needs further devel on bsd) #applications/mod_redis (needs further testing) #applications/mod_stress (dead module) #applications/mod_snipe_hunt (joke module) #codecs/mod_sangoma_codec (not supported on bsd) #codecs/mod_dahdi_codec (needs further testing on bsd #directories/mod_ldap (dead) #endpoints/mod_alsa ( not used on bsd) #endpoints/mod_opal (currently broken on bsd) #endpoints/mod_skypopen (not supported on bsd) #endpoints/mod_h323 (does not build on bsd) #../../libs/openzap/mod_openzap (dead renamed freetdm) #asr_tts/mod_cepstral(not supported on bsd) #event_handlers/mod_cdr_mongodb (make file issues)(requires mod_mongo) (build issues) #event_handlers/mod_radius_cdr (needs further work on bsd) #languages/mod_yaml (dead) #languages/mod_java requires java . looking at the opensource ver. #timers/mod_timerfd (linux)
FreeBSD 9.x iso's For Installing
Download a Freebsd 9.x install iso and burn it to a disc.
ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-i386-disc1.iso
ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-amd64-disc1.iso
ftp://ftp.freebsd.org/pub/FreeBSD/releases/ia64/ia64/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-ia64-release.iso
FreeBSD 9.x Minimal Install
In 9.x the installer changes.
Freebsd 9.0 New installer Basic Setup
1) select install
2) select United States iso-8895-1
3) set hostname
4) when prompter for docs and ports and src deselect all.
5) select guided and full partition
6) and then goto exit
7) hit save.
8) set root passwd
9) setup network interface
10) set up clock / ntpdate
11) setp daemons ssh and ntpd is all thats needed at this point
12) next add a user if you wish
13) next go to exit and reboot
After reboot
Login : root / password
for root ssh (security hole)(enable at own risk)
ee or vi /etc/ssh/sshd_conf
rm the # from infront of PermitRootLogin and change no to yes
save
then run
/etc/rc.d/sshd restart
now you can ssh into the box.
Install ports-tree & Freebsd-base-src
pkg_add -r fastest-cvsup
base src (needed if you whant mod_freetdm) (required for dahdi build)
csup -h `fastest_cvsup -c tld -q` -L2 /usr/share/examples/cvsup/src-supfile
ports tree
csup -h `fastest_cvsup -c tld -q` -L2 /usr/share/examples/cvsup/ports-supfile
cd /usr/ports/net/freeswitch-devel (FreeSwitch Meta Port) make install clean
cd /usr/ports/www/nginx make install clean
cd /usr/ports/www/fusionpbx make install clean
When it gets to the point of building php be sure to select php-fpm.
when all is installed:
edit /etc/rc.conf add 3 lines
freeswitch_enable="YES" php_fpm_enable="YES" nginx_enable="YES"
--DO NOT REBOOT UNTIL YOUR FINISHED CONFIGURING.......
Setup Nginx & ssl keys
NGINX
Replace /usr/local/etc/nginx/nginx.conf with the bellow configuration.
---(start cut here)---
#user www; worker_processes 1; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server{ listen 127.0.0.1:80; server_name 127.0.0.1; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; client_max_body_size 10M; client_body_buffer_size 128k; location / { root /usr/local/www/fusionpbx; index index.php; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/www/fusionpbx$fastcgi_script_name; } # Disable viewing .htaccess & .htpassword & .db location ~ .htaccess { deny all; } location ~ .htpassword { deny all; } location ~^.+.(db)$ { deny all; } } server{ listen 80; server_name fusionpbx; if (\$uri !~* ^.*provision.*$) { rewrite ^(.*) https://$host$1 permanent; break; } access_log /var/log/nginx/access.log; error_log /var/log/nginx/.error.log; client_max_body_size 10M; client_body_buffer_size 128k; location / { root /usr/local/www/fusionpbx; index index.php; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/www/fusionpbx$fastcgi_script_name; } # Disable viewing .htaccess & .htpassword & .db location ~ .htaccess { deny all; } location ~ .htpassword { deny all; } location ~^.+.(db)$ { deny all; } } server{ listen 443; server_name fusionpbx; access_log /var/log/nginx/access.log; error_log /var/log/nginx/.error.log; client_max_body_size 10M; client_body_buffer_size 128k; location / { root /usr/local/www/fusionpbx; index index.php; } # Disable viewing .htaccess & .htpassword & .db location ~ .htaccess { deny all; } location ~ .htpassword { deny all; } location ~^.+.(db)$ { deny all; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # #error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/www/nginx-dist; } location ~ \.php$ { root /usr/local/www/fusionpbx; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/www/fusionpbx/$fastcgi_script_name; include fastcgi_params; } ssl on; ssl_certificate /etc/ssl/www/fusionpbx/cert.pem; ssl_certificate_key /etc/ssl/www/fusionpbx/key.pem; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; client_max_body_size 25m; } }
---(end cut here)---
SSL Key Generation
mkdir -p /etc/ssl/www/fusionpbx
cd /etc/ssl/www/fusionpbx
openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 365
chmod 640 /etc/ssl/www/fusionpbx/*.pem
/usr/local/etc/rc.d/nginx start
Monit & Fail2Ban
Monit
cd /usr/ports/security/monit make install clean
Fail2Ban
cd /usr/ports/security/py-fail2ban make install clean
Postgresql Server Setup (localhost)
\----Fresh pgsql install----/
cd /usr/ports/database/postgresql84-server
make install clean
To set and configure PgSQL for use with FusionPBX,
Follow this line for line.
for a fresh pgsql install follow :
su pgsql
initdb -D /usr/local/pgsql/data
postmaster -D /usr/local/pgsql/data >logfile 2>&1 &
createuser -s -e FusionPBX
createdb -O FusionPBX FusionPBX
psql -d FusionPBX -U FusionPBX
alter user FusionPBX with password 'password';or any passwordd you want ";" required
psql -f /usr/local/www/fusionpbx/includes/install/sql/pgsql.sql FusionPBX
exit from su
For a existiting pgsql database install follow:
su pgsql
createuser -s -e FusionPBX
createdb -O FusionPBX FusionPBX
psql -d FusionPBX -U FusionPBX
ALTER USER FusionPBX with PASSWORD 'password'; or any password you want, ";" required
Now enable it in /etc/rc.conf
echo postgres_enable="YES" > /etc/rc.conf
MySql Setup (localhost)
mysql install via ports
cd /usr/ports/databases/mysql55-server
make install clean
echo mysql_enable="yes" >> /etc/rc.conf
/usr/local/etc/rc.d/mysql start
Final Step
Reboot your system and point your browser to:
https://ip.of.the.pbx
or
https://domain.name.box (Requires dns)