Difference between revisions of "CentOS 6.2 with PostgreSQL"
(→Your Network Firewall Config) |
|||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
− | == Installing Fusion PBX on CentOS 6.2 with PostgreSQL 9.1.4 | + | == Installing Fusion PBX on CentOS 6.2 with PostgreSQL 9.1.4 == |
− | |||
Jun 2012 | Jun 2012 | ||
Line 109: | Line 108: | ||
== Installing FusionPBX == | == Installing FusionPBX == | ||
− | + | Pre 1. :) | |
+ | Install svn so we can get the script: | ||
+ | yum -y install svn | ||
1.First we're going to get the install script: | 1.First we're going to get the install script: | ||
− | + | svn export http://fusionpbx.googlecode.com/svn/trunk/scripts/install/centos6/install_fusionpbx_postgres_9.2.sh | |
2. Next make it executable | 2. Next make it executable | ||
Line 135: | Line 136: | ||
As of the writting of this, the channels on Freeswitch have not started. I reboot (by typing reboot at the command line) to reboot the voice server. When it restarts, the channels will be running. | As of the writting of this, the channels on Freeswitch have not started. I reboot (by typing reboot at the command line) to reboot the voice server. When it restarts, the channels will be running. | ||
− | |||
− | |||
== Your Network Firewall Config == | == Your Network Firewall Config == |
Latest revision as of 02:28, 29 November 2012
Contents
Installing Fusion PBX on CentOS 6.2 with PostgreSQL 9.1.4
Jun 2012 Darvin Zuch - Helia Note: The install script is still in a state of great flux and changing regularily. These steps outlined below are expected to stay the same however additional features will be added.
What you will need. (aka What Helia minimum specs are)
- A computer with at least 1GB of memory and 200G Hard drive (i.e. don't use something ancient if you don't want headaches) - A 8GB usb drive - A ssh client (Putty for Windows)
Open source is not free. If your are planning a production system, you will need to buy hardware and G.729 codec licenses. If you're not budgeting for software and support, you're stupid. Yes, listen, breathe, and be strong. This goes for any open source project. Budget for a couple hours of paid FusionPBX support for every system you deploy - whether you need it or not. Submit the money immediately. This keeps the project healthly and ensures that you're able to maintain the pbx years down the road because the project will not be dead.
FusionPBX has training classes. If you are planning to do this for more than a hobby, talk to your boss or your wife or who ever controls your budget and make sure you come out to the training.
Script Features
The current install script for CentOS and PostgreSQL also installs a number of other features including:
- NTP - to serve time to your phones - Fail2Ban - To help deny fraudulant endpoints - SRTP - to encrpypt the audio streams of your calls - SIPS - to encrypt the handshaking of your calls - SNMP - to allow external management systems to monitor the health of your voice server. - RTMP support to allow for non-sip connections
As of this writing the following features are installed but have incomplete configurations:
- Full licensed G.729 support. Required by some ITSP carriers and allows for G.729 transcoding. - NibbleBill - Additional anti-fraud tool and account based call tracking.
Installing CentOS 6.2
Use a tool called iso2usb ([1]) to make a bootable version of the CentOS install.
1. Download CentOS 6.2 ([2]).
Helia downloads the entire 3.6G iso as we're expecting to install many systems so don't want to wait on download speeds for each system. The ISO we use is named: CentOS-6.2-i386-bin-DVD1.iso.. We us the i386 version and not the 64bit version. We don't put more than 2G of memory in and if you do, you have a very large system and should be hand-crafting your install. 64 bit may work with these instructions but has not been tested. Use iso2usb to write the iso to the 8GB usb drive. We've had trouble with the 4G drive. The ISO seems just a little to big. If you're able to get it to work with a 4 G drive, please send in an update.
2. Now comes the tricky part, updating your computer bios.
You'll need to get into your bios (On our systems, press F12 at boot on the bios screen) and find boot options and make your USB device (make sure its already plugged in) the primary boot device. While your in here, most modern bios has the option to start the computer when the power is pluged in. We set this to enabled as if there is a power outage on your voice server, you want it to automatically start when the power comes back on.
3. Reboot the computer and you should have the CentOS 6.2 install menu.
4. On the "Disc Found" screen, we normally "skip" the media test
5. On the "Welcome" GUI screen, click next
6. Select your language, probably English if your reading this, and select Next
7. Keboard as well is probably English (US) and select Next
8. On the next screen "Basic Storage Device" is default. Select Next.
9. Here you have to set your physical hard drives as your boot device. Your USB drive should remain on the left side as it is only temporary
10. At the "Storage Device Warning", select "Yes..."
11. At the hostname screen, enter your hostaname, we usually name ours fusionpbx0XX. Hostnames are not case sensitive.
12. Select your timezone and select next
13. Enter a root password. Ensure you use a strong password
14. Yes to "Write Changes to Disc"
These instructions and script are written for the "Basic Server" install. Select "Basic Server" and Next to continue. Go for coffee and when your back click "Reboot" to restart the system.
15. The network card is not enabled by default on the Basic Server Install. Here's what we do to enable it: Note: I use VI as an editor because its there on every linux/bsd/solaris distribution.
16. At the command prompt: vi /etc/sysconfig/network-scripts/ifcfg-eth0
17. Press on your keyboard to enter into "insert" mode
18. Cursor down to ONBOOT=no and change it to yes
19. Press <esc> to exit insert mode and then type <:><x> to save and exit
20. Back at the command prompt type setup to enter the CentOS setup utility
21. Select the "Network configuration" tool and then the "Run Tool" button (Use the cursor and tab keys)
22. From the "Select Action" menu, select "Device configuration" and press <Enter>
23. From the "Select A Device" menu, select your network device (probably eth0) and press <Enter> I highly recommend you use a static IP address. You'll need to set up port forwarding rules on your router and if you use dhcp your asking for trouble.
24. Select the <Ok> button to continue, then <Save>, then <Save&Quit>, then <Quit> and your back at the command prompt
25. At the command prompt, type the following to start your network configuration. /etc/init.d/network restart
You can type: ifconfig to see your current network settings Its a good idea to update your system. The FusionPBX install script does this but if your concerned you don't have an internet connection, you can try it now by typing: yum update From here on out you can run headless. That means unplug your keyboard, mouse and monitor from your voice server and stick it in a corner. All it needs is a network and power cable. If your a windows user install Putty ([3]). If your a Mac user, use the terminal app that comes with OSX. Connect via SSH using your root credentials
Installing FusionPBX
Pre 1. :) Install svn so we can get the script: yum -y install svn
1.First we're going to get the install script: svn export http://fusionpbx.googlecode.com/svn/trunk/scripts/install/centos6/install_fusionpbx_postgres_9.2.sh
2. Next make it executable chmod 755 install_fusionpbx_postgres_9.2.sh
3. Now start the install: ./install_fusionpbx_postgres_9.2.sh
The FusionPBX script creates certificates for encrypting your SIP traffic. It also installs SNMP for monitoring system health. The script is about to ask you some information about support contacts. This is added to the SNMP config. The host name and domain should be your public FQDN as its used to create the certs. The script and these instructions assume a multi-tenant install even if you only have one tenant (domain / customer). Your phones will need to to use a hostname to register to the system and not an IP address. Complete these questions as appropriate for your deployment. As the script finishes, there are two more confirmations for the certificate creation. Select yes for both of these. After the script is complete (and there is always the possibility of errors as lib names are updated so watch your log), you'll need to finish FusionPBX install via the web interface
4. Open a browser on your normal workstation and navigate to the IP address of the FusionPBX server
5. On "Step 1", change the Database Type to "postgresql"
Enter in the username and password. This is what you will use to log in to FusionPBX web ui as the super admin. As always, use a strong password.
Select "Next" to continue
6. On "Step 2" all the defaults remain exept the Database Name and Username. Both of these we set as fusionpbx. The script install the postgres user so it can't be used interactively. You need to be root to su to it. The config also disallows anything but localhost from connecting. If you are a linux wizard, I invite you to review the config and comment. I am still a linux wizard in training and these settings pre-date me.
7. Click "Install" to continue.
As of the writting of this, the channels on Freeswitch have not started. I reboot (by typing reboot at the command line) to reboot the voice server. When it restarts, the channels will be running.
Your Network Firewall Config
We use exclusively Cradlepoint firewalls for our installs and found that the MBR 95 and MBR 1400 work well and have a terrific price point. As firewalls configs vary wildly, below are some general pointers.
Other points:
- Ensure that you're using "Static ports". By default, any bsd based firewall will scramble the ports as a security measure. This is not good for VoIP.
- Ensure ALG or other "firewall auto-config" is turned off. These cause more trouble than good.
- Ensure you are not "Double Nat-ed". If your network firewall does not have a public IP address (as opposed to a 192.168.x.x or 10.x.x.x or 172.x.x.x address) you'll be in for some trouble
- Set up your port forwarding for the following ports:
5080-5081 UDP and TCP These are the Freeswitch SIP gateway ports used for unauthenticated connections i.e. your ITSP. 5081 is for encrypted traffic
5060-5061 UDP and TCP These are the Freeswitch SIP phone ports used for authenticated connections i.e. your remote phones. 5061 is for encrypted traffic.
80, 443 TCP This is for FusionPBX web ui traffic. Don't add these if you don't want external access to your web ui. We usually turn it on for the first 30 days of an install so we can work out config changes quickly and then turn it off.
16384 - 32768 UDP These are the FreeSWITCH RTP ports for the media channels (aka the streaming voice for the call)