copied over install scripts to adapt
This commit is contained in:
parent
a9ed7db1fd
commit
fc4fa7a8fb
|
@ -0,0 +1,61 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./resources/config.sh
|
||||||
|
. ./resources/colors.sh
|
||||||
|
. ./resources/environment.sh
|
||||||
|
|
||||||
|
# removes the cd img from the /etc/apt/sources.list file (not needed after base install)
|
||||||
|
sed -i '/cdrom:/d' /etc/apt/sources.list
|
||||||
|
|
||||||
|
#Update to latest packages
|
||||||
|
verbose "Update installed packages"
|
||||||
|
apt-get update && apt-get upgrade -y
|
||||||
|
|
||||||
|
#Add dependencies
|
||||||
|
apt-get install -y wget
|
||||||
|
apt-get install -y lsb-release
|
||||||
|
apt-get install -y systemd
|
||||||
|
apt-get install -y systemd-sysv
|
||||||
|
apt-get install -y ca-certificates
|
||||||
|
apt-get install -y dialog
|
||||||
|
apt-get install -y nano
|
||||||
|
apt-get install -y net-tools
|
||||||
|
|
||||||
|
#SNMP
|
||||||
|
apt-get install -y snmpd
|
||||||
|
echo "rocommunity public" > /etc/snmp/snmpd.conf
|
||||||
|
service snmpd restart
|
||||||
|
|
||||||
|
#IPTables
|
||||||
|
resources/iptables.sh
|
||||||
|
|
||||||
|
#sngrep
|
||||||
|
resources/sngrep.sh
|
||||||
|
|
||||||
|
#FusionPBX
|
||||||
|
resources/fusionpbx.sh
|
||||||
|
|
||||||
|
#PHP
|
||||||
|
resources/php.sh
|
||||||
|
|
||||||
|
#NGINX web server
|
||||||
|
resources/nginx.sh
|
||||||
|
|
||||||
|
#FreeSWITCH
|
||||||
|
resources/switch.sh
|
||||||
|
|
||||||
|
#Fail2ban
|
||||||
|
resources/fail2ban.sh
|
||||||
|
|
||||||
|
#Postgres
|
||||||
|
resources/postgresql.sh
|
||||||
|
|
||||||
|
#set the ip address
|
||||||
|
server_address=$(hostname -I)
|
||||||
|
|
||||||
|
#add the database schema, user and groups
|
||||||
|
resources/finish.sh
|
|
@ -0,0 +1,13 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#upgrade the packages
|
||||||
|
apt-get update && apt-get upgrade -y
|
||||||
|
|
||||||
|
#install packages
|
||||||
|
apt-get install -y git lsb-release
|
||||||
|
|
||||||
|
#get the install script
|
||||||
|
cd /usr/src && git clone https://github.com/fusionpbx/fusionpbx-install.sh.git
|
||||||
|
|
||||||
|
#change the working directory
|
||||||
|
cd /usr/src/fusionpbx-install.sh/debian
|
|
@ -0,0 +1,48 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#Process command line options only if we haven't been processed once
|
||||||
|
if [ -z "$CPU_CHECK" ]; then
|
||||||
|
export script_name=`basename "$0"`
|
||||||
|
ARGS=$(getopt -n '$script_name' -o h -l help,use-switch-source,use-switch-package-all,use-switch-master,use-switch-package-unofficial-arm,use-php5-package,use-system-master,no-cpu-check -- "$@")
|
||||||
|
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
error "Failed parsing options."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
export USE_SWITCH_SOURCE=false
|
||||||
|
export USE_SWITCH_PACKAGE_ALL=false
|
||||||
|
export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=false
|
||||||
|
export USE_PHP5_PACKAGE=false
|
||||||
|
export USE_SWITCH_MASTER=false
|
||||||
|
export USE_SYSTEM_MASTER=false
|
||||||
|
export CPU_CHECK=true
|
||||||
|
HELP=false
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
case "$1" in
|
||||||
|
--use-switch-source ) export USE_SWITCH_SOURCE=true; shift ;;
|
||||||
|
--use-switch-package-all ) export USE_SWITCH_PACKAGE_ALL=true; shift ;;
|
||||||
|
--use-switch-master ) export USE_SWITCH_MASTER=true; shift ;;
|
||||||
|
--use-system-master ) export USE_SYSTEM_MASTER=true; shift ;;
|
||||||
|
--use-php5-package ) export USE_PHP5_PACKAGE=true; shift ;;
|
||||||
|
--use-switch-package-unofficial-arm ) export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=true; export USE_PHP5_PACKAGE=true; shift ;;
|
||||||
|
--no-cpu-check ) export CPU_CHECK=false; shift ;;
|
||||||
|
-h | --help ) HELP=true; shift ;;
|
||||||
|
-- ) shift; break ;;
|
||||||
|
* ) break ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ .$HELP = .true ]; then
|
||||||
|
warning "Debian installer script"
|
||||||
|
warning " --use-switch-source will use freeswitch from source rather than ${green}(default:packages)"
|
||||||
|
warning " --use-switch-package-all if using packages use the meta-all package"
|
||||||
|
warning " --use-switch-package-unofficial-arm if your system is arm and you are using packages, use the unofficial arm repo and force php5* packages"
|
||||||
|
warning " --use-php5-package use php5* packages instead of ${green}(default:php7.0)"
|
||||||
|
warning " --use-switch-master will use master branch/packages for the switch instead of ${green}(default:stable)"
|
||||||
|
warning " --use-system-master will use master branch/packages for the system instead of ${green}(default:stable)"
|
||||||
|
warning " --no-cpu-check disable the cpu check ${green}(default:check)"
|
||||||
|
exit;
|
||||||
|
fi
|
||||||
|
fi
|
|
@ -0,0 +1,27 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
export PGPASSWORD="zzz"
|
||||||
|
db_host=127.0.0.1
|
||||||
|
db_port=5432
|
||||||
|
|
||||||
|
now=$(date +%Y-%m-%d)
|
||||||
|
mkdir -p /var/backups/fusionpbx/postgresql
|
||||||
|
|
||||||
|
echo "Backup Started"
|
||||||
|
|
||||||
|
#delete postgres backups
|
||||||
|
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm -f {} \;
|
||||||
|
|
||||||
|
#delete the main backup
|
||||||
|
find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm -f {} \;
|
||||||
|
|
||||||
|
#backup the database
|
||||||
|
pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
|
||||||
|
|
||||||
|
#package
|
||||||
|
#tar --exclude='/var/lib/freeswitch/recordings/*/archive' -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch /usr/share/freeswitch/sounds/music/
|
||||||
|
|
||||||
|
#source
|
||||||
|
#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf /usr/local/freeswitch/sounds/music/
|
||||||
|
|
||||||
|
echo "Backup Completed"
|
|
@ -0,0 +1,137 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#settings
|
||||||
|
export PGPASSWORD="zzz"
|
||||||
|
db_host=127.0.0.1
|
||||||
|
db_port=5432
|
||||||
|
switch_package=true # true or false
|
||||||
|
|
||||||
|
purge_voicemail=false
|
||||||
|
purge_call_recordings=false
|
||||||
|
purge_cdrs=false
|
||||||
|
purge_fax=false
|
||||||
|
purge_switch_logs=true
|
||||||
|
purge_php_sessions=true
|
||||||
|
purge_database_transactions=true
|
||||||
|
purge_email_queue=false
|
||||||
|
purge_fax_queue=true
|
||||||
|
|
||||||
|
days_keep_voicemail=90
|
||||||
|
days_keep_call_recordings=90
|
||||||
|
days_keep_cdrs=90
|
||||||
|
days_keep_fax=90
|
||||||
|
days_keep_switch_logs=7
|
||||||
|
days_keep_php_sessions=8
|
||||||
|
days_keep_database_transactions=30
|
||||||
|
days_keep_email_queue=30
|
||||||
|
days_keep_fax_queue=30
|
||||||
|
|
||||||
|
#set the date
|
||||||
|
now=$(date +%Y-%m-%d)
|
||||||
|
|
||||||
|
#make sure the directory exists
|
||||||
|
if [ -e /var/backups/fusionpbx/postgresql ]; then
|
||||||
|
echo "postgres backup directory exists"
|
||||||
|
else
|
||||||
|
mkdir -p /var/backups/fusionpbx/postgresql
|
||||||
|
fi
|
||||||
|
|
||||||
|
#show message to the console
|
||||||
|
echo "Maintenance Started"
|
||||||
|
|
||||||
|
if [ .$purge_switch_logs = .true ]; then
|
||||||
|
#delete freeswitch logs older 7 days
|
||||||
|
if [ .$switch_package = .true ]; then
|
||||||
|
find /var/log/freeswitch/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
|
||||||
|
else
|
||||||
|
find /usr/local/freeswitch/log/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "not purging Freeswitch logs"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ .$purge_fax = .true ]; then
|
||||||
|
#delete fax older than 90 days
|
||||||
|
if [ .$switch_package = .true ]; then
|
||||||
|
echo ".";
|
||||||
|
find /var/lib/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
|
||||||
|
find /var/lib/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
|
||||||
|
else
|
||||||
|
echo ".";
|
||||||
|
find /usr/local/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
|
||||||
|
find /usr/local/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
|
||||||
|
fi
|
||||||
|
#delete from the database
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_logs WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
|
||||||
|
else
|
||||||
|
echo "not purging Faxes"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ .$purge_call_recordings = .true ]; then
|
||||||
|
#delete call recordings older than 90 days
|
||||||
|
if [ .$switch_package = .true ]; then
|
||||||
|
find /var/lib/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
|
||||||
|
find /var/lib/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
|
||||||
|
else
|
||||||
|
find /usr/local/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
|
||||||
|
find /usr/local/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
|
||||||
|
fi
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_call_recordings WHERE call_recording_date < NOW() - INTERVAL '90 days'"
|
||||||
|
else
|
||||||
|
echo "not purging Recordings."
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ .$purge_voicemail = .true ]; then
|
||||||
|
#delete voicemail older than 90 days
|
||||||
|
if [ .$switch_package = .true ]; then
|
||||||
|
echo ".";
|
||||||
|
find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
|
||||||
|
find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
|
||||||
|
else
|
||||||
|
echo ".";
|
||||||
|
find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
|
||||||
|
find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
|
||||||
|
fi
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '$days_keep_voicemail days'"
|
||||||
|
else
|
||||||
|
echo "not purging voicemails."
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ .$purge_cdrs = .true ]; then
|
||||||
|
#delete call detail records older 90 days
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '$days_keep_cdrs days'"
|
||||||
|
else
|
||||||
|
echo "not purging CDRs."
|
||||||
|
fi
|
||||||
|
|
||||||
|
#delete php sessions
|
||||||
|
if [ .$purge_php_sessions = .true ]; then
|
||||||
|
find /var/lib/php/sessions/* -name 'sess_*' -mtime +$days_keep_php_sessions -exec rm {} \;
|
||||||
|
else
|
||||||
|
echo "not purging PHP Sessions."
|
||||||
|
fi
|
||||||
|
|
||||||
|
#delete database_transactions older 90 days
|
||||||
|
if [ .$purge_database_transactions = .true ]; then
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_database_transactions where transaction_date < NOW() - INTERVAL '$days_keep_database_transactions days'"
|
||||||
|
else
|
||||||
|
echo "not purging database_transactions."
|
||||||
|
fi
|
||||||
|
|
||||||
|
#delete email_queue older 30 days
|
||||||
|
if [ .$purge_email_queue = .true ]; then
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_email_queue where email_status = 'sent' and email_date < NOW() - INTERVAL '$days_keep_email_queue days'"
|
||||||
|
else
|
||||||
|
echo "not purging email_queue."
|
||||||
|
fi
|
||||||
|
|
||||||
|
#delete fax_queue older 30 days
|
||||||
|
if [ .$purge_fax_queue = .true ]; then
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_queue where fax_status = 'sent' and fax_date < NOW() - INTERVAL '$days_keep_fax_queue days'"
|
||||||
|
else
|
||||||
|
echo "not purging fax_queue."
|
||||||
|
fi
|
||||||
|
|
||||||
|
#completed message
|
||||||
|
echo "Maintenance Completed";
|
|
@ -0,0 +1,25 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
verbose () {
|
||||||
|
echo "${green}$1${normal}"
|
||||||
|
}
|
||||||
|
error () {
|
||||||
|
echo "${red}$1${normal}"
|
||||||
|
}
|
||||||
|
warning () {
|
||||||
|
echo "${yellow}$1${normal}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# check for color support
|
||||||
|
if test -t 1; then
|
||||||
|
|
||||||
|
# see if it supports colors...
|
||||||
|
ncolors=$(tput colors)
|
||||||
|
|
||||||
|
if test -n "$ncolors" && test $ncolors -ge 8; then
|
||||||
|
normal="$(tput sgr0)"
|
||||||
|
red="$(tput setaf 1)"
|
||||||
|
green="$(tput setaf 2)"
|
||||||
|
yellow="$(tput setaf 3)"
|
||||||
|
fi
|
||||||
|
fi
|
|
@ -0,0 +1,29 @@
|
||||||
|
|
||||||
|
# FusionPBX Settings
|
||||||
|
domain_name=ip_address # hostname, ip_address or a custom value
|
||||||
|
system_username=admin # default username admin
|
||||||
|
system_password=random # random or a custom value
|
||||||
|
system_branch=master # master, stable
|
||||||
|
|
||||||
|
# FreeSWITCH Settings
|
||||||
|
switch_branch=stable # master, stable
|
||||||
|
switch_source=true # true (source compile) or false (binary package)
|
||||||
|
switch_package=false # true (binary package) or false (source compile)
|
||||||
|
switch_version=1.10.7 # which source code to download, only for source
|
||||||
|
switch_tls=true # true or false
|
||||||
|
switch_token= # Get the auth token from https://signalwire.com
|
||||||
|
# Signup or Login -> Profile -> Personal Auth Token
|
||||||
|
# Sofia-Sip Settings
|
||||||
|
sofia_version=1.13.8 # release-version for sofia-sip to use
|
||||||
|
|
||||||
|
# Database Settings
|
||||||
|
database_password=random # random or a custom value (safe characters A-Z, a-z, 0-9)
|
||||||
|
database_repo=official # PostgreSQL official, system, 2ndquadrant
|
||||||
|
database_version=latest # requires repo official
|
||||||
|
database_host=127.0.0.1 # hostname or IP address
|
||||||
|
database_port=5432 # port number
|
||||||
|
database_backup=false # true or false
|
||||||
|
|
||||||
|
# General Settings
|
||||||
|
php_version=7.4 # PHP version 7.1, 7.3, 7.4
|
||||||
|
letsencrypt_folder=true # true or false
|
|
@ -0,0 +1,103 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#make sure lsb release is installed
|
||||||
|
apt-get install lsb-release
|
||||||
|
|
||||||
|
#operating system details
|
||||||
|
os_name=$(lsb_release -is)
|
||||||
|
os_codename=$(lsb_release -cs)
|
||||||
|
os_mode='unknown'
|
||||||
|
|
||||||
|
#cpu details
|
||||||
|
cpu_name=$(uname -m)
|
||||||
|
cpu_architecture='unknown'
|
||||||
|
cpu_mode='unknown'
|
||||||
|
|
||||||
|
#set the environment path
|
||||||
|
export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
|
||||||
|
#check what the CPU and OS are
|
||||||
|
if [ .$cpu_name = .'armv6l' ]; then
|
||||||
|
# RaspberryPi Zero
|
||||||
|
os_mode='32'
|
||||||
|
cpu_mode='32'
|
||||||
|
cpu_architecture='arm'
|
||||||
|
elif [ .$cpu_name = .'armv7l' ]; then
|
||||||
|
# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
|
||||||
|
os_mode='32'
|
||||||
|
cpu_mode='32'
|
||||||
|
cpu_architecture='arm'
|
||||||
|
elif [ .$cpu_name = .'armv8l' ]; then
|
||||||
|
# No test case for armv8l
|
||||||
|
os_mode='unknown'
|
||||||
|
cpu_mode='64'
|
||||||
|
cpu_architecture='arm'
|
||||||
|
elif [ .$cpu_name = .'aarch64' ]; then
|
||||||
|
os_mode='64'
|
||||||
|
cpu_mode='64'
|
||||||
|
cpu_architecture='arm'
|
||||||
|
elif [ .$cpu_name = .'i386' ]; then
|
||||||
|
os_mode='32'
|
||||||
|
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
|
||||||
|
cpu_mode='64'
|
||||||
|
else
|
||||||
|
cpu_mode='32'
|
||||||
|
fi
|
||||||
|
cpu_architecture='x86'
|
||||||
|
elif [ .$cpu_name = .'i686' ]; then
|
||||||
|
os_mode='32'
|
||||||
|
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
|
||||||
|
cpu_mode='64'
|
||||||
|
else
|
||||||
|
cpu_mode='32'
|
||||||
|
fi
|
||||||
|
cpu_architecture='x86'
|
||||||
|
elif [ .$cpu_name = .'x86_64' ]; then
|
||||||
|
os_mode='64'
|
||||||
|
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
|
||||||
|
cpu_mode='64'
|
||||||
|
else
|
||||||
|
cpu_mode='32'
|
||||||
|
fi
|
||||||
|
cpu_architecture='x86'
|
||||||
|
else
|
||||||
|
error "You are using an unsupported cpu '$cpu_name'"
|
||||||
|
exit 3
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ .$cpu_architecture = .'arm' ]; then
|
||||||
|
if [ .$os_mode = .'32' ]; then
|
||||||
|
verbose "Correct CPU and Operating System detected, using the ARM repo"
|
||||||
|
elif [ .$os_mode = .'64' ]; then
|
||||||
|
error "You are using a 64bit arm OS this is unsupported"
|
||||||
|
switch_source=true
|
||||||
|
switch_package=false
|
||||||
|
else
|
||||||
|
error "Unknown OS mode $os_mode this is unsupported"
|
||||||
|
switch_source=true
|
||||||
|
switch_package=false
|
||||||
|
fi
|
||||||
|
elif [ .$cpu_architecture = .'x86' ]; then
|
||||||
|
if [ .$os_mode = .'32' ]; then
|
||||||
|
error "You are using a 32bit OS this is unsupported"
|
||||||
|
if [ .$cpu_mode = .'64' ]; then
|
||||||
|
warning " Your CPU is 64bit you should consider reinstalling with a 64bit OS"
|
||||||
|
fi
|
||||||
|
switch_source=true
|
||||||
|
switch_package=false
|
||||||
|
elif [ .$os_mode = .'64' ]; then
|
||||||
|
verbose "Correct CPU and Operating System detected"
|
||||||
|
else
|
||||||
|
error "Unknown Operating System mode '$os_mode' is unsupported"
|
||||||
|
switch_source=true
|
||||||
|
switch_package=false
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
error "You are using an unsupported architecture '$cpu_architecture'"
|
||||||
|
warning "Detected environment was :-"
|
||||||
|
warning "os_name:'$os_name'"
|
||||||
|
warning "os_codename:'$os_codename'"
|
||||||
|
warning "os_mode:'$os_mode'"
|
||||||
|
warning "cpu_name:'$cpu_name'"
|
||||||
|
exit 3
|
||||||
|
fi
|
|
@ -0,0 +1,37 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
verbose "Installing Fail2ban"
|
||||||
|
|
||||||
|
#add the dependencies
|
||||||
|
apt-get install -y fail2ban
|
||||||
|
|
||||||
|
#move the filters
|
||||||
|
cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
|
||||||
|
cp fail2ban/freeswitch-acl.conf /etc/fail2ban/filter.d/freeswitch-acl.conf
|
||||||
|
cp fail2ban/sip-auth-failure.conf /etc/fail2ban/filter.d/sip-auth-failure.conf
|
||||||
|
cp fail2ban/sip-auth-challenge.conf /etc/fail2ban/filter.d/sip-auth-challenge.conf
|
||||||
|
cp fail2ban/auth-challenge-ip.conf /etc/fail2ban/filter.d/auth-challenge-ip.conf
|
||||||
|
cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
|
||||||
|
cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
|
||||||
|
cp fail2ban/fusionpbx-mac.conf /etc/fail2ban/filter.d/fusionpbx-mac.conf
|
||||||
|
cp fail2ban/fusionpbx-404.conf /etc/fail2ban/filter.d/fusionpbx-404.conf
|
||||||
|
cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
|
||||||
|
cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
|
||||||
|
cp fail2ban/jail.local /etc/fail2ban/jail.local
|
||||||
|
|
||||||
|
#update config if source is being used
|
||||||
|
#if [ .$switch_source = .true ]; then
|
||||||
|
# sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
|
||||||
|
#fi
|
||||||
|
|
||||||
|
#restart fail2ban
|
||||||
|
/usr/sbin/service fail2ban restart
|
|
@ -0,0 +1,21 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#[WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [+972592277524@xxx.xxx.xxx.xxx] from ip 209.160.120.12
|
||||||
|
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((INVITE|REGISTER)\) on sofia profile \'.*\' for \[.*@\d+.\d+.\d+.\d+\] from ip <HOST>
|
||||||
|
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,20 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#2021-02-03 16:27:57.292697 [WARNING] sofia_reg.c:2353 IP 62.210.78.91 Rejected by register acl "domains"
|
||||||
|
failregex = \[WARNING\] sofia_reg.c:\d+ IP <HOST> Rejected by register acl
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,20 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#2014-12-01 00:47:54.331821 [WARNING] sofia_reg.c:2752 Can't find user [1000@xxx.xxx.xxx.xxx] from 62.210.151.162
|
||||||
|
failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from <HOST>
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,18 @@
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
|
||||||
|
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
# inbound route - 404 not found
|
||||||
|
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
|
||||||
|
#[hostname] variable doesn't seem to work in every case. Do this instead:
|
||||||
|
failregex = 404 not found <HOST>
|
||||||
|
|
||||||
|
|
||||||
|
#EXECUTE sofia/external/8888888888888@example.fusionpbx.com log([inbound routes] 404 not found 82.68.115.62)
|
||||||
|
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,20 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#Oct 9 02:56:16 m1 fusionpbx-provision[28628]: [10.0.0.1] invalid mac address 000000000000
|
||||||
|
failregex = \[<HOST>\] invalid mac address
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,25 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
# Author: soapee01
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
|
||||||
|
#[hostname] variable doesn't seem to work in every case. Do this instead:
|
||||||
|
failregex = .* FusionPBX: \[<HOST>\] authentication failed for
|
||||||
|
= .* FusionPBX: \[<HOST>\] provision attempt bad password for
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
||||||
|
|
|
@ -0,0 +1,143 @@
|
||||||
|
[ssh]
|
||||||
|
enabled = true
|
||||||
|
port = 22
|
||||||
|
protocol = ssh
|
||||||
|
filter = sshd
|
||||||
|
logpath = /var/log/auth.log
|
||||||
|
action = iptables-allports[name=sshd, protocol=all]
|
||||||
|
maxretry = 6
|
||||||
|
findtime = 60
|
||||||
|
bantime = 86400
|
||||||
|
|
||||||
|
[freeswitch]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = freeswitch
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=freeswitch, protocol=all]
|
||||||
|
maxretry = 10
|
||||||
|
findtime = 60
|
||||||
|
bantime = 3600
|
||||||
|
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
|
||||||
|
|
||||||
|
[freeswitch-acl]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = freeswitch-acl
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=freeswitch-acl, protocol=all]
|
||||||
|
maxretry = 900
|
||||||
|
findtime = 60
|
||||||
|
bantime = 86400
|
||||||
|
|
||||||
|
[freeswitch-ip]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = freeswitch-ip
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=freeswitch-ip, protocol=all]
|
||||||
|
maxretry = 1
|
||||||
|
findtime = 60
|
||||||
|
bantime = 86400
|
||||||
|
|
||||||
|
[auth-challenge-ip]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = auth-challenge-ip
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=auth-challenge-ip, protocol=all]
|
||||||
|
maxretry = 1
|
||||||
|
findtime = 60
|
||||||
|
bantime = 86400
|
||||||
|
|
||||||
|
[sip-auth-challenge]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = sip-auth-challenge
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=sip-auth-challenge, protocol=all]
|
||||||
|
maxretry = 100
|
||||||
|
findtime = 60
|
||||||
|
bantime = 7200
|
||||||
|
|
||||||
|
[sip-auth-failure]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = sip-auth-failure
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=sip-auth-failure, protocol=all]
|
||||||
|
maxretry = 6
|
||||||
|
findtime = 60
|
||||||
|
bantime = 7200
|
||||||
|
|
||||||
|
[fusionpbx-404]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = fusionpbx-404
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=fusionpbx-404, protocol=all]
|
||||||
|
maxretry = 6
|
||||||
|
findtime = 60
|
||||||
|
bantime = 86400
|
||||||
|
|
||||||
|
[fusionpbx]
|
||||||
|
enabled = true
|
||||||
|
port = 80,443
|
||||||
|
protocol = tcp
|
||||||
|
filter = fusionpbx
|
||||||
|
logpath = /var/log/auth.log
|
||||||
|
action = iptables-allports[name=fusionpbx, protocol=all]
|
||||||
|
# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
|
||||||
|
maxretry = 20
|
||||||
|
findtime = 60
|
||||||
|
bantime = 3600
|
||||||
|
|
||||||
|
[fusionpbx-mac]
|
||||||
|
enabled = true
|
||||||
|
port = 80,443
|
||||||
|
protocol = tcp
|
||||||
|
filter = fusionpbx-mac
|
||||||
|
logpath = /var/log/syslog
|
||||||
|
action = iptables-allports[name=fusionpbx-mac, protocol=all]
|
||||||
|
# sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed
|
||||||
|
maxretry = 10
|
||||||
|
findtime = 60
|
||||||
|
bantime = 86400
|
||||||
|
|
||||||
|
[nginx-404]
|
||||||
|
enabled = true
|
||||||
|
port = 80,443
|
||||||
|
protocol = tcp
|
||||||
|
filter = nginx-404
|
||||||
|
logpath = /var/log/nginx/access*.log
|
||||||
|
action = iptables-allports[name=nginx-404, protocol=all]
|
||||||
|
bantime = 3600
|
||||||
|
findtime = 60
|
||||||
|
maxretry = 300
|
||||||
|
|
||||||
|
[nginx-dos]
|
||||||
|
# Based on apache-badbots but a simple IP check (any IP requesting more than
|
||||||
|
# 300 pages in 60 seconds, or 5p/s average, is suspicious)
|
||||||
|
enabled = true
|
||||||
|
port = 80,443
|
||||||
|
protocol = tcp
|
||||||
|
filter = nginx-dos
|
||||||
|
logpath = /var/log/nginx/access*.log
|
||||||
|
action = iptables-allports[name=nginx-dos, protocol=all]
|
||||||
|
findtime = 60
|
||||||
|
bantime = 86400
|
||||||
|
maxretry = 800
|
|
@ -0,0 +1,5 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
[Definition]
|
||||||
|
failregex = <HOST> - - \[.*\] "(GET|POST).*HTTP[^ ]* 404
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: Regexp to catch a generic call from an IP address.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"$
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,21 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
# Author: soapee01
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,21 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
# Author: soapee01
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,145 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
|
||||||
|
#database details
|
||||||
|
database_username=fusionpbx
|
||||||
|
if [ .$database_password = .'random' ]; then
|
||||||
|
database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
|
||||||
|
fi
|
||||||
|
|
||||||
|
#allow the script to use the new password
|
||||||
|
export PGPASSWORD=$database_password
|
||||||
|
|
||||||
|
#update the database password
|
||||||
|
#sudo -u postgres psql --host=$database_host --port=$database_port --username=$database_username -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
|
||||||
|
#sudo -u postgres psql --host=$database_host --port=$database_port --username=$database_username -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
|
||||||
|
sudo -u postgres psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
|
||||||
|
sudo -u postgres psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
|
||||||
|
|
||||||
|
#install the database backup
|
||||||
|
cp backup/fusionpbx-backup /etc/cron.daily
|
||||||
|
cp backup/fusionpbx-maintenance /etc/cron.daily
|
||||||
|
chmod 755 /etc/cron.daily/fusionpbx-backup
|
||||||
|
chmod 755 /etc/cron.daily/fusionpbx-maintenance
|
||||||
|
sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-backup
|
||||||
|
sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-maintenance
|
||||||
|
|
||||||
|
#add the config.php
|
||||||
|
mkdir -p /etc/fusionpbx
|
||||||
|
chown -R www-data:www-data /etc/fusionpbx
|
||||||
|
cp fusionpbx/config.php /etc/fusionpbx
|
||||||
|
sed -i /etc/fusionpbx/config.php -e s:"{database_host}:$database_host:"
|
||||||
|
sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:'
|
||||||
|
sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:"
|
||||||
|
|
||||||
|
#add the database schema
|
||||||
|
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1
|
||||||
|
|
||||||
|
#get the server hostname
|
||||||
|
if [ .$domain_name = .'hostname' ]; then
|
||||||
|
domain_name=$(hostname -f)
|
||||||
|
fi
|
||||||
|
|
||||||
|
#get the ip address
|
||||||
|
if [ .$domain_name = .'ip_address' ]; then
|
||||||
|
domain_name=$(hostname -I | cut -d ' ' -f1)
|
||||||
|
fi
|
||||||
|
|
||||||
|
#get the domain_uuid
|
||||||
|
domain_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
|
||||||
|
|
||||||
|
#add the domain name
|
||||||
|
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');"
|
||||||
|
|
||||||
|
#app defaults
|
||||||
|
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
|
||||||
|
|
||||||
|
#add the user
|
||||||
|
user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
|
||||||
|
user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
|
||||||
|
user_name=$system_username
|
||||||
|
if [ .$system_password = .'random' ]; then
|
||||||
|
user_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
|
||||||
|
else
|
||||||
|
user_password=$system_password
|
||||||
|
fi
|
||||||
|
password_hash=$(php -r "echo md5('$user_salt$user_password');");
|
||||||
|
psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');"
|
||||||
|
|
||||||
|
#get the superadmin group_uuid
|
||||||
|
#echo "psql --host=$database_host --port=$database_port --username=$database_username -qtAX -c \"select group_uuid from v_groups where group_name = 'superadmin';\""
|
||||||
|
group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -qtAX -c "select group_uuid from v_groups where group_name = 'superadmin';");
|
||||||
|
|
||||||
|
#add the user to the group
|
||||||
|
user_group_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
|
||||||
|
group_name=superadmin
|
||||||
|
#echo "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
|
||||||
|
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
|
||||||
|
|
||||||
|
#update xml_cdr url, user and password
|
||||||
|
xml_cdr_username=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
|
||||||
|
xml_cdr_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:"
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:$database_host:"
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::"
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:"
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:"
|
||||||
|
|
||||||
|
#app defaults
|
||||||
|
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade.php
|
||||||
|
|
||||||
|
#restart freeswitch
|
||||||
|
/bin/systemctl daemon-reload
|
||||||
|
/bin/systemctl restart freeswitch
|
||||||
|
|
||||||
|
#install the email_queue service
|
||||||
|
cp /var/www/fusionpbx/app/email_queue/resources/service/debian.service /etc/systemd/system/email_queue.service
|
||||||
|
systemctl enable email_queue
|
||||||
|
systemctl start email_queue
|
||||||
|
systemctl daemon-reload
|
||||||
|
|
||||||
|
#install the event_guard service
|
||||||
|
cp /var/www/fusionpbx/app/event_guard/resources/service/debian.service /etc/systemd/system/event_guard.service
|
||||||
|
/bin/systemctl enable event_guard
|
||||||
|
/bin/systemctl start event_guard
|
||||||
|
/bin/systemctl daemon-reload
|
||||||
|
|
||||||
|
#welcome message
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
verbose "Installation Notes. "
|
||||||
|
echo ""
|
||||||
|
echo " Please save the this information and reboot this system to complete the install. "
|
||||||
|
echo ""
|
||||||
|
echo " Use a web browser to login."
|
||||||
|
echo " domain name: https://$domain_name"
|
||||||
|
echo " username: $user_name"
|
||||||
|
echo " password: $user_password"
|
||||||
|
echo ""
|
||||||
|
echo " The domain name in the browser is used by default as part of the authentication."
|
||||||
|
echo " If you need to login to a different domain then use username@domain."
|
||||||
|
echo " username: $user_name@$domain_name";
|
||||||
|
echo ""
|
||||||
|
echo " Official FusionPBX Training"
|
||||||
|
echo " Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com."
|
||||||
|
echo " Available online and in person. Includes documentation and recording."
|
||||||
|
echo ""
|
||||||
|
echo " Location: Online"
|
||||||
|
echo " Admin Training: TBA"
|
||||||
|
echo " Advanced Training: TBA"
|
||||||
|
echo " Continuing Education: https://www.fusionpbx.com/training"
|
||||||
|
echo " Timezone: https://www.timeanddate.com/weather/usa/idaho"
|
||||||
|
echo ""
|
||||||
|
echo " Additional information."
|
||||||
|
echo " https://fusionpbx.com/members.php"
|
||||||
|
echo " https://fusionpbx.com/training.php"
|
||||||
|
echo " https://fusionpbx.com/support.php"
|
||||||
|
echo " https://www.fusionpbx.com"
|
||||||
|
echo " http://docs.fusionpbx.com"
|
||||||
|
echo ""
|
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
verbose "Installing FusionPBX"
|
||||||
|
|
||||||
|
#install dependencies
|
||||||
|
apt-get install -y vim git dbus haveged ssl-cert qrencode
|
||||||
|
apt-get install -y ghostscript libtiff5-dev libtiff-tools at
|
||||||
|
|
||||||
|
#get the branch
|
||||||
|
if [ .$system_branch = .'master' ]; then
|
||||||
|
verbose "Using master"
|
||||||
|
branch=""
|
||||||
|
else
|
||||||
|
system_major=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1)
|
||||||
|
system_minor=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $system_major.* | cut -d/ -f3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2)
|
||||||
|
system_version=$system_major.$system_minor
|
||||||
|
verbose "Using version $system_version"
|
||||||
|
branch="-b $system_version"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#add the cache directory
|
||||||
|
mkdir -p /var/cache/fusionpbx
|
||||||
|
chown -R www-data:www-data /var/cache/fusionpbx
|
||||||
|
|
||||||
|
#get the source code
|
||||||
|
git clone $branch https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx
|
||||||
|
chown -R www-data:www-data /var/www/fusionpbx
|
|
@ -0,0 +1,47 @@
|
||||||
|
<?php
|
||||||
|
/*
|
||||||
|
FusionPBX
|
||||||
|
Version: MPL 1.1
|
||||||
|
|
||||||
|
The contents of this file are subject to the Mozilla Public License Version
|
||||||
|
1.1 (the "License"); you may not use this file except in compliance with
|
||||||
|
the License. You may obtain a copy of the License at
|
||||||
|
http://www.mozilla.org/MPL/
|
||||||
|
|
||||||
|
Software distributed under the License is distributed on an "AS IS" basis,
|
||||||
|
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||||
|
for the specific language governing rights and limitations under the
|
||||||
|
License.
|
||||||
|
|
||||||
|
The Original Code is FusionPBX
|
||||||
|
|
||||||
|
The Initial Developer of the Original Code is
|
||||||
|
Mark J Crane <markjcrane@fusionpbx.com>
|
||||||
|
Portions created by the Initial Developer are Copyright (C) 2008-2016
|
||||||
|
the Initial Developer. All Rights Reserved.
|
||||||
|
|
||||||
|
Contributor(s):
|
||||||
|
Mark J Crane <markjcrane@fusionpbx.com>
|
||||||
|
*/
|
||||||
|
|
||||||
|
//set the database type
|
||||||
|
$db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection
|
||||||
|
|
||||||
|
//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here.
|
||||||
|
//$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename
|
||||||
|
//$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable
|
||||||
|
|
||||||
|
//pgsql: database connection information
|
||||||
|
$db_host = '{database_host}';
|
||||||
|
$db_port = '5432';
|
||||||
|
$db_name = 'fusionpbx';
|
||||||
|
$db_username = '{database_username}';
|
||||||
|
$db_password = '{database_password}';
|
||||||
|
|
||||||
|
//show errors
|
||||||
|
ini_set('display_errors', '1');
|
||||||
|
//error_reporting (E_ALL); // Report everything
|
||||||
|
//error_reporting (E_ALL ^ E_NOTICE); // hide notices
|
||||||
|
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings
|
||||||
|
|
||||||
|
?>
|
|
@ -0,0 +1,126 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
#show cpu details
|
||||||
|
echo "cpu architecture: $cpu_architecture"
|
||||||
|
echo "cpu name: $cpu_name"
|
||||||
|
|
||||||
|
#make sure unzip is install
|
||||||
|
apt-get install -y unzip
|
||||||
|
|
||||||
|
#remove the ioncube directory if it exists
|
||||||
|
if [ -d "ioncube" ]; then
|
||||||
|
rm -Rf ioncube;
|
||||||
|
fi
|
||||||
|
|
||||||
|
#get the ioncube load and unzip it
|
||||||
|
if [ .$cpu_architecture = .'x86' ]; then
|
||||||
|
#get the ioncube 64 bit loader
|
||||||
|
wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.zip
|
||||||
|
|
||||||
|
#uncompress the file
|
||||||
|
unzip ioncube_loaders_lin_x86-64.zip
|
||||||
|
|
||||||
|
#remove the zip file
|
||||||
|
rm ioncube_loaders_lin_x86-64.zip
|
||||||
|
elif [ .$cpu_architecture = ."arm" ]; then
|
||||||
|
if [ .$cpu_name = .'armv7l' ]; then
|
||||||
|
#get the ioncube 64 bit loader
|
||||||
|
wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_armv7l.zip
|
||||||
|
|
||||||
|
#uncompress the file
|
||||||
|
unzip ioncube_loaders_lin_armv7l.zip
|
||||||
|
|
||||||
|
#remove the zip file
|
||||||
|
rm ioncube_loaders_lin_armv7l.zip
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#set the version of php
|
||||||
|
if [ ."$os_codename" = ."bullseye" ]; then
|
||||||
|
php_version=7.4
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."buster" ]; then
|
||||||
|
php_version=7.3
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."stretch" ]; then
|
||||||
|
php_version=7.1
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."jessie" ]; then
|
||||||
|
php_version=7.1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#copy the loader to the correct directory
|
||||||
|
if [ ."$php_version" = ."5.6" ]; then
|
||||||
|
#copy the php extension .so into the php lib directory
|
||||||
|
cp ioncube/ioncube_loader_lin_5.6.so /usr/lib/php5/20131226
|
||||||
|
|
||||||
|
#add the 00-ioncube.ini file
|
||||||
|
echo "zend_extension = /usr/lib/php5/20131226/ioncube_loader_lin_5.6.so" > /etc/php5/fpm/conf.d/00-ioncube.ini
|
||||||
|
echo "zend_extension = /usr/lib/php5/20131226/ioncube_loader_lin_5.6.so" > /etc/php5/cli/conf.d/00-ioncube.ini
|
||||||
|
|
||||||
|
#restart the service
|
||||||
|
service php5-fpm restart
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.0" ]; then
|
||||||
|
#copy the php extension .so into the php lib directory
|
||||||
|
cp ioncube/ioncube_loader_lin_7.0.so /usr/lib/php/20151012
|
||||||
|
|
||||||
|
#add the 00-ioncube.ini file
|
||||||
|
echo "zend_extension = /usr/lib/php/20151012/ioncube_loader_lin_7.0.so" > /etc/php/7.0/fpm/conf.d/00-ioncube.ini
|
||||||
|
echo "zend_extension = /usr/lib/php/20151012/ioncube_loader_lin_7.0.so" > /etc/php/7.0/cli/conf.d/00-ioncube.ini
|
||||||
|
|
||||||
|
#restart the service
|
||||||
|
service php7.0-fpm restart
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.1" ]; then
|
||||||
|
#copy the php extension .so into the php lib directory
|
||||||
|
cp ioncube/ioncube_loader_lin_7.1.so /usr/lib/php/20160303
|
||||||
|
|
||||||
|
#add the 00-ioncube.ini file
|
||||||
|
echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/fpm/conf.d/00-ioncube.ini
|
||||||
|
echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/cli/conf.d/00-ioncube.ini
|
||||||
|
|
||||||
|
#restart the service
|
||||||
|
service php7.1-fpm restart
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.2" ]; then
|
||||||
|
#copy the php extension .so into the php lib directory
|
||||||
|
cp ioncube/ioncube_loader_lin_7.2.so /usr/lib/php/20170718
|
||||||
|
|
||||||
|
#add the 00-ioncube.ini file
|
||||||
|
echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/fpm/conf.d/00-ioncube.ini
|
||||||
|
echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/cli/conf.d/00-ioncube.ini
|
||||||
|
|
||||||
|
#restart the service
|
||||||
|
service php7.2-fpm restart
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.3" ]; then
|
||||||
|
#copy the php extension .so into the php lib directory
|
||||||
|
cp ioncube/ioncube_loader_lin_7.3.so /usr/lib/php/20180731
|
||||||
|
|
||||||
|
#add the 00-ioncube.ini file
|
||||||
|
echo "zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so" > /etc/php/7.3/fpm/conf.d/00-ioncube.ini
|
||||||
|
echo "zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so" > /etc/php/7.3/cli/conf.d/00-ioncube.ini
|
||||||
|
|
||||||
|
#restart the service
|
||||||
|
service php7.3-fpm restart
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.4" ]; then
|
||||||
|
#copy the php extension .so into the php lib directory
|
||||||
|
cp ioncube/ioncube_loader_lin_7.4.so /usr/lib/php/20190902
|
||||||
|
|
||||||
|
#add the 00-ioncube.ini file
|
||||||
|
echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/fpm/conf.d/00-ioncube.ini
|
||||||
|
echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/cli/conf.d/00-ioncube.ini
|
||||||
|
|
||||||
|
#restart the service
|
||||||
|
service php7.4-fpm restart
|
||||||
|
fi
|
|
@ -0,0 +1,68 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
|
||||||
|
#add the includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
verbose "Configuring IPTables"
|
||||||
|
|
||||||
|
#defaults to nftables by default this enables iptables
|
||||||
|
if [ ."$os_codename" = ."buster" ]; then
|
||||||
|
update-alternatives --set iptables /usr/sbin/iptables-legacy
|
||||||
|
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."bullseye" ]; then
|
||||||
|
apt-get install -y iptables
|
||||||
|
update-alternatives --set iptables /usr/sbin/iptables-legacy
|
||||||
|
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
|
||||||
|
fi
|
||||||
|
|
||||||
|
#remove ufw
|
||||||
|
ufw reset
|
||||||
|
ufw disable
|
||||||
|
apt-get remove -y ufw
|
||||||
|
#apt-get purge ufw
|
||||||
|
|
||||||
|
#run iptables commands
|
||||||
|
iptables -A INPUT -i lo -j ACCEPT
|
||||||
|
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "system " --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "system " --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "exec." --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "exec." --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
|
||||||
|
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
||||||
|
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
|
||||||
|
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
|
||||||
|
iptables -A INPUT -p tcp --dport 7443 -j ACCEPT
|
||||||
|
iptables -A INPUT -p tcp --dport 5060:5091 -j ACCEPT
|
||||||
|
iptables -A INPUT -p udp --dport 5060:5091 -j ACCEPT
|
||||||
|
iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
|
||||||
|
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
||||||
|
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
|
||||||
|
iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46
|
||||||
|
iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 26
|
||||||
|
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 26
|
||||||
|
iptables -P INPUT DROP
|
||||||
|
iptables -P FORWARD DROP
|
||||||
|
iptables -P OUTPUT ACCEPT
|
||||||
|
|
||||||
|
#answer the questions for iptables persistent
|
||||||
|
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
|
||||||
|
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
|
||||||
|
apt-get install -y iptables-persistent
|
|
@ -0,0 +1,130 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# FusionPBX - Install
|
||||||
|
# Mark J Crane <markjcrane@fusionpbx.com>
|
||||||
|
# Copyright (C) 2018
|
||||||
|
# All Rights Reserved.
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
|
||||||
|
#Add dependencies
|
||||||
|
apt-get install -y curl
|
||||||
|
|
||||||
|
#remove dehyrdated letsencrypt script
|
||||||
|
rm /usr/local/sbin/dehydrated
|
||||||
|
rm -R /usr/src/dehydrated
|
||||||
|
#rm -R /etc/dehydrated/
|
||||||
|
#rm -R /usr/src/dns-01-manual
|
||||||
|
#rm -R /var/www/dehydrated
|
||||||
|
|
||||||
|
#request the domain name, email address and wild card domain
|
||||||
|
read -p 'Domain Name: ' domain_name
|
||||||
|
read -p 'Email Address: ' email_address
|
||||||
|
|
||||||
|
#get and install dehydrated
|
||||||
|
cd /usr/src && git clone https://github.com/lukas2511/dehydrated.git
|
||||||
|
cd /usr/src/dehydrated
|
||||||
|
cp dehydrated /usr/local/sbin
|
||||||
|
mkdir -p /var/www/dehydrated
|
||||||
|
mkdir -p /etc/dehydrated/certs
|
||||||
|
|
||||||
|
#wildcard detection
|
||||||
|
wildcard_domain=$(echo $domain_name | cut -c1-1)
|
||||||
|
if [ "$wildcard_domain" = "*" ]; then
|
||||||
|
wildcard_domain="true"
|
||||||
|
else
|
||||||
|
wildcard_domain="false"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#remove the wildcard and period
|
||||||
|
if [ .$wildcard_domain = ."true" ]; then
|
||||||
|
domain_name=$(echo "$domain_name" | cut -c3-255)
|
||||||
|
fi
|
||||||
|
|
||||||
|
#manual dns hook
|
||||||
|
if [ .$wildcard_domain = ."true" ]; then
|
||||||
|
cd /usr/src
|
||||||
|
git clone https://github.com/gheja/dns-01-manual.git
|
||||||
|
cd /usr/src/dns-01-manual/
|
||||||
|
cp hook.sh /etc/dehydrated/hook.sh
|
||||||
|
chmod 755 /etc/dehydrated/hook.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
#copy config and hook.sh into /etc/dehydrated
|
||||||
|
cd /usr/src/dehydrated
|
||||||
|
cp docs/examples/config /etc/dehydrated
|
||||||
|
#cp docs/examples/hook.sh /etc/dehydrated
|
||||||
|
|
||||||
|
#update the dehydrated config
|
||||||
|
#sed "s#CONTACT_EMAIL=#CONTACT_EMAIL=$email_address" -i /etc/dehydrated/config
|
||||||
|
sed -i 's/#CONTACT_EMAIL=/CONTACT_EMAIL="'"$email_address"'"/g' /etc/dehydrated/config
|
||||||
|
sed -i 's/#WELLKNOWN=/WELLKNOWN=/g' /etc/dehydrated/config
|
||||||
|
|
||||||
|
#accept the terms
|
||||||
|
./dehydrated --register --accept-terms --config /etc/dehydrated/config
|
||||||
|
|
||||||
|
#set the domain alias
|
||||||
|
domain_alias=$(echo "$domain_name" | head -n1 | cut -d " " -f1)
|
||||||
|
|
||||||
|
#create an alias when using wildcard dns
|
||||||
|
if [ .$wildcard_domain = ."true" ]; then
|
||||||
|
echo "*.$domain_name > $domain_name" > /etc/dehydrated/domains.txt
|
||||||
|
fi
|
||||||
|
|
||||||
|
#add the domain name to domains.txt
|
||||||
|
if [ .$wildcard_domain = ."false" ]; then
|
||||||
|
echo "$domain_name" > /etc/dehydrated/domains.txt
|
||||||
|
fi
|
||||||
|
|
||||||
|
#request the certificates
|
||||||
|
if [ .$wildcard_domain = ."true" ]; then
|
||||||
|
./dehydrated --cron --domain *.$domain_name --preferred-chain "ISRG Root X1" --algo rsa --alias $domain_alias --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge dns-01 --hook /etc/dehydrated/hook.sh
|
||||||
|
fi
|
||||||
|
if [ .$wildcard_domain = ."false" ]; then
|
||||||
|
./dehydrated --cron --alias $domain_alias --preferred-chain "ISRG Root X1" --algo rsa --config /etc/dehydrated/config --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge http-01
|
||||||
|
fi
|
||||||
|
|
||||||
|
#make sure the nginx ssl directory exists
|
||||||
|
mkdir -p /etc/nginx/ssl
|
||||||
|
|
||||||
|
#update nginx config
|
||||||
|
sed "s@ssl_certificate[ \t]*/etc/ssl/certs/nginx.crt;@ssl_certificate /etc/dehydrated/certs/$domain_alias/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx
|
||||||
|
sed "s@ssl_certificate_key[ \t]*/etc/ssl/private/nginx.key;@ssl_certificate_key /etc/dehydrated/certs/$domain_alias/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx
|
||||||
|
|
||||||
|
#read the config
|
||||||
|
/usr/sbin/nginx -t && /usr/sbin/nginx -s reload
|
||||||
|
|
||||||
|
#setup freeswitch tls
|
||||||
|
if [ .$switch_tls = ."true" ]; then
|
||||||
|
|
||||||
|
#make sure the freeswitch directory exists
|
||||||
|
mkdir -p /etc/freeswitch/tls
|
||||||
|
|
||||||
|
#make sure the freeswitch certificate directory is empty
|
||||||
|
rm /etc/freeswitch/tls/*
|
||||||
|
|
||||||
|
#combine the certs into all.pem
|
||||||
|
cat /etc/dehydrated/certs/$domain_alias/fullchain.pem > /etc/freeswitch/tls/all.pem
|
||||||
|
cat /etc/dehydrated/certs/$domain_alias/privkey.pem >> /etc/freeswitch/tls/all.pem
|
||||||
|
#cat /etc/dehydrated/certs/$domain_alias/chain.pem >> /etc/freeswitch/tls/all.pem
|
||||||
|
|
||||||
|
#copy the certificates
|
||||||
|
cp /etc/dehydrated/certs/$domain_alias/cert.pem /etc/freeswitch/tls
|
||||||
|
cp /etc/dehydrated/certs/$domain_alias/chain.pem /etc/freeswitch/tls
|
||||||
|
cp /etc/dehydrated/certs/$domain_alias/fullchain.pem /etc/freeswitch/tls
|
||||||
|
cp /etc/dehydrated/certs/$domain_alias/privkey.pem /etc/freeswitch/tls
|
||||||
|
|
||||||
|
#add symbolic links
|
||||||
|
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
|
||||||
|
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
|
||||||
|
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
|
||||||
|
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem
|
||||||
|
|
||||||
|
#set the permissions
|
||||||
|
chown -R www-data:www-data /etc/freeswitch/tls
|
||||||
|
|
||||||
|
fi
|
|
@ -0,0 +1,22 @@
|
||||||
|
# the domain we want to get the cert for;
|
||||||
|
# technically it's possible to have multiple of this lines, but it only worked
|
||||||
|
# with one domain for me, another one only got one cert, so I would recommend
|
||||||
|
# separate config files per domain.
|
||||||
|
domains = {domain_name}
|
||||||
|
|
||||||
|
# increase key size
|
||||||
|
rsa-key-size = 2048 # Or 4096
|
||||||
|
|
||||||
|
# the current closed beta (as of 2015-Nov-07) is using this server
|
||||||
|
server = https://acme-v01.api.letsencrypt.org/directory
|
||||||
|
|
||||||
|
# this address will receive renewal reminders
|
||||||
|
email = {email_address}
|
||||||
|
|
||||||
|
# turn off the ncurses UI, we want this to be run as a cronjob
|
||||||
|
text = True
|
||||||
|
|
||||||
|
# authenticate by placing a file in the webroot (under .well-known/acme-challenge/)
|
||||||
|
# and then letting LE fetch it
|
||||||
|
authenticator = webroot
|
||||||
|
webroot-path = /var/www/letsencrypt/
|
|
@ -0,0 +1,19 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
|
||||||
|
#install monit
|
||||||
|
apt-get install -y monit
|
||||||
|
|
||||||
|
#make the monit shell script executable
|
||||||
|
chmod 755 monit/shell.sh
|
||||||
|
|
||||||
|
#copy the freeswitch monit config
|
||||||
|
cp monit/freeswitch /etc/monit/conf.d
|
||||||
|
|
||||||
|
#restart monit
|
||||||
|
service monit restart
|
|
@ -0,0 +1,3 @@
|
||||||
|
check process freeswitch with pidfile /run/freeswitch/freeswitch.pid
|
||||||
|
start program = "/usr/src/fusionpbx-install.sh/debian/resources/monit/./shell.sh"
|
||||||
|
stop program = "/usr/bin/freeswitch -stop"
|
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
mkdir -p /var/run/freeswitch
|
||||||
|
chown -R www-data:www-data /var/run/freeswitch
|
||||||
|
/usr/bin/freeswitch -nc -u www-data -g www-data -nonat
|
|
@ -0,0 +1,30 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#add the includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
verbose "Configuring nftables"
|
||||||
|
|
||||||
|
#run iptables commands
|
||||||
|
nft add rule ip filter INPUT iifname "lo" counter accept
|
||||||
|
nft add rule ip filter INPUT ct state related,established counter accept
|
||||||
|
nft add rule ip filter INPUT tcp dport 22 counter accept
|
||||||
|
nft add rule ip filter INPUT tcp dport 80 counter accept
|
||||||
|
nft add rule ip filter INPUT tcp dport 443 counter accept
|
||||||
|
nft add rule ip filter INPUT tcp dport 7443 counter accept
|
||||||
|
nft add rule ip filter INPUT tcp dport 5060-5091 counter accept
|
||||||
|
nft add rule ip filter INPUT udp dport 5060-5091 counter accept
|
||||||
|
nft add rule ip filter INPUT udp dport 16384-32768 counter accept
|
||||||
|
nft add rule ip filter INPUT icmp type echo-request counter accept
|
||||||
|
nft add rule ip filter INPUT udp dport 1194 counter accept
|
||||||
|
nft add rule ip mangle OUTPUT udp sport 16384-32768 counter ip dscp set 0x2e
|
||||||
|
nft add rule ip mangle OUTPUT tcp sport 5060-5091 counter ip dscp set 0x1a
|
||||||
|
nft add rule ip mangle OUTPUT udp sport 5060-5091 counter ip dscp set 0x1a
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,84 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
verbose "Installing the web server"
|
||||||
|
|
||||||
|
#change the version of php for arm
|
||||||
|
if [ ."$cpu_architecture" = ."arm" ]; then
|
||||||
|
#Pi2 and Pi3 Raspbian
|
||||||
|
#Odroid
|
||||||
|
if [ ."$os_codename" = ."stretch" ]; then
|
||||||
|
php_version=7.2
|
||||||
|
else
|
||||||
|
php_version=5.6
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#set the version of php
|
||||||
|
if [ ."$os_codename" = ."bullseye" ]; then
|
||||||
|
php_version=7.4
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."buster" ]; then
|
||||||
|
php_version=7.3
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."stretch" ]; then
|
||||||
|
php_version=7.1
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."jessie" ]; then
|
||||||
|
php_version=7.1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#enable fusionpbx nginx config
|
||||||
|
cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
|
||||||
|
|
||||||
|
#prepare socket name
|
||||||
|
if [ ."$php_version" = ."5.6" ]; then
|
||||||
|
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.0" ]; then
|
||||||
|
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.1" ]; then
|
||||||
|
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.2" ]; then
|
||||||
|
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.2-fpm.sock;#g'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.3" ]; then
|
||||||
|
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.3-fpm.sock;#g'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.4" ]; then
|
||||||
|
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.4-fpm.sock;#g'
|
||||||
|
fi
|
||||||
|
ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
|
||||||
|
|
||||||
|
#self signed certificate
|
||||||
|
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key
|
||||||
|
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt
|
||||||
|
|
||||||
|
#remove the default site
|
||||||
|
rm /etc/nginx/sites-enabled/default
|
||||||
|
|
||||||
|
#update config if LetsEncrypt folder is unwanted
|
||||||
|
# if [ .$letsencrypt_folder = .false ]; then
|
||||||
|
# sed -i '151,155d' /etc/nginx/sites-available/fusionpbx
|
||||||
|
# fi
|
||||||
|
|
||||||
|
#add the letsencrypt directory
|
||||||
|
if [ .$letsencrypt_folder = .true ]; then
|
||||||
|
mkdir -p /var/www/letsencrypt/
|
||||||
|
fi
|
||||||
|
|
||||||
|
#flush systemd cache
|
||||||
|
systemctl daemon-reload
|
||||||
|
|
||||||
|
#restart nginx
|
||||||
|
service nginx restart
|
|
@ -0,0 +1,305 @@
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 127.0.0.1:80;
|
||||||
|
server_name 127.0.0.1;
|
||||||
|
access_log /var/log/nginx/access.log;
|
||||||
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
|
client_max_body_size 80M;
|
||||||
|
client_body_buffer_size 128k;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /var/www/fusionpbx;
|
||||||
|
index index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||||
|
#fastcgi_pass 127.0.0.1:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Allow the upgrade routines to run longer than normal
|
||||||
|
location = /core/upgrade/index.php {
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||||
|
#fastcgi_pass 127.0.0.1:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
|
||||||
|
fastcgi_read_timeout 15m;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Disable viewing .htaccess & .htpassword & .db & .git
|
||||||
|
location ~ .htaccess {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ .htpassword {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~^.+.(db)$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ /\.git {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ /\.lua {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ /\. {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name fusionpbx;
|
||||||
|
|
||||||
|
#redirect letsencrypt to dehydrated
|
||||||
|
location ^~ /.well-known/acme-challenge {
|
||||||
|
default_type "text/plain";
|
||||||
|
auth_basic "off";
|
||||||
|
alias /var/www/dehydrated;
|
||||||
|
}
|
||||||
|
|
||||||
|
#rewrite rule - send to https with an exception for provisioning
|
||||||
|
if ($uri !~* ^.*(provision|xml_cdr|firmware).*$) {
|
||||||
|
rewrite ^(.*) https://$host$1 permanent;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
#REST api
|
||||||
|
if ($uri ~* ^.*/api/.*$) {
|
||||||
|
rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
#algo
|
||||||
|
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
|
||||||
|
|
||||||
|
#mitel
|
||||||
|
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
|
||||||
|
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
|
||||||
|
|
||||||
|
#grandstream
|
||||||
|
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
|
||||||
|
rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
|
||||||
|
#grandstream-wave softphone by ext because Android doesn't pass MAC.
|
||||||
|
rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
|
||||||
|
|
||||||
|
#aastra
|
||||||
|
rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
|
||||||
|
#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
|
||||||
|
|
||||||
|
#yealink
|
||||||
|
#rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
|
||||||
|
rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
|
||||||
|
|
||||||
|
#polycom
|
||||||
|
rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
|
||||||
|
#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
|
||||||
|
rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
|
||||||
|
|
||||||
|
#cisco
|
||||||
|
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
|
||||||
|
rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
|
||||||
|
|
||||||
|
#Escene
|
||||||
|
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
|
||||||
|
rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
|
||||||
|
|
||||||
|
#Vtech
|
||||||
|
rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
|
||||||
|
rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
|
||||||
|
|
||||||
|
#Digium
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
|
||||||
|
|
||||||
|
#Snom
|
||||||
|
rewrite "^.*/provision/-([A-Fa-f0-9]{12})?$" /app/provision/index.php?mac=$1;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log;
|
||||||
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
|
client_max_body_size 80M;
|
||||||
|
client_body_buffer_size 128k;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /var/www/fusionpbx;
|
||||||
|
index index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||||
|
#fastcgi_pass 127.0.0.1:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Allow the upgrade routines to run longer than normal
|
||||||
|
location = /core/upgrade/index.php {
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||||
|
#fastcgi_pass 127.0.0.1:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
|
||||||
|
fastcgi_read_timeout 15m;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Disable viewing .htaccess & .htpassword & .db & .git
|
||||||
|
location ~ .htaccess {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ .htpassword {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~^.+.(db)$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ /\.git {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ /\.lua {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ /\. {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
#listen 443 ssl http2;
|
||||||
|
server_name fusionpbx;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/certs/nginx.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/private/nginx.key;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers DHE-RSA-AES256-SHA:AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||||
|
ssl_session_cache shared:SSL:40m;
|
||||||
|
ssl_session_timeout 2h;
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
#redirect letsencrypt to dehydrated
|
||||||
|
location ^~ /.well-known/acme-challenge {
|
||||||
|
default_type "text/plain";
|
||||||
|
auth_basic "off";
|
||||||
|
alias /var/www/dehydrated;
|
||||||
|
}
|
||||||
|
|
||||||
|
#REST api
|
||||||
|
if ($uri ~* ^.*/api/.*$) {
|
||||||
|
rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
#message media
|
||||||
|
rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;
|
||||||
|
|
||||||
|
#algo
|
||||||
|
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
|
||||||
|
|
||||||
|
#mitel
|
||||||
|
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
|
||||||
|
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
|
||||||
|
|
||||||
|
#grandstream
|
||||||
|
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
|
||||||
|
rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
|
||||||
|
#grandstream-wave softphone by ext because Android doesn't pass MAC.
|
||||||
|
rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
|
||||||
|
|
||||||
|
#aastra
|
||||||
|
rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
|
||||||
|
#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
|
||||||
|
|
||||||
|
#yealink
|
||||||
|
#rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
|
||||||
|
rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
|
||||||
|
|
||||||
|
#polycom
|
||||||
|
rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
|
||||||
|
#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
|
||||||
|
rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
|
||||||
|
|
||||||
|
#cisco
|
||||||
|
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
|
||||||
|
rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
|
||||||
|
|
||||||
|
#Escene
|
||||||
|
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
|
||||||
|
rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
|
||||||
|
|
||||||
|
#Vtech
|
||||||
|
rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
|
||||||
|
rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
|
||||||
|
|
||||||
|
#Digium
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log;
|
||||||
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
|
client_max_body_size 80M;
|
||||||
|
client_body_buffer_size 128k;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /var/www/fusionpbx;
|
||||||
|
index index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||||
|
#fastcgi_pass 127.0.0.1:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Allow the upgrade routines to run longer than normal
|
||||||
|
location = /core/upgrade/index.php {
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||||
|
#fastcgi_pass 127.0.0.1:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
|
||||||
|
fastcgi_read_timeout 15m;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Disable viewing .htaccess & .htpassword & .db & .git
|
||||||
|
location ~ .htaccess {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ .htpassword {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~^.+.(db)$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ /\.git {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ /\.lua {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ /\. {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,139 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
verbose "Configuring PHP"
|
||||||
|
|
||||||
|
#add the repository
|
||||||
|
if [ ."$os_name" = ."Ubuntu" ]; then
|
||||||
|
#16.10.x - */yakkety/
|
||||||
|
#16.04.x - */xenial/
|
||||||
|
#14.04.x - */trusty/
|
||||||
|
if [ ."$os_codename" = ."trusty" ]; then
|
||||||
|
which add-apt-repository || apt-get install -y software-properties-common
|
||||||
|
LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
|
||||||
|
fi
|
||||||
|
elif [ ."$cpu_architecture" = ."arm" ]; then
|
||||||
|
#Pi2 and Pi3 Raspbian, #Odroid
|
||||||
|
#if [ ."$os_codename" = ."stretch" ]; then
|
||||||
|
# php_version=7.0
|
||||||
|
#fi
|
||||||
|
if [ ."$os_codename" = ."buster" ]; then
|
||||||
|
php_version=7.3
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."bullseye" ]; then
|
||||||
|
php_version=7.4
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
#11.x - bullseye
|
||||||
|
#10.x - buster
|
||||||
|
#9.x - stretch
|
||||||
|
#8.x - jessie
|
||||||
|
apt-get -y install apt-transport-https lsb-release ca-certificates
|
||||||
|
if [ ."$os_codename" = ."jessie" ]; then
|
||||||
|
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
|
||||||
|
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."stretch" ]; then
|
||||||
|
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
|
||||||
|
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."buster" ]; then
|
||||||
|
php_version=7.3
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."bullseye" ]; then
|
||||||
|
php_version=7.4
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
apt-get update -y
|
||||||
|
|
||||||
|
#install dependencies
|
||||||
|
apt-get install -y nginx
|
||||||
|
if [ ."$php_version" = ."" ]; then
|
||||||
|
apt-get install -y php php-cli php-fpm php-pgsql php-sqlite3 php-odbc php-curl php-imap php-xml php-gd
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."5.6" ]; then
|
||||||
|
apt-get install -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-gd
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.0" ]; then
|
||||||
|
apt-get install -y php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-xml php7.0-gd php7.0-mbstring
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.1" ]; then
|
||||||
|
apt-get install -y php7.1 php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd php7.1-mbstring
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.2" ]; then
|
||||||
|
apt-get install -y php7.2 php7.2-cli php7.2-fpm php7.2-pgsql php7.2-sqlite3 php7.2-odbc php7.2-curl php7.2-imap php7.2-xml php7.2-gd php7.2-mbstring
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.3" ]; then
|
||||||
|
apt-get install -y php7.3 php7.3-cli php7.3-fpm php7.3-pgsql php7.3-sqlite3 php7.3-odbc php7.3-curl php7.3-imap php7.3-xml php7.3-gd php7.3-mbstring
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.4" ]; then
|
||||||
|
apt-get install -y php7.4 php7.4-cli php7.4-dev php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd php7.4-mbstring
|
||||||
|
fi
|
||||||
|
|
||||||
|
#update config if source is being used
|
||||||
|
if [ ."$php_version" = ."5" ]; then
|
||||||
|
verbose "version 5.x"
|
||||||
|
php_ini_file='/etc/php5/fpm/php.ini'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.0" ]; then
|
||||||
|
verbose "version 7.0"
|
||||||
|
php_ini_file='/etc/php/7.0/fpm/php.ini'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.1" ]; then
|
||||||
|
verbose "version 7.1"
|
||||||
|
php_ini_file='/etc/php/7.1/fpm/php.ini'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.2" ]; then
|
||||||
|
verbose "version 7.2"
|
||||||
|
php_ini_file='/etc/php/7.2/fpm/php.ini'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.3" ]; then
|
||||||
|
verbose "version 7.3"
|
||||||
|
php_ini_file='/etc/php/7.3/fpm/php.ini'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.4" ]; then
|
||||||
|
verbose "version 7.4"
|
||||||
|
php_ini_file='/etc/php/7.4/fpm/php.ini'
|
||||||
|
fi
|
||||||
|
sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file
|
||||||
|
sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file
|
||||||
|
sed 's#;max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
|
||||||
|
sed 's#; max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
|
||||||
|
|
||||||
|
#install ioncube
|
||||||
|
if [ .$cpu_architecture = .'x86' ]; then
|
||||||
|
. ./ioncube.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
#restart php-fpm
|
||||||
|
systemctl daemon-reload
|
||||||
|
if [ ."$php_version" = ."5.6" ]; then
|
||||||
|
systemctl restart php5-fpm
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.0" ]; then
|
||||||
|
systemctl restart php7.0-fpm
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.1" ]; then
|
||||||
|
systemctl restart php7.1-fpm
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.2" ]; then
|
||||||
|
systemctl restart php7.2-fpm
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.3" ]; then
|
||||||
|
systemctl restart php7.3-fpm
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.4" ]; then
|
||||||
|
systemctl restart php7.4-fpm
|
||||||
|
fi
|
||||||
|
|
||||||
|
#init.d
|
||||||
|
#/usr/sbin/service php5-fpm restart
|
||||||
|
#/usr/sbin/service php7.0-fpm restart
|
|
@ -0,0 +1,116 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
echo "Install PostgreSQL"
|
||||||
|
|
||||||
|
#generate a random password
|
||||||
|
password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64)
|
||||||
|
|
||||||
|
#install message
|
||||||
|
echo "Install PostgreSQL and create the database and users\n"
|
||||||
|
|
||||||
|
#included in the distribution
|
||||||
|
if [ ."$database_repo" = ."system" ]; then
|
||||||
|
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
|
||||||
|
apt-get install -y sudo postgresql
|
||||||
|
else
|
||||||
|
apt-get install -y sudo postgresql-client
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#postgres official repository
|
||||||
|
if [ ."$database_repo" = ."official" ]; then
|
||||||
|
if [ ."$os_codename" = ."jessie" ]; then
|
||||||
|
echo "deb http://apt.postgresql.org/pub/repos/apt/ $os_codename-pgdg main" > /etc/apt/sources.list.d/postgresql.list
|
||||||
|
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
|
||||||
|
apt-get update && apt-get upgrade -y
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."stretch" ]; then
|
||||||
|
echo "deb http://apt.postgresql.org/pub/repos/apt/ $os_codename-pgdg main" > /etc/apt/sources.list.d/postgresql.list
|
||||||
|
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
|
||||||
|
apt-get update && apt-get upgrade -y
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."buster" ]; then
|
||||||
|
echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main" > /etc/apt/sources.list.d/postgresql.list
|
||||||
|
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."bullseye" ]; then
|
||||||
|
echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main" > /etc/apt/sources.list.d/postgresql.list
|
||||||
|
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
|
||||||
|
fi
|
||||||
|
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
|
||||||
|
if [ ."$database_version" = ."latest" ]; then
|
||||||
|
apt-get install -y sudo postgresql
|
||||||
|
fi
|
||||||
|
if [ ."$database_version" = ."9.6" ]; then
|
||||||
|
apt-get install -y sudo postgresql-$database_version
|
||||||
|
fi
|
||||||
|
if [ ."$database_version" = ."9.4" ]; then
|
||||||
|
apt-get install -y sudo postgresql-$database_version
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
apt-get install -y sudo postgresql-client
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#add PostgreSQL and 2ndquadrant repos
|
||||||
|
if [ ."$database_repo" = ."2ndquadrant" ]; then
|
||||||
|
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
|
||||||
|
apt install -y curl
|
||||||
|
curl https://dl.2ndquadrant.com/default/release/get/deb | bash
|
||||||
|
if [ ."$os_codename" = ."buster" ]; then
|
||||||
|
sed -i /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list -e 's#buster#stretch#g'
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."bullseye" ]; then
|
||||||
|
sed -i /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list -e 's#bullseye#stretch#g'
|
||||||
|
fi
|
||||||
|
apt update
|
||||||
|
apt-get install -y sudo postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#systemd
|
||||||
|
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl restart postgresql
|
||||||
|
fi
|
||||||
|
|
||||||
|
#init.d
|
||||||
|
#/usr/sbin/service postgresql restart
|
||||||
|
|
||||||
|
#install the database backup
|
||||||
|
#cp backup/fusionpbx-backup /etc/cron.daily
|
||||||
|
#cp backup/fusionpbx-maintenance /etc/cron.daily
|
||||||
|
#chmod 755 /etc/cron.daily/fusionpbx-backup
|
||||||
|
#chmod 755 /etc/cron.daily/fusionpbx-maintenance
|
||||||
|
#sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-backup
|
||||||
|
#sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-maintenance
|
||||||
|
|
||||||
|
#move to /tmp to prevent a red herring error when running sudo with psql
|
||||||
|
cwd=$(pwd)
|
||||||
|
cd /tmp
|
||||||
|
|
||||||
|
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
|
||||||
|
# add the databases, users and grant permissions to them
|
||||||
|
sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
|
||||||
|
sudo -u postgres psql -c "CREATE DATABASE freeswitch;";
|
||||||
|
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
|
||||||
|
sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
|
||||||
|
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
|
||||||
|
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
|
||||||
|
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
|
||||||
|
# ALTER USER fusionpbx WITH PASSWORD 'newpassword';
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd $cwd
|
||||||
|
|
||||||
|
#set the ip address
|
||||||
|
#server_address=$(hostname -I)
|
|
@ -0,0 +1,31 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ../config.sh
|
||||||
|
|
||||||
|
#set the working directory
|
||||||
|
cwd=$(pwd)
|
||||||
|
cd /tmp
|
||||||
|
|
||||||
|
#set client encoding
|
||||||
|
sudo -u postgres psql -p $database_port -c "SET client_encoding = 'UTF8';";
|
||||||
|
|
||||||
|
#add the database users and databases
|
||||||
|
sudo -u postgres psql -p $database_port -c "CREATE DATABASE fusionpbx;";
|
||||||
|
sudo -u postgres psql -p $database_port -c "CREATE DATABASE freeswitch;";
|
||||||
|
|
||||||
|
#add the users and grant permissions
|
||||||
|
sudo -u postgres psql -p $database_port -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';"
|
||||||
|
sudo -u postgres psql -p $database_port -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$database_password';"
|
||||||
|
sudo -u postgres psql -p $database_port -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
|
||||||
|
sudo -u postgres psql -p $database_port -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
|
||||||
|
sudo -u postgres psql -p $database_port -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
|
||||||
|
|
||||||
|
#reload the config
|
||||||
|
sudo -u postgres psql -p $database_port -c "SELECT pg_reload_conf();"
|
||||||
|
|
||||||
|
#restart postgres
|
||||||
|
#systemctl restart postgresql
|
|
@ -0,0 +1,70 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ../config.sh
|
||||||
|
|
||||||
|
#set the date
|
||||||
|
now=$(date +%Y-%m-%d)
|
||||||
|
|
||||||
|
#get the database password
|
||||||
|
if [ .$database_password = .'random' ]; then
|
||||||
|
read -p "Enter the database password: " database_password
|
||||||
|
fi
|
||||||
|
|
||||||
|
#whether to load the schema
|
||||||
|
read -p "Auto create schemas (y/n): " auto_create_schema
|
||||||
|
|
||||||
|
#whether to load the schema
|
||||||
|
read -p "Load schema with primary keys (y/n): " load_schema
|
||||||
|
|
||||||
|
#set PGPASSWORD
|
||||||
|
export PGPASSWORD=$database_password
|
||||||
|
|
||||||
|
#disable auto create schemas
|
||||||
|
if [ .$auto_create_schema = ."n" ]; then
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<!-- <param name="auto-create-schemas" value="true"/> -->:<param name="auto-create-schemas" value="false"/>:'
|
||||||
|
fi
|
||||||
|
|
||||||
|
#load the schema
|
||||||
|
if [ .$load_schema = ."y" ]; then
|
||||||
|
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d freeswitch -c "create extension pgcrypto;";
|
||||||
|
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d freeswitch -f /var/www/fusionpbx/resources/install/sql/switch.sql -L /tmp/schema.log;
|
||||||
|
fi
|
||||||
|
|
||||||
|
#enable odbc-dsn in the xml
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/db.conf.xml -e s:'<!--<param name="odbc-dsn" value="$${dsn}"/>-->:<param name="odbc-dsn" value="$${dsn}"/>:'
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/fifo.conf.xml -e s:'<!--<param name="odbc-dsn" value="$${dsn}"/>-->:<param name="odbc-dsn" value="$${dsn}"/>:'
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<!-- <param name="core-db-dsn" value="$${dsn}" /> -->:<param name="core-db-dsn" value="$${dsn}" />:'
|
||||||
|
|
||||||
|
#enable odbc-dsn in the sip profiles
|
||||||
|
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "update v_sip_profile_settings set sip_profile_setting_enabled = 'true' where sip_profile_setting_name = 'odbc-dsn';";
|
||||||
|
|
||||||
|
#add the dsn variables
|
||||||
|
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
|
||||||
|
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'pgsql://hostaddr=$database_host port=$database_port dbname=freeswitch user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
|
||||||
|
sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///var/lib/freeswitch/db/callcenter.db', 'DSN', 'true', '0', null, null);";
|
||||||
|
|
||||||
|
#add the
|
||||||
|
echo "<!-- DSN -->" >> /etc/freeswitch/vars.xml
|
||||||
|
echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn_system=pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=\" />" >> /etc/freeswitch/vars.xml
|
||||||
|
echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn=pgsql://hostaddr=$database_host port=$database_port dbname=freeswitch user=fusionpbx password=$database_password options=\" />" >> /etc/freeswitch/vars.xml
|
||||||
|
echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn_callcenter=sqlite:///var/lib/freeswitch/db/callcenter.db\" />" >> /etc/freeswitch/vars.xml
|
||||||
|
|
||||||
|
#remove the sqlite database files
|
||||||
|
dbs="/var/lib/freeswitch/db/core.db /var/lib/freeswitch/db/fifo.db /var/lib/freeswitch/db/call_limit.db /var/lib/freeswitch/db/sofia_reg_*"
|
||||||
|
for db in ${dbs};
|
||||||
|
do
|
||||||
|
if [ -f $db ]; then
|
||||||
|
echo "Deleting $db";
|
||||||
|
rm $db
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
#flush memcache
|
||||||
|
/usr/bin/fs_cli -x 'memcache flush'
|
||||||
|
|
||||||
|
#restart freeswitch
|
||||||
|
service freeswitch restart
|
|
@ -0,0 +1,27 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#database settings
|
||||||
|
db_host=127.0.0.1
|
||||||
|
db_port=5432
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ../config.sh
|
||||||
|
|
||||||
|
#set the database password
|
||||||
|
export PGPASSWORD=$database_password
|
||||||
|
|
||||||
|
#set the date
|
||||||
|
now=$(date +%Y-%m-%d)
|
||||||
|
|
||||||
|
#make sure the backup directory exists
|
||||||
|
mkdir -p /var/backups/fusionpbx/postgresql
|
||||||
|
|
||||||
|
#backup the database
|
||||||
|
pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_auto_$now.sql
|
||||||
|
|
||||||
|
#empty the fusionpbx database
|
||||||
|
sudo -u postgres psql -d fusionpbx -c "drop schema public cascade;";
|
||||||
|
sudo -u postgres psql -d fusionpbx -c "create schema public;";
|
|
@ -0,0 +1,54 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ../config.sh
|
||||||
|
|
||||||
|
#set the date
|
||||||
|
now=$(date +%Y-%m-%d)
|
||||||
|
|
||||||
|
#show this server's addresses
|
||||||
|
server_address=$(hostname -I);
|
||||||
|
echo "This Server Address: $server_address"
|
||||||
|
|
||||||
|
#nodes addresses
|
||||||
|
read -p "Enter all Node IP Addresses: " nodes
|
||||||
|
|
||||||
|
#determine whether to add iptable rules
|
||||||
|
read -p 'Add iptable rules (y/n): ' iptables_add
|
||||||
|
|
||||||
|
#settings summary
|
||||||
|
echo "-----------------------------";
|
||||||
|
echo " Summary";
|
||||||
|
echo "-----------------------------";
|
||||||
|
echo "All Node IP Addresses: $nodes";
|
||||||
|
echo "Add iptable rules: $iptables_add";
|
||||||
|
echo "";
|
||||||
|
|
||||||
|
#verify
|
||||||
|
read -p 'Is the information correct (y/n): ' verified
|
||||||
|
if [ .$verified != ."y" ]; then
|
||||||
|
echo "Goodbye";
|
||||||
|
exit 0;
|
||||||
|
fi
|
||||||
|
|
||||||
|
#iptables rules
|
||||||
|
if [ .$iptables_add = ."y" ]; then
|
||||||
|
for node in $nodes; do
|
||||||
|
/usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32
|
||||||
|
/usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 22000 -s ${node}/32
|
||||||
|
done
|
||||||
|
apt-get remove iptables-persistent -y
|
||||||
|
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
|
||||||
|
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
|
||||||
|
apt-get install -y iptables-persistent
|
||||||
|
fi
|
||||||
|
|
||||||
|
#set the working directory
|
||||||
|
cwd=$(pwd)
|
||||||
|
cd /tmp
|
||||||
|
|
||||||
|
#message to user
|
||||||
|
echo "Completed"
|
|
@ -0,0 +1,177 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ../config.sh
|
||||||
|
|
||||||
|
#set the date
|
||||||
|
now=$(date +%Y-%m-%d)
|
||||||
|
|
||||||
|
#set the database password
|
||||||
|
if [ .$database_password = .'random' ]; then
|
||||||
|
database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
|
||||||
|
fi
|
||||||
|
|
||||||
|
#show this server's addresses
|
||||||
|
server_address=$(hostname -I);
|
||||||
|
echo "This Server Address: $server_address"
|
||||||
|
|
||||||
|
#nodes addresses
|
||||||
|
read -p "Enter all Node IP Addresses: " nodes
|
||||||
|
|
||||||
|
#request the domain and email
|
||||||
|
read -p 'Create Group (y/n): ' group_create
|
||||||
|
if [ .$group_create = ."y" ]; then
|
||||||
|
read -p 'Enter this Nodes Address: ' node_1;
|
||||||
|
else
|
||||||
|
read -p 'Join using node already in group: ' node_1;
|
||||||
|
read -p 'Enter this Nodes Address: ' node_2;
|
||||||
|
fi
|
||||||
|
|
||||||
|
#determine which database to replicate
|
||||||
|
read -p 'Replicate the FusionPBX Database (y/n): ' system_replicate
|
||||||
|
|
||||||
|
#determine which database to replicate
|
||||||
|
read -p 'Replicate the FreeSWITCH Database (y/n): ' switch_replicate
|
||||||
|
|
||||||
|
#determine whether to add iptable rules
|
||||||
|
read -p 'Add iptable rules (y/n): ' iptables_add
|
||||||
|
|
||||||
|
#settings summary
|
||||||
|
echo "-----------------------------";
|
||||||
|
echo " Summary";
|
||||||
|
echo "-----------------------------";
|
||||||
|
echo "Create Group: $group_create";
|
||||||
|
echo "All Node IP Addresses: $nodes";
|
||||||
|
if [ .$group_create = ."y" ]; then
|
||||||
|
echo "This Nodes Address: $node_1";
|
||||||
|
else
|
||||||
|
echo "Join using node in group: $node_1";
|
||||||
|
echo "This Node Address: $node_2";
|
||||||
|
fi
|
||||||
|
echo "Replicate the FusionPBX Database: $system_replicate";
|
||||||
|
echo "Replicate the FreeSWITCH Database: $switch_replicate";
|
||||||
|
echo "Add iptable rules: $iptables_add";
|
||||||
|
echo "";
|
||||||
|
|
||||||
|
#verify
|
||||||
|
read -p 'Is the information correct (y/n): ' verified
|
||||||
|
if [ .$verified != ."y" ]; then
|
||||||
|
echo "Goodbye";
|
||||||
|
exit 0;
|
||||||
|
fi
|
||||||
|
|
||||||
|
#add the 2ndquadrant repo
|
||||||
|
if [ .$database_version = ."9.6" ]; then
|
||||||
|
echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' > /etc/apt/sources.list.d/2ndquadrant.list
|
||||||
|
/usr/bin/wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add -
|
||||||
|
apt-get update && apt-get upgrade -y
|
||||||
|
apt-get install -y sudo postgresql-9.6-bdr-plugin
|
||||||
|
fi
|
||||||
|
|
||||||
|
#iptables rules
|
||||||
|
if [ .$iptables_add = ."y" ]; then
|
||||||
|
for node in $nodes; do
|
||||||
|
/usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32
|
||||||
|
/usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 22000 -s ${node}/32
|
||||||
|
done
|
||||||
|
apt-get remove iptables-persistent -y
|
||||||
|
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
|
||||||
|
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
|
||||||
|
apt-get install -y iptables-persistent
|
||||||
|
systemctl restart fail2ban
|
||||||
|
fi
|
||||||
|
|
||||||
|
#setup ssl
|
||||||
|
sed -i /etc/postgresql/$database_version/main/postgresql.conf -e s:'snakeoil.key:snakeoil-postgres.key:'
|
||||||
|
cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil-postgres.key
|
||||||
|
chown postgres:postgres /etc/ssl/private/ssl-cert-snakeoil-postgres.key
|
||||||
|
chmod 600 /etc/ssl/private/ssl-cert-snakeoil-postgres.key
|
||||||
|
|
||||||
|
#postgresql.conf - append settings
|
||||||
|
cp /etc/postgresql/$database_version/main/postgresql.conf /etc/postgresql/$database_version/main/postgresql.conf-$now
|
||||||
|
#cat ../postgresql/postgresql.conf > /etc/postgresql/$database_version/main/postgresql.conf
|
||||||
|
echo "listen_addresses = '*'" >> /etc/postgresql/$database_version/main/postgresql.conf
|
||||||
|
echo "#listen_addresses = '127.0.0.1,xxx.xxx.xxx.xxx'" >> /etc/postgresql/$database_version/main/postgresql.conf
|
||||||
|
echo "shared_preload_libraries = 'bdr'" >> /etc/postgresql/$database_version/main/postgresql.conf
|
||||||
|
echo "wal_level = 'logical'" >> /etc/postgresql/$database_version/main/postgresql.conf
|
||||||
|
echo "track_commit_timestamp = on" >> /etc/postgresql/$database_version/main/postgresql.conf
|
||||||
|
echo "max_connections = 100" >> /etc/postgresql/$database_version/main/postgresql.conf
|
||||||
|
echo "max_wal_senders = 10" >> /etc/postgresql/$database_version/main/postgresql.conf
|
||||||
|
echo "max_replication_slots = 48" >> /etc/postgresql/$database_version/main/postgresql.conf
|
||||||
|
echo "max_worker_processes = 48" >> /etc/postgresql/$database_version/main/postgresql.conf
|
||||||
|
|
||||||
|
#pg_hba.conf - append settings
|
||||||
|
cp /etc/postgresql/$database_version/main/pg_hba.conf /etc/postgresql/$database_version/main/pg_hba.conf-$now
|
||||||
|
cat ../postgresql/pg_hba.conf > /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
#chmod 640 /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
#chown -R postgres:postgres /etc/postgresql/$database_version/main
|
||||||
|
echo "host all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
echo "hostssl all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
echo "hostssl replication postgres 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
for node in $nodes; do
|
||||||
|
echo "host all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
echo "hostssl all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
echo "hostssl replication postgres ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
#reload configuration
|
||||||
|
systemctl daemon-reload
|
||||||
|
|
||||||
|
#reload the config
|
||||||
|
sudo -u postgres psql -p $database_port -c "SELECT pg_reload_conf();"
|
||||||
|
|
||||||
|
#restart postgres
|
||||||
|
systemctl restart postgresql
|
||||||
|
|
||||||
|
#set the working directory
|
||||||
|
cwd=$(pwd)
|
||||||
|
cd /tmp
|
||||||
|
|
||||||
|
#add the postgres extensions
|
||||||
|
sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION btree_gist;";
|
||||||
|
sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION bdr;";
|
||||||
|
sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION btree_gist;";
|
||||||
|
sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION bdr;";
|
||||||
|
|
||||||
|
#add master nodes
|
||||||
|
if [ .$group_create = ."y" ]; then
|
||||||
|
#add first node
|
||||||
|
if [ .$system_replicate = ."y" ]; then
|
||||||
|
sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
|
||||||
|
fi
|
||||||
|
if [ .$switch_replicate = ."y" ]; then
|
||||||
|
sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
#add additional master nodes
|
||||||
|
if [ .$system_replicate = ."y" ]; then
|
||||||
|
sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
|
||||||
|
fi
|
||||||
|
if [ .$switch_replicate = ."y" ]; then
|
||||||
|
sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#load the freeswitch database
|
||||||
|
#sudo -u postgres psql -d freeswitch -f /var/www/fusionpbx/resources/install/sql/switch.sql -L /tmp/switch-sql.log
|
||||||
|
|
||||||
|
#sleeping
|
||||||
|
if [ .$group_create = ."n" ]; then
|
||||||
|
echo "Sleeping for 15 seconds";
|
||||||
|
for i in `seq 1 15`; do
|
||||||
|
echo $i
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
#add extension pgcrypto
|
||||||
|
if [ .$group_create = ."n" ]; then
|
||||||
|
sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION pgcrypto;";
|
||||||
|
fi
|
||||||
|
|
||||||
|
#message to user
|
||||||
|
echo "Completed"
|
|
@ -0,0 +1,97 @@
|
||||||
|
# PostgreSQL Client Authentication Configuration File
|
||||||
|
# ===================================================
|
||||||
|
#
|
||||||
|
# Refer to the "Client Authentication" section in the PostgreSQL
|
||||||
|
# documentation for a complete description of this file. A short
|
||||||
|
# synopsis follows.
|
||||||
|
#
|
||||||
|
# This file controls: which hosts are allowed to connect, how clients
|
||||||
|
# are authenticated, which PostgreSQL user names they can use, which
|
||||||
|
# databases they can access. Records take one of these forms:
|
||||||
|
#
|
||||||
|
# local DATABASE USER METHOD [OPTIONS]
|
||||||
|
# host DATABASE USER ADDRESS METHOD [OPTIONS]
|
||||||
|
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
|
||||||
|
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
|
||||||
|
#
|
||||||
|
# (The uppercase items must be replaced by actual values.)
|
||||||
|
#
|
||||||
|
# The first field is the connection type: "local" is a Unix-domain
|
||||||
|
# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
|
||||||
|
# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
|
||||||
|
# plain TCP/IP socket.
|
||||||
|
#
|
||||||
|
# DATABASE can be "all", "sameuser", "samerole", "replication", a
|
||||||
|
# database name, or a comma-separated list thereof. The "all"
|
||||||
|
# keyword does not match "replication". Access to replication
|
||||||
|
# must be enabled in a separate record (see example below).
|
||||||
|
#
|
||||||
|
# USER can be "all", a user name, a group name prefixed with "+", or a
|
||||||
|
# comma-separated list thereof. In both the DATABASE and USER fields
|
||||||
|
# you can also write a file name prefixed with "@" to include names
|
||||||
|
# from a separate file.
|
||||||
|
#
|
||||||
|
# ADDRESS specifies the set of hosts the record matches. It can be a
|
||||||
|
# host name, or it is made up of an IP address and a CIDR mask that is
|
||||||
|
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
|
||||||
|
# specifies the number of significant bits in the mask. A host name
|
||||||
|
# that starts with a dot (.) matches a suffix of the actual host name.
|
||||||
|
# Alternatively, you can write an IP address and netmask in separate
|
||||||
|
# columns to specify the set of hosts. Instead of a CIDR-address, you
|
||||||
|
# can write "samehost" to match any of the server's own IP addresses,
|
||||||
|
# or "samenet" to match any address in any subnet that the server is
|
||||||
|
# directly connected to.
|
||||||
|
#
|
||||||
|
# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
|
||||||
|
# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that
|
||||||
|
# "password" sends passwords in clear text; "md5" is preferred since
|
||||||
|
# it sends encrypted passwords.
|
||||||
|
#
|
||||||
|
# OPTIONS are a set of options for the authentication in the format
|
||||||
|
# NAME=VALUE. The available options depend on the different
|
||||||
|
# authentication methods -- refer to the "Client Authentication"
|
||||||
|
# section in the documentation for a list of which options are
|
||||||
|
# available for which authentication methods.
|
||||||
|
#
|
||||||
|
# Database and user names containing spaces, commas, quotes and other
|
||||||
|
# special characters must be quoted. Quoting one of the keywords
|
||||||
|
# "all", "sameuser", "samerole" or "replication" makes the name lose
|
||||||
|
# its special character, and just match a database or username with
|
||||||
|
# that name.
|
||||||
|
#
|
||||||
|
# This file is read on server startup and when the postmaster receives
|
||||||
|
# a SIGHUP signal. If you edit the file on a running system, you have
|
||||||
|
# to SIGHUP the postmaster for the changes to take effect. You can
|
||||||
|
# use "pg_ctl reload" to do that.
|
||||||
|
|
||||||
|
# Put your actual configuration here
|
||||||
|
# ----------------------------------
|
||||||
|
#
|
||||||
|
# If you want to allow non-local connections, you need to add more
|
||||||
|
# "host" records. In that case you will also need to make PostgreSQL
|
||||||
|
# listen on a non-local interface via the listen_addresses
|
||||||
|
# configuration parameter, or via the -i or -h command line switches.
|
||||||
|
|
||||||
|
|
||||||
|
# DO NOT DISABLE!
|
||||||
|
# If you change this first entry you will need to make sure that the
|
||||||
|
# database superuser can access the database using some other method.
|
||||||
|
# Noninteractive access to all databases is required during automatic
|
||||||
|
# maintenance (custom daily cronjobs, replication, and similar tasks).
|
||||||
|
#
|
||||||
|
# Database administrative login by Unix domain socket
|
||||||
|
local all postgres peer
|
||||||
|
|
||||||
|
# TYPE DATABASE USER ADDRESS METHOD
|
||||||
|
|
||||||
|
# "local" is for Unix domain socket connections only
|
||||||
|
local all all peer
|
||||||
|
# IPv4 local connections:
|
||||||
|
host all all 127.0.0.1/32 trust
|
||||||
|
# IPv6 local connections:
|
||||||
|
host all all ::1/128 md5
|
||||||
|
# Allow replication connections from localhost, by a user with the
|
||||||
|
# replication privilege.
|
||||||
|
#local replication postgres peer
|
||||||
|
#host replication postgres 127.0.0.1/32 md5
|
||||||
|
#host replication postgres ::1/128 md5
|
|
@ -0,0 +1,62 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ../config.sh
|
||||||
|
|
||||||
|
#set the date
|
||||||
|
now=$(date +%Y-%m-%d)
|
||||||
|
|
||||||
|
#show this server's addresses
|
||||||
|
server_address=$(hostname -I);
|
||||||
|
echo "This Server Address: $server_address"
|
||||||
|
|
||||||
|
#nodes addresses
|
||||||
|
read -p "Enter all Node IP Addresses: " nodes
|
||||||
|
|
||||||
|
#determine whether to add iptable rules
|
||||||
|
read -p 'Add ip address to pg_hba (y/n): ' pg_hba_add
|
||||||
|
|
||||||
|
#settings summary
|
||||||
|
echo "-----------------------------";
|
||||||
|
echo " Summary";
|
||||||
|
echo "-----------------------------";
|
||||||
|
echo "All Node IP Addresses: $nodes";
|
||||||
|
echo "Add ip addresses to pg_hba: $pg_hba_add";
|
||||||
|
echo "";
|
||||||
|
|
||||||
|
#verify
|
||||||
|
read -p 'Is the information correct (y/n): ' verified
|
||||||
|
if [ .$verified != ."y" ]; then
|
||||||
|
echo "Goodbye";
|
||||||
|
exit 0;
|
||||||
|
fi
|
||||||
|
|
||||||
|
#pg_hba.conf - append settings
|
||||||
|
cp /etc/postgresql/$database_version/main/pg_hba.conf /etc/postgresql/$database_version/main/pg_hba.conf-$now
|
||||||
|
cat ../postgresql/pg_hba.conf > /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
#chmod 640 /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
#chown -R postgres:postgres /etc/postgresql/$database_version/main
|
||||||
|
echo "host all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
echo "hostssl all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
echo "hostssl replication postgres 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
for node in $nodes; do
|
||||||
|
echo "host all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
echo "hostssl all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
echo "hostssl replication postgres ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf
|
||||||
|
done
|
||||||
|
|
||||||
|
#reload configuration
|
||||||
|
systemctl daemon-reload
|
||||||
|
|
||||||
|
#restart postgres
|
||||||
|
service postgresql restart
|
||||||
|
|
||||||
|
#set the working directory
|
||||||
|
cwd=$(pwd)
|
||||||
|
cd /tmp
|
||||||
|
|
||||||
|
#message to user
|
||||||
|
echo "Completed"
|
|
@ -0,0 +1,618 @@
|
||||||
|
# -----------------------------
|
||||||
|
# PostgreSQL configuration file
|
||||||
|
# -----------------------------
|
||||||
|
#
|
||||||
|
# This file consists of lines of the form:
|
||||||
|
#
|
||||||
|
# name = value
|
||||||
|
#
|
||||||
|
# (The "=" is optional.) Whitespace may be used. Comments are introduced with
|
||||||
|
# "#" anywhere on a line. The complete list of parameter names and allowed
|
||||||
|
# values can be found in the PostgreSQL documentation.
|
||||||
|
#
|
||||||
|
# The commented-out settings shown in this file represent the default values.
|
||||||
|
# Re-commenting a setting is NOT sufficient to revert it to the default value;
|
||||||
|
# you need to reload the server.
|
||||||
|
#
|
||||||
|
# This file is read on server startup and when the server receives a SIGHUP
|
||||||
|
# signal. If you edit the file on a running system, you have to SIGHUP the
|
||||||
|
# server for the changes to take effect, or use "pg_ctl reload". Some
|
||||||
|
# parameters, which are marked below, require a server shutdown and restart to
|
||||||
|
# take effect.
|
||||||
|
#
|
||||||
|
# Any parameter can also be given as a command-line option to the server, e.g.,
|
||||||
|
# "postgres -c log_connections=on". Some parameters can be changed at run time
|
||||||
|
# with the "SET" SQL command.
|
||||||
|
#
|
||||||
|
# Memory units: kB = kilobytes Time units: ms = milliseconds
|
||||||
|
# MB = megabytes s = seconds
|
||||||
|
# GB = gigabytes min = minutes
|
||||||
|
# TB = terabytes h = hours
|
||||||
|
# d = days
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# FILE LOCATIONS
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# The default values of these variables are driven from the -D command-line
|
||||||
|
# option or PGDATA environment variable, represented here as ConfigDir.
|
||||||
|
|
||||||
|
data_directory = '/var/lib/postgresql/9.4/main' # use data in another directory
|
||||||
|
# (change requires restart)
|
||||||
|
hba_file = '/etc/postgresql/9.4/main/pg_hba.conf' # host-based authentication file
|
||||||
|
# (change requires restart)
|
||||||
|
ident_file = '/etc/postgresql/9.4/main/pg_ident.conf' # ident configuration file
|
||||||
|
# (change requires restart)
|
||||||
|
|
||||||
|
# If external_pid_file is not explicitly set, no extra PID file is written.
|
||||||
|
external_pid_file = '/var/run/postgresql/9.4-main.pid' # write an extra PID file
|
||||||
|
# (change requires restart)
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# CONNECTIONS AND AUTHENTICATION
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# - Connection Settings -
|
||||||
|
|
||||||
|
#listen_addresses = 'localhost' # what IP address(es) to listen on;
|
||||||
|
# comma-separated list of addresses;
|
||||||
|
# defaults to 'localhost'; use '*' for all
|
||||||
|
# (change requires restart)
|
||||||
|
port = 5432 # (change requires restart)
|
||||||
|
max_connections = 100 # (change requires restart)
|
||||||
|
#superuser_reserved_connections = 3 # (change requires restart)
|
||||||
|
unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories
|
||||||
|
# (change requires restart)
|
||||||
|
#unix_socket_group = '' # (change requires restart)
|
||||||
|
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
|
||||||
|
# (change requires restart)
|
||||||
|
#bonjour = off # advertise server via Bonjour
|
||||||
|
# (change requires restart)
|
||||||
|
#bonjour_name = '' # defaults to the computer name
|
||||||
|
# (change requires restart)
|
||||||
|
|
||||||
|
# - Security and Authentication -
|
||||||
|
|
||||||
|
#authentication_timeout = 1min # 1s-600s
|
||||||
|
ssl = true # (change requires restart)
|
||||||
|
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
|
||||||
|
# (change requires restart)
|
||||||
|
#ssl_prefer_server_ciphers = on # (change requires restart)
|
||||||
|
#ssl_ecdh_curve = 'prime256v1' # (change requires restart)
|
||||||
|
#ssl_renegotiation_limit = 0 # amount of data between renegotiations
|
||||||
|
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change requires restart)
|
||||||
|
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil-postgres.key' # (change requires restart)
|
||||||
|
#ssl_ca_file = '' # (change requires restart)
|
||||||
|
#ssl_crl_file = '' # (change requires restart)
|
||||||
|
#password_encryption = on
|
||||||
|
#db_user_namespace = off
|
||||||
|
|
||||||
|
# GSSAPI using Kerberos
|
||||||
|
#krb_server_keyfile = ''
|
||||||
|
#krb_caseins_users = off
|
||||||
|
|
||||||
|
# - TCP Keepalives -
|
||||||
|
# see "man 7 tcp" for details
|
||||||
|
|
||||||
|
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
|
||||||
|
# 0 selects the system default
|
||||||
|
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
|
||||||
|
# 0 selects the system default
|
||||||
|
#tcp_keepalives_count = 0 # TCP_KEEPCNT;
|
||||||
|
# 0 selects the system default
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# RESOURCE USAGE (except WAL)
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# - Memory -
|
||||||
|
|
||||||
|
shared_buffers = 128MB # min 128kB
|
||||||
|
# (change requires restart)
|
||||||
|
#huge_pages = try # on, off, or try
|
||||||
|
# (change requires restart)
|
||||||
|
#temp_buffers = 8MB # min 800kB
|
||||||
|
#max_prepared_transactions = 0 # zero disables the feature
|
||||||
|
# (change requires restart)
|
||||||
|
# Caution: it is not advisable to set max_prepared_transactions nonzero unless
|
||||||
|
# you actively intend to use prepared transactions.
|
||||||
|
#work_mem = 4MB # min 64kB
|
||||||
|
#maintenance_work_mem = 64MB # min 1MB
|
||||||
|
#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
|
||||||
|
#max_stack_depth = 2MB # min 100kB
|
||||||
|
dynamic_shared_memory_type = posix # the default is the first option
|
||||||
|
# supported by the operating system:
|
||||||
|
# posix
|
||||||
|
# sysv
|
||||||
|
# windows
|
||||||
|
# mmap
|
||||||
|
# use none to disable dynamic shared memory
|
||||||
|
|
||||||
|
# - Disk -
|
||||||
|
|
||||||
|
#temp_file_limit = -1 # limits per-session temp file space
|
||||||
|
# in kB, or -1 for no limit
|
||||||
|
|
||||||
|
# - Kernel Resource Usage -
|
||||||
|
|
||||||
|
#max_files_per_process = 1000 # min 25
|
||||||
|
# (change requires restart)
|
||||||
|
#shared_preload_libraries = '' # (change requires restart)
|
||||||
|
|
||||||
|
# - Cost-Based Vacuum Delay -
|
||||||
|
|
||||||
|
#vacuum_cost_delay = 0 # 0-100 milliseconds
|
||||||
|
#vacuum_cost_page_hit = 1 # 0-10000 credits
|
||||||
|
#vacuum_cost_page_miss = 10 # 0-10000 credits
|
||||||
|
#vacuum_cost_page_dirty = 20 # 0-10000 credits
|
||||||
|
#vacuum_cost_limit = 200 # 1-10000 credits
|
||||||
|
|
||||||
|
# - Background Writer -
|
||||||
|
|
||||||
|
#bgwriter_delay = 200ms # 10-10000ms between rounds
|
||||||
|
#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round
|
||||||
|
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round
|
||||||
|
|
||||||
|
# - Asynchronous Behavior -
|
||||||
|
|
||||||
|
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
|
||||||
|
#max_worker_processes = 8
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# WRITE AHEAD LOG
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# - Settings -
|
||||||
|
|
||||||
|
#wal_level = minimal # minimal, archive, hot_standby, or logical
|
||||||
|
# (change requires restart)
|
||||||
|
#fsync = on # turns forced synchronization on or off
|
||||||
|
#synchronous_commit = on # synchronization level;
|
||||||
|
# off, local, remote_write, or on
|
||||||
|
#wal_sync_method = fsync # the default is the first option
|
||||||
|
# supported by the operating system:
|
||||||
|
# open_datasync
|
||||||
|
# fdatasync (default on Linux)
|
||||||
|
# fsync
|
||||||
|
# fsync_writethrough
|
||||||
|
# open_sync
|
||||||
|
#full_page_writes = on # recover from partial page writes
|
||||||
|
#wal_log_hints = off # also do full page writes of non-critical updates
|
||||||
|
# (change requires restart)
|
||||||
|
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
|
||||||
|
# (change requires restart)
|
||||||
|
#wal_writer_delay = 200ms # 1-10000 milliseconds
|
||||||
|
|
||||||
|
#commit_delay = 0 # range 0-100000, in microseconds
|
||||||
|
#commit_siblings = 5 # range 1-1000
|
||||||
|
|
||||||
|
# - Checkpoints -
|
||||||
|
|
||||||
|
#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each
|
||||||
|
#checkpoint_timeout = 5min # range 30s-1h
|
||||||
|
#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0
|
||||||
|
#checkpoint_warning = 30s # 0 disables
|
||||||
|
|
||||||
|
# - Archiving -
|
||||||
|
|
||||||
|
#archive_mode = off # allows archiving to be done
|
||||||
|
# (change requires restart)
|
||||||
|
#archive_command = '' # command to use to archive a logfile segment
|
||||||
|
# placeholders: %p = path of file to archive
|
||||||
|
# %f = file name only
|
||||||
|
# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
|
||||||
|
#archive_timeout = 0 # force a logfile segment switch after this
|
||||||
|
# number of seconds; 0 disables
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# REPLICATION
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# - Sending Server(s) -
|
||||||
|
|
||||||
|
# Set these on the master and on any standby that will send replication data.
|
||||||
|
|
||||||
|
#max_wal_senders = 0 # max number of walsender processes
|
||||||
|
# (change requires restart)
|
||||||
|
#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables
|
||||||
|
#wal_sender_timeout = 60s # in milliseconds; 0 disables
|
||||||
|
|
||||||
|
#max_replication_slots = 0 # max number of replication slots
|
||||||
|
#track_commit_timestamp = off # collect timestamp of transaction commit
|
||||||
|
# (change requires restart)
|
||||||
|
|
||||||
|
# - Master Server -
|
||||||
|
|
||||||
|
# These settings are ignored on a standby server.
|
||||||
|
|
||||||
|
#synchronous_standby_names = '' # standby servers that provide sync rep
|
||||||
|
# comma-separated list of application_name
|
||||||
|
# from standby(s); '*' = all
|
||||||
|
#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
|
||||||
|
|
||||||
|
# - Standby Servers -
|
||||||
|
|
||||||
|
# These settings are ignored on a master server.
|
||||||
|
|
||||||
|
#hot_standby = off # "on" allows queries during recovery
|
||||||
|
# (change requires restart)
|
||||||
|
#max_standby_archive_delay = 30s # max delay before canceling queries
|
||||||
|
# when reading WAL from archive;
|
||||||
|
# -1 allows indefinite delay
|
||||||
|
#max_standby_streaming_delay = 30s # max delay before canceling queries
|
||||||
|
# when reading streaming WAL;
|
||||||
|
# -1 allows indefinite delay
|
||||||
|
#wal_receiver_status_interval = 10s # send replies at least this often
|
||||||
|
# 0 disables
|
||||||
|
#hot_standby_feedback = off # send info from standby to prevent
|
||||||
|
# query conflicts
|
||||||
|
#wal_receiver_timeout = 60s # time that receiver waits for
|
||||||
|
# communication from master
|
||||||
|
# in milliseconds; 0 disables
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# QUERY TUNING
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# - Planner Method Configuration -
|
||||||
|
|
||||||
|
#enable_bitmapscan = on
|
||||||
|
#enable_hashagg = on
|
||||||
|
#enable_hashjoin = on
|
||||||
|
#enable_indexscan = on
|
||||||
|
#enable_indexonlyscan = on
|
||||||
|
#enable_material = on
|
||||||
|
#enable_mergejoin = on
|
||||||
|
#enable_nestloop = on
|
||||||
|
#enable_seqscan = on
|
||||||
|
#enable_sort = on
|
||||||
|
#enable_tidscan = on
|
||||||
|
|
||||||
|
# - Planner Cost Constants -
|
||||||
|
|
||||||
|
#seq_page_cost = 1.0 # measured on an arbitrary scale
|
||||||
|
#random_page_cost = 4.0 # same scale as above
|
||||||
|
#cpu_tuple_cost = 0.01 # same scale as above
|
||||||
|
#cpu_index_tuple_cost = 0.005 # same scale as above
|
||||||
|
#cpu_operator_cost = 0.0025 # same scale as above
|
||||||
|
#effective_cache_size = 4GB
|
||||||
|
|
||||||
|
# - Genetic Query Optimizer -
|
||||||
|
|
||||||
|
#geqo = on
|
||||||
|
#geqo_threshold = 12
|
||||||
|
#geqo_effort = 5 # range 1-10
|
||||||
|
#geqo_pool_size = 0 # selects default based on effort
|
||||||
|
#geqo_generations = 0 # selects default based on effort
|
||||||
|
#geqo_selection_bias = 2.0 # range 1.5-2.0
|
||||||
|
#geqo_seed = 0.0 # range 0.0-1.0
|
||||||
|
|
||||||
|
# - Other Planner Options -
|
||||||
|
|
||||||
|
#default_statistics_target = 100 # range 1-10000
|
||||||
|
#constraint_exclusion = partition # on, off, or partition
|
||||||
|
#cursor_tuple_fraction = 0.1 # range 0.0-1.0
|
||||||
|
#from_collapse_limit = 8
|
||||||
|
#join_collapse_limit = 8 # 1 disables collapsing of explicit
|
||||||
|
# JOIN clauses
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# ERROR REPORTING AND LOGGING
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# - Where to Log -
|
||||||
|
|
||||||
|
#log_destination = 'stderr' # Valid values are combinations of
|
||||||
|
# stderr, csvlog, syslog, and eventlog,
|
||||||
|
# depending on platform. csvlog
|
||||||
|
# requires logging_collector to be on.
|
||||||
|
|
||||||
|
# This is used when logging to stderr:
|
||||||
|
#logging_collector = off # Enable capturing of stderr and csvlog
|
||||||
|
# into log files. Required to be on for
|
||||||
|
# csvlogs.
|
||||||
|
# (change requires restart)
|
||||||
|
|
||||||
|
# These are only used if logging_collector is on:
|
||||||
|
#log_directory = 'pg_log' # directory where log files are written,
|
||||||
|
# can be absolute or relative to PGDATA
|
||||||
|
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
|
||||||
|
# can include strftime() escapes
|
||||||
|
#log_file_mode = 0600 # creation mode for log files,
|
||||||
|
# begin with 0 to use octal notation
|
||||||
|
#log_truncate_on_rotation = off # If on, an existing log file with the
|
||||||
|
# same name as the new log file will be
|
||||||
|
# truncated rather than appended to.
|
||||||
|
# But such truncation only occurs on
|
||||||
|
# time-driven rotation, not on restarts
|
||||||
|
# or size-driven rotation. Default is
|
||||||
|
# off, meaning append to existing files
|
||||||
|
# in all cases.
|
||||||
|
#log_rotation_age = 1d # Automatic rotation of logfiles will
|
||||||
|
# happen after that time. 0 disables.
|
||||||
|
#log_rotation_size = 10MB # Automatic rotation of logfiles will
|
||||||
|
# happen after that much log output.
|
||||||
|
# 0 disables.
|
||||||
|
|
||||||
|
# These are relevant when logging to syslog:
|
||||||
|
#syslog_facility = 'LOCAL0'
|
||||||
|
#syslog_ident = 'postgres'
|
||||||
|
|
||||||
|
# This is only relevant when logging to eventlog (win32):
|
||||||
|
#event_source = 'PostgreSQL'
|
||||||
|
|
||||||
|
# - When to Log -
|
||||||
|
|
||||||
|
#client_min_messages = notice # values in order of decreasing detail:
|
||||||
|
# debug5
|
||||||
|
# debug4
|
||||||
|
# debug3
|
||||||
|
# debug2
|
||||||
|
# debug1
|
||||||
|
# log
|
||||||
|
# notice
|
||||||
|
# warning
|
||||||
|
# error
|
||||||
|
|
||||||
|
#log_min_messages = warning # values in order of decreasing detail:
|
||||||
|
# debug5
|
||||||
|
# debug4
|
||||||
|
# debug3
|
||||||
|
# debug2
|
||||||
|
# debug1
|
||||||
|
# info
|
||||||
|
# notice
|
||||||
|
# warning
|
||||||
|
# error
|
||||||
|
# log
|
||||||
|
# fatal
|
||||||
|
# panic
|
||||||
|
|
||||||
|
#log_min_error_statement = error # values in order of decreasing detail:
|
||||||
|
# debug5
|
||||||
|
# debug4
|
||||||
|
# debug3
|
||||||
|
# debug2
|
||||||
|
# debug1
|
||||||
|
# info
|
||||||
|
# notice
|
||||||
|
# warning
|
||||||
|
# error
|
||||||
|
# log
|
||||||
|
# fatal
|
||||||
|
# panic (effectively off)
|
||||||
|
|
||||||
|
#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
|
||||||
|
# and their durations, > 0 logs only
|
||||||
|
# statements running at least this number
|
||||||
|
# of milliseconds
|
||||||
|
|
||||||
|
|
||||||
|
# - What to Log -
|
||||||
|
|
||||||
|
#debug_print_parse = off
|
||||||
|
#debug_print_rewritten = off
|
||||||
|
#debug_print_plan = off
|
||||||
|
#debug_pretty_print = on
|
||||||
|
#log_checkpoints = off
|
||||||
|
#log_connections = off
|
||||||
|
#log_disconnections = off
|
||||||
|
#log_duration = off
|
||||||
|
#log_error_verbosity = default # terse, default, or verbose messages
|
||||||
|
#log_hostname = off
|
||||||
|
log_line_prefix = '%m [%p] %q%u@%d ' # special values:
|
||||||
|
# %a = application name
|
||||||
|
# %u = user name
|
||||||
|
# %d = database name
|
||||||
|
# %r = remote host and port
|
||||||
|
# %h = remote host
|
||||||
|
# %p = process ID
|
||||||
|
# %t = timestamp without milliseconds
|
||||||
|
# %m = timestamp with milliseconds
|
||||||
|
# %i = command tag
|
||||||
|
# %e = SQL state
|
||||||
|
# %c = session ID
|
||||||
|
# %l = session line number
|
||||||
|
# %s = session start timestamp
|
||||||
|
# %v = virtual transaction ID
|
||||||
|
# %x = transaction ID (0 if none)
|
||||||
|
# %q = stop here in non-session
|
||||||
|
# processes
|
||||||
|
# %% = '%'
|
||||||
|
# e.g. '<%u%%%d> '
|
||||||
|
#log_lock_waits = off # log lock waits >= deadlock_timeout
|
||||||
|
#log_statement = 'none' # none, ddl, mod, all
|
||||||
|
#log_temp_files = -1 # log temporary files equal or larger
|
||||||
|
# than the specified size in kilobytes;
|
||||||
|
# -1 disables, 0 logs all temp files
|
||||||
|
log_timezone = 'UTC'
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# RUNTIME STATISTICS
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# - Query/Index Statistics Collector -
|
||||||
|
|
||||||
|
#track_activities = on
|
||||||
|
#track_counts = on
|
||||||
|
#track_io_timing = off
|
||||||
|
#track_functions = none # none, pl, all
|
||||||
|
#track_activity_query_size = 1024 # (change requires restart)
|
||||||
|
#update_process_title = on
|
||||||
|
stats_temp_directory = '/var/run/postgresql/9.4-main.pg_stat_tmp'
|
||||||
|
|
||||||
|
|
||||||
|
# - Statistics Monitoring -
|
||||||
|
|
||||||
|
#log_parser_stats = off
|
||||||
|
#log_planner_stats = off
|
||||||
|
#log_executor_stats = off
|
||||||
|
#log_statement_stats = off
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# AUTOVACUUM PARAMETERS
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
#autovacuum = on # Enable autovacuum subprocess? 'on'
|
||||||
|
# requires track_counts to also be on.
|
||||||
|
#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and
|
||||||
|
# their durations, > 0 logs only
|
||||||
|
# actions running at least this number
|
||||||
|
# of milliseconds.
|
||||||
|
#autovacuum_max_workers = 3 # max number of autovacuum subprocesses
|
||||||
|
# (change requires restart)
|
||||||
|
#autovacuum_naptime = 1min # time between autovacuum runs
|
||||||
|
#autovacuum_vacuum_threshold = 50 # min number of row updates before
|
||||||
|
# vacuum
|
||||||
|
#autovacuum_analyze_threshold = 50 # min number of row updates before
|
||||||
|
# analyze
|
||||||
|
#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
|
||||||
|
#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
|
||||||
|
#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
|
||||||
|
# (change requires restart)
|
||||||
|
#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
|
||||||
|
# before forced vacuum
|
||||||
|
# (change requires restart)
|
||||||
|
#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for
|
||||||
|
# autovacuum, in milliseconds;
|
||||||
|
# -1 means use vacuum_cost_delay
|
||||||
|
#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
|
||||||
|
# autovacuum, -1 means use
|
||||||
|
# vacuum_cost_limit
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# CLIENT CONNECTION DEFAULTS
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# - Statement Behavior -
|
||||||
|
|
||||||
|
#search_path = '"$user",public' # schema names
|
||||||
|
#default_tablespace = '' # a tablespace name, '' uses the default
|
||||||
|
#temp_tablespaces = '' # a list of tablespace names, '' uses
|
||||||
|
# only default tablespace
|
||||||
|
#check_function_bodies = on
|
||||||
|
#default_transaction_isolation = 'read committed'
|
||||||
|
#default_transaction_read_only = off
|
||||||
|
#default_transaction_deferrable = off
|
||||||
|
#session_replication_role = 'origin'
|
||||||
|
#statement_timeout = 0 # in milliseconds, 0 is disabled
|
||||||
|
#lock_timeout = 0 # in milliseconds, 0 is disabled
|
||||||
|
#vacuum_freeze_min_age = 50000000
|
||||||
|
#vacuum_freeze_table_age = 150000000
|
||||||
|
#vacuum_multixact_freeze_min_age = 5000000
|
||||||
|
#vacuum_multixact_freeze_table_age = 150000000
|
||||||
|
#bytea_output = 'hex' # hex, escape
|
||||||
|
#xmlbinary = 'base64'
|
||||||
|
#xmloption = 'content'
|
||||||
|
#gin_fuzzy_search_limit = 0
|
||||||
|
|
||||||
|
# - Locale and Formatting -
|
||||||
|
|
||||||
|
datestyle = 'iso, mdy'
|
||||||
|
#intervalstyle = 'postgres'
|
||||||
|
timezone = 'UTC'
|
||||||
|
#timezone_abbreviations = 'Default' # Select the set of available time zone
|
||||||
|
# abbreviations. Currently, there are
|
||||||
|
# Default
|
||||||
|
# Australia (historical usage)
|
||||||
|
# India
|
||||||
|
# You can create your own file in
|
||||||
|
# share/timezonesets/.
|
||||||
|
#extra_float_digits = 0 # min -15, max 3
|
||||||
|
#client_encoding = sql_ascii # actually, defaults to database
|
||||||
|
# encoding
|
||||||
|
|
||||||
|
# These settings are initialized by initdb, but they can be changed.
|
||||||
|
lc_messages = 'en_US.UTF-8' # locale for system error message
|
||||||
|
# strings
|
||||||
|
lc_monetary = 'en_US.UTF-8' # locale for monetary formatting
|
||||||
|
lc_numeric = 'en_US.UTF-8' # locale for number formatting
|
||||||
|
lc_time = 'en_US.UTF-8' # locale for time formatting
|
||||||
|
|
||||||
|
# default configuration for text search
|
||||||
|
default_text_search_config = 'pg_catalog.english'
|
||||||
|
|
||||||
|
# - Other Defaults -
|
||||||
|
|
||||||
|
#dynamic_library_path = '$libdir'
|
||||||
|
#local_preload_libraries = ''
|
||||||
|
#session_preload_libraries = ''
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# LOCK MANAGEMENT
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
#deadlock_timeout = 1s
|
||||||
|
#max_locks_per_transaction = 64 # min 10
|
||||||
|
# (change requires restart)
|
||||||
|
#max_pred_locks_per_transaction = 64 # min 10
|
||||||
|
# (change requires restart)
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# VERSION/PLATFORM COMPATIBILITY
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# - Previous PostgreSQL Versions -
|
||||||
|
|
||||||
|
#array_nulls = on
|
||||||
|
#backslash_quote = safe_encoding # on, off, or safe_encoding
|
||||||
|
#default_with_oids = off
|
||||||
|
#escape_string_warning = on
|
||||||
|
#lo_compat_privileges = off
|
||||||
|
#quote_all_identifiers = off
|
||||||
|
#sql_inheritance = on
|
||||||
|
#standard_conforming_strings = on
|
||||||
|
#synchronize_seqscans = on
|
||||||
|
|
||||||
|
# - Other Platforms and Clients -
|
||||||
|
|
||||||
|
#transform_null_equals = off
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# ERROR HANDLING
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
#exit_on_error = off # terminate session on any error?
|
||||||
|
#restart_after_crash = on # reinitialize after backend crash?
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# CONFIG FILE INCLUDES
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# These options allow settings to be loaded from files other than the
|
||||||
|
# default postgresql.conf.
|
||||||
|
|
||||||
|
#include_dir = 'conf.d' # include files ending in '.conf' from
|
||||||
|
# directory 'conf.d'
|
||||||
|
#include_if_exists = 'exists.conf' # include file only if it exists
|
||||||
|
#include = 'special.conf' # include file
|
||||||
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
# CUSTOMIZED OPTIONS
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Add settings for extensions here
|
||||||
|
listen_addresses = '*'
|
||||||
|
#listen_addresses = '127.0.0.1,xxx.xxx.xxx.xxx'
|
||||||
|
shared_preload_libraries = 'bdr'
|
||||||
|
wal_level = 'logical'
|
||||||
|
track_commit_timestamp = on
|
||||||
|
max_connections = 100
|
||||||
|
max_wal_senders = 10
|
||||||
|
max_replication_slots = 48
|
||||||
|
max_worker_processes = 48
|
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
random=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
|
||||||
|
echo $random
|
|
@ -0,0 +1,37 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#This script will reboot all the phones in a particular domain for a specified model. A pause is optional.
|
||||||
|
|
||||||
|
#gather parameters
|
||||||
|
read -p "Enter the Domain to Reboot (example: abc.net):" domain
|
||||||
|
read -p "Enter the phone type to reboot (polycom, yealink, cisco):" vendor
|
||||||
|
read -p "Enter the time in seconds to pause between phones:" pausetime
|
||||||
|
|
||||||
|
#create a temp file
|
||||||
|
NOW=$(date +"%Y%m%d_%H%M%S")
|
||||||
|
FILE="registrations-$NOW.csv"
|
||||||
|
|
||||||
|
#gather the registrations from freeswitch
|
||||||
|
eval 'fs_cli -x "show registrations" > $FILE'
|
||||||
|
|
||||||
|
#create some variables
|
||||||
|
N=0
|
||||||
|
ARR=()
|
||||||
|
|
||||||
|
#set the internal field separator
|
||||||
|
IFS=","
|
||||||
|
INPUT=$FILE
|
||||||
|
|
||||||
|
#Loop through the registrations and reboot
|
||||||
|
[ ! -f $INPUT ] &while read reg_user realm extra
|
||||||
|
do
|
||||||
|
if [ ."$realm" = ."$domain" ]; then
|
||||||
|
eval 'fs_cli -x "luarun app.lua event_notify internal reboot $reg_user@$realm $vendor"'
|
||||||
|
if [ "$pausetime" > 0 ]; then
|
||||||
|
sleep $pausetime
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done < $INPUT
|
||||||
|
IFS=$OLDIFS
|
||||||
|
|
||||||
|
#remove the file
|
||||||
|
rm $FILE
|
|
@ -0,0 +1,32 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
|
||||||
|
#count the users
|
||||||
|
admin_users=$(sudo -u postgres psql fusionpbx -Atc "select count(*) from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
|
||||||
|
|
||||||
|
if [ .$admin_users = .'0' ]; then
|
||||||
|
error "i could not find the user '$system_username' in the database, check your resources/config.sh is correct"
|
||||||
|
elif [ .$admin_users = .'' ]; then
|
||||||
|
error "something went wrong, see errors above";
|
||||||
|
else
|
||||||
|
admin_uuids=$(sudo -u postgres psql fusionpbx -Atc "select v_users.user_uuid from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
|
||||||
|
for admin_uuid in $admin_uuids; do
|
||||||
|
user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
|
||||||
|
if [ .$system_password = .'random' ]; then
|
||||||
|
user_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
|
||||||
|
else
|
||||||
|
user_password=$system_password
|
||||||
|
fi
|
||||||
|
password_hash=$(php -r "echo md5('$user_salt$user_password');");
|
||||||
|
sudo -u postgres psql fusionpbx -c "update v_users SET password='$password_hash', salt='$user_salt' where user_uuid='$admin_uuid'"
|
||||||
|
admin_domain=$(sudo -u postgres psql fusionpbx -Atc "select domain_name from v_users JOIN v_domains USING (domain_uuid) where username='$system_username'")
|
||||||
|
verbose " $system_username@$admin_domain has had it's password reset."
|
||||||
|
verbose " password: $user_password"
|
||||||
|
done
|
||||||
|
fi
|
|
@ -0,0 +1,27 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
#add sngrep
|
||||||
|
if [ ."$cpu_architecture" = ."arm" ]; then
|
||||||
|
#source install
|
||||||
|
apt-get install -y git autoconf automake gcc make libncurses5-dev libpcap-dev libssl-dev libpcre3-dev
|
||||||
|
cd /usr/src && git clone https://github.com/irontec/sngrep
|
||||||
|
cd /usr/src/sngrep && ./bootstrap.sh
|
||||||
|
cd /usr/src/sngrep && ./configure
|
||||||
|
cd /usr/src/sngrep && make install
|
||||||
|
else
|
||||||
|
#package install
|
||||||
|
if [ ."$os_codename" = ."jessie" ]; then
|
||||||
|
echo "deb http://packages.irontec.com/debian $os_codename main" > /etc/apt/sources.list.d/sngrep.list
|
||||||
|
wget http://packages.irontec.com/public.key -q -O - | apt-key add -
|
||||||
|
fi
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y sngrep
|
||||||
|
fi
|
|
@ -0,0 +1,52 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
if [ .$switch_source = .true ]; then
|
||||||
|
if [ ."$switch_branch" = "master" ]; then
|
||||||
|
switch/source-master.sh
|
||||||
|
else
|
||||||
|
switch/source-release.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
#copy the switch conf files to /etc/freeswitch
|
||||||
|
switch/conf-copy.sh
|
||||||
|
|
||||||
|
#set the file permissions
|
||||||
|
#switch/source-permissions.sh
|
||||||
|
switch/package-permissions.sh
|
||||||
|
|
||||||
|
#systemd service
|
||||||
|
#switch/source-systemd.sh
|
||||||
|
switch/package-systemd.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ .$switch_package = .true ]; then
|
||||||
|
if [ ."$switch_branch" = "master" ]; then
|
||||||
|
if [ .$switch_package_all = .true ]; then
|
||||||
|
switch/package-master-all.sh
|
||||||
|
else
|
||||||
|
switch/package-master.sh
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ .$switch_package_all = .true ]; then
|
||||||
|
switch/package-all.sh
|
||||||
|
else
|
||||||
|
switch/package-release.sh
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#copy the switch conf files to /etc/freeswitch
|
||||||
|
switch/conf-copy.sh
|
||||||
|
|
||||||
|
#set the file permissions
|
||||||
|
switch/package-permissions.sh
|
||||||
|
|
||||||
|
#systemd service
|
||||||
|
switch/package-systemd.sh
|
||||||
|
fi
|
|
@ -0,0 +1,3 @@
|
||||||
|
mv /etc/freeswitch /etc/freeswitch.orig
|
||||||
|
mkdir /etc/freeswitch
|
||||||
|
cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch
|
|
@ -0,0 +1,57 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ../config.sh
|
||||||
|
|
||||||
|
#set the date
|
||||||
|
now=$(date +%Y-%m-%d)
|
||||||
|
|
||||||
|
#get the database password
|
||||||
|
if [ .$database_password = .'random' ]; then
|
||||||
|
read -p "Enter the database password: " database_password
|
||||||
|
fi
|
||||||
|
|
||||||
|
#set PGPASSWORD
|
||||||
|
export PGPASSWORD=$database_password
|
||||||
|
|
||||||
|
#enable auto create schemas
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<!-- <param name="auto-create-schemas" value="true"/> -->:<param name="auto-create-schemas" value="true"/>:'
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<param name="auto-create-schemas" value="false"/>:<param name="auto-create-schemas" value="true"/>:'
|
||||||
|
|
||||||
|
#enable odbc-dsn in the xml
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/db.conf.xml -e s:'<!--<param name="odbc-dsn" value="$${dsn}"/>-->:<param name="odbc-dsn" value="$${dsn}"/>:'
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/fifo.conf.xml -e s:'<!--<param name="odbc-dsn" value="$${dsn}"/>-->:<param name="odbc-dsn" value="$${dsn}"/>:'
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<!-- <param name="core-db-dsn" value="$${dsn}" /> -->:<param name="core-db-dsn" value="$${dsn}" />:'
|
||||||
|
|
||||||
|
#enable odbc-dsn in the sip profiles
|
||||||
|
sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "update v_sip_profile_settings set sip_profile_setting_enabled = 'true' where sip_profile_setting_name = 'odbc-dsn';";
|
||||||
|
|
||||||
|
#add the dsn variables
|
||||||
|
sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
|
||||||
|
sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'sqlite:///dev/shm/core.db', 'DSN', 'true', '0', null, null);";
|
||||||
|
sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///dev/shm/callcenter.db', 'DSN', 'true', '0', null, null);";
|
||||||
|
|
||||||
|
#update the vars.xml file
|
||||||
|
echo "<!-- DSN -->" >> /etc/freeswitch/vars.xml
|
||||||
|
echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn_system=pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=\" />" >> /etc/freeswitch/vars.xml
|
||||||
|
echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn=sqlite:///dev/shm/core.db\" />" >> /etc/freeswitch/vars.xml
|
||||||
|
echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn_callcenter=sqlite:///dev/shm/callcenter.db\" />" >> /etc/freeswitch/vars.xml
|
||||||
|
|
||||||
|
#remove the sqlite database files
|
||||||
|
dbs="/var/lib/freeswitch/db/core.db /var/lib/freeswitch/db/fifo.db /var/lib/freeswitch/db/call_limit.db /var/lib/freeswitch/db/sofia_reg_*"
|
||||||
|
for db in ${dbs};
|
||||||
|
do
|
||||||
|
if [ -f $db ]; then
|
||||||
|
echo "Deleting $db";
|
||||||
|
rm $db
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
#flush memcache
|
||||||
|
/usr/bin/fs_cli -x 'memcache flush'
|
||||||
|
|
||||||
|
#restart freeswitch
|
||||||
|
service freeswitch restart
|
|
@ -0,0 +1,27 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ../config.sh
|
||||||
|
. ../colors.sh
|
||||||
|
. ../environment.sh
|
||||||
|
|
||||||
|
apt-get update && apt-get install -y ntp curl memcached haveged apt-transport-https
|
||||||
|
apt-get update && apt-get install -y wget lsb-release gnupg2
|
||||||
|
|
||||||
|
if [ ."$cpu_architecture" = ."x86" ]; then
|
||||||
|
wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add -
|
||||||
|
echo "deb http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
echo "deb-src http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
fi
|
||||||
|
if [ ."$cpu_architecture" = ."arm" ]; then
|
||||||
|
wget -O - https://files.freeswitch.org/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add -
|
||||||
|
echo "deb http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
echo "deb-src http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
fi
|
||||||
|
apt-get update && apt-get install -y freeswitch-meta-all freeswitch-all-dbg gdb
|
||||||
|
|
||||||
|
#make sure that postgresql is started before starting freeswitch
|
||||||
|
sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:'
|
|
@ -0,0 +1,9 @@
|
||||||
|
#!/bin/sh
|
||||||
|
apt-get update && apt-get install -y ntp curl memcached haveged
|
||||||
|
curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
|
||||||
|
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
apt-get update && apt-get install -y freeswitch-meta-all freeswitch-all-dbg gdb
|
||||||
|
|
||||||
|
#make sure that postgresql is started before starting freeswitch
|
||||||
|
sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:'
|
|
@ -0,0 +1,31 @@
|
||||||
|
#!/bin/sh
|
||||||
|
apt-get update && apt-get install -y curl memcached haveged
|
||||||
|
curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
|
||||||
|
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y gnupg gnupg2
|
||||||
|
apt-get install -y wget lsb-release
|
||||||
|
apt-get install -y ntp gdb
|
||||||
|
apt-get install -y freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor
|
||||||
|
apt-get install -y freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
|
||||||
|
apt-get install -y freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
|
||||||
|
apt-get install -y freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi
|
||||||
|
apt-get install -y freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
|
||||||
|
apt-get install -y freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
|
||||||
|
apt-get install -y freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
|
||||||
|
apt-get install -y freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
|
||||||
|
apt-get install -y freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite
|
||||||
|
apt-get install -y freeswitch-mod-pgsql
|
||||||
|
apt-get install -y freeswitch-music-default
|
||||||
|
|
||||||
|
#make sure that postgresql is started before starting freeswitch
|
||||||
|
sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:'
|
||||||
|
|
||||||
|
#remove the music package to protect music on hold from package updates
|
||||||
|
mkdir -p /usr/share/freeswitch/sounds/temp
|
||||||
|
mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
|
||||||
|
apt-get remove -y freeswitch-music-default
|
||||||
|
mkdir -p /usr/share/freeswitch/sounds/music/default
|
||||||
|
mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
|
||||||
|
rm -R /usr/share/freeswitch/sounds/temp
|
|
@ -0,0 +1,13 @@
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ../config.sh
|
||||||
|
|
||||||
|
#default permissions
|
||||||
|
chown -R www-data:www-data /etc/freeswitch
|
||||||
|
chown -R www-data:www-data /var/lib/freeswitch
|
||||||
|
chown -R www-data:www-data /usr/share/freeswitch
|
||||||
|
chown -R www-data:www-data /var/log/freeswitch
|
||||||
|
chown -R www-data:www-data /var/run/freeswitch
|
||||||
|
chown -R www-data:www-data /var/cache/fusionpbx
|
|
@ -0,0 +1,56 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ../config.sh
|
||||||
|
. ../colors.sh
|
||||||
|
. ../environment.sh
|
||||||
|
|
||||||
|
apt-get update && apt-get install -y curl memcached haveged apt-transport-https
|
||||||
|
apt-get update && apt-get install -y gnupg gnupg2
|
||||||
|
apt-get update && apt-get install -y wget lsb-release
|
||||||
|
|
||||||
|
if [ ."$cpu_architecture" = ."x86" ]; then
|
||||||
|
wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/debian-release/signalwire-freeswitch-repo.gpg
|
||||||
|
echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
|
||||||
|
echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
fi
|
||||||
|
if [ ."$cpu_architecture" = ."arm" ]; then
|
||||||
|
wget --http-user=signalwire --http-password=$switch_token -O - https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add -
|
||||||
|
echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
|
||||||
|
echo "deb https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
echo "deb-src https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
fi
|
||||||
|
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y gdb ntp
|
||||||
|
apt-get install -y freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-mod-console freeswitch-mod-logfile
|
||||||
|
apt-get install -y freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
|
||||||
|
apt-get install -y freeswitch-sounds-es-ar-mario freeswitch-mod-say-es freeswitch-mod-say-es-ar
|
||||||
|
apt-get install -y freeswitch-sounds-fr-ca-june freeswitch-mod-say-fr
|
||||||
|
apt-get install -y freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
|
||||||
|
apt-get install -y freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo freeswitch-mod-httapi
|
||||||
|
apt-get install -y freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
|
||||||
|
apt-get install -y freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
|
||||||
|
apt-get install -y freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
|
||||||
|
apt-get install -y freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
|
||||||
|
apt-get install -y freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory
|
||||||
|
apt-get install -y freeswitch-mod-av freeswitch-mod-flite freeswitch-mod-distributor freeswitch-meta-codecs
|
||||||
|
apt-get install -y freeswitch-mod-pgsql
|
||||||
|
apt-get install -y freeswitch-music-default
|
||||||
|
apt-get install -y libyuv-dev
|
||||||
|
|
||||||
|
#make sure that postgresql is started before starting freeswitch
|
||||||
|
sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:'
|
||||||
|
|
||||||
|
#remove the music package to protect music on hold from package updates
|
||||||
|
mkdir -p /usr/share/freeswitch/sounds/temp
|
||||||
|
mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
|
||||||
|
mv /usr/share/freeswitch/sounds/music/default/*000 /usr/share/freeswitch/sounds/temp
|
||||||
|
apt-get remove -y freeswitch-music-default
|
||||||
|
mkdir -p /usr/share/freeswitch/sounds/music/default
|
||||||
|
mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
|
||||||
|
rm -R /usr/share/freeswitch/sounds/temp
|
|
@ -0,0 +1,13 @@
|
||||||
|
apt-get remove -y freeswitch-systemd
|
||||||
|
cp "$(dirname $0)/source/freeswitch.service.package" /lib/systemd/system/freeswitch.service
|
||||||
|
cp "$(dirname $0)/source/etc.default.freeswitch.package" /etc/default/freeswitch
|
||||||
|
chmod 644 /lib/systemd/system/freeswitch.service
|
||||||
|
if [ -e /proc/user_beancounters ]
|
||||||
|
then
|
||||||
|
#Disable CPU Scheduler for OpenVZ, not supported on OpenVZ."
|
||||||
|
sed -i -e "s/CPUSchedulingPolicy=rr/;CPUSchedulingPolicy=rr/g" /lib/systemd/system/freeswitch.service
|
||||||
|
fi
|
||||||
|
systemctl enable freeswitch
|
||||||
|
systemctl unmask freeswitch.service
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl start freeswitch
|
|
@ -0,0 +1,25 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ../config.sh
|
||||||
|
. ../colors.sh
|
||||||
|
. ../environment.sh
|
||||||
|
|
||||||
|
apt-get update && apt-get install -y curl memcached haveged apt-transport-https
|
||||||
|
apt-get update && apt-get install -y gnupg gnupg2
|
||||||
|
apt-get update && apt-get install -y wget lsb-release
|
||||||
|
|
||||||
|
if [ ."$cpu_architecture" = ."x86" ]; then
|
||||||
|
wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/debian-release/signalwire-freeswitch-repo.gpg
|
||||||
|
echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
|
||||||
|
echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
fi
|
||||||
|
if [ ."$cpu_architecture" = ."arm" ]; then
|
||||||
|
wget -O - https://files.freeswitch.org/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add -
|
||||||
|
echo "deb http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
echo "deb-src http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
fi
|
|
@ -0,0 +1,41 @@
|
||||||
|
#!/bin/sh
|
||||||
|
echo "Installing the FreeSWITCH source"
|
||||||
|
DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev
|
||||||
|
apt-get install -y unzip libpq-dev libvlc-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev
|
||||||
|
|
||||||
|
apt-get update && apt-get install -y ntp curl haveged
|
||||||
|
curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
|
||||||
|
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
|
||||||
|
apt-get update && apt-get upgrade
|
||||||
|
apt-get install -y freeswitch-video-deps-most
|
||||||
|
|
||||||
|
git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch
|
||||||
|
cd /usr/src/freeswitch
|
||||||
|
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_pgsql:formats/mod_pgsql:'
|
||||||
|
./bootstrap.sh -j
|
||||||
|
#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs
|
||||||
|
./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
|
||||||
|
|
||||||
|
#make mod_shout-install
|
||||||
|
make
|
||||||
|
rm -rf /usr/local/freeswitch/{lib,mod,bin}/*
|
||||||
|
make install
|
||||||
|
make sounds-install moh-install
|
||||||
|
make hd-sounds-install hd-moh-install
|
||||||
|
make cd-sounds-install cd-moh-install
|
||||||
|
|
||||||
|
#move the music into music/default directory
|
||||||
|
mkdir -p /usr/local/freeswitch/sounds/music/default
|
||||||
|
mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default
|
||||||
|
|
||||||
|
#configure system service
|
||||||
|
ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli
|
||||||
|
cp "$(dirname $0)/source/freeswitch.service" /lib/systemd/system/freeswitch.service
|
|
@ -0,0 +1,5 @@
|
||||||
|
#setup owner and group, permissions and sticky
|
||||||
|
chmod -R ug+rw /usr/local/freeswitch
|
||||||
|
touch /usr/local/freeswitch/freeswitch.log
|
||||||
|
chown -R www-data:www-data /usr/local/freeswitch
|
||||||
|
find /usr/local/freeswitch -type d -exec chmod 2770 {} \;
|
|
@ -0,0 +1,143 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ../config.sh
|
||||||
|
. ../environment.sh
|
||||||
|
|
||||||
|
#upgrade packages
|
||||||
|
apt update && apt upgrade -y
|
||||||
|
|
||||||
|
# install dependencies
|
||||||
|
apt install -y autoconf automake devscripts g++ git-core libncurses5-dev libtool make libjpeg-dev
|
||||||
|
apt install -y pkg-config flac libgdbm-dev libdb-dev gettext sudo equivs mlocate git dpkg-dev libpq-dev
|
||||||
|
apt install -y liblua5.2-dev libtiff5-dev libperl-dev libcurl4-openssl-dev libsqlite3-dev libpcre3-dev
|
||||||
|
apt install -y devscripts libspeexdsp-dev libspeex-dev libldns-dev libedit-dev libopus-dev libmemcached-dev
|
||||||
|
apt install -y libshout3-dev libmpg123-dev libmp3lame-dev yasm nasm libsndfile1-dev libuv1-dev libvpx-dev
|
||||||
|
apt install -y libavformat-dev libswscale-dev libvlc-dev python3-distutils
|
||||||
|
|
||||||
|
#install dependencies that depend on the operating system version
|
||||||
|
if [ ."$os_codename" = ."stretch" ]; then
|
||||||
|
apt install -y libvpx4 swig3.0
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."buster" ]; then
|
||||||
|
apt install -y libvpx5 swig3.0
|
||||||
|
fi
|
||||||
|
if [ ."$os_codename" = ."bullseye" ]; then
|
||||||
|
apt install -y libvpx6 swig4.0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# additional dependencies
|
||||||
|
apt install -y sqlite3 unzip
|
||||||
|
|
||||||
|
#we are about to move out of the executing directory so we need to preserve it to return after we are done
|
||||||
|
CWD=$(pwd)
|
||||||
|
|
||||||
|
#install the following dependencies if the switch version is greater than 1.10.0
|
||||||
|
if [ $(echo "$switch_version" | tr -d '.') -gt 1100 ]; then
|
||||||
|
|
||||||
|
# libks build-requirements
|
||||||
|
apt install -y cmake uuid-dev
|
||||||
|
|
||||||
|
# libks
|
||||||
|
cd /usr/src
|
||||||
|
git clone https://github.com/signalwire/libks.git libks
|
||||||
|
cd libks
|
||||||
|
cmake .
|
||||||
|
make
|
||||||
|
make install
|
||||||
|
|
||||||
|
# libks C includes
|
||||||
|
export C_INCLUDE_PATH=/usr/include/libks
|
||||||
|
|
||||||
|
# sofia-sip
|
||||||
|
cd /usr/src
|
||||||
|
#git clone https://github.com/freeswitch/sofia-sip.git sofia-sip
|
||||||
|
wget https://github.com/freeswitch/sofia-sip/archive/refs/tags/v$sofia_version.zip
|
||||||
|
unzip v$sofia_version.zip
|
||||||
|
rm -R sofia-sip
|
||||||
|
mv sofia-sip-$sofia_version sofia-sip
|
||||||
|
cd sofia-sip
|
||||||
|
sh autogen.sh
|
||||||
|
./configure
|
||||||
|
make
|
||||||
|
make install
|
||||||
|
|
||||||
|
# spandsp
|
||||||
|
cd /usr/src
|
||||||
|
git clone https://github.com/freeswitch/spandsp.git spandsp
|
||||||
|
cd spandsp
|
||||||
|
sh autogen.sh
|
||||||
|
./configure
|
||||||
|
make
|
||||||
|
make install
|
||||||
|
ldconfig
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Using version $switch_version"
|
||||||
|
cd /usr/src
|
||||||
|
#git clone -b v1.8 https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch
|
||||||
|
|
||||||
|
#1.8 and older
|
||||||
|
if [ $(echo "$switch_version" | tr -d '.') -lt 1100 ]; then
|
||||||
|
wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.zip
|
||||||
|
rm -R freeswitch
|
||||||
|
unzip freeswitch-$switch_version.zip
|
||||||
|
mv freeswitch-$switch_version freeswitch
|
||||||
|
cd /usr/src/freeswitch
|
||||||
|
fi
|
||||||
|
|
||||||
|
#1.10.0 and newer
|
||||||
|
if [ $(echo "$switch_version" | tr -d '.') -gt 1100 ]; then
|
||||||
|
wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.-release.zip
|
||||||
|
unzip freeswitch-$switch_version.-release.zip
|
||||||
|
rm -R freeswitch
|
||||||
|
mv freeswitch-$switch_version.-release freeswitch
|
||||||
|
cd /usr/src/freeswitch
|
||||||
|
fi
|
||||||
|
|
||||||
|
# bootstrap is needed if using git
|
||||||
|
#./bootstrap.sh -j
|
||||||
|
|
||||||
|
#apply patch
|
||||||
|
patch -u /usr/src/freeswitch/src/mod/databases/mod_pgsql/mod_pgsql.c -i /usr/src/fusionpbx-install.sh/debian/resources/switch/source/mod_pgsql.patch
|
||||||
|
|
||||||
|
# enable required modules
|
||||||
|
#sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_av:formats/mod_av:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_nibblebill:applications/mod_nibblebill:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_pgsql:formats/mod_pgsql:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#say/mod_say_es:say/mod_say_es:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'#say/mod_say_fr:say/mod_say_fr:'
|
||||||
|
|
||||||
|
#disable module or install dependency libks to compile signalwire
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'applications/mod_signalwire:#applications/mod_signalwire:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'endpoints/mod_skinny:#endpoints/mod_skinny:'
|
||||||
|
sed -i /usr/src/freeswitch/modules.conf -e s:'endpoints/mod_verto:#endpoints/mod_verto:'
|
||||||
|
|
||||||
|
# prepare the build
|
||||||
|
#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
|
||||||
|
./configure -C --enable-portable-binary --disable-dependency-tracking \
|
||||||
|
--prefix=/usr --localstatedir=/var --sysconfdir=/etc \
|
||||||
|
--with-openssl --enable-core-pgsql-support
|
||||||
|
|
||||||
|
# compile and install
|
||||||
|
make
|
||||||
|
make install
|
||||||
|
make sounds-install moh-install
|
||||||
|
make hd-sounds-install hd-moh-install
|
||||||
|
make cd-sounds-install cd-moh-install
|
||||||
|
|
||||||
|
#move the music into music/default directory
|
||||||
|
mkdir -p /usr/share/freeswitch/sounds/music/default
|
||||||
|
mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/music/default
|
||||||
|
|
||||||
|
#return to the executing directory
|
||||||
|
cd $CWD
|
|
@ -0,0 +1,15 @@
|
||||||
|
#cp "$(dirname $0)/source/freeswitch.service.source" /lib/systemd/system/freeswitch.service
|
||||||
|
cp "$(dirname $0)/source/freeswitch.service.source" /etc/systemd/system/freeswitch.service
|
||||||
|
cp "$(dirname $0)/source/etc.default.freeswitch.source" /etc/default/freeswitch
|
||||||
|
sed "s@PIDFile=/run/freeswitch/freeswitch.pid@PIDFile=/usr/local/freeswitch/run/freeswitch.pid@g" -i /etc/systemd/system/freeswitch.service
|
||||||
|
|
||||||
|
if [ -e /proc/user_beancounters ]
|
||||||
|
then
|
||||||
|
#Disable CPU Scheduler for OpenVZ, not supported on OpenVZ."
|
||||||
|
sed -i -e "s/CPUSchedulingPolicy=rr/;CPUSchedulingPolicy=rr/g" /lib/systemd/system/freeswitch.service
|
||||||
|
|
||||||
|
fi
|
||||||
|
systemctl enable freeswitch
|
||||||
|
systemctl unmask freeswitch.service
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl start freeswitch
|
|
@ -0,0 +1,24 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#make sure the etc fusionpbx directory exists
|
||||||
|
mkdir -p /etc/fusionpbx
|
||||||
|
|
||||||
|
#remove init.d startup script
|
||||||
|
mv /etc/init.d/freeswitch /usr/src/init.d.freeswitch
|
||||||
|
update-rc.d -f freeswitch remove
|
||||||
|
|
||||||
|
#add the the freeswitch package
|
||||||
|
$(dirname $0)/package-release.sh
|
||||||
|
|
||||||
|
#install freeswitch systemd.d
|
||||||
|
$(dirname $0)/package-systemd.sh
|
||||||
|
|
||||||
|
#update fail2ban
|
||||||
|
sed -i /etc/fail2ban/jail.local -e s:'/usr/local/freeswitch/log:/var/log/freeswitch:'
|
||||||
|
sytemctl restart fail2ban
|
||||||
|
|
||||||
|
#move source files to package directories
|
||||||
|
rsync -avz /usr/local/freeswitch/conf/* /etc/freeswitch
|
||||||
|
rsync -avz /usr/local/freeswitch/recordings /var/lib/freeswitch
|
||||||
|
rsync -avz /usr/local/freeswitch/storage /var/lib/freeswitch
|
||||||
|
rsync -avz /usr/local/freeswitch/scripts /usr/share/freeswitch
|
|
@ -0,0 +1,2 @@
|
||||||
|
# /etc/default/freeswitch
|
||||||
|
DAEMON_OPTS="-nonat"
|
|
@ -0,0 +1,4 @@
|
||||||
|
# /etc/default/freeswitch
|
||||||
|
FS_USER="www-data"
|
||||||
|
FS_GROUP="www-data"
|
||||||
|
DAEMON_OPTS="-nonat -ncwait -u www-data -g www-data"
|
|
@ -0,0 +1,62 @@
|
||||||
|
;;;;; Author: Travis Cross <tc@traviscross.com>
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=freeswitch
|
||||||
|
Wants=network-online.target
|
||||||
|
Requires=network.target local-fs.target
|
||||||
|
After=network.target network-online.target local-fs.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
; service
|
||||||
|
Type=forking
|
||||||
|
PIDFile=/run/freeswitch/freeswitch.pid
|
||||||
|
Environment="DAEMON_OPTS=-nonat"
|
||||||
|
Environment="USER=www-data"
|
||||||
|
Environment="GROUP=www-data"
|
||||||
|
EnvironmentFile=-/etc/default/freeswitch
|
||||||
|
ExecStartPre=/bin/mkdir -p /var/run/freeswitch
|
||||||
|
ExecStartPre=/bin/chown -R ${USER}:${GROUP} /var/lib/freeswitch /var/log/freeswitch /etc/freeswitch /usr/share/freeswitch /var/run/freeswitch
|
||||||
|
ExecStartPre=/bin/sleep 10
|
||||||
|
ExecStart=/usr/bin/freeswitch -u ${USER} -g ${GROUP} -ncwait ${DAEMON_OPTS}
|
||||||
|
TimeoutSec=45s
|
||||||
|
Restart=always
|
||||||
|
; exec
|
||||||
|
;User=${USER}
|
||||||
|
;Group=${GROUP}
|
||||||
|
LimitCORE=infinity
|
||||||
|
LimitNOFILE=100000
|
||||||
|
LimitNPROC=60000
|
||||||
|
LimitSTACK=250000
|
||||||
|
LimitRTPRIO=infinity
|
||||||
|
LimitRTTIME=infinity
|
||||||
|
IOSchedulingClass=realtime
|
||||||
|
IOSchedulingPriority=2
|
||||||
|
CPUSchedulingPolicy=rr
|
||||||
|
CPUSchedulingPriority=89
|
||||||
|
UMask=0007
|
||||||
|
NoNewPrivileges=false
|
||||||
|
|
||||||
|
; alternatives which you can enforce by placing a unit drop-in into
|
||||||
|
; /etc/systemd/system/freeswitch.service.d/*.conf:
|
||||||
|
;
|
||||||
|
; User=freeswitch
|
||||||
|
; Group=freeswitch
|
||||||
|
; ExecStart=
|
||||||
|
; ExecStart=/usr/bin/freeswitch -ncwait -nonat -rp
|
||||||
|
;
|
||||||
|
; empty ExecStart is required to flush the list.
|
||||||
|
;
|
||||||
|
; if your filesystem supports extended attributes, execute
|
||||||
|
; setcap 'cap_net_bind_service,cap_sys_nice=+ep' /usr/bin/freeswitch
|
||||||
|
; this will also allow socket binding on low ports
|
||||||
|
;
|
||||||
|
; otherwise, remove the -rp option from ExecStart and
|
||||||
|
; add these lines to give real-time priority to the process:
|
||||||
|
;
|
||||||
|
; PermissionsStartOnly=true
|
||||||
|
; ExecStartPost=/bin/chrt -f -p 1 $MAINPID
|
||||||
|
;
|
||||||
|
; execute "systemctl daemon-reload" after editing the unit files.
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,57 @@
|
||||||
|
;;;;; Author: Travis Cross <tc@traviscross.com>
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=freeswitch
|
||||||
|
After=syslog.target network.target local-fs.target postgresql.service haveged.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
; service
|
||||||
|
Type=forking
|
||||||
|
PIDFile=/run/freeswitch/freeswitch.pid
|
||||||
|
Environment="DAEMON_OPTS=-nonat"
|
||||||
|
EnvironmentFile=-/etc/default/freeswitch
|
||||||
|
ExecStart=/usr/local/freeswitch/bin/freeswitch -u www-data -g www-data -ncwait $DAEMON_OPTS
|
||||||
|
;ExecStart=/usr/local/freeswitch/bin/freeswitch -u freeswitch -g freeswitch -ncwait $DAEMON_OPTS
|
||||||
|
TimeoutSec=45s
|
||||||
|
Restart=always
|
||||||
|
; exec
|
||||||
|
User=root
|
||||||
|
Group=daemon
|
||||||
|
LimitCORE=infinity
|
||||||
|
LimitNOFILE=100000
|
||||||
|
LimitNPROC=60000
|
||||||
|
LimitSTACK=250000
|
||||||
|
LimitRTPRIO=infinity
|
||||||
|
LimitRTTIME=infinity
|
||||||
|
IOSchedulingClass=realtime
|
||||||
|
IOSchedulingPriority=2
|
||||||
|
CPUSchedulingPolicy=rr
|
||||||
|
CPUSchedulingPriority=89
|
||||||
|
UMask=0007
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
; alternatives which you can enforce by placing a unit drop-in into
|
||||||
|
; /etc/systemd/system/freeswitch.service.d/*.conf:
|
||||||
|
;
|
||||||
|
; User=freeswitch
|
||||||
|
; Group=freeswitch
|
||||||
|
; ExecStart=
|
||||||
|
; ExecStart=/usr/bin/freeswitch -ncwait -nonat -rp
|
||||||
|
;
|
||||||
|
; empty ExecStart is required to flush the list.
|
||||||
|
;
|
||||||
|
; if your filesystem supports extended attributes, execute
|
||||||
|
; setcap 'cap_net_bind_service,cap_sys_nice=+ep' /usr/bin/freeswitch
|
||||||
|
; this will also allow socket binding on low ports
|
||||||
|
;
|
||||||
|
; otherwise, remove the -rp option from ExecStart and
|
||||||
|
; add these lines to give real-time priority to the process:
|
||||||
|
;
|
||||||
|
; PermissionsStartOnly=true
|
||||||
|
; ExecStartPost=/bin/chrt -f -p 1 $MAINPID
|
||||||
|
;
|
||||||
|
; execute "systemctl daemon-reload" after editing the unit files.
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,53 @@
|
||||||
|
--- mod_pgsql.c 2021-10-24 14:22:28.000000000 -0400
|
||||||
|
+++ mod_pgsql.c.new 2022-08-08 21:16:02.000000000 -0400
|
||||||
|
@@ -36,6 +36,7 @@
|
||||||
|
#include <switch.h>
|
||||||
|
|
||||||
|
#include <libpq-fe.h>
|
||||||
|
+#include <pg_config.h>
|
||||||
|
|
||||||
|
#ifndef _WIN32
|
||||||
|
#include <poll.h>
|
||||||
|
@@ -597,7 +598,7 @@
|
||||||
|
goto done;
|
||||||
|
} else {
|
||||||
|
switch (result->status) {
|
||||||
|
-#if POSTGRESQL_MAJOR_VERSION >= 9 && POSTGRESQL_MINOR_VERSION >= 2
|
||||||
|
+#if PG_VERSION_NUM >= 90002
|
||||||
|
case PGRES_SINGLE_TUPLE:
|
||||||
|
/* Added in PostgreSQL 9.2 */
|
||||||
|
#endif
|
||||||
|
@@ -756,24 +757,29 @@
|
||||||
|
*result_out = res;
|
||||||
|
res->status = PQresultStatus(res->result);
|
||||||
|
switch (res->status) {
|
||||||
|
-//#if (POSTGRESQL_MAJOR_VERSION == 9 && POSTGRESQL_MINOR_VERSION >= 2) || POSTGRESQL_MAJOR_VERSION > 9
|
||||||
|
+#if PG_VERSION_NUM >= 90002
|
||||||
|
case PGRES_SINGLE_TUPLE:
|
||||||
|
/* Added in PostgreSQL 9.2 */
|
||||||
|
-//#endif
|
||||||
|
+#endif
|
||||||
|
case PGRES_TUPLES_OK:
|
||||||
|
{
|
||||||
|
res->rows = PQntuples(res->result);
|
||||||
|
res->cols = PQnfields(res->result);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
-//#if (POSTGRESQL_MAJOR_VERSION == 9 && POSTGRESQL_MINOR_VERSION >= 1) || POSTGRESQL_MAJOR_VERSION > 9
|
||||||
|
+#if PG_VERSION_NUM >= 90001
|
||||||
|
case PGRES_COPY_BOTH:
|
||||||
|
/* Added in PostgreSQL 9.1 */
|
||||||
|
-//#endif
|
||||||
|
+#endif
|
||||||
|
case PGRES_COPY_OUT:
|
||||||
|
case PGRES_COPY_IN:
|
||||||
|
case PGRES_COMMAND_OK:
|
||||||
|
break;
|
||||||
|
+#if PG_VERSION_NUM >= 140001
|
||||||
|
+ case PGRES_PIPELINE_ABORTED:
|
||||||
|
+ case PGRES_PIPELINE_SYNC:
|
||||||
|
+ break;
|
||||||
|
+#endif
|
||||||
|
case PGRES_EMPTY_QUERY:
|
||||||
|
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Query (%s) returned PGRES_EMPTY_QUERY\n", handle->sql);
|
||||||
|
case PGRES_BAD_RESPONSE:
|
|
@ -0,0 +1,44 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#remove php5
|
||||||
|
apt remove -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-gd
|
||||||
|
|
||||||
|
#remove php 7.0
|
||||||
|
apt remove -y php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-xml php7.0-gd
|
||||||
|
|
||||||
|
#remove php 7.1
|
||||||
|
apt remove -y php7.1 php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd
|
||||||
|
|
||||||
|
#remove php 7.2
|
||||||
|
apt remove -y php7.2 php7.2-cli php7.2-fpm php7.2-pgsql php7.2-sqlite3 php7.2-odbc php7.2-curl php7.2-imap php7.2-xml php7.2-gd
|
||||||
|
|
||||||
|
#remove php 7.3
|
||||||
|
apt remove -y php7.3 php7.3-cli php7.3-fpm php7.3-pgsql php7.3-sqlite3 php7.3-odbc php7.3-curl php7.3-imap php7.3-xml php7.3-gd
|
||||||
|
|
||||||
|
#remove php 7.4
|
||||||
|
apt remove -y php7.4 php7.4-cli php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd
|
||||||
|
|
||||||
|
#add a repo for php 7.x
|
||||||
|
apt-get -y install apt-transport-https lsb-release ca-certificates
|
||||||
|
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
|
||||||
|
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||||
|
apt-get update
|
||||||
|
|
||||||
|
#install php
|
||||||
|
apt-get install -y php7.1 php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd php7.1-ldap
|
||||||
|
|
||||||
|
#update the unix socket name
|
||||||
|
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g'
|
||||||
|
|
||||||
|
#set the PHP ini file path
|
||||||
|
php_ini_file='/etc/php/7.1/fpm/php.ini'
|
||||||
|
|
||||||
|
#update config if source is being used
|
||||||
|
sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file
|
||||||
|
sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file
|
||||||
|
sed 's#;max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
|
||||||
|
sed 's#; max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
|
||||||
|
|
||||||
|
#restart nginx
|
||||||
|
service nginx restart
|
||||||
|
|
|
@ -0,0 +1,60 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./resources/config.sh
|
||||||
|
. ./resources/colors.sh
|
||||||
|
. ./resources/environment.sh
|
||||||
|
|
||||||
|
# removes the cd img from the /etc/apt/sources.list file (not needed after base install)
|
||||||
|
sed -i '/cdrom:/d' /etc/apt/sources.list
|
||||||
|
|
||||||
|
#Update to latest packages
|
||||||
|
verbose "Update installed packages"
|
||||||
|
apt-get update && apt-get upgrade -y
|
||||||
|
|
||||||
|
#Add dependencies
|
||||||
|
apt-get install -y wget
|
||||||
|
apt-get install -y lsb-release
|
||||||
|
apt-get install -y systemd
|
||||||
|
apt-get install -y systemd-sysv
|
||||||
|
apt-get install -y ca-certificates
|
||||||
|
apt-get install -y dialog
|
||||||
|
apt-get install -y nano
|
||||||
|
|
||||||
|
#SNMP
|
||||||
|
apt-get install -y snmpd
|
||||||
|
echo "rocommunity public" > /etc/snmp/snmpd.conf
|
||||||
|
service snmpd restart
|
||||||
|
|
||||||
|
#IPTables
|
||||||
|
resources/iptables.sh
|
||||||
|
|
||||||
|
#sngrep
|
||||||
|
resources/sngrep.sh
|
||||||
|
|
||||||
|
#FusionPBX
|
||||||
|
resources/fusionpbx.sh
|
||||||
|
|
||||||
|
#PHP
|
||||||
|
resources/php.sh
|
||||||
|
|
||||||
|
#NGINX web server
|
||||||
|
resources/nginx.sh
|
||||||
|
|
||||||
|
#Postgres
|
||||||
|
resources/postgresql.sh
|
||||||
|
|
||||||
|
#FreeSWITCH
|
||||||
|
resources/switch.sh
|
||||||
|
|
||||||
|
#Fail2ban
|
||||||
|
resources/fail2ban.sh
|
||||||
|
|
||||||
|
#set the ip address
|
||||||
|
server_address=$(hostname -I)
|
||||||
|
|
||||||
|
#add the database schema, user and groups
|
||||||
|
resources/finish.sh
|
|
@ -0,0 +1,13 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#upgrade the packages
|
||||||
|
apt-get update && apt-get upgrade -y
|
||||||
|
|
||||||
|
#install packages
|
||||||
|
apt-get install -y git lsb-release
|
||||||
|
|
||||||
|
#get the install script
|
||||||
|
cd /usr/src && git clone https://github.com/fusionpbx/fusionpbx-install.sh.git
|
||||||
|
|
||||||
|
#change the working directory
|
||||||
|
cd /usr/src/fusionpbx-install.sh/ubuntu
|
|
@ -0,0 +1,48 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#Process command line options only if we haven't been processed once
|
||||||
|
if [ -z "$CPU_CHECK" ]; then
|
||||||
|
export script_name=`basename "$0"`
|
||||||
|
ARGS=$(getopt -n '$script_name' -o h -l help,use-switch-source,use-switch-package-all,use-switch-master,use-switch-package-unofficial-arm,use-php5-package,use-system-master,no-cpu-check -- "$@")
|
||||||
|
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
error "Failed parsing options."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
export USE_SWITCH_SOURCE=false
|
||||||
|
export USE_SWITCH_PACKAGE_ALL=false
|
||||||
|
export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=false
|
||||||
|
export USE_PHP5_PACKAGE=false
|
||||||
|
export USE_SWITCH_MASTER=false
|
||||||
|
export USE_SYSTEM_MASTER=false
|
||||||
|
export CPU_CHECK=true
|
||||||
|
HELP=false
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
case "$1" in
|
||||||
|
--use-switch-source ) export USE_SWITCH_SOURCE=true; shift ;;
|
||||||
|
--use-switch-package-all ) export USE_SWITCH_PACKAGE_ALL=true; shift ;;
|
||||||
|
--use-switch-master ) export USE_SWITCH_MASTER=true; shift ;;
|
||||||
|
--use-system-master ) export USE_SYSTEM_MASTER=true; shift ;;
|
||||||
|
--use-php5-package ) export USE_PHP5_PACKAGE=true; shift ;;
|
||||||
|
--use-switch-package-unofficial-arm ) export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=true; export USE_PHP5_PACKAGE=true; shift ;;
|
||||||
|
--no-cpu-check ) export CPU_CHECK=false; shift ;;
|
||||||
|
-h | --help ) HELP=true; shift ;;
|
||||||
|
-- ) shift; break ;;
|
||||||
|
* ) break ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ .$HELP = .true ]; then
|
||||||
|
warning "Debian installer script"
|
||||||
|
warning " --use-switch-source will use freeswitch from source rather than ${green}(default:packages)"
|
||||||
|
warning " --use-switch-package-all if using packages use the meta-all package"
|
||||||
|
warning " --use-switch-package-unofficial-arm if your system is arm and you are using packages, use the unofficial arm repo and force php5* packages"
|
||||||
|
warning " --use-php5-package use php5* packages instead of ${green}(default:php7.0)"
|
||||||
|
warning " --use-switch-master will use master branch/packages for the switch instead of ${green}(default:stable)"
|
||||||
|
warning " --use-system-master will use master branch/packages for the system instead of ${green}(default:stable)"
|
||||||
|
warning " --no-cpu-check disable the cpu check ${green}(default:check)"
|
||||||
|
exit;
|
||||||
|
fi
|
||||||
|
fi
|
|
@ -0,0 +1,27 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
export PGPASSWORD="zzz"
|
||||||
|
db_host=127.0.0.1
|
||||||
|
db_port=5432
|
||||||
|
|
||||||
|
now=$(date +%Y-%m-%d)
|
||||||
|
mkdir -p /var/backups/fusionpbx/postgresql
|
||||||
|
|
||||||
|
echo "Backup Started"
|
||||||
|
|
||||||
|
#delete postgres backups
|
||||||
|
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm -f {} \;
|
||||||
|
|
||||||
|
#delete the main backup
|
||||||
|
find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm -f {} \;
|
||||||
|
|
||||||
|
#backup the database
|
||||||
|
pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
|
||||||
|
|
||||||
|
#package
|
||||||
|
tar --exclude='/var/lib/freeswitch/recordings/*/archive' -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch /usr/share/freeswitch/sounds/music/
|
||||||
|
|
||||||
|
#source
|
||||||
|
#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf /usr/local/freeswitch/sounds/music/
|
||||||
|
|
||||||
|
echo "Backup Completed"
|
|
@ -0,0 +1,119 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#settings
|
||||||
|
export PGPASSWORD="zzz"
|
||||||
|
db_host=127.0.0.1
|
||||||
|
db_port=5432
|
||||||
|
switch_package=true # true or false
|
||||||
|
|
||||||
|
purge_voicemail=false
|
||||||
|
purge_call_recordings=false
|
||||||
|
purge_cdrs=false
|
||||||
|
purge_fax=false
|
||||||
|
purge_switch_logs=true
|
||||||
|
purge_php_sessions=true
|
||||||
|
purge_database_transactions=true
|
||||||
|
|
||||||
|
days_keep_voicemail=90
|
||||||
|
days_keep_call_recordings=90
|
||||||
|
days_keep_cdrs=90
|
||||||
|
days_keep_fax=90
|
||||||
|
days_keep_switch_logs=7
|
||||||
|
days_keep_php_sessions=8
|
||||||
|
days_keep_database_transactions=30
|
||||||
|
|
||||||
|
#set the date
|
||||||
|
now=$(date +%Y-%m-%d)
|
||||||
|
|
||||||
|
#make sure the directory exists
|
||||||
|
if [ -e /var/backups/fusionpbx/postgresql ]; then
|
||||||
|
echo " "
|
||||||
|
else
|
||||||
|
mkdir -p /var/backups/fusionpbx/postgresql
|
||||||
|
fi
|
||||||
|
|
||||||
|
#show message to the console
|
||||||
|
echo "Maintenance Started"
|
||||||
|
|
||||||
|
if [ .$purge_switch_logs = .true ]; then
|
||||||
|
#delete freeswitch logs older 7 days
|
||||||
|
if [ .$switch_package = .true ]; then
|
||||||
|
find /var/log/freeswitch/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
|
||||||
|
else
|
||||||
|
find /usr/local/freeswitch/log/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "not purging Freeswitch logs"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ .$purge_fax = .true ]; then
|
||||||
|
#delete fax older than 90 days
|
||||||
|
if [ .$switch_package = .true ]; then
|
||||||
|
echo ".";
|
||||||
|
find /var/lib/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
|
||||||
|
find /var/lib/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
|
||||||
|
else
|
||||||
|
echo ".";
|
||||||
|
find /usr/local/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
|
||||||
|
find /usr/local/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
|
||||||
|
fi
|
||||||
|
#delete from the database
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_logs WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
|
||||||
|
else
|
||||||
|
echo "not purging Faxes"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ .$purge_call_recordings = .true ]; then
|
||||||
|
#delete call recordings older than 90 days
|
||||||
|
if [ .$switch_package = .true ]; then
|
||||||
|
find /var/lib/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
|
||||||
|
find /var/lib/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
|
||||||
|
else
|
||||||
|
find /usr/local/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
|
||||||
|
find /usr/local/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
|
||||||
|
fi
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_call_recordings WHERE call_recording_date < NOW() - INTERVAL '90 days'"
|
||||||
|
else
|
||||||
|
echo "not purging Recordings."
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ .$purge_voicemail = .true ]; then
|
||||||
|
#delete voicemail older than 90 days
|
||||||
|
if [ .$switch_package = .true ]; then
|
||||||
|
echo ".";
|
||||||
|
find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
|
||||||
|
find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
|
||||||
|
else
|
||||||
|
echo ".";
|
||||||
|
find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
|
||||||
|
find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
|
||||||
|
fi
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '$days_keep_voicemail days'"
|
||||||
|
else
|
||||||
|
echo "not purging voicemails."
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ .$purge_cdrs = .true ]; then
|
||||||
|
#delete call detail records older 90 days
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '$days_keep_cdrs days'"
|
||||||
|
else
|
||||||
|
echo "not purging CDRs."
|
||||||
|
fi
|
||||||
|
|
||||||
|
#delete php sessions
|
||||||
|
if [ .$purge_php_sessions = .true ]; then
|
||||||
|
find /var/lib/php/sessions/* -name 'sess_*' -mtime +$days_keep_php_sessions -exec rm {} \;
|
||||||
|
else
|
||||||
|
echo "not purging PHP Sessions."
|
||||||
|
fi
|
||||||
|
|
||||||
|
#delete database_transactions older 90 days
|
||||||
|
if [ .$purge_database_transactions = .true ]; then
|
||||||
|
psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_database_transactions where transaction_date < NOW() - INTERVAL '$days_keep_database_transactions days'"
|
||||||
|
else
|
||||||
|
echo "not purging database_transactions."
|
||||||
|
fi
|
||||||
|
|
||||||
|
#completed message
|
||||||
|
echo "Maintenance Completed";
|
|
@ -0,0 +1,25 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
verbose () {
|
||||||
|
echo "${green}$1${normal}"
|
||||||
|
}
|
||||||
|
error () {
|
||||||
|
echo "${red}$1${normal}"
|
||||||
|
}
|
||||||
|
warning () {
|
||||||
|
echo "${yellow}$1${normal}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# check for color support
|
||||||
|
if test -t 1; then
|
||||||
|
|
||||||
|
# see if it supports colors...
|
||||||
|
ncolors=$(tput colors)
|
||||||
|
|
||||||
|
if test -n "$ncolors" && test $ncolors -ge 8; then
|
||||||
|
normal="$(tput sgr0)"
|
||||||
|
red="$(tput setaf 1)"
|
||||||
|
green="$(tput setaf 2)"
|
||||||
|
yellow="$(tput setaf 3)"
|
||||||
|
fi
|
||||||
|
fi
|
|
@ -0,0 +1,28 @@
|
||||||
|
|
||||||
|
# FusionPBX Settings
|
||||||
|
domain_name=ip_address # hostname, ip_address or a custom value
|
||||||
|
system_username=admin # default username admin
|
||||||
|
system_password=random # random or a custom value
|
||||||
|
system_branch=master # master, stable
|
||||||
|
|
||||||
|
# FreeSWITCH Settings
|
||||||
|
switch_branch=stable # master, stable
|
||||||
|
switch_source=true # true or false
|
||||||
|
switch_package=false # true or false
|
||||||
|
switch_version=1.10.7 # only for source
|
||||||
|
switch_tls=true # true or false
|
||||||
|
|
||||||
|
# Sofia-Sip Settings
|
||||||
|
sofia_version=1.13.6 # release-version for sofia-sip to use
|
||||||
|
|
||||||
|
# Database Settings
|
||||||
|
database_password=random # random or a custom value (safe characters A-Z, a-z, 0-9)
|
||||||
|
database_repo=system # PostgreSQL official, system, 2ndquadrant
|
||||||
|
database_version=13 # requires repo official
|
||||||
|
database_host=127.0.0.1 # hostname or IP address
|
||||||
|
database_port=5432 # port number
|
||||||
|
database_backup=false # true or false
|
||||||
|
|
||||||
|
# General Settings
|
||||||
|
php_version=7.4 # PHP version 5.6 or 7.0, 7.1, 7.2
|
||||||
|
letsencrypt_folder=true # true or false
|
|
@ -0,0 +1,95 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#make sure lsb release is installed
|
||||||
|
apt-get install lsb-release
|
||||||
|
|
||||||
|
#operating system details
|
||||||
|
os_name=$(lsb_release -is)
|
||||||
|
os_codename=$(lsb_release -cs)
|
||||||
|
os_mode='unknown'
|
||||||
|
|
||||||
|
#cpu details
|
||||||
|
cpu_name=$(uname -m)
|
||||||
|
cpu_architecture='unknown'
|
||||||
|
cpu_mode='unknown'
|
||||||
|
|
||||||
|
#check what the CPU and OS are
|
||||||
|
if [ .$cpu_name = .'armv7l' ]; then
|
||||||
|
# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
|
||||||
|
os_mode='32'
|
||||||
|
cpu_mode='32'
|
||||||
|
cpu_architecture='arm'
|
||||||
|
elif [ .$cpu_name = .'armv8l' ]; then
|
||||||
|
# No test case for armv8l
|
||||||
|
os_mode='unknown'
|
||||||
|
cpu_mode='64'
|
||||||
|
cpu_architecture='arm'
|
||||||
|
elif [ .$cpu_name = .'aarch64' ]; then
|
||||||
|
os_mode='64'
|
||||||
|
cpu_mode='64'
|
||||||
|
cpu_architecture='arm'
|
||||||
|
elif [ .$cpu_name = .'i386' ]; then
|
||||||
|
os_mode='32'
|
||||||
|
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
|
||||||
|
cpu_mode='64'
|
||||||
|
else
|
||||||
|
cpu_mode='32'
|
||||||
|
fi
|
||||||
|
cpu_architecture='x86'
|
||||||
|
elif [ .$cpu_name = .'i686' ]; then
|
||||||
|
os_mode='32'
|
||||||
|
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
|
||||||
|
cpu_mode='64'
|
||||||
|
else
|
||||||
|
cpu_mode='32'
|
||||||
|
fi
|
||||||
|
cpu_architecture='x86'
|
||||||
|
elif [ .$cpu_name = .'x86_64' ]; then
|
||||||
|
os_mode='64'
|
||||||
|
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
|
||||||
|
cpu_mode='64'
|
||||||
|
else
|
||||||
|
cpu_mode='32'
|
||||||
|
fi
|
||||||
|
cpu_architecture='x86'
|
||||||
|
else
|
||||||
|
error "You are using an unsupported cpu '$cpu_name'"
|
||||||
|
exit 3
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ .$cpu_architecture = .'arm' ]; then
|
||||||
|
if [ .$os_mode = .'32' ]; then
|
||||||
|
verbose "Correct CPU and Operating System detected, using the ARM repo"
|
||||||
|
elif [ .$os_mode = .'64' ]; then
|
||||||
|
error "You are using a 64bit arm OS this is unsupported"
|
||||||
|
switch_source=true
|
||||||
|
switch_package=false
|
||||||
|
else
|
||||||
|
error "Unknown OS mode $os_mode this is unsupported"
|
||||||
|
switch_source=true
|
||||||
|
switch_package=false
|
||||||
|
fi
|
||||||
|
elif [ .$cpu_architecture = .'x86' ]; then
|
||||||
|
if [ .$os_mode = .'32' ]; then
|
||||||
|
error "You are using a 32bit OS this is unsupported"
|
||||||
|
if [ .$cpu_mode = .'64' ]; then
|
||||||
|
warning " Your CPU is 64bit you should consider reinstalling with a 64bit OS"
|
||||||
|
fi
|
||||||
|
switch_source=true
|
||||||
|
switch_package=false
|
||||||
|
elif [ .$os_mode = .'64' ]; then
|
||||||
|
verbose "Correct CPU and Operating System detected"
|
||||||
|
else
|
||||||
|
error "Unknown Operating System mode '$os_mode' is unsupported"
|
||||||
|
switch_source=true
|
||||||
|
switch_package=false
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
error "You are using an unsupported architecture '$cpu_architecture'"
|
||||||
|
warning "Detected environment was :-"
|
||||||
|
warning "os_name:'$os_name'"
|
||||||
|
warning "os_codename:'$os_codename'"
|
||||||
|
warning "os_mode:'$os_mode'"
|
||||||
|
warning "cpu_name:'$cpu_name'"
|
||||||
|
exit 3
|
||||||
|
fi
|
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
verbose "Installing Fail2ban"
|
||||||
|
|
||||||
|
#add the dependencies
|
||||||
|
apt-get install -y fail2ban
|
||||||
|
|
||||||
|
#move the filters
|
||||||
|
cp fail2ban/sip-auth-failure.conf /etc/fail2ban/filter.d/sip-auth-failure.conf
|
||||||
|
cp fail2ban/sip-auth-challenge.conf /etc/fail2ban/filter.d/sip-auth-challenge.conf
|
||||||
|
cp fail2ban/auth-challenge-ip.conf /etc/fail2ban/filter.d/auth-challenge-ip.conf
|
||||||
|
cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
|
||||||
|
cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
|
||||||
|
cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
|
||||||
|
cp fail2ban/fusionpbx-mac.conf /etc/fail2ban/filter.d/fusionpbx-mac.conf
|
||||||
|
cp fail2ban/fusionpbx-404.conf /etc/fail2ban/filter.d/fusionpbx-404.conf
|
||||||
|
cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
|
||||||
|
cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
|
||||||
|
cp fail2ban/jail.local /etc/fail2ban/jail.local
|
||||||
|
|
||||||
|
#update config if source is being used
|
||||||
|
#if [ .$switch_source = .true ]; then
|
||||||
|
# sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
|
||||||
|
#fi
|
||||||
|
|
||||||
|
#restart fail2ban
|
||||||
|
/usr/sbin/service fail2ban restart
|
|
@ -0,0 +1,21 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#[WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [+972592277524@xxx.xxx.xxx.xxx] from ip 209.160.120.12
|
||||||
|
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((INVITE|REGISTER)\) on sofia profile \'.*\' for \[.*@\d+.\d+.\d+.\d+\] from ip <HOST>
|
||||||
|
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,20 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#2014-12-01 00:47:54.331821 [WARNING] sofia_reg.c:2752 Can't find user [1000@xxx.xxx.xxx.xxx] from 62.210.151.162
|
||||||
|
failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from <HOST>
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,18 @@
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
|
||||||
|
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
# inbound route - 404 not found
|
||||||
|
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
|
||||||
|
#[hostname] variable doesn't seem to work in every case. Do this instead:
|
||||||
|
failregex = 404 not found <HOST>
|
||||||
|
|
||||||
|
|
||||||
|
#EXECUTE sofia/external/8888888888888@example.fusionpbx.com log([inbound routes] 404 not found 82.68.115.62)
|
||||||
|
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,20 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#Oct 9 02:56:16 m1 fusionpbx-provision[28628]: [10.0.0.1] invalid mac address 000000000000
|
||||||
|
failregex = \[<HOST>\] invalid mac address
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,25 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
# Author: soapee01
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
|
||||||
|
#[hostname] variable doesn't seem to work in every case. Do this instead:
|
||||||
|
failregex = .* FusionPBX: \[<HOST>\] authentication failed for
|
||||||
|
= .* FusionPBX: \[<HOST>\] provision attempt bad password for
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
||||||
|
|
|
@ -0,0 +1,131 @@
|
||||||
|
[ssh]
|
||||||
|
enabled = true
|
||||||
|
port = 22
|
||||||
|
protocol = ssh
|
||||||
|
filter = sshd
|
||||||
|
logpath = /var/log/auth.log
|
||||||
|
action = iptables-allports[name=sshd, protocol=all]
|
||||||
|
maxretry = 5
|
||||||
|
findtime = 7200
|
||||||
|
bantime = 86400
|
||||||
|
|
||||||
|
[freeswitch]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = freeswitch
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=freeswitch, protocol=all]
|
||||||
|
maxretry = 5
|
||||||
|
findtime = 600
|
||||||
|
bantime = 3600
|
||||||
|
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
|
||||||
|
|
||||||
|
[freeswitch-ip]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = freeswitch-ip
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=freeswitch-ip, protocol=all]
|
||||||
|
maxretry = 1
|
||||||
|
findtime = 30
|
||||||
|
bantime = 86400
|
||||||
|
|
||||||
|
[auth-challenge-ip]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = auth-challenge-ip
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=auth-challenge-ip, protocol=all]
|
||||||
|
maxretry = 1
|
||||||
|
findtime = 30
|
||||||
|
bantime = 86400
|
||||||
|
|
||||||
|
[sip-auth-challenge]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = sip-auth-challenge
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=sip-auth-challenge, protocol=all]
|
||||||
|
maxretry = 50
|
||||||
|
findtime = 30
|
||||||
|
bantime = 7200
|
||||||
|
|
||||||
|
[sip-auth-failure]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = sip-auth-failure
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=sip-auth-failure, protocol=all]
|
||||||
|
maxretry = 3
|
||||||
|
findtime = 30
|
||||||
|
bantime = 7200
|
||||||
|
|
||||||
|
[fusionpbx-404]
|
||||||
|
enabled = false
|
||||||
|
port = 5060:5091
|
||||||
|
protocol = all
|
||||||
|
filter = fusionpbx-404
|
||||||
|
logpath = /var/log/freeswitch/freeswitch.log
|
||||||
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
||||||
|
action = iptables-allports[name=fusionpbx-404, protocol=all]
|
||||||
|
maxretry = 3
|
||||||
|
findtime = 300
|
||||||
|
bantime = 86400
|
||||||
|
|
||||||
|
[fusionpbx]
|
||||||
|
enabled = true
|
||||||
|
port = 80,443
|
||||||
|
protocol = tcp
|
||||||
|
filter = fusionpbx
|
||||||
|
logpath = /var/log/auth.log
|
||||||
|
action = iptables-allports[name=fusionpbx, protocol=all]
|
||||||
|
# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
|
||||||
|
maxretry = 10
|
||||||
|
findtime = 600
|
||||||
|
bantime = 3600
|
||||||
|
|
||||||
|
[fusionpbx-mac]
|
||||||
|
enabled = true
|
||||||
|
port = 80,443
|
||||||
|
protocol = tcp
|
||||||
|
filter = fusionpbx-mac
|
||||||
|
logpath = /var/log/syslog
|
||||||
|
action = iptables-allports[name=fusionpbx-mac, protocol=all]
|
||||||
|
# sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed
|
||||||
|
maxretry = 5
|
||||||
|
findtime = 300
|
||||||
|
bantime = 86400
|
||||||
|
|
||||||
|
[nginx-404]
|
||||||
|
enabled = true
|
||||||
|
port = 80,443
|
||||||
|
protocol = tcp
|
||||||
|
filter = nginx-404
|
||||||
|
logpath = /var/log/nginx/access*.log
|
||||||
|
action = iptables-allports[name=nginx-404, protocol=all]
|
||||||
|
bantime = 3600
|
||||||
|
findtime = 60
|
||||||
|
maxretry = 120
|
||||||
|
|
||||||
|
[nginx-dos]
|
||||||
|
# Based on apache-badbots but a simple IP check (any IP requesting more than
|
||||||
|
# 300 pages in 60 seconds, or 5p/s average, is suspicious)
|
||||||
|
enabled = true
|
||||||
|
port = 80,443
|
||||||
|
protocol = tcp
|
||||||
|
filter = nginx-dos
|
||||||
|
logpath = /var/log/nginx/access*.log
|
||||||
|
action = iptables-allports[name=nginx-dos, protocol=all]
|
||||||
|
findtime = 60
|
||||||
|
bantime = 86400
|
||||||
|
maxretry = 300
|
|
@ -0,0 +1,5 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
[Definition]
|
||||||
|
failregex = <HOST> - - \[.*\] "(GET|POST).*HTTP[^ ]* 404
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: Regexp to catch a generic call from an IP address.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"$
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,21 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
# Author: soapee01
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,21 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
# Author: soapee01
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,145 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
|
||||||
|
#database details
|
||||||
|
database_host=127.0.0.1
|
||||||
|
database_port=5432
|
||||||
|
database_username=fusionpbx
|
||||||
|
if [ .$database_password = .'random' ]; then
|
||||||
|
database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
|
||||||
|
fi
|
||||||
|
|
||||||
|
#allow the script to use the new password
|
||||||
|
export PGPASSWORD=$database_password
|
||||||
|
|
||||||
|
#update the database password
|
||||||
|
sudo -u postgres psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
|
||||||
|
sudo -u postgres psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
|
||||||
|
|
||||||
|
#install the database backup
|
||||||
|
cp backup/fusionpbx-backup /etc/cron.daily
|
||||||
|
cp backup/fusionpbx-maintenance /etc/cron.daily
|
||||||
|
chmod 755 /etc/cron.daily/fusionpbx-backup
|
||||||
|
chmod 755 /etc/cron.daily/fusionpbx-maintenance
|
||||||
|
sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-backup
|
||||||
|
sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-maintenance
|
||||||
|
|
||||||
|
#add the config.php
|
||||||
|
mkdir -p /etc/fusionpbx
|
||||||
|
chown -R www-data:www-data /etc/fusionpbx
|
||||||
|
cp fusionpbx/config.php /etc/fusionpbx
|
||||||
|
sed -i /etc/fusionpbx/config.php -e s:"{database_host}:$database_host:"
|
||||||
|
sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:'
|
||||||
|
sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:"
|
||||||
|
|
||||||
|
#add the database schema
|
||||||
|
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1
|
||||||
|
|
||||||
|
#get the server hostname
|
||||||
|
if [ .$domain_name = .'hostname' ]; then
|
||||||
|
domain_name=$(hostname -f)
|
||||||
|
fi
|
||||||
|
|
||||||
|
#get the ip address
|
||||||
|
if [ .$domain_name = .'ip_address' ]; then
|
||||||
|
domain_name=$(hostname -I | cut -d ' ' -f1)
|
||||||
|
fi
|
||||||
|
|
||||||
|
#get the domain_uuid
|
||||||
|
domain_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
|
||||||
|
|
||||||
|
#add the domain name
|
||||||
|
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');"
|
||||||
|
|
||||||
|
#app defaults
|
||||||
|
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
|
||||||
|
|
||||||
|
#add the user
|
||||||
|
user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
|
||||||
|
user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
|
||||||
|
user_name=$system_username
|
||||||
|
if [ .$system_password = .'random' ]; then
|
||||||
|
user_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
|
||||||
|
else
|
||||||
|
user_password=$system_password
|
||||||
|
fi
|
||||||
|
password_hash=$(php -r "echo md5('$user_salt$user_password');");
|
||||||
|
psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');"
|
||||||
|
|
||||||
|
#get the superadmin group_uuid
|
||||||
|
group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -t -c "select group_uuid from v_groups where group_name = 'superadmin';");
|
||||||
|
group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')
|
||||||
|
|
||||||
|
#add the user to the group
|
||||||
|
user_group_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
|
||||||
|
group_name=superadmin
|
||||||
|
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
|
||||||
|
|
||||||
|
#update xml_cdr url, user and password
|
||||||
|
xml_cdr_username=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
|
||||||
|
xml_cdr_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:"
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:127.0.0.1:"
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::"
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:"
|
||||||
|
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:"
|
||||||
|
|
||||||
|
#app defaults
|
||||||
|
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
|
||||||
|
|
||||||
|
#restart freeswitch
|
||||||
|
/bin/systemctl daemon-reload
|
||||||
|
/bin/systemctl restart freeswitch
|
||||||
|
|
||||||
|
#install the email_queue service
|
||||||
|
cp /var/www/fusionpbx/app/email_queue/resources/service/debian.service /etc/systemd/system/email_queue.service
|
||||||
|
systemctl enable email_queue
|
||||||
|
systemctl start email_queue
|
||||||
|
systemctl daemon-reload
|
||||||
|
|
||||||
|
#install the event_guard service
|
||||||
|
cp /var/www/fusionpbx/app/event_guard/resources/service/debian.service /etc/systemd/system/event_guard.service
|
||||||
|
/bin/systemctl enable event_guard
|
||||||
|
/bin/systemctl start event_guard
|
||||||
|
/bin/systemctl daemon-reload
|
||||||
|
|
||||||
|
#welcome message
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
verbose "Installation has completed."
|
||||||
|
echo ""
|
||||||
|
echo " Use a web browser to login."
|
||||||
|
echo " domain name: https://$domain_name"
|
||||||
|
echo " username: $user_name"
|
||||||
|
echo " password: $user_password"
|
||||||
|
echo ""
|
||||||
|
echo " The domain name in the browser is used by default as part of the authentication."
|
||||||
|
echo " If you need to login to a different domain then use username@domain."
|
||||||
|
echo " username: $user_name@$domain_name";
|
||||||
|
echo ""
|
||||||
|
echo " Official FusionPBX Training"
|
||||||
|
echo " Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com."
|
||||||
|
echo " Available online and in person. Includes documentation and recording."
|
||||||
|
echo ""
|
||||||
|
echo " Location: Online"
|
||||||
|
echo " Admin Training: TBA"
|
||||||
|
echo " Advanced Training: TBA"
|
||||||
|
echo " Continuing Education: https://www.fusionpbx.com/training"
|
||||||
|
echo " Timezone: https://www.timeanddate.com/weather/usa/idaho"
|
||||||
|
echo ""
|
||||||
|
echo " Additional information."
|
||||||
|
echo " https://fusionpbx.com/members.php"
|
||||||
|
echo " https://fusionpbx.com/training.php"
|
||||||
|
echo " https://fusionpbx.com/support.php"
|
||||||
|
echo " https://www.fusionpbx.com"
|
||||||
|
echo " http://docs.fusionpbx.com"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
verbose "Installing FusionPBX"
|
||||||
|
|
||||||
|
#install dependencies
|
||||||
|
apt-get install -y vim git dbus haveged ssl-cert qrencode
|
||||||
|
apt-get install -y ghostscript libtiff5-dev libtiff-tools at
|
||||||
|
|
||||||
|
#get the branch
|
||||||
|
if [ .$system_branch = .'master' ]; then
|
||||||
|
verbose "Using master"
|
||||||
|
branch=""
|
||||||
|
else
|
||||||
|
system_major=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1)
|
||||||
|
system_minor=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $system_major.* | cut -d/ -f3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2)
|
||||||
|
system_version=$system_major.$system_minor
|
||||||
|
verbose "Using version $system_version"
|
||||||
|
branch="-b $system_version"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#add the cache directory
|
||||||
|
mkdir -p /var/cache/fusionpbx
|
||||||
|
chown -R www-data:www-data /var/cache/fusionpbx
|
||||||
|
|
||||||
|
#get the source code
|
||||||
|
git clone $branch https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx
|
||||||
|
chown -R www-data:www-data /var/www/fusionpbx
|
|
@ -0,0 +1,47 @@
|
||||||
|
<?php
|
||||||
|
/*
|
||||||
|
FusionPBX
|
||||||
|
Version: MPL 1.1
|
||||||
|
|
||||||
|
The contents of this file are subject to the Mozilla Public License Version
|
||||||
|
1.1 (the "License"); you may not use this file except in compliance with
|
||||||
|
the License. You may obtain a copy of the License at
|
||||||
|
http://www.mozilla.org/MPL/
|
||||||
|
|
||||||
|
Software distributed under the License is distributed on an "AS IS" basis,
|
||||||
|
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||||
|
for the specific language governing rights and limitations under the
|
||||||
|
License.
|
||||||
|
|
||||||
|
The Original Code is FusionPBX
|
||||||
|
|
||||||
|
The Initial Developer of the Original Code is
|
||||||
|
Mark J Crane <markjcrane@fusionpbx.com>
|
||||||
|
Portions created by the Initial Developer are Copyright (C) 2008-2016
|
||||||
|
the Initial Developer. All Rights Reserved.
|
||||||
|
|
||||||
|
Contributor(s):
|
||||||
|
Mark J Crane <markjcrane@fusionpbx.com>
|
||||||
|
*/
|
||||||
|
|
||||||
|
//set the database type
|
||||||
|
$db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection
|
||||||
|
|
||||||
|
//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here.
|
||||||
|
//$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename
|
||||||
|
//$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable
|
||||||
|
|
||||||
|
//pgsql: database connection information
|
||||||
|
$db_host = '{database_host}';
|
||||||
|
$db_port = '5432';
|
||||||
|
$db_name = 'fusionpbx';
|
||||||
|
$db_username = '{database_username}';
|
||||||
|
$db_password = '{database_password}';
|
||||||
|
|
||||||
|
//show errors
|
||||||
|
ini_set('display_errors', '1');
|
||||||
|
//error_reporting (E_ALL); // Report everything
|
||||||
|
//error_reporting (E_ALL ^ E_NOTICE); // hide notices
|
||||||
|
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings
|
||||||
|
|
||||||
|
?>
|
|
@ -0,0 +1,94 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
#make sure unzip is install
|
||||||
|
apt-get install -y unzip
|
||||||
|
|
||||||
|
#remove the ioncube directory if it exists
|
||||||
|
if [ -d "ioncube" ]; then
|
||||||
|
rm -Rf ioncube;
|
||||||
|
fi
|
||||||
|
|
||||||
|
#get the ioncube load and unzip it
|
||||||
|
if [ .$cpu_architecture = .'x86' ]; then
|
||||||
|
#get the ioncube 64 bit loader
|
||||||
|
wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.zip
|
||||||
|
|
||||||
|
#uncompress the file
|
||||||
|
unzip ioncube_loaders_lin_x86-64.zip
|
||||||
|
|
||||||
|
#remove the zip file
|
||||||
|
rm ioncube_loaders_lin_x86-64.zip
|
||||||
|
elif [ ."$cpu_architecture" = ."arm" ]; then
|
||||||
|
if [ .$cpu_name = .'armv7l' ]; then
|
||||||
|
#get the ioncube 64 bit loader
|
||||||
|
wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_armv7l.zip
|
||||||
|
|
||||||
|
#uncompress the file
|
||||||
|
unzip ioncube_loaders_lin_armv7l.zip
|
||||||
|
|
||||||
|
#remove the zip file
|
||||||
|
rm ioncube_loaders_lin_armv7l.zip
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#copy the loader to the correct directory
|
||||||
|
if [ ."$php_version" = ."5.6" ]; then
|
||||||
|
#copy the php extension .so into the php lib directory
|
||||||
|
cp ioncube/ioncube_loader_lin_5.6.so /usr/lib/php5/20131226
|
||||||
|
|
||||||
|
#add the 00-ioncube.ini file
|
||||||
|
echo "zend_extension = /usr/lib/php5/20131226/ioncube_loader_lin_5.6.so" > /etc/php5/fpm/conf.d/00-ioncube.ini
|
||||||
|
|
||||||
|
#restart the service
|
||||||
|
service php5-fpm restart
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.0" ]; then
|
||||||
|
#copy the php extension .so into the php lib directory
|
||||||
|
cp ioncube/ioncube_loader_lin_7.0.so /usr/lib/php/20151012
|
||||||
|
|
||||||
|
#add the 00-ioncube.ini file
|
||||||
|
echo "zend_extension = /usr/lib/php/20151012/ioncube_loader_lin_7.0.so" > /etc/php/7.0/fpm/conf.d/00-ioncube.ini
|
||||||
|
|
||||||
|
#restart the service
|
||||||
|
service php7.0-fpm restart
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.1" ]; then
|
||||||
|
#copy the php extension .so into the php lib directory
|
||||||
|
cp ioncube/ioncube_loader_lin_7.1.so /usr/lib/php/20160303
|
||||||
|
|
||||||
|
#add the 00-ioncube.ini file
|
||||||
|
echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/fpm/conf.d/00-ioncube.ini
|
||||||
|
|
||||||
|
#restart the service
|
||||||
|
service php7.1-fpm restart
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.2" ]; then
|
||||||
|
#copy the php extension .so into the php lib directory
|
||||||
|
cp ioncube/ioncube_loader_lin_7.2.so /usr/lib/php/20170718
|
||||||
|
|
||||||
|
#add the 00-ioncube.ini file
|
||||||
|
echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/fpm/conf.d/00-ioncube.ini
|
||||||
|
echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/cli/conf.d/00-ioncube.ini
|
||||||
|
|
||||||
|
#restart the service
|
||||||
|
service php7.2-fpm restart
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.4" ]; then
|
||||||
|
#copy the php extension .so into the php lib directory
|
||||||
|
cp ioncube/ioncube_loader_lin_7.4.so /usr/lib/php/20190902
|
||||||
|
|
||||||
|
#add the 00-ioncube.ini file
|
||||||
|
echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/fpm/conf.d/00-ioncube.ini
|
||||||
|
echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/cli/conf.d/00-ioncube.ini
|
||||||
|
|
||||||
|
#restart the service
|
||||||
|
service php7.4-fpm restart
|
||||||
|
fi
|
|
@ -0,0 +1,48 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
verbose "Configuring IPTables"
|
||||||
|
|
||||||
|
#run iptables commands
|
||||||
|
iptables -A INPUT -i lo -j ACCEPT
|
||||||
|
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "exec." --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "exec." --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "system " --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "system " --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
|
||||||
|
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
|
||||||
|
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
||||||
|
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
|
||||||
|
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
|
||||||
|
iptables -A INPUT -p tcp --dport 7443 -j ACCEPT
|
||||||
|
iptables -A INPUT -p tcp --dport 5060:5091 -j ACCEPT
|
||||||
|
iptables -A INPUT -p udp --dport 5060:5091 -j ACCEPT
|
||||||
|
iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
|
||||||
|
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
||||||
|
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
|
||||||
|
iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46
|
||||||
|
iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 26
|
||||||
|
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 26
|
||||||
|
iptables -P INPUT DROP
|
||||||
|
iptables -P FORWARD DROP
|
||||||
|
iptables -P OUTPUT ACCEPT
|
||||||
|
|
||||||
|
#answer the questions for iptables persistent
|
||||||
|
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
|
||||||
|
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
|
||||||
|
apt-get install -y iptables-persistent
|
|
@ -0,0 +1,127 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# FusionPBX - Install
|
||||||
|
# Mark J Crane <markjcrane@fusionpbx.com>
|
||||||
|
# Copyright (C) 2018
|
||||||
|
# All Rights Reserved.
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
|
||||||
|
#remove dehyrdated letsencrypt script
|
||||||
|
rm /usr/local/sbin/dehydrated
|
||||||
|
rm -R /usr/src/dehydrated
|
||||||
|
#rm -R /etc/dehydrated/
|
||||||
|
#rm -R /usr/src/dns-01-manual
|
||||||
|
#rm -R /var/www/dehydrated
|
||||||
|
|
||||||
|
#request the domain name, email address and wild card domain
|
||||||
|
read -p 'Domain Name: ' domain_name
|
||||||
|
read -p 'Email Address: ' email_address
|
||||||
|
|
||||||
|
#get and install dehydrated
|
||||||
|
cd /usr/src && git clone https://github.com/dehydrated-io/dehydrated.git
|
||||||
|
cd /usr/src/dehydrated
|
||||||
|
cp dehydrated /usr/local/sbin
|
||||||
|
mkdir -p /var/www/dehydrated
|
||||||
|
mkdir -p /etc/dehydrated/certs
|
||||||
|
|
||||||
|
#wildcard detection
|
||||||
|
wilcard_domain=$(echo $domain_name | cut -c1-1)
|
||||||
|
if [ "$wilcard_domain" = "*" ]; then
|
||||||
|
wilcard_domain="true"
|
||||||
|
else
|
||||||
|
wilcard_domain="false"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#remove the wildcard and period
|
||||||
|
if [ .$wilcard_domain = ."true" ]; then
|
||||||
|
domain_name=$(echo "$domain_name" | cut -c3-255)
|
||||||
|
fi
|
||||||
|
|
||||||
|
#manual dns hook
|
||||||
|
if [ .$wilcard_domain = ."true" ]; then
|
||||||
|
cd /usr/src
|
||||||
|
git clone https://github.com/gheja/dns-01-manual.git
|
||||||
|
cd /usr/src/dns-01-manual/
|
||||||
|
cp hook.sh /etc/dehydrated/hook.sh
|
||||||
|
chmod 755 /etc/dehydrated/hook.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
#copy config and hook.sh into /etc/dehydrated
|
||||||
|
cd /usr/src/dehydrated
|
||||||
|
cp docs/examples/config /etc/dehydrated
|
||||||
|
#cp docs/examples/hook.sh /etc/dehydrated
|
||||||
|
|
||||||
|
#update the dehydrated config
|
||||||
|
#sed "s#CONTACT_EMAIL=#CONTACT_EMAIL=$email_address" -i /etc/dehydrated/config
|
||||||
|
sed -i 's/#CONTACT_EMAIL=/CONTACT_EMAIL="'"$email_address"'"/g' /etc/dehydrated/config
|
||||||
|
sed -i 's/#WELLKNOWN=/WELLKNOWN=/g' /etc/dehydrated/config
|
||||||
|
|
||||||
|
#accept the terms
|
||||||
|
dehydrated --register --accept-terms --config /etc/dehydrated/config
|
||||||
|
|
||||||
|
#set the domain alias
|
||||||
|
domain_alias=$(echo "$domain_name" | head -n1 | cut -d " " -f1)
|
||||||
|
|
||||||
|
#create an alias when using wildcard dns
|
||||||
|
if [ .$wilcard_domain = ."true" ]; then
|
||||||
|
echo "*.$domain_name > $domain_name" > /etc/dehydrated/domains.txt
|
||||||
|
fi
|
||||||
|
|
||||||
|
#add the domain name to domains.txt
|
||||||
|
if [ .$wilcard_domain = ."false" ]; then
|
||||||
|
echo "$domain_name" > /etc/dehydrated/domains.txt
|
||||||
|
fi
|
||||||
|
|
||||||
|
#request the certificates
|
||||||
|
if [ .$wilcard_domain = ."true" ]; then
|
||||||
|
dehydrated --cron --domain *.$domain_name --preferred-chain "ISRG Root X1" --algo rsa --alias $domain_alias --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge dns-01 --hook /etc/dehydrated/hook.sh
|
||||||
|
fi
|
||||||
|
if [ .$wilcard_domain = ."false" ]; then
|
||||||
|
dehydrated --cron --preferred-chain "ISRG Root X1" --algo rsa --alias $domain_alias --config /etc/dehydrated/config --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge http-01
|
||||||
|
fi
|
||||||
|
|
||||||
|
#make sure the nginx ssl directory exists
|
||||||
|
mkdir -p /etc/nginx/ssl
|
||||||
|
|
||||||
|
#update nginx config
|
||||||
|
sed "s@ssl_certificate /etc/ssl/certs/nginx.crt;@ssl_certificate /etc/dehydrated/certs/$domain_alias/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx
|
||||||
|
sed "s@ssl_certificate_key /etc/ssl/private/nginx.key;@ssl_certificate_key /etc/dehydrated/certs/$domain_alias/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx
|
||||||
|
|
||||||
|
#read the config
|
||||||
|
/usr/sbin/nginx -t && /usr/sbin/nginx -s reload
|
||||||
|
|
||||||
|
#setup freeswitch tls
|
||||||
|
if [ .$switch_tls = ."true" ]; then
|
||||||
|
|
||||||
|
#make sure the freeswitch directory exists
|
||||||
|
mkdir -p /etc/freeswitch/tls
|
||||||
|
|
||||||
|
#make sure the freeswitch certificate directory is empty
|
||||||
|
rm /etc/freeswitch/tls/*
|
||||||
|
|
||||||
|
#combine the certs into all.pem
|
||||||
|
cat /etc/dehydrated/certs/$domain_alias/fullchain.pem > /etc/freeswitch/tls/all.pem
|
||||||
|
cat /etc/dehydrated/certs/$domain_alias/privkey.pem >> /etc/freeswitch/tls/all.pem
|
||||||
|
#cat /etc/dehydrated/certs/$domain_alias/chain.pem >> /etc/freeswitch/tls/all.pem
|
||||||
|
|
||||||
|
#copy the certificates
|
||||||
|
cp /etc/dehydrated/certs/$domain_alias/cert.pem /etc/freeswitch/tls
|
||||||
|
cp /etc/dehydrated/certs/$domain_alias/chain.pem /etc/freeswitch/tls
|
||||||
|
cp /etc/dehydrated/certs/$domain_alias/fullchain.pem /etc/freeswitch/tls
|
||||||
|
cp /etc/dehydrated/certs/$domain_alias/privkey.pem /etc/freeswitch/tls
|
||||||
|
|
||||||
|
#add symbolic links
|
||||||
|
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
|
||||||
|
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
|
||||||
|
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
|
||||||
|
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem
|
||||||
|
|
||||||
|
#set the permissions
|
||||||
|
chown -R www-data:www-data /etc/freeswitch/tls
|
||||||
|
|
||||||
|
fi
|
|
@ -0,0 +1,22 @@
|
||||||
|
# the domain we want to get the cert for;
|
||||||
|
# technically it's possible to have multiple of this lines, but it only worked
|
||||||
|
# with one domain for me, another one only got one cert, so I would recommend
|
||||||
|
# separate config files per domain.
|
||||||
|
domains = {domain_name}
|
||||||
|
|
||||||
|
# increase key size
|
||||||
|
rsa-key-size = 2048 # Or 4096
|
||||||
|
|
||||||
|
# the current closed beta (as of 2015-Nov-07) is using this server
|
||||||
|
server = https://acme-v01.api.letsencrypt.org/directory
|
||||||
|
|
||||||
|
# this address will receive renewal reminders
|
||||||
|
email = {email_address}
|
||||||
|
|
||||||
|
# turn off the ncurses UI, we want this to be run as a cronjob
|
||||||
|
text = True
|
||||||
|
|
||||||
|
# authenticate by placing a file in the webroot (under .well-known/acme-challenge/)
|
||||||
|
# and then letting LE fetch it
|
||||||
|
authenticator = webroot
|
||||||
|
webroot-path = /var/www/letsencrypt/
|
|
@ -0,0 +1,67 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
verbose "Installing the web server"
|
||||||
|
|
||||||
|
#change the version of php for arm
|
||||||
|
if [ ."$cpu_architecture" = ."arm" ]; then
|
||||||
|
#Pi2 and Pi3 Raspbian
|
||||||
|
#Odroid
|
||||||
|
if [ ."$os_codename" = ."focal" ]; then
|
||||||
|
php_version=7.4
|
||||||
|
else
|
||||||
|
php_version=5.6
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#enable fusionpbx nginx config
|
||||||
|
cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
|
||||||
|
|
||||||
|
#prepare socket name
|
||||||
|
if [ ."$php_version" = ."5.6" ]; then
|
||||||
|
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.0" ]; then
|
||||||
|
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.1" ]; then
|
||||||
|
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.2" ]; then
|
||||||
|
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.2-fpm.sock;#g'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.4" ]; then
|
||||||
|
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.4-fpm.sock;#g'
|
||||||
|
fi
|
||||||
|
ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
|
||||||
|
|
||||||
|
#self signed certificate
|
||||||
|
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key
|
||||||
|
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt
|
||||||
|
|
||||||
|
#remove the default site
|
||||||
|
rm /etc/nginx/sites-enabled/default
|
||||||
|
|
||||||
|
#update config if LetsEncrypt folder is unwanted
|
||||||
|
if [ .$letsencrypt_folder = .false ]; then
|
||||||
|
sed -i '151,155d' /etc/nginx/sites-available/fusionpbx
|
||||||
|
fi
|
||||||
|
|
||||||
|
#add the letsencrypt directory
|
||||||
|
if [ .$letsencrypt_folder = .true ]; then
|
||||||
|
mkdir -p /var/www/letsencrypt/
|
||||||
|
fi
|
||||||
|
|
||||||
|
#flush systemd cache
|
||||||
|
systemctl daemon-reload
|
||||||
|
|
||||||
|
#restart nginx
|
||||||
|
service nginx restart
|
|
@ -0,0 +1,268 @@
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 127.0.0.1:80;
|
||||||
|
server_name 127.0.0.1;
|
||||||
|
access_log /var/log/nginx/access.log;
|
||||||
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
|
client_max_body_size 80M;
|
||||||
|
client_body_buffer_size 128k;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /var/www/fusionpbx;
|
||||||
|
index index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||||
|
#fastcgi_pass 127.0.0.1:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Allow the upgrade routines to run longer than normal
|
||||||
|
location = /core/upgrade/index.php {
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||||
|
#fastcgi_pass 127.0.0.1:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
|
||||||
|
fastcgi_read_timeout 15m;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Disable viewing .htaccess & .htpassword & .db & .git
|
||||||
|
location ~ .htaccess {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ .htpassword {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~^.+.(db)$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ /.git/ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name fusionpbx;
|
||||||
|
|
||||||
|
#redirect letsencrypt to dehydrated
|
||||||
|
location ^~ /.well-known/acme-challenge {
|
||||||
|
default_type "text/plain";
|
||||||
|
auth_basic "off";
|
||||||
|
alias /var/www/dehydrated;
|
||||||
|
}
|
||||||
|
|
||||||
|
#rewrite rule - send to https with an exception for provisioning
|
||||||
|
if ($uri !~* ^.*(provision|xml_cdr).*$) {
|
||||||
|
rewrite ^(.*) https://$host$1 permanent;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
#REST api
|
||||||
|
if ($uri ~* ^.*/api/.*$) {
|
||||||
|
rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
#algo
|
||||||
|
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
|
||||||
|
|
||||||
|
#mitel
|
||||||
|
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
|
||||||
|
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
|
||||||
|
|
||||||
|
#grandstream
|
||||||
|
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
|
||||||
|
rewrite "^.*/provision/pb/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
|
||||||
|
#grandstream-wave softphone by ext because Android doesn't pass MAC.
|
||||||
|
rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
|
||||||
|
|
||||||
|
#aastra
|
||||||
|
rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
|
||||||
|
#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
|
||||||
|
|
||||||
|
#yealink
|
||||||
|
#rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
|
||||||
|
rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
|
||||||
|
|
||||||
|
#polycom
|
||||||
|
rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
|
||||||
|
#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
|
||||||
|
rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
|
||||||
|
|
||||||
|
#cisco
|
||||||
|
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
|
||||||
|
|
||||||
|
#Escene
|
||||||
|
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
|
||||||
|
rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
|
||||||
|
|
||||||
|
#Vtech
|
||||||
|
rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
|
||||||
|
rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log;
|
||||||
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
|
client_max_body_size 80M;
|
||||||
|
client_body_buffer_size 128k;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /var/www/fusionpbx;
|
||||||
|
index index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||||
|
#fastcgi_pass 127.0.0.1:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Allow the upgrade routines to run longer than normal
|
||||||
|
location = /core/upgrade/index.php {
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||||
|
#fastcgi_pass 127.0.0.1:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
|
||||||
|
fastcgi_read_timeout 15m;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Disable viewing .htaccess & .htpassword & .db & .git
|
||||||
|
location ~ .htaccess {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ .htpassword {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~^.+.(db)$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ /.git/ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
server_name fusionpbx;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/certs/nginx.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/private/nginx.key;
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
|
ssl_ciphers HIGH:!ADH:!MD5:!aNULL;
|
||||||
|
#ssl_dhparam
|
||||||
|
|
||||||
|
#redirect letsencrypt to dehydrated
|
||||||
|
location ^~ /.well-known/acme-challenge {
|
||||||
|
default_type "text/plain";
|
||||||
|
auth_basic "off";
|
||||||
|
alias /var/www/dehydrated;
|
||||||
|
}
|
||||||
|
|
||||||
|
#REST api
|
||||||
|
if ($uri ~* ^.*/api/.*$) {
|
||||||
|
rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
#message media
|
||||||
|
rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;
|
||||||
|
|
||||||
|
#algo
|
||||||
|
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
|
||||||
|
|
||||||
|
#mitel
|
||||||
|
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
|
||||||
|
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
|
||||||
|
|
||||||
|
#grandstream
|
||||||
|
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
|
||||||
|
rewrite "^.*/provision/pb/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
|
||||||
|
#grandstream-wave softphone by ext because Android doesn't pass MAC.
|
||||||
|
rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
|
||||||
|
|
||||||
|
#aastra
|
||||||
|
rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
|
||||||
|
#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
|
||||||
|
|
||||||
|
#yealink
|
||||||
|
#rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
|
||||||
|
rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
|
||||||
|
|
||||||
|
#polycom
|
||||||
|
rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
|
||||||
|
#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
|
||||||
|
rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
|
||||||
|
rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
|
||||||
|
|
||||||
|
#cisco
|
||||||
|
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
|
||||||
|
|
||||||
|
#Escene
|
||||||
|
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
|
||||||
|
rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
|
||||||
|
|
||||||
|
#Vtech
|
||||||
|
rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
|
||||||
|
rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log;
|
||||||
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
|
client_max_body_size 80M;
|
||||||
|
client_body_buffer_size 128k;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /var/www/fusionpbx;
|
||||||
|
index index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||||
|
#fastcgi_pass 127.0.0.1:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Allow the upgrade routines to run longer than normal
|
||||||
|
location = /core/upgrade/index.php {
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
|
||||||
|
#fastcgi_pass 127.0.0.1:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
|
||||||
|
fastcgi_read_timeout 15m;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Disable viewing .htaccess & .htpassword & .db & .git
|
||||||
|
location ~ .htaccess {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ .htpassword {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~^.+.(db)$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ /.git/ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,106 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
verbose "Configuring PHP"
|
||||||
|
|
||||||
|
#add the repository
|
||||||
|
if [ ."$os_name" = ."Ubuntu" ]; then
|
||||||
|
#20.04.x - /*bionic/
|
||||||
|
if [ ."$os_codename" = ."focal" ]; then
|
||||||
|
echo "Ubuntu 20.04 LTS\n"
|
||||||
|
php_version=7.4
|
||||||
|
fi
|
||||||
|
#18.04.x - /*bionic/
|
||||||
|
if [ ."$os_codename" = ."bionic" ]; then
|
||||||
|
echo "Ubuntu 18.04 LTS\n"
|
||||||
|
php_version=7.2
|
||||||
|
fi
|
||||||
|
#16.10.x - */yakkety/
|
||||||
|
#16.04.x - */xenial/
|
||||||
|
#14.04.x - */trusty/
|
||||||
|
if [ ."$os_codename" = ."trusty" ]; then
|
||||||
|
which add-apt-repository || apt-get install -y software-properties-common
|
||||||
|
LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
|
||||||
|
fi
|
||||||
|
elif [ ."$cpu_architecture" = ."arm" ]; then
|
||||||
|
echo "arm"
|
||||||
|
fi
|
||||||
|
apt-get update -y
|
||||||
|
|
||||||
|
#install dependencies
|
||||||
|
apt-get install -y nginx
|
||||||
|
if [ ."$php_version" = ."5.6" ]; then
|
||||||
|
apt-get install -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-gd
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.0" ]; then
|
||||||
|
apt-get install -y php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-xml php7.0-gd php7.0-mbstring
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.1" ]; then
|
||||||
|
apt-get install -y php7.1 php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd php7.1-mbstring
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.2" ]; then
|
||||||
|
apt-get install -y php7.2 php7.2-cli php7.2-fpm php7.2-pgsql php7.2-sqlite3 php7.2-odbc php7.2-curl php7.2-imap php7.2-xml php7.2-gd php7.2-mbstring
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.4" ]; then
|
||||||
|
apt-get install -y php7.4 php7.4-cli php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd php7.4-mbstring
|
||||||
|
fi
|
||||||
|
|
||||||
|
#update config if source is being used
|
||||||
|
if [ ."$php_version" = ."5" ]; then
|
||||||
|
verbose "version 5.x"
|
||||||
|
php_ini_file='/etc/php5/fpm/php.ini'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.0" ]; then
|
||||||
|
verbose "version 7.0"
|
||||||
|
php_ini_file='/etc/php/7.0/fpm/php.ini'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.1" ]; then
|
||||||
|
verbose "version 7.1"
|
||||||
|
php_ini_file='/etc/php/7.1/fpm/php.ini'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.2" ]; then
|
||||||
|
verbose "version 7.2"
|
||||||
|
php_ini_file='/etc/php/7.2/fpm/php.ini'
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.4" ]; then
|
||||||
|
verbose "version 7.4"
|
||||||
|
php_ini_file='/etc/php/7.4/fpm/php.ini'
|
||||||
|
fi
|
||||||
|
sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file
|
||||||
|
sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file
|
||||||
|
sed 's#;max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
|
||||||
|
sed 's#; max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
|
||||||
|
|
||||||
|
#install ioncube
|
||||||
|
if [ .$cpu_architecture = .'x86' ]; then
|
||||||
|
. ./ioncube.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
#restart php-fpm
|
||||||
|
systemctl daemon-reload
|
||||||
|
if [ ."$php_version" = ."5.6" ]; then
|
||||||
|
systemctl restart php5-fpm
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.0" ]; then
|
||||||
|
systemctl restart php7.0-fpm
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.1" ]; then
|
||||||
|
systemctl restart php7.1-fpm
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.2" ]; then
|
||||||
|
systemctl restart php7.2-fpm
|
||||||
|
fi
|
||||||
|
if [ ."$php_version" = ."7.4" ]; then
|
||||||
|
systemctl restart php7.4-fpm
|
||||||
|
fi
|
||||||
|
#init.d
|
||||||
|
#/usr/sbin/service php5-fpm restart
|
||||||
|
#/usr/sbin/service php7.0-fpm restart
|
|
@ -0,0 +1,90 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#move to script directory so all relative paths work
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
#includes
|
||||||
|
. ./config.sh
|
||||||
|
. ./colors.sh
|
||||||
|
. ./environment.sh
|
||||||
|
|
||||||
|
#send a message
|
||||||
|
echo "Install PostgreSQL"
|
||||||
|
|
||||||
|
#generate a random password
|
||||||
|
password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64)
|
||||||
|
|
||||||
|
#install message
|
||||||
|
echo "Install PostgreSQL and create the database and users\n"
|
||||||
|
|
||||||
|
#included in the distribution
|
||||||
|
if [ ."$database_repo" = ."system" ]; then
|
||||||
|
apt-get install -y sudo postgresql
|
||||||
|
fi
|
||||||
|
|
||||||
|
#postgres official repository
|
||||||
|
if [ ."$database_repo" = ."official" ]; then
|
||||||
|
echo "deb http://apt.postgresql.org/pub/repos/apt/ $os_codename-pgdg main" > /etc/apt/sources.list.d/postgresql.list
|
||||||
|
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
|
||||||
|
apt-get update && apt-get upgrade -y
|
||||||
|
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
|
||||||
|
if [ ."$database_version" = ."latest" ]; then
|
||||||
|
apt-get install -y sudo postgresql
|
||||||
|
fi
|
||||||
|
if [ ."$database_version" = ."14" ]; then
|
||||||
|
apt-get install -y sudo postgresql-$database_version
|
||||||
|
fi
|
||||||
|
if [ ."$database_version" = ."13" ]; then
|
||||||
|
apt-get install -y sudo postgresql-$database_version
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#add PostgreSQL and 2ndquadrant repos
|
||||||
|
if [ ."$database_repo" = ."2ndquadrant" ]; then
|
||||||
|
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
|
||||||
|
apt install -y curl
|
||||||
|
curl https://dl.2ndquadrant.com/default/release/get/deb | bash
|
||||||
|
if [ ."$os_codename" = ."focal" ]; then
|
||||||
|
sed -i /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list -e 's#focal#bionic#g'
|
||||||
|
fi
|
||||||
|
apt update
|
||||||
|
apt-get install -y sudo postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#add additional dependencies
|
||||||
|
apt install -y libpq-dev
|
||||||
|
|
||||||
|
#systemd
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl restart postgresql
|
||||||
|
|
||||||
|
#init.d
|
||||||
|
#/usr/sbin/service postgresql restart
|
||||||
|
|
||||||
|
#install the database backup
|
||||||
|
#cp backup/fusionpbx-backup /etc/cron.daily
|
||||||
|
#cp backup/fusionpbx-maintenance /etc/cron.daily
|
||||||
|
#chmod 755 /etc/cron.daily/fusionpbx-backup
|
||||||
|
#chmod 755 /etc/cron.daily/fusionpbx-maintenance
|
||||||
|
#sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-backup
|
||||||
|
#sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-maintenance
|
||||||
|
|
||||||
|
#move to /tmp to prevent a red herring error when running sudo with psql
|
||||||
|
cwd=$(pwd)
|
||||||
|
cd /tmp
|
||||||
|
|
||||||
|
#add the databases, users and grant permissions to them
|
||||||
|
sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
|
||||||
|
sudo -u postgres psql -c "CREATE DATABASE freeswitch;";
|
||||||
|
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
|
||||||
|
sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
|
||||||
|
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
|
||||||
|
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
|
||||||
|
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
|
||||||
|
#ALTER USER fusionpbx WITH PASSWORD 'newpassword';
|
||||||
|
cd $cwd
|
||||||
|
|
||||||
|
#set the ip address
|
||||||
|
#server_address=$(hostname -I)
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue