Browse Source

copied over install scripts to adapt

master
i am da real crt yes 9 months ago
parent
commit
fc4fa7a8fb
  1. 61
      Install_Scripts/debian/install.sh
  2. 13
      Install_Scripts/debian/pre-install.sh
  3. 48
      Install_Scripts/debian/resources/arguments.sh
  4. 27
      Install_Scripts/debian/resources/backup/fusionpbx-backup
  5. 137
      Install_Scripts/debian/resources/backup/fusionpbx-maintenance
  6. 25
      Install_Scripts/debian/resources/colors.sh
  7. 29
      Install_Scripts/debian/resources/config.sh
  8. 103
      Install_Scripts/debian/resources/environment.sh
  9. 37
      Install_Scripts/debian/resources/fail2ban.sh
  10. 21
      Install_Scripts/debian/resources/fail2ban/auth-challenge-ip.conf
  11. 20
      Install_Scripts/debian/resources/fail2ban/freeswitch-acl.conf
  12. 20
      Install_Scripts/debian/resources/fail2ban/freeswitch-ip.conf
  13. 18
      Install_Scripts/debian/resources/fail2ban/freeswitch.conf
  14. 27
      Install_Scripts/debian/resources/fail2ban/fusionpbx-404.conf
  15. 20
      Install_Scripts/debian/resources/fail2ban/fusionpbx-mac.conf
  16. 25
      Install_Scripts/debian/resources/fail2ban/fusionpbx.conf
  17. 143
      Install_Scripts/debian/resources/fail2ban/jail.local
  18. 5
      Install_Scripts/debian/resources/fail2ban/nginx-404.conf
  19. 14
      Install_Scripts/debian/resources/fail2ban/nginx-dos.conf
  20. 21
      Install_Scripts/debian/resources/fail2ban/sip-auth-challenge.conf
  21. 21
      Install_Scripts/debian/resources/fail2ban/sip-auth-failure.conf
  22. 145
      Install_Scripts/debian/resources/finish.sh
  23. 35
      Install_Scripts/debian/resources/fusionpbx.sh
  24. 47
      Install_Scripts/debian/resources/fusionpbx/config.php
  25. 126
      Install_Scripts/debian/resources/ioncube.sh
  26. 68
      Install_Scripts/debian/resources/iptables.sh
  27. 130
      Install_Scripts/debian/resources/letsencrypt.sh
  28. 22
      Install_Scripts/debian/resources/letsencrypt/domain_name.conf
  29. 19
      Install_Scripts/debian/resources/monit.sh
  30. 3
      Install_Scripts/debian/resources/monit/freeswitch
  31. 5
      Install_Scripts/debian/resources/monit/shell.sh
  32. 30
      Install_Scripts/debian/resources/nftables.sh
  33. 84
      Install_Scripts/debian/resources/nginx.sh
  34. 305
      Install_Scripts/debian/resources/nginx/fusionpbx
  35. 139
      Install_Scripts/debian/resources/php.sh
  36. 116
      Install_Scripts/debian/resources/postgresql.sh
  37. 31
      Install_Scripts/debian/resources/postgresql/create.sh
  38. 70
      Install_Scripts/debian/resources/postgresql/dsn.sh
  39. 27
      Install_Scripts/debian/resources/postgresql/empty.sh
  40. 54
      Install_Scripts/debian/resources/postgresql/iptables.sh
  41. 177
      Install_Scripts/debian/resources/postgresql/node.sh
  42. 97
      Install_Scripts/debian/resources/postgresql/pg_hba.conf
  43. 62
      Install_Scripts/debian/resources/postgresql/pg_hba.sh
  44. 618
      Install_Scripts/debian/resources/postgresql/postgresql.conf
  45. 4
      Install_Scripts/debian/resources/random.sh
  46. 37
      Install_Scripts/debian/resources/reboot_phones.sh
  47. 32
      Install_Scripts/debian/resources/reset_admin_password.sh
  48. 27
      Install_Scripts/debian/resources/sngrep.sh
  49. 52
      Install_Scripts/debian/resources/switch.sh
  50. 3
      Install_Scripts/debian/resources/switch/conf-copy.sh
  51. 57
      Install_Scripts/debian/resources/switch/dsn.sh
  52. 27
      Install_Scripts/debian/resources/switch/package-all.sh
  53. 9
      Install_Scripts/debian/resources/switch/package-master-all.sh
  54. 31
      Install_Scripts/debian/resources/switch/package-master.sh
  55. 13
      Install_Scripts/debian/resources/switch/package-permissions.sh
  56. 56
      Install_Scripts/debian/resources/switch/package-release.sh
  57. 13
      Install_Scripts/debian/resources/switch/package-systemd.sh
  58. 25
      Install_Scripts/debian/resources/switch/repo.sh
  59. 41
      Install_Scripts/debian/resources/switch/source-master.sh
  60. 5
      Install_Scripts/debian/resources/switch/source-permissions.sh
  61. 143
      Install_Scripts/debian/resources/switch/source-release.sh
  62. 15
      Install_Scripts/debian/resources/switch/source-systemd.sh
  63. 24
      Install_Scripts/debian/resources/switch/source-to-package.sh
  64. 2
      Install_Scripts/debian/resources/switch/source/etc.default.freeswitch.package
  65. 4
      Install_Scripts/debian/resources/switch/source/etc.default.freeswitch.source
  66. 62
      Install_Scripts/debian/resources/switch/source/freeswitch.service.package
  67. 57
      Install_Scripts/debian/resources/switch/source/freeswitch.service.source
  68. 53
      Install_Scripts/debian/resources/switch/source/mod_pgsql.patch
  69. 44
      Install_Scripts/debian/resources/upgrade/php.sh
  70. 60
      Install_Scripts/ubuntu/install.sh
  71. 13
      Install_Scripts/ubuntu/pre-install.sh
  72. 48
      Install_Scripts/ubuntu/resources/arguments.sh
  73. 27
      Install_Scripts/ubuntu/resources/backup/fusionpbx-backup
  74. 119
      Install_Scripts/ubuntu/resources/backup/fusionpbx-maintenance
  75. 25
      Install_Scripts/ubuntu/resources/colors.sh
  76. 28
      Install_Scripts/ubuntu/resources/config.sh
  77. 95
      Install_Scripts/ubuntu/resources/environment.sh
  78. 35
      Install_Scripts/ubuntu/resources/fail2ban.sh
  79. 21
      Install_Scripts/ubuntu/resources/fail2ban/auth-challenge-ip.conf
  80. 20
      Install_Scripts/ubuntu/resources/fail2ban/freeswitch-ip.conf
  81. 18
      Install_Scripts/ubuntu/resources/fail2ban/freeswitch.conf
  82. 27
      Install_Scripts/ubuntu/resources/fail2ban/fusionpbx-404.conf
  83. 20
      Install_Scripts/ubuntu/resources/fail2ban/fusionpbx-mac.conf
  84. 25
      Install_Scripts/ubuntu/resources/fail2ban/fusionpbx.conf
  85. 131
      Install_Scripts/ubuntu/resources/fail2ban/jail.local
  86. 5
      Install_Scripts/ubuntu/resources/fail2ban/nginx-404.conf
  87. 14
      Install_Scripts/ubuntu/resources/fail2ban/nginx-dos.conf
  88. 21
      Install_Scripts/ubuntu/resources/fail2ban/sip-auth-challenge.conf
  89. 21
      Install_Scripts/ubuntu/resources/fail2ban/sip-auth-failure.conf
  90. 145
      Install_Scripts/ubuntu/resources/finish.sh
  91. 35
      Install_Scripts/ubuntu/resources/fusionpbx.sh
  92. 47
      Install_Scripts/ubuntu/resources/fusionpbx/config.php
  93. 94
      Install_Scripts/ubuntu/resources/ioncube.sh
  94. 48
      Install_Scripts/ubuntu/resources/iptables.sh
  95. 127
      Install_Scripts/ubuntu/resources/letsencrypt.sh
  96. 22
      Install_Scripts/ubuntu/resources/letsencrypt/domain_name.conf
  97. 67
      Install_Scripts/ubuntu/resources/nginx.sh
  98. 268
      Install_Scripts/ubuntu/resources/nginx/fusionpbx
  99. 106
      Install_Scripts/ubuntu/resources/php.sh
  100. 90
      Install_Scripts/ubuntu/resources/postgresql.sh

61
Install_Scripts/debian/install.sh

@ -0,0 +1,61 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./resources/config.sh
. ./resources/colors.sh
. ./resources/environment.sh
# removes the cd img from the /etc/apt/sources.list file (not needed after base install)
sed -i '/cdrom:/d' /etc/apt/sources.list
#Update to latest packages
verbose "Update installed packages"
apt-get update && apt-get upgrade -y
#Add dependencies
apt-get install -y wget
apt-get install -y lsb-release
apt-get install -y systemd
apt-get install -y systemd-sysv
apt-get install -y ca-certificates
apt-get install -y dialog
apt-get install -y nano
apt-get install -y net-tools
#SNMP
apt-get install -y snmpd
echo "rocommunity public" > /etc/snmp/snmpd.conf
service snmpd restart
#IPTables
resources/iptables.sh
#sngrep
resources/sngrep.sh
#FusionPBX
resources/fusionpbx.sh
#PHP
resources/php.sh
#NGINX web server
resources/nginx.sh
#FreeSWITCH
resources/switch.sh
#Fail2ban
resources/fail2ban.sh
#Postgres
resources/postgresql.sh
#set the ip address
server_address=$(hostname -I)
#add the database schema, user and groups
resources/finish.sh

13
Install_Scripts/debian/pre-install.sh

@ -0,0 +1,13 @@
#!/bin/sh
#upgrade the packages
apt-get update && apt-get upgrade -y
#install packages
apt-get install -y git lsb-release
#get the install script
cd /usr/src && git clone https://github.com/fusionpbx/fusionpbx-install.sh.git
#change the working directory
cd /usr/src/fusionpbx-install.sh/debian

48
Install_Scripts/debian/resources/arguments.sh

@ -0,0 +1,48 @@
#!/bin/sh
#Process command line options only if we haven't been processed once
if [ -z "$CPU_CHECK" ]; then
export script_name=`basename "$0"`
ARGS=$(getopt -n '$script_name' -o h -l help,use-switch-source,use-switch-package-all,use-switch-master,use-switch-package-unofficial-arm,use-php5-package,use-system-master,no-cpu-check -- "$@")
if [ $? -ne 0 ]; then
error "Failed parsing options."
exit 1
fi
export USE_SWITCH_SOURCE=false
export USE_SWITCH_PACKAGE_ALL=false
export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=false
export USE_PHP5_PACKAGE=false
export USE_SWITCH_MASTER=false
export USE_SYSTEM_MASTER=false
export CPU_CHECK=true
HELP=false
while true; do
case "$1" in
--use-switch-source ) export USE_SWITCH_SOURCE=true; shift ;;
--use-switch-package-all ) export USE_SWITCH_PACKAGE_ALL=true; shift ;;
--use-switch-master ) export USE_SWITCH_MASTER=true; shift ;;
--use-system-master ) export USE_SYSTEM_MASTER=true; shift ;;
--use-php5-package ) export USE_PHP5_PACKAGE=true; shift ;;
--use-switch-package-unofficial-arm ) export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=true; export USE_PHP5_PACKAGE=true; shift ;;
--no-cpu-check ) export CPU_CHECK=false; shift ;;
-h | --help ) HELP=true; shift ;;
-- ) shift; break ;;
* ) break ;;
esac
done
if [ .$HELP = .true ]; then
warning "Debian installer script"
warning " --use-switch-source will use freeswitch from source rather than ${green}(default:packages)"
warning " --use-switch-package-all if using packages use the meta-all package"
warning " --use-switch-package-unofficial-arm if your system is arm and you are using packages, use the unofficial arm repo and force php5* packages"
warning " --use-php5-package use php5* packages instead of ${green}(default:php7.0)"
warning " --use-switch-master will use master branch/packages for the switch instead of ${green}(default:stable)"
warning " --use-system-master will use master branch/packages for the system instead of ${green}(default:stable)"
warning " --no-cpu-check disable the cpu check ${green}(default:check)"
exit;
fi
fi

27
Install_Scripts/debian/resources/backup/fusionpbx-backup

@ -0,0 +1,27 @@
#!/bin/sh
export PGPASSWORD="zzz"
db_host=127.0.0.1
db_port=5432
now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql
echo "Backup Started"
#delete postgres backups
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm -f {} \;
#delete the main backup
find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm -f {} \;
#backup the database
pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
#package
#tar --exclude='/var/lib/freeswitch/recordings/*/archive' -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch /usr/share/freeswitch/sounds/music/
#source
#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf /usr/local/freeswitch/sounds/music/
echo "Backup Completed"

137
Install_Scripts/debian/resources/backup/fusionpbx-maintenance

@ -0,0 +1,137 @@
#!/bin/sh
#settings
export PGPASSWORD="zzz"
db_host=127.0.0.1
db_port=5432
switch_package=true # true or false
purge_voicemail=false
purge_call_recordings=false
purge_cdrs=false
purge_fax=false
purge_switch_logs=true
purge_php_sessions=true
purge_database_transactions=true
purge_email_queue=false
purge_fax_queue=true
days_keep_voicemail=90
days_keep_call_recordings=90
days_keep_cdrs=90
days_keep_fax=90
days_keep_switch_logs=7
days_keep_php_sessions=8
days_keep_database_transactions=30
days_keep_email_queue=30
days_keep_fax_queue=30
#set the date
now=$(date +%Y-%m-%d)
#make sure the directory exists
if [ -e /var/backups/fusionpbx/postgresql ]; then
echo "postgres backup directory exists"
else
mkdir -p /var/backups/fusionpbx/postgresql
fi
#show message to the console
echo "Maintenance Started"
if [ .$purge_switch_logs = .true ]; then
#delete freeswitch logs older 7 days
if [ .$switch_package = .true ]; then
find /var/log/freeswitch/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
else
find /usr/local/freeswitch/log/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
fi
else
echo "not purging Freeswitch logs"
fi
if [ .$purge_fax = .true ]; then
#delete fax older than 90 days
if [ .$switch_package = .true ]; then
echo ".";
find /var/lib/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
find /var/lib/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
else
echo ".";
find /usr/local/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
find /usr/local/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
fi
#delete from the database
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_logs WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
else
echo "not purging Faxes"
fi
if [ .$purge_call_recordings = .true ]; then
#delete call recordings older than 90 days
if [ .$switch_package = .true ]; then
find /var/lib/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
find /var/lib/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
else
find /usr/local/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
find /usr/local/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
fi
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_call_recordings WHERE call_recording_date < NOW() - INTERVAL '90 days'"
else
echo "not purging Recordings."
fi
if [ .$purge_voicemail = .true ]; then
#delete voicemail older than 90 days
if [ .$switch_package = .true ]; then
echo ".";
find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
else
echo ".";
find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
fi
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '$days_keep_voicemail days'"
else
echo "not purging voicemails."
fi
if [ .$purge_cdrs = .true ]; then
#delete call detail records older 90 days
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '$days_keep_cdrs days'"
else
echo "not purging CDRs."
fi
#delete php sessions
if [ .$purge_php_sessions = .true ]; then
find /var/lib/php/sessions/* -name 'sess_*' -mtime +$days_keep_php_sessions -exec rm {} \;
else
echo "not purging PHP Sessions."
fi
#delete database_transactions older 90 days
if [ .$purge_database_transactions = .true ]; then
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_database_transactions where transaction_date < NOW() - INTERVAL '$days_keep_database_transactions days'"
else
echo "not purging database_transactions."
fi
#delete email_queue older 30 days
if [ .$purge_email_queue = .true ]; then
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_email_queue where email_status = 'sent' and email_date < NOW() - INTERVAL '$days_keep_email_queue days'"
else
echo "not purging email_queue."
fi
#delete fax_queue older 30 days
if [ .$purge_fax_queue = .true ]; then
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_queue where fax_status = 'sent' and fax_date < NOW() - INTERVAL '$days_keep_fax_queue days'"
else
echo "not purging fax_queue."
fi
#completed message
echo "Maintenance Completed";

25
Install_Scripts/debian/resources/colors.sh

@ -0,0 +1,25 @@
#!/bin/sh
verbose () {
echo "${green}$1${normal}"
}
error () {
echo "${red}$1${normal}"
}
warning () {
echo "${yellow}$1${normal}"
}
# check for color support
if test -t 1; then
# see if it supports colors...
ncolors=$(tput colors)
if test -n "$ncolors" && test $ncolors -ge 8; then
normal="$(tput sgr0)"
red="$(tput setaf 1)"
green="$(tput setaf 2)"
yellow="$(tput setaf 3)"
fi
fi

29
Install_Scripts/debian/resources/config.sh

@ -0,0 +1,29 @@
# FusionPBX Settings
domain_name=ip_address # hostname, ip_address or a custom value
system_username=admin # default username admin
system_password=random # random or a custom value
system_branch=master # master, stable
# FreeSWITCH Settings
switch_branch=stable # master, stable
switch_source=true # true (source compile) or false (binary package)
switch_package=false # true (binary package) or false (source compile)
switch_version=1.10.7 # which source code to download, only for source
switch_tls=true # true or false
switch_token= # Get the auth token from https://signalwire.com
# Signup or Login -> Profile -> Personal Auth Token
# Sofia-Sip Settings
sofia_version=1.13.8 # release-version for sofia-sip to use
# Database Settings
database_password=random # random or a custom value (safe characters A-Z, a-z, 0-9)
database_repo=official # PostgreSQL official, system, 2ndquadrant
database_version=latest # requires repo official
database_host=127.0.0.1 # hostname or IP address
database_port=5432 # port number
database_backup=false # true or false
# General Settings
php_version=7.4 # PHP version 7.1, 7.3, 7.4
letsencrypt_folder=true # true or false

103
Install_Scripts/debian/resources/environment.sh

@ -0,0 +1,103 @@
#!/bin/sh
#make sure lsb release is installed
apt-get install lsb-release
#operating system details
os_name=$(lsb_release -is)
os_codename=$(lsb_release -cs)
os_mode='unknown'
#cpu details
cpu_name=$(uname -m)
cpu_architecture='unknown'
cpu_mode='unknown'
#set the environment path
export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
#check what the CPU and OS are
if [ .$cpu_name = .'armv6l' ]; then
# RaspberryPi Zero
os_mode='32'
cpu_mode='32'
cpu_architecture='arm'
elif [ .$cpu_name = .'armv7l' ]; then
# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
os_mode='32'
cpu_mode='32'
cpu_architecture='arm'
elif [ .$cpu_name = .'armv8l' ]; then
# No test case for armv8l
os_mode='unknown'
cpu_mode='64'
cpu_architecture='arm'
elif [ .$cpu_name = .'aarch64' ]; then
os_mode='64'
cpu_mode='64'
cpu_architecture='arm'
elif [ .$cpu_name = .'i386' ]; then
os_mode='32'
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
cpu_mode='64'
else
cpu_mode='32'
fi
cpu_architecture='x86'
elif [ .$cpu_name = .'i686' ]; then
os_mode='32'
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
cpu_mode='64'
else
cpu_mode='32'
fi
cpu_architecture='x86'
elif [ .$cpu_name = .'x86_64' ]; then
os_mode='64'
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
cpu_mode='64'
else
cpu_mode='32'
fi
cpu_architecture='x86'
else
error "You are using an unsupported cpu '$cpu_name'"
exit 3
fi
if [ .$cpu_architecture = .'arm' ]; then
if [ .$os_mode = .'32' ]; then
verbose "Correct CPU and Operating System detected, using the ARM repo"
elif [ .$os_mode = .'64' ]; then
error "You are using a 64bit arm OS this is unsupported"
switch_source=true
switch_package=false
else
error "Unknown OS mode $os_mode this is unsupported"
switch_source=true
switch_package=false
fi
elif [ .$cpu_architecture = .'x86' ]; then
if [ .$os_mode = .'32' ]; then
error "You are using a 32bit OS this is unsupported"
if [ .$cpu_mode = .'64' ]; then
warning " Your CPU is 64bit you should consider reinstalling with a 64bit OS"
fi
switch_source=true
switch_package=false
elif [ .$os_mode = .'64' ]; then
verbose "Correct CPU and Operating System detected"
else
error "Unknown Operating System mode '$os_mode' is unsupported"
switch_source=true
switch_package=false
fi
else
error "You are using an unsupported architecture '$cpu_architecture'"
warning "Detected environment was :-"
warning "os_name:'$os_name'"
warning "os_codename:'$os_codename'"
warning "os_mode:'$os_mode'"
warning "cpu_name:'$cpu_name'"
exit 3
fi

37
Install_Scripts/debian/resources/fail2ban.sh

@ -0,0 +1,37 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Installing Fail2ban"
#add the dependencies
apt-get install -y fail2ban
#move the filters
cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
cp fail2ban/freeswitch-acl.conf /etc/fail2ban/filter.d/freeswitch-acl.conf
cp fail2ban/sip-auth-failure.conf /etc/fail2ban/filter.d/sip-auth-failure.conf
cp fail2ban/sip-auth-challenge.conf /etc/fail2ban/filter.d/sip-auth-challenge.conf
cp fail2ban/auth-challenge-ip.conf /etc/fail2ban/filter.d/auth-challenge-ip.conf
cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
cp fail2ban/fusionpbx-mac.conf /etc/fail2ban/filter.d/fusionpbx-mac.conf
cp fail2ban/fusionpbx-404.conf /etc/fail2ban/filter.d/fusionpbx-404.conf
cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
cp fail2ban/jail.local /etc/fail2ban/jail.local
#update config if source is being used
#if [ .$switch_source = .true ]; then
# sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
#fi
#restart fail2ban
/usr/sbin/service fail2ban restart

21
Install_Scripts/debian/resources/fail2ban/auth-challenge-ip.conf

@ -0,0 +1,21 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#[WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [+972592277524@xxx.xxx.xxx.xxx] from ip 209.160.120.12
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((INVITE|REGISTER)\) on sofia profile \'.*\' for \[.*@\d+.\d+.\d+.\d+\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

20
Install_Scripts/debian/resources/fail2ban/freeswitch-acl.conf

@ -0,0 +1,20 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#2021-02-03 16:27:57.292697 [WARNING] sofia_reg.c:2353 IP 62.210.78.91 Rejected by register acl "domains"
failregex = \[WARNING\] sofia_reg.c:\d+ IP <HOST> Rejected by register acl
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

20
Install_Scripts/debian/resources/fail2ban/freeswitch-ip.conf

@ -0,0 +1,20 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#2014-12-01 00:47:54.331821 [WARNING] sofia_reg.c:2752 Can't find user [1000@xxx.xxx.xxx.xxx] from 62.210.151.162
failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

18
Install_Scripts/debian/resources/fail2ban/freeswitch.conf

@ -0,0 +1,18 @@
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

27
Install_Scripts/debian/resources/fail2ban/fusionpbx-404.conf

@ -0,0 +1,27 @@
# Fail2Ban configuration file
# inbound route - 404 not found
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
#[hostname] variable doesn't seem to work in every case. Do this instead:
failregex = 404 not found <HOST>
#EXECUTE sofia/external/8888888888888@example.fusionpbx.com log([inbound routes] 404 not found 82.68.115.62)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

20
Install_Scripts/debian/resources/fail2ban/fusionpbx-mac.conf

@ -0,0 +1,20 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#Oct 9 02:56:16 m1 fusionpbx-provision[28628]: [10.0.0.1] invalid mac address 000000000000
failregex = \[<HOST>\] invalid mac address
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

25
Install_Scripts/debian/resources/fail2ban/fusionpbx.conf

@ -0,0 +1,25 @@
# Fail2Ban configuration file
#
# Author: soapee01
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
#[hostname] variable doesn't seem to work in every case. Do this instead:
failregex = .* FusionPBX: \[<HOST>\] authentication failed for
= .* FusionPBX: \[<HOST>\] provision attempt bad password for
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

143
Install_Scripts/debian/resources/fail2ban/jail.local

@ -0,0 +1,143 @@
[ssh]
enabled = true
port = 22
protocol = ssh
filter = sshd
logpath = /var/log/auth.log
action = iptables-allports[name=sshd, protocol=all]
maxretry = 6
findtime = 60
bantime = 86400
[freeswitch]
enabled = false
port = 5060:5091
protocol = all
filter = freeswitch
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch, protocol=all]
maxretry = 10
findtime = 60
bantime = 3600
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
[freeswitch-acl]
enabled = false
port = 5060:5091
protocol = all
filter = freeswitch-acl
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch-acl, protocol=all]
maxretry = 900
findtime = 60
bantime = 86400
[freeswitch-ip]
enabled = false
port = 5060:5091
protocol = all
filter = freeswitch-ip
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch-ip, protocol=all]
maxretry = 1
findtime = 60
bantime = 86400
[auth-challenge-ip]
enabled = false
port = 5060:5091
protocol = all
filter = auth-challenge-ip
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=auth-challenge-ip, protocol=all]
maxretry = 1
findtime = 60
bantime = 86400
[sip-auth-challenge]
enabled = false
port = 5060:5091
protocol = all
filter = sip-auth-challenge
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=sip-auth-challenge, protocol=all]
maxretry = 100
findtime = 60
bantime = 7200
[sip-auth-failure]
enabled = false
port = 5060:5091
protocol = all
filter = sip-auth-failure
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=sip-auth-failure, protocol=all]
maxretry = 6
findtime = 60
bantime = 7200
[fusionpbx-404]
enabled = false
port = 5060:5091
protocol = all
filter = fusionpbx-404
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=fusionpbx-404, protocol=all]
maxretry = 6
findtime = 60
bantime = 86400
[fusionpbx]
enabled = true
port = 80,443
protocol = tcp
filter = fusionpbx
logpath = /var/log/auth.log
action = iptables-allports[name=fusionpbx, protocol=all]
# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
maxretry = 20
findtime = 60
bantime = 3600
[fusionpbx-mac]
enabled = true
port = 80,443
protocol = tcp
filter = fusionpbx-mac
logpath = /var/log/syslog
action = iptables-allports[name=fusionpbx-mac, protocol=all]
# sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed
maxretry = 10
findtime = 60
bantime = 86400
[nginx-404]
enabled = true
port = 80,443
protocol = tcp
filter = nginx-404
logpath = /var/log/nginx/access*.log
action = iptables-allports[name=nginx-404, protocol=all]
bantime = 3600
findtime = 60
maxretry = 300
[nginx-dos]
# Based on apache-badbots but a simple IP check (any IP requesting more than
# 300 pages in 60 seconds, or 5p/s average, is suspicious)
enabled = true
port = 80,443
protocol = tcp
filter = nginx-dos
logpath = /var/log/nginx/access*.log
action = iptables-allports[name=nginx-dos, protocol=all]
findtime = 60
bantime = 86400
maxretry = 800

5
Install_Scripts/debian/resources/fail2ban/nginx-404.conf

@ -0,0 +1,5 @@
# Fail2Ban configuration file
#
[Definition]
failregex = <HOST> - - \[.*\] "(GET|POST).*HTTP[^ ]* 404
ignoreregex =

14
Install_Scripts/debian/resources/fail2ban/nginx-dos.conf

@ -0,0 +1,14 @@
# Fail2Ban configuration file
[Definition]
# Option: failregex
# Notes.: Regexp to catch a generic call from an IP address.
# Values: TEXT
#
failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

21
Install_Scripts/debian/resources/fail2ban/sip-auth-challenge.conf

@ -0,0 +1,21 @@
# Fail2Ban configuration file
#
# Author: soapee01
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

21
Install_Scripts/debian/resources/fail2ban/sip-auth-failure.conf

@ -0,0 +1,21 @@
# Fail2Ban configuration file
#
# Author: soapee01
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

145
Install_Scripts/debian/resources/finish.sh

@ -0,0 +1,145 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
#database details
database_username=fusionpbx
if [ .$database_password = .'random' ]; then
database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
fi
#allow the script to use the new password
export PGPASSWORD=$database_password
#update the database password
#sudo -u postgres psql --host=$database_host --port=$database_port --username=$database_username -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
#sudo -u postgres psql --host=$database_host --port=$database_port --username=$database_username -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
sudo -u postgres psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
sudo -u postgres psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
#install the database backup
cp backup/fusionpbx-backup /etc/cron.daily
cp backup/fusionpbx-maintenance /etc/cron.daily
chmod 755 /etc/cron.daily/fusionpbx-backup
chmod 755 /etc/cron.daily/fusionpbx-maintenance
sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-backup
sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-maintenance
#add the config.php
mkdir -p /etc/fusionpbx
chown -R www-data:www-data /etc/fusionpbx
cp fusionpbx/config.php /etc/fusionpbx
sed -i /etc/fusionpbx/config.php -e s:"{database_host}:$database_host:"
sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:'
sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:"
#add the database schema
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1
#get the server hostname
if [ .$domain_name = .'hostname' ]; then
domain_name=$(hostname -f)
fi
#get the ip address
if [ .$domain_name = .'ip_address' ]; then
domain_name=$(hostname -I | cut -d ' ' -f1)
fi
#get the domain_uuid
domain_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
#add the domain name
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');"
#app defaults
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
#add the user
user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
user_name=$system_username
if [ .$system_password = .'random' ]; then
user_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
else
user_password=$system_password
fi
password_hash=$(php -r "echo md5('$user_salt$user_password');");
psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');"
#get the superadmin group_uuid
#echo "psql --host=$database_host --port=$database_port --username=$database_username -qtAX -c \"select group_uuid from v_groups where group_name = 'superadmin';\""
group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -qtAX -c "select group_uuid from v_groups where group_name = 'superadmin';");
#add the user to the group
user_group_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
group_name=superadmin
#echo "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
#update xml_cdr url, user and password
xml_cdr_username=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
xml_cdr_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:$database_host:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:"
#app defaults
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade.php
#restart freeswitch
/bin/systemctl daemon-reload
/bin/systemctl restart freeswitch
#install the email_queue service
cp /var/www/fusionpbx/app/email_queue/resources/service/debian.service /etc/systemd/system/email_queue.service
systemctl enable email_queue
systemctl start email_queue
systemctl daemon-reload
#install the event_guard service
cp /var/www/fusionpbx/app/event_guard/resources/service/debian.service /etc/systemd/system/event_guard.service
/bin/systemctl enable event_guard
/bin/systemctl start event_guard
/bin/systemctl daemon-reload
#welcome message
echo ""
echo ""
verbose "Installation Notes. "
echo ""
echo " Please save the this information and reboot this system to complete the install. "
echo ""
echo " Use a web browser to login."
echo " domain name: https://$domain_name"
echo " username: $user_name"
echo " password: $user_password"
echo ""
echo " The domain name in the browser is used by default as part of the authentication."
echo " If you need to login to a different domain then use username@domain."
echo " username: $user_name@$domain_name";
echo ""
echo " Official FusionPBX Training"
echo " Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com."
echo " Available online and in person. Includes documentation and recording."
echo ""
echo " Location: Online"
echo " Admin Training: TBA"
echo " Advanced Training: TBA"
echo " Continuing Education: https://www.fusionpbx.com/training"
echo " Timezone: https://www.timeanddate.com/weather/usa/idaho"
echo ""
echo " Additional information."
echo " https://fusionpbx.com/members.php"
echo " https://fusionpbx.com/training.php"
echo " https://fusionpbx.com/support.php"
echo " https://www.fusionpbx.com"
echo " http://docs.fusionpbx.com"
echo ""

35
Install_Scripts/debian/resources/fusionpbx.sh

@ -0,0 +1,35 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
#send a message
verbose "Installing FusionPBX"
#install dependencies
apt-get install -y vim git dbus haveged ssl-cert qrencode
apt-get install -y ghostscript libtiff5-dev libtiff-tools at
#get the branch
if [ .$system_branch = .'master' ]; then
verbose "Using master"
branch=""
else
system_major=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1)
system_minor=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $system_major.* | cut -d/ -f3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2)
system_version=$system_major.$system_minor
verbose "Using version $system_version"
branch="-b $system_version"
fi
#add the cache directory
mkdir -p /var/cache/fusionpbx
chown -R www-data:www-data /var/cache/fusionpbx
#get the source code
git clone $branch https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx
chown -R www-data:www-data /var/www/fusionpbx

47
Install_Scripts/debian/resources/fusionpbx/config.php

@ -0,0 +1,47 @@
<?php
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2016
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
//set the database type
$db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection
//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here.
//$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename
//$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable
//pgsql: database connection information
$db_host = '{database_host}';
$db_port = '5432';
$db_name = 'fusionpbx';
$db_username = '{database_username}';
$db_password = '{database_password}';
//show errors
ini_set('display_errors', '1');
//error_reporting (E_ALL); // Report everything
//error_reporting (E_ALL ^ E_NOTICE); // hide notices
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings
?>

126
Install_Scripts/debian/resources/ioncube.sh

@ -0,0 +1,126 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#show cpu details
echo "cpu architecture: $cpu_architecture"
echo "cpu name: $cpu_name"
#make sure unzip is install
apt-get install -y unzip
#remove the ioncube directory if it exists
if [ -d "ioncube" ]; then
rm -Rf ioncube;
fi
#get the ioncube load and unzip it
if [ .$cpu_architecture = .'x86' ]; then
#get the ioncube 64 bit loader
wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.zip
#uncompress the file
unzip ioncube_loaders_lin_x86-64.zip
#remove the zip file
rm ioncube_loaders_lin_x86-64.zip
elif [ .$cpu_architecture = ."arm" ]; then
if [ .$cpu_name = .'armv7l' ]; then
#get the ioncube 64 bit loader
wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_armv7l.zip
#uncompress the file
unzip ioncube_loaders_lin_armv7l.zip
#remove the zip file
rm ioncube_loaders_lin_armv7l.zip
fi
fi
#set the version of php
if [ ."$os_codename" = ."bullseye" ]; then
php_version=7.4
fi
if [ ."$os_codename" = ."buster" ]; then
php_version=7.3
fi
if [ ."$os_codename" = ."stretch" ]; then
php_version=7.1
fi
if [ ."$os_codename" = ."jessie" ]; then
php_version=7.1
fi
#copy the loader to the correct directory
if [ ."$php_version" = ."5.6" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_5.6.so /usr/lib/php5/20131226
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php5/20131226/ioncube_loader_lin_5.6.so" > /etc/php5/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php5/20131226/ioncube_loader_lin_5.6.so" > /etc/php5/cli/conf.d/00-ioncube.ini
#restart the service
service php5-fpm restart
fi
if [ ."$php_version" = ."7.0" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_7.0.so /usr/lib/php/20151012
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20151012/ioncube_loader_lin_7.0.so" > /etc/php/7.0/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20151012/ioncube_loader_lin_7.0.so" > /etc/php/7.0/cli/conf.d/00-ioncube.ini
#restart the service
service php7.0-fpm restart
fi
if [ ."$php_version" = ."7.1" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_7.1.so /usr/lib/php/20160303
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/cli/conf.d/00-ioncube.ini
#restart the service
service php7.1-fpm restart
fi
if [ ."$php_version" = ."7.2" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_7.2.so /usr/lib/php/20170718
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/cli/conf.d/00-ioncube.ini
#restart the service
service php7.2-fpm restart
fi
if [ ."$php_version" = ."7.3" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_7.3.so /usr/lib/php/20180731
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so" > /etc/php/7.3/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so" > /etc/php/7.3/cli/conf.d/00-ioncube.ini
#restart the service
service php7.3-fpm restart
fi
if [ ."$php_version" = ."7.4" ]; then
#copy the php extension .so into the php lib directory
cp ioncube/ioncube_loader_lin_7.4.so /usr/lib/php/20190902
#add the 00-ioncube.ini file
echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/fpm/conf.d/00-ioncube.ini
echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/cli/conf.d/00-ioncube.ini
#restart the service
service php7.4-fpm restart
fi

68
Install_Scripts/debian/resources/iptables.sh

@ -0,0 +1,68 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#add the includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Configuring IPTables"
#defaults to nftables by default this enables iptables
if [ ."$os_codename" = ."buster" ]; then
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
fi
if [ ."$os_codename" = ."bullseye" ]; then
apt-get install -y iptables
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
fi
#remove ufw
ufw reset
ufw disable
apt-get remove -y ufw
#apt-get purge ufw
#run iptables commands
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "system " --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "system " --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "exec." --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "exec." --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 7443 -j ACCEPT
iptables -A INPUT -p tcp --dport 5060:5091 -j ACCEPT
iptables -A INPUT -p udp --dport 5060:5091 -j ACCEPT
iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46
iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 26
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 26
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#answer the questions for iptables persistent
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
apt-get install -y iptables-persistent

130
Install_Scripts/debian/resources/letsencrypt.sh

@ -0,0 +1,130 @@
#!/bin/sh
# FusionPBX - Install
# Mark J Crane <markjcrane@fusionpbx.com>
# Copyright (C) 2018
# All Rights Reserved.
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
#Add dependencies
apt-get install -y curl
#remove dehyrdated letsencrypt script
rm /usr/local/sbin/dehydrated
rm -R /usr/src/dehydrated
#rm -R /etc/dehydrated/
#rm -R /usr/src/dns-01-manual
#rm -R /var/www/dehydrated
#request the domain name, email address and wild card domain
read -p 'Domain Name: ' domain_name
read -p 'Email Address: ' email_address
#get and install dehydrated
cd /usr/src && git clone https://github.com/lukas2511/dehydrated.git
cd /usr/src/dehydrated
cp dehydrated /usr/local/sbin
mkdir -p /var/www/dehydrated
mkdir -p /etc/dehydrated/certs
#wildcard detection
wildcard_domain=$(echo $domain_name | cut -c1-1)
if [ "$wildcard_domain" = "*" ]; then
wildcard_domain="true"
else
wildcard_domain="false"
fi
#remove the wildcard and period
if [ .$wildcard_domain = ."true" ]; then
domain_name=$(echo "$domain_name" | cut -c3-255)
fi
#manual dns hook
if [ .$wildcard_domain = ."true" ]; then
cd /usr/src
git clone https://github.com/gheja/dns-01-manual.git
cd /usr/src/dns-01-manual/
cp hook.sh /etc/dehydrated/hook.sh
chmod 755 /etc/dehydrated/hook.sh
fi
#copy config and hook.sh into /etc/dehydrated
cd /usr/src/dehydrated
cp docs/examples/config /etc/dehydrated
#cp docs/examples/hook.sh /etc/dehydrated
#update the dehydrated config
#sed "s#CONTACT_EMAIL=#CONTACT_EMAIL=$email_address" -i /etc/dehydrated/config
sed -i 's/#CONTACT_EMAIL=/CONTACT_EMAIL="'"$email_address"'"/g' /etc/dehydrated/config
sed -i 's/#WELLKNOWN=/WELLKNOWN=/g' /etc/dehydrated/config
#accept the terms
./dehydrated --register --accept-terms --config /etc/dehydrated/config
#set the domain alias
domain_alias=$(echo "$domain_name" | head -n1 | cut -d " " -f1)
#create an alias when using wildcard dns
if [ .$wildcard_domain = ."true" ]; then
echo "*.$domain_name > $domain_name" > /etc/dehydrated/domains.txt
fi
#add the domain name to domains.txt
if [ .$wildcard_domain = ."false" ]; then
echo "$domain_name" > /etc/dehydrated/domains.txt
fi
#request the certificates
if [ .$wildcard_domain = ."true" ]; then
./dehydrated --cron --domain *.$domain_name --preferred-chain "ISRG Root X1" --algo rsa --alias $domain_alias --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge dns-01 --hook /etc/dehydrated/hook.sh
fi
if [ .$wildcard_domain = ."false" ]; then
./dehydrated --cron --alias $domain_alias --preferred-chain "ISRG Root X1" --algo rsa --config /etc/dehydrated/config --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge http-01
fi
#make sure the nginx ssl directory exists
mkdir -p /etc/nginx/ssl
#update nginx config
sed "s@ssl_certificate[ \t]*/etc/ssl/certs/nginx.crt;@ssl_certificate /etc/dehydrated/certs/$domain_alias/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx
sed "s@ssl_certificate_key[ \t]*/etc/ssl/private/nginx.key;@ssl_certificate_key /etc/dehydrated/certs/$domain_alias/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx
#read the config
/usr/sbin/nginx -t && /usr/sbin/nginx -s reload
#setup freeswitch tls
if [ .$switch_tls = ."true" ]; then
#make sure the freeswitch directory exists
mkdir -p /etc/freeswitch/tls
#make sure the freeswitch certificate directory is empty
rm /etc/freeswitch/tls/*
#combine the certs into all.pem
cat /etc/dehydrated/certs/$domain_alias/fullchain.pem > /etc/freeswitch/tls/all.pem
cat /etc/dehydrated/certs/$domain_alias/privkey.pem >> /etc/freeswitch/tls/all.pem
#cat /etc/dehydrated/certs/$domain_alias/chain.pem >> /etc/freeswitch/tls/all.pem
#copy the certificates
cp /etc/dehydrated/certs/$domain_alias/cert.pem /etc/freeswitch/tls
cp /etc/dehydrated/certs/$domain_alias/chain.pem /etc/freeswitch/tls
cp /etc/dehydrated/certs/$domain_alias/fullchain.pem /etc/freeswitch/tls
cp /etc/dehydrated/certs/$domain_alias/privkey.pem /etc/freeswitch/tls
#add symbolic links
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem
#set the permissions
chown -R www-data:www-data /etc/freeswitch/tls
fi

22
Install_Scripts/debian/resources/letsencrypt/domain_name.conf

@ -0,0 +1,22 @@
# the domain we want to get the cert for;
# technically it's possible to have multiple of this lines, but it only worked
# with one domain for me, another one only got one cert, so I would recommend
# separate config files per domain.
domains = {domain_name}
# increase key size
rsa-key-size = 2048 # Or 4096
# the current closed beta (as of 2015-Nov-07) is using this server
server = https://acme-v01.api.letsencrypt.org/directory
# this address will receive renewal reminders
email = {email_address}
# turn off the ncurses UI, we want this to be run as a cronjob
text = True
# authenticate by placing a file in the webroot (under .well-known/acme-challenge/)
# and then letting LE fetch it
authenticator = webroot
webroot-path = /var/www/letsencrypt/

19
Install_Scripts/debian/resources/monit.sh

@ -0,0 +1,19 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
#install monit
apt-get install -y monit
#make the monit shell script executable
chmod 755 monit/shell.sh
#copy the freeswitch monit config
cp monit/freeswitch /etc/monit/conf.d
#restart monit
service monit restart

3
Install_Scripts/debian/resources/monit/freeswitch

@ -0,0 +1,3 @@
check process freeswitch with pidfile /run/freeswitch/freeswitch.pid
start program = "/usr/src/fusionpbx-install.sh/debian/resources/monit/./shell.sh"
stop program = "/usr/bin/freeswitch -stop"

5
Install_Scripts/debian/resources/monit/shell.sh

@ -0,0 +1,5 @@
#!/bin/sh
mkdir -p /var/run/freeswitch
chown -R www-data:www-data /var/run/freeswitch
/usr/bin/freeswitch -nc -u www-data -g www-data -nonat

30
Install_Scripts/debian/resources/nftables.sh

@ -0,0 +1,30 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#add the includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Configuring nftables"
#run iptables commands
nft add rule ip filter INPUT iifname "lo" counter accept
nft add rule ip filter INPUT ct state related,established counter accept
nft add rule ip filter INPUT tcp dport 22 counter accept
nft add rule ip filter INPUT tcp dport 80 counter accept
nft add rule ip filter INPUT tcp dport 443 counter accept
nft add rule ip filter INPUT tcp dport 7443 counter accept
nft add rule ip filter INPUT tcp dport 5060-5091 counter accept
nft add rule ip filter INPUT udp dport 5060-5091 counter accept
nft add rule ip filter INPUT udp dport 16384-32768 counter accept
nft add rule ip filter INPUT icmp type echo-request counter accept
nft add rule ip filter INPUT udp dport 1194 counter accept
nft add rule ip mangle OUTPUT udp sport 16384-32768 counter ip dscp set 0x2e
nft add rule ip mangle OUTPUT tcp sport 5060-5091 counter ip dscp set 0x1a
nft add rule ip mangle OUTPUT udp sport 5060-5091 counter ip dscp set 0x1a

84
Install_Scripts/debian/resources/nginx.sh

@ -0,0 +1,84 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Installing the web server"
#change the version of php for arm
if [ ."$cpu_architecture" = ."arm" ]; then
#Pi2 and Pi3 Raspbian
#Odroid
if [ ."$os_codename" = ."stretch" ]; then
php_version=7.2
else
php_version=5.6
fi
fi
#set the version of php
if [ ."$os_codename" = ."bullseye" ]; then
php_version=7.4
fi
if [ ."$os_codename" = ."buster" ]; then
php_version=7.3
fi
if [ ."$os_codename" = ."stretch" ]; then
php_version=7.1
fi
if [ ."$os_codename" = ."jessie" ]; then
php_version=7.1
fi
#enable fusionpbx nginx config
cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
#prepare socket name
if [ ."$php_version" = ."5.6" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
fi
if [ ."$php_version" = ."7.0" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
fi
if [ ."$php_version" = ."7.1" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g'
fi
if [ ."$php_version" = ."7.2" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.2-fpm.sock;#g'
fi
if [ ."$php_version" = ."7.3" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.3-fpm.sock;#g'
fi
if [ ."$php_version" = ."7.4" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.4-fpm.sock;#g'
fi
ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
#self signed certificate
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt
#remove the default site
rm /etc/nginx/sites-enabled/default
#update config if LetsEncrypt folder is unwanted
# if [ .$letsencrypt_folder = .false ]; then
# sed -i '151,155d' /etc/nginx/sites-available/fusionpbx
# fi
#add the letsencrypt directory
if [ .$letsencrypt_folder = .true ]; then
mkdir -p /var/www/letsencrypt/
fi
#flush systemd cache
systemctl daemon-reload
#restart nginx
service nginx restart

305
Install_Scripts/debian/resources/nginx/fusionpbx

@ -0,0 +1,305 @@
server {
listen 127.0.0.1:80;
server_name 127.0.0.1;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 80M;
client_body_buffer_size 128k;
location / {
root /var/www/fusionpbx;
index index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Allow the upgrade routines to run longer than normal
location = /core/upgrade/index.php {
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
fastcgi_read_timeout 15m;
}
# Disable viewing .htaccess & .htpassword & .db & .git
location ~ .htaccess {
deny all;
}
location ~ .htpassword {
deny all;
}
location ~^.+.(db)$ {
deny all;
}
location ~ /\.git {
deny all;
}
location ~ /\.lua {
deny all;
}
location ~ /\. {
deny all;
}
}
server {
listen 80;
server_name fusionpbx;
#redirect letsencrypt to dehydrated
location ^~ /.well-known/acme-challenge {
default_type "text/plain";
auth_basic "off";
alias /var/www/dehydrated;
}
#rewrite rule - send to https with an exception for provisioning
if ($uri !~* ^.*(provision|xml_cdr|firmware).*$) {
rewrite ^(.*) https://$host$1 permanent;
break;
}
#REST api
if ($uri ~* ^.*/api/.*$) {
rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
break;
}
#algo
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
#mitel
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
#grandstream
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
#grandstream-wave softphone by ext because Android doesn't pass MAC.
rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
#aastra
rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
#yealink
#rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
#polycom
rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
#cisco
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
#Escene
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebo