Difference between revisions of "FreeBSD Install"

From FusionPBX
Jump to: navigation, search
(FreeBSD 8.2 iso's)
m (nginx config: Remove spurios \$ escapes, and duplicate sections in 443 (i.e. wrong ssl configuration & second location ~ \.php$) both cause errors)
 
(59 intermediate revisions by one other user not shown)
Line 1: Line 1:
 +
 
<br>
 
<br>
 
==My Goal==
 
==My Goal==
My Goal is to make a easy to install PBX Based on Freebsd & Freeswitch & Fusionpbx .<br>
+
My Goal is to make a easy to install a PBX Based on Freebsd & Freeswitch & Fusionpbx .<br>
 +
<br>
 +
I am tired of iso's that don't work/install correctly. So I Have taken the time to walk you  <br>
 +
through a base install.<br>
 
<br>
 
<br>
I am tired of iso's that don't work/install correctly. So I Have taken the time to walk you through a base <br>
+
By Default this install is based on Freebsd 9.x, freeswitch, nginx, sqlite3, php5, and fusionpbx.<br>
install and include a script that uses ports that are maintained outside the bsd ports tree due to the fact they <br>
 
are easier to maintain and update.<br>
 
 
<br>
 
<br>
By Default this script installs nginx and sqlite3.<br>
 
 
 
If you need Apache or another web server you will have to do this yourself. (Please take the time to Document it below if you do.)<br>
 
If you need Apache or another web server you will have to do this yourself. (Please take the time to Document it below if you do.)<br>
If you wish to use mysql or Postgresql then you can select them when the nginx port buildsit only installs the connector clients.<br>
+
<br>
 
+
If you wish to use mysql or Postgresql then you can select them when the nginx port build it only installs the connector clients.<br>
 +
<br>
 
You will have to install the mysql or postgresql server either on the same box or a remote<br>  
 
You will have to install the mysql or postgresql server either on the same box or a remote<br>  
 
server of your choice and configure it properly.<br>
 
server of your choice and configure it properly.<br>
 
My new install script does all the work.<br>
 
It setus up freeswitch / nginx / sqlite3 / fusionpbx.<br>
 
 
<br>
 
<br>
It will pull and install all the needed all the FreeBSD and Freeswitch dependencies and configuration files for you.<br>
 
 
<br>
 
<br>
I am also working on a simple update script that will help update and maintain your system. I will add them to the bottom of the page with links to them. I also have script for maintaining bsd jail pbx systems I will post.<br>
+
Please contact:<br>
 
 
If you need support or have ideas, or wish to report errors in the script and install & if you wish to help maintain and update the scripts and ports.<br>
 
 
 
 
 
Please contact<br>
 
 
email: r.neese@gmail.com<br>
 
email: r.neese@gmail.com<br>
 
irc: efnet: rneese on #bsdports<br>
 
irc: efnet: rneese on #bsdports<br>
 
irc: freenode: rneese in #fusionpbx and #freeswitch<br>
 
irc: freenode: rneese in #fusionpbx and #freeswitch<br>
  
==modules not in port==
+
==modules not currenly supported in port==
 
The following modules are not in the freebsd-core port on BSD with reasons why.<BR>
 
The following modules are not in the freebsd-core port on BSD with reasons why.<BR>
 
<BR>
 
<BR>
Line 46: Line 38:
 
  #../../libs/openzap/mod_openzap (dead renamed freetdm)
 
  #../../libs/openzap/mod_openzap (dead renamed freetdm)
 
  #asr_tts/mod_cepstral(not supported on bsd)
 
  #asr_tts/mod_cepstral(not supported on bsd)
  #event_handlers/mod_cdr_mongodb  (make file issues)
+
  #event_handlers/mod_cdr_mongodb  (make file issues)(requires mod_mongo) (build issues)
 
  #event_handlers/mod_radius_cdr (needs further work on bsd)
 
  #event_handlers/mod_radius_cdr (needs further work on bsd)
 
  #languages/mod_yaml (dead)
 
  #languages/mod_yaml (dead)
 
  #languages/mod_java requires java . looking at the opensource ver.
 
  #languages/mod_java requires java . looking at the opensource ver.
 
  #timers/mod_timerfd (linux)
 
  #timers/mod_timerfd (linux)
 +
 +
 +
 +
 +
==FreeBSD 9.x iso's For Installing==
 
   
 
   
## Experimental Modules (don't cry if they're broken)
+
Download a Freebsd 9.x install iso and burn it to a disc.<br>
#../../contrib/mod/xml_int/mod_xml_odbc (dead)
+
ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-i386-disc1.iso<br>
 +
ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-amd64-disc1.iso<br>
 +
ftp://ftp.freebsd.org/pub/FreeBSD/releases/ia64/ia64/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-ia64-release.iso<BR>
 +
<br>
 +
 
 +
==FreeBSD 9.x Minimal Install==
 +
'''In 9.x the installer changes.''' <br>
 +
 
 +
Freebsd 9.0 New installer Basic Setup<br>
 +
 
 +
1) select install<br>
 +
 
 +
2) select United States iso-8895-1 <br>
  
==FreeBSD 8.2 iso's ==
+
3) set hostname<br>
Use 8.2 for a stable install<br>
 
Download a Freebsd 8.2 install iso and burn it to a disc.<br>
 
i386: ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/201105/FreeBSD-8.2-STABLE-201105-i386-disc1.iso<BR>
 
amd64: ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/201105/FreeBSD-8.2-STABLE-201105-amd64-disc1.iso<br>
 
ia64: ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/201107/FreeBSD-9.0-CURRENT-201107-ia64-release.iso<br>
 
  
==FreeBSD8.2 Minimal Install==
+
4) when prompter for docs and ports and src deselect all.<br>
Boot the iso and when you get the install menu select Custom Install.<br>
 
goto partition<br>
 
hit enter<br>
 
hit A and answer yes<br>
 
select standard<br>
 
next goto label and hit a=auto q=quit
 
goto distribution and select minimal (a) <br>
 
hit tabkey and enter <br>
 
goto media<br>
 
(For CD Install) select cd/dvd <br>
 
(FOR Net Install) select FTP / FTP Passive / Answer Questions<br>
 
then goto commit. <br>
 
the os will now install<br>
 
  
==FreeBSD Post Install Configuration==
+
5) select guided and full partition<br>
After the os installs it will ask if you want to configure the base system select yes. <br>
 
scroll down and select root password and set the password. <br>
 
scroll down and select timezone and set your time zone. <br>
 
Scroll to network and the scroll to interface and hit the spacebar and configure your network card.<br>
 
still in the network area select ntp and choose a ntpserver. Then select sshd and tcp extensions. <br>
 
scroll up to exit and hit the enter. <br>
 
scroll to startup and scroll down and deselect quotas. <br>
 
then scroll up to exit and hit enter. <br>
 
scroll up to exit . <br>
 
hit tab and select exit install. Remove the cdrom and then reboot. <br>
 
You now have a base/minimal install. <br>
 
  
==Freebsd + Freeswitch + FusionPbx - Installation Script==
+
6) and then goto exit<br>
Get the script here.<br>
 
http://dl.dropbox.com/u/152504/FreeBSD-FusionPBX/Freebsd-FusionPBX<br>
 
exec ./Freebsd-Fusionpbx and let it do its thing answering questions/prompts as needed.<br>
 
  
When the script goes to the sounds port and pulls up the sox selection you need to deselect ffmpeg if you do not wish to bloat your system with un-needed xorg libs.<br>
+
7) hit save.<br>
  
When the script prompts you for php build you will need to select the php-fpm module this replaces fastcgi. <br>
+
8) set root passwd<br>
  
Also when it prompts you for nginx you will need to select the http_ssl_ module allowing for https to function correctly<br>
+
9) setup network interface<br>
  
I will be porsting a updated script shortly to help you maintain your install when updates come out.<br>
+
10) set up clock / ntpdate<br>
  
==FreeBSD 9.x iso's For Devel and Testing ==
+
11) setp daemons ssh and ntpd is all thats needed at this point<br>
Use 9.x for beta testing and development.<br>
 
Download a Freebsd 9.x install iso and burn it to a disc.<br>
 
ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/201105/FreeBSD-9.0-CURRENT-201105-i386-dvd1.iso<br>
 
ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/201105/FreeBSD-9.0-CURRENT-201105-amd64-dvd1.iso<br>
 
ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/201107/FreeBSD-9.0-CURRENT-201107-ia64-release.iso<br>
 
<br>
 
Download a Freebsd 9.x bootonly to do a network install<br>
 
ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/201105/FreeBSD-9.0-CURRENT-201105-i386-bootonly.iso<br>
 
ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/201105/FreeBSD-9.0-CURRENT-201105-amd64-bootonly.iso<br>
 
ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/201107/FreeBSD-9.0-CURRENT-201107-ia64-bootonly.iso<br>
 
  
==FreeBSD 9.x Minimal Install==
+
12) next add a user if you wish<br>
In 9.x the installer changes. <br>
 
  
Freebsd 9.0 New installer Basic Setup<br>
+
13) next go to exit and reboot<br>
  
select install<br>
+
After reboot<br>
select UnitedStates iso-8895-1 <br>
+
Login : root / password<br>
set hostname<br>
 
deselect games and docs for a minimal install<br>
 
select guided and full partition<br>
 
and then goto exit<br>
 
hit save.<br>
 
set root passwd<br>
 
setup network interface<br>
 
set up clock / ntpdate<br>
 
setp daemons ssh and ntpd is all thats needed at this point<br>
 
next add a user if you wish<br>
 
next go to exit and reboot<br>
 
  
after reboot<br>
+
for root ssh (security hole)(enable at own risk)
login and ee /etc/ssh/sshd_conf<br>
+
ee or vi /etc/ssh/sshd_conf<br>
and rm the # from infront of PermitRootLogin and change no to yes<br>
+
rm the # from infront of PermitRootLogin and change no to yes<br>
then /etc/rc.d/sshd restart<br>
+
save<br>
 +
then run<br>
 +
/etc/rc.d/sshd restart<br>
  
 
now you can ssh into the box.<br>
 
now you can ssh into the box.<br>
  
This is a quick install using the basics. I will work on a more in-depth install later.<br>
+
==Install ports-tree & Freebsd-base-src==
when prompter for docs and ports and src deselect all.<br>
+
  pkg_add -r fastest-cvsup<br>
 +
 
 +
base src (needed if you whant mod_freetdm) (required for dahdi build)<br>
 +
  csup -h `fastest_cvsup -c tld -q` -L2 /usr/share/examples/cvsup/src-supfile
 +
 
 +
ports tree<br>
 +
  csup -h `fastest_cvsup -c tld -q` -L2 /usr/share/examples/cvsup/ports-supfile
 +
 
 +
  cd /usr/ports/net/freeswitch-devel (FreeSwitch Meta Port)
 +
  make install clean
 +
 
 +
  cd /usr/ports/www/nginx
 +
  make install clean
 +
 
 +
  cd /usr/ports/www/fusionpbx
 +
  make install clean
 +
 
 +
When it gets to the point of building php be sure to select php-fpm.
 +
<br>
 +
when all is installed:
 +
edit /etc/rc.conf add 3 lines
 +
 
 +
freeswitch_enable="YES"
 +
php_fpm_enable="YES"
 +
nginx_enable="YES"
 +
 
 +
--DO NOT REBOOT UNTIL YOUR FINISHED CONFIGURING.......
 +
 
 +
==Setup Nginx & ssl keys==
 +
'''NGINX'''<BR>
 +
Replace /usr/local/etc/nginx/nginx.conf with the bellow configuration.
 +
<br>
 +
---(start cut here)---
 +
  #user  www;
 +
  worker_processes  1;
 +
 
 +
  #pid        logs/nginx.pid;
 +
 
 +
  events {
 +
    worker_connections  1024;
 +
  }
 +
 
 +
  http {
 +
    include      mime.types;
 +
    default_type  application/octet-stream;
 +
 
 +
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
 +
    #                  '$status $body_bytes_sent "$http_referer" '
 +
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
 +
 
 +
    #access_log  logs/access.log  main;
 +
 
 +
    sendfile        on;
 +
    #tcp_nopush    on;
 +
 
 +
    #keepalive_timeout  0;
 +
    keepalive_timeout  65;
 +
 
 +
    #gzip  on;
 +
 
 +
  server{
 +
        listen 127.0.0.1:80;
 +
        server_name 127.0.0.1;
 +
        access_log /var/log/nginx/access.log;
 +
        error_log /var/log/nginx/error.log;
 +
 
 +
        client_max_body_size 10M;
 +
        client_body_buffer_size 128k;
 +
 
 +
 
 +
        location / {
 +
          root /usr/local/www/fusionpbx;
 +
          index index.php;
 +
        }
 +
 
 +
        location ~ \.php$ {
 +
            fastcgi_pass 127.0.0.1:9000;
 +
            fastcgi_index index.php;
 +
            include fastcgi_params;
 +
            fastcgi_param  SCRIPT_FILENAME /usr/local/www/fusionpbx$fastcgi_script_name;
 +
        }
 +
 
 +
        # Disable viewing .htaccess & .htpassword & .db
 +
        location ~ .htaccess {
 +
                deny all;
 +
        }
 +
        location ~ .htpassword {
 +
                deny all;
 +
        }
 +
        location ~^.+.(db)$ {
 +
                deny all;
 +
        }
 +
  }
 +
 
 +
  server{
 +
        listen 80;
 +
        server_name fusionpbx;
 +
        if (\$uri !~* ^.*provision.*$) {
 +
                rewrite ^(.*) https://$host$1 permanent;
 +
                break;
 +
        }
 +
        access_log /var/log/nginx/access.log;
 +
        error_log /var/log/nginx/.error.log;
 +
 
 +
        client_max_body_size 10M;
 +
        client_body_buffer_size 128k;
 +
 
 +
 
 +
        location / {
 +
          root /usr/local/www/fusionpbx;
 +
          index index.php;
 +
        }
 +
 +
        location ~ \.php$ {
 +
            fastcgi_pass 127.0.0.1:9000;
 +
            fastcgi_index index.php;
 +
            include fastcgi_params;
 +
            fastcgi_param  SCRIPT_FILENAME /usr/local/www/fusionpbx$fastcgi_script_name;
 +
        }
 +
 
 +
        # Disable viewing .htaccess & .htpassword & .db
 +
        location ~ .htaccess {
 +
                deny all;
 +
        }
 +
        location ~ .htpassword {
 +
                deny all;
 +
        }
 +
        location ~^.+.(db)$ {
 +
                deny all;
 +
        }
 +
  }
 +
 
 +
  server{
 +
        listen 443;
 +
        server_name fusionpbx;
 +
 
 +
        access_log /var/log/nginx/access.log;
 +
        error_log /var/log/nginx/.error.log;
 +
 
 +
        client_max_body_size 10M;
 +
        client_body_buffer_size 128k;
 +
 
 +
 
 +
        location / {
 +
          root /usr/local/www/fusionpbx;
 +
          index index.php;
 +
        }
 +
 +
        # Disable viewing .htaccess & .htpassword & .db
 +
        location ~ .htaccess {
 +
                deny all;
 +
        }
 +
        location ~ .htpassword {
 +
                deny all;
 +
        }
 +
        location ~^.+.(db)$ {
 +
                deny all;
 +
        }
 +
 
 +
        #error_page  404              /404.html;
 +
 
 +
        # redirect server error pages to the static page /50x.html
 +
        #
 +
        #error_page  500 502 503 504  /50x.html;
 +
        location = /50x.html {
 +
            root  /usr/local/www/nginx-dist;
 +
        }
 +
 
 +
        location ~ \.php$ {
 +
            root          /usr/local/www/fusionpbx;
 +
            fastcgi_pass  127.0.0.1:9000;
 +
            fastcgi_index  index.php;
 +
            fastcgi_param  SCRIPT_FILENAME  /usr/local/www/fusionpbx/$fastcgi_script_name;
 +
            include        fastcgi_params;
 +
        }
 +
 
 +
        ssl                  on;
 +
        ssl_certificate      /etc/ssl/www/fusionpbx/cert.pem;
 +
        ssl_certificate_key  /etc/ssl/www/fusionpbx/key.pem;
 +
        ssl_session_timeout  5m;
 +
        ssl_protocols  SSLv2 SSLv3 TLSv1;
 +
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
 +
        ssl_prefer_server_ciphers  on;
 +
 
 +
        client_max_body_size 25m;
 +
    }
 +
  }
 +
---(end cut here)---<br>
 +
'''SSL Key Generation'''
 +
 
 +
  mkdir -p /etc/ssl/www/fusionpbx
  
==Freebsd + Freeswitch + FusionPbx - Developers Installation Script==
+
  cd /etc/ssl/www/fusionpbx
'''If you wish to use the development ports. Please pull http://dl.dropbox.com/u/152504/FreeBSD-FusionPBX/Freebsd-FusionPBX-Devel
 
'''<br>
 
This script incluse a git port for freeswitch and a svn port for fusionpbx and any other ports I am currently testing to add to the freeswitch build.
 
  
When using the devel ports you need to refer to a few things to update the make files in the ports
+
  openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 365
  
http://files.freeswitch.org look at the sounds and music versions if they change you will have to edit thier Makefiles and change the version numbers.
+
  chmod 640 /etc/ssl/www/fusionpbx/*.pem
  
http://code.google.com/p/fusionpbx/source/list to get the latest subversion number. Then edit the devel-ports/www/fusionpbx-svn/Makefile and change<br>
+
  /usr/local/etc/rc.d/nginx start
the SVN_REV= number to the latest.
 
  
To update the devel-ports/net/freeswitch-core-git & run make git-clean & make git & make git-version. Edit the make file and change the GITVERSION= number.
+
==Monit & Fail2Ban==
 +
'''Monit'''
 +
  cd /usr/ports/security/monit
 +
  make install clean
  
I am working on a script to dothis in the future.
+
'''Fail2Ban'''
 +
  cd /usr/ports/security/py-fail2ban
 +
  make install clean
  
 
==Postgresql Server Setup (localhost)==
 
==Postgresql Server Setup (localhost)==
 
\----'''Fresh pgsql install'''----/<br>
 
\----'''Fresh pgsql install'''----/<br>
cd /usr/ports/database/postgresql84-server && make install clean<br>
+
<br>
 +
cd /usr/ports/database/postgresql84-server<br>
 +
make install clean<br>
 
To set and configure PgSQL for use with FusionPBX,<br>
 
To set and configure PgSQL for use with FusionPBX,<br>
 
Follow this line for line.<br>
 
Follow this line for line.<br>
Line 169: Line 319:
 
initdb -D /usr/local/pgsql/data<br>
 
initdb -D /usr/local/pgsql/data<br>
 
postmaster -D /usr/local/pgsql/data >logfile 2>&1 & <br>
 
postmaster -D /usr/local/pgsql/data >logfile 2>&1 & <br>
createuser -S -e FusionPBX<br>
+
createuser -s -e FusionPBX<br>
 
createdb -O FusionPBX FusionPBX<br>
 
createdb -O FusionPBX FusionPBX<br>
 
psql -d FusionPBX -U FusionPBX<br>
 
psql -d FusionPBX -U FusionPBX<br>
alter user FusionPBX with password 'pbx2010';or any passwd you want ";" required<br>
+
alter user FusionPBX with password 'password';or any passwordd you want ";" required<br>
 
psql -f /usr/local/www/fusionpbx/includes/install/sql/pgsql.sql FusionPBX<br>
 
psql -f /usr/local/www/fusionpbx/includes/install/sql/pgsql.sql FusionPBX<br>
 
exit from su<br>
 
exit from su<br>
Line 178: Line 328:
 
'''For a existiting pgsql database install follow:'''<br>
 
'''For a existiting pgsql database install follow:'''<br>
 
su pgsql<br>
 
su pgsql<br>
createuser -S -e FusionPBX<br>
+
createuser -s -e FusionPBX<br>
 
createdb -O FusionPBX FusionPBX<br>
 
createdb -O FusionPBX FusionPBX<br>
 
psql -d FusionPBX -U FusionPBX<br>
 
psql -d FusionPBX -U FusionPBX<br>
ALTER USER FusionPBX with PASSWORD 'pbx2010'; or any passwd you want, ";" required<br>
+
ALTER USER FusionPBX with PASSWORD 'password'; or any password you want, ";" required<br>
 +
 
 +
Now enable it in /etc/rc.conf<br>
 +
  echo postgres_enable="YES" > /etc/rc.conf
  
 
==MySql Setup (localhost)==
 
==MySql Setup (localhost)==
Line 195: Line 348:
 
https://ip.of.the.pbx<br>
 
https://ip.of.the.pbx<br>
 
or <br>
 
or <br>
https://domain.name.box<br>
+
https://domain.name.box (Requires dns)<br>
 
<br>
 
<br>
  
==Scripts (updated regularly)==
+
==Install & Setup Script==
 
 
http://dl.dropbox.com/u/152504/scripts/update-dev-ports<br>
 
 
 
http://dl.dropbox.com/u/152504/scripts/update-installed-ports<br>
 
 
 
==FreeBSD PBX Jail Scripts<br>==
 
These scripts are for setting up and maintaing PBX Jails<br>
 
 
 
http://dl.dropbox.com/u/152504/scripts/jails/add-pbx<br>
 
http://dl.dropbox.com/u/152504/scripts/jails/rm-pbx<br>
 
http://dl.dropbox.com/u/152504/scripts/jails/update-base-jail<br>
 
http://dl.dropbox.com/u/152504/scripts/jails/update-jail<br>
 
http://dl.dropbox.com/u/152504/scripts/jails/update-pbx-template<br>
 
http://dl.dropbox.com/u/152504/scripts/jails/update-ports-jails<br>
 
 
 
==Freebsd Jail Image==
 
 
 
==Virtual images==
 

Latest revision as of 04:38, 29 January 2013


My Goal

My Goal is to make a easy to install a PBX Based on Freebsd & Freeswitch & Fusionpbx .

I am tired of iso's that don't work/install correctly. So I Have taken the time to walk you
through a base install.

By Default this install is based on Freebsd 9.x, freeswitch, nginx, sqlite3, php5, and fusionpbx.

If you need Apache or another web server you will have to do this yourself. (Please take the time to Document it below if you do.)

If you wish to use mysql or Postgresql then you can select them when the nginx port build it only installs the connector clients.

You will have to install the mysql or postgresql server either on the same box or a remote
server of your choice and configure it properly.


Please contact:
email: r.neese@gmail.com
irc: efnet: rneese on #bsdports
irc: freenode: rneese in #fusionpbx and #freeswitch

modules not currenly supported in port

The following modules are not in the freebsd-core port on BSD with reasons why.

#applications/mod_osp (needs further devel on bsd)
#applications/mod_redis (needs further testing)
#applications/mod_stress (dead module)
#applications/mod_snipe_hunt (joke module)
#codecs/mod_sangoma_codec (not supported on bsd)
#codecs/mod_dahdi_codec (needs further testing on bsd
#directories/mod_ldap (dead)
#endpoints/mod_alsa ( not used on bsd)
#endpoints/mod_opal (currently broken on bsd)
#endpoints/mod_skypopen (not supported on bsd)
#endpoints/mod_h323 (does not build on bsd)
#../../libs/openzap/mod_openzap (dead renamed freetdm)
#asr_tts/mod_cepstral(not supported on bsd)
#event_handlers/mod_cdr_mongodb  (make file issues)(requires mod_mongo) (build issues)
#event_handlers/mod_radius_cdr (needs further work on bsd)
#languages/mod_yaml (dead)
#languages/mod_java requires java . looking at the opensource ver.
#timers/mod_timerfd (linux)



FreeBSD 9.x iso's For Installing

Download a Freebsd 9.x install iso and burn it to a disc.
ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-i386-disc1.iso
ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-amd64-disc1.iso
ftp://ftp.freebsd.org/pub/FreeBSD/releases/ia64/ia64/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-ia64-release.iso

FreeBSD 9.x Minimal Install

In 9.x the installer changes.

Freebsd 9.0 New installer Basic Setup

1) select install

2) select United States iso-8895-1

3) set hostname

4) when prompter for docs and ports and src deselect all.

5) select guided and full partition

6) and then goto exit

7) hit save.

8) set root passwd

9) setup network interface

10) set up clock / ntpdate

11) setp daemons ssh and ntpd is all thats needed at this point

12) next add a user if you wish

13) next go to exit and reboot

After reboot
Login : root / password

for root ssh (security hole)(enable at own risk) ee or vi /etc/ssh/sshd_conf
rm the # from infront of PermitRootLogin and change no to yes
save
then run
/etc/rc.d/sshd restart

now you can ssh into the box.

Install ports-tree & Freebsd-base-src

 pkg_add -r fastest-cvsup

base src (needed if you whant mod_freetdm) (required for dahdi build)

 csup -h `fastest_cvsup -c tld -q` -L2 /usr/share/examples/cvsup/src-supfile

ports tree

 csup -h `fastest_cvsup -c tld -q` -L2 /usr/share/examples/cvsup/ports-supfile
 cd /usr/ports/net/freeswitch-devel (FreeSwitch Meta Port)
 make install clean
 cd /usr/ports/www/nginx
 make install clean
 cd /usr/ports/www/fusionpbx
 make install clean

When it gets to the point of building php be sure to select php-fpm.
when all is installed: edit /etc/rc.conf add 3 lines

freeswitch_enable="YES"
php_fpm_enable="YES"
nginx_enable="YES"

--DO NOT REBOOT UNTIL YOUR FINISHED CONFIGURING.......

Setup Nginx & ssl keys

NGINX
Replace /usr/local/etc/nginx/nginx.conf with the bellow configuration.
---(start cut here)---

 #user  www;
 worker_processes  1;
 
 #pid        logs/nginx.pid;
 
 events {
   worker_connections  1024;
 }
 
 http {
   include       mime.types;
   default_type  application/octet-stream;
 
   #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
   #                  '$status $body_bytes_sent "$http_referer" '
   #                  '"$http_user_agent" "$http_x_forwarded_for"';
 
   #access_log  logs/access.log  main;
 
   sendfile        on;
   #tcp_nopush     on;
 
   #keepalive_timeout  0;
   keepalive_timeout  65;
 
   #gzip  on;
 
 server{
       listen 127.0.0.1:80;
       server_name 127.0.0.1;
       access_log /var/log/nginx/access.log;
       error_log /var/log/nginx/error.log;
 
       client_max_body_size 10M;
       client_body_buffer_size 128k;
 
 
       location / {
         root /usr/local/www/fusionpbx;
         index index.php;
       }
 
       location ~ \.php$ {
           fastcgi_pass 127.0.0.1:9000;
           fastcgi_index index.php;
           include fastcgi_params;
           fastcgi_param   SCRIPT_FILENAME /usr/local/www/fusionpbx$fastcgi_script_name;
       }
 
       # Disable viewing .htaccess & .htpassword & .db
       location ~ .htaccess {
               deny all;
       }
       location ~ .htpassword {
               deny all;
       }
       location ~^.+.(db)$ {
               deny all;
       }
 }
 
 server{
       listen 80;
       server_name fusionpbx;
       if (\$uri !~* ^.*provision.*$) {
               rewrite ^(.*) https://$host$1 permanent;
               break;
       }
       access_log /var/log/nginx/access.log;
       error_log /var/log/nginx/.error.log;
 
       client_max_body_size 10M;
       client_body_buffer_size 128k;
 
 
       location / {
         root /usr/local/www/fusionpbx;
         index index.php;
       }

       location ~ \.php$ {
           fastcgi_pass 127.0.0.1:9000;
           fastcgi_index index.php;
           include fastcgi_params;
           fastcgi_param   SCRIPT_FILENAME /usr/local/www/fusionpbx$fastcgi_script_name;
       }
 
       # Disable viewing .htaccess & .htpassword & .db
       location ~ .htaccess {
               deny all;
       }
       location ~ .htpassword {
               deny all;
       }
       location ~^.+.(db)$ {
               deny all;
       }
 }
 
 server{
       listen 443;
       server_name fusionpbx;
 
       access_log /var/log/nginx/access.log;
       error_log /var/log/nginx/.error.log;
 
       client_max_body_size 10M;
       client_body_buffer_size 128k;
 
 
       location / {
         root /usr/local/www/fusionpbx;
         index index.php;
       }

       # Disable viewing .htaccess & .htpassword & .db
       location ~ .htaccess {
               deny all;
       }
       location ~ .htpassword {
               deny all;
       }
       location ~^.+.(db)$ {
               deny all;
       }
 
       #error_page  404              /404.html;
 
       # redirect server error pages to the static page /50x.html
       #
       #error_page   500 502 503 504  /50x.html;
       location = /50x.html {
           root   /usr/local/www/nginx-dist;
       }
 
       location ~ \.php$ {
           root           /usr/local/www/fusionpbx;
           fastcgi_pass   127.0.0.1:9000;
           fastcgi_index  index.php;
           fastcgi_param  SCRIPT_FILENAME  /usr/local/www/fusionpbx/$fastcgi_script_name;
           include        fastcgi_params;
       }
  
       ssl                  on;
       ssl_certificate      /etc/ssl/www/fusionpbx/cert.pem;
       ssl_certificate_key  /etc/ssl/www/fusionpbx/key.pem;
       ssl_session_timeout  5m;
       ssl_protocols  SSLv2 SSLv3 TLSv1;
       ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
       ssl_prefer_server_ciphers   on;
 
       client_max_body_size 25m;
   }
 }

---(end cut here)---
SSL Key Generation

 mkdir -p /etc/ssl/www/fusionpbx
 cd /etc/ssl/www/fusionpbx
 openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 365 
 chmod 640 /etc/ssl/www/fusionpbx/*.pem
 /usr/local/etc/rc.d/nginx start

Monit & Fail2Ban

Monit

 cd /usr/ports/security/monit
 make install clean

Fail2Ban

 cd /usr/ports/security/py-fail2ban
 make install clean

Postgresql Server Setup (localhost)

\----Fresh pgsql install----/

cd /usr/ports/database/postgresql84-server
make install clean
To set and configure PgSQL for use with FusionPBX,
Follow this line for line.
for a fresh pgsql install follow :
su pgsql
initdb -D /usr/local/pgsql/data
postmaster -D /usr/local/pgsql/data >logfile 2>&1 &
createuser -s -e FusionPBX
createdb -O FusionPBX FusionPBX
psql -d FusionPBX -U FusionPBX
alter user FusionPBX with password 'password';or any passwordd you want ";" required
psql -f /usr/local/www/fusionpbx/includes/install/sql/pgsql.sql FusionPBX
exit from su

For a existiting pgsql database install follow:
su pgsql
createuser -s -e FusionPBX
createdb -O FusionPBX FusionPBX
psql -d FusionPBX -U FusionPBX
ALTER USER FusionPBX with PASSWORD 'password'; or any password you want, ";" required

Now enable it in /etc/rc.conf

 echo postgres_enable="YES" > /etc/rc.conf

MySql Setup (localhost)

mysql install via ports
cd /usr/ports/databases/mysql55-server
make install clean
echo mysql_enable="yes" >> /etc/rc.conf
/usr/local/etc/rc.d/mysql start

Final Step

Reboot your system and point your browser to:

https://ip.of.the.pbx
or
https://domain.name.box (Requires dns)

Install & Setup Script