From fc4fa7a8fb0918a39106c45fdda82668714b6514 Mon Sep 17 00:00:00 2001 From: i am da real crt yes Date: Mon, 5 Sep 2022 15:34:53 +0200 Subject: [PATCH] copied over install scripts to adapt --- Install_Scripts/debian/install.sh | 61 ++ Install_Scripts/debian/pre-install.sh | 13 + Install_Scripts/debian/resources/arguments.sh | 48 ++ .../debian/resources/backup/fusionpbx-backup | 27 + .../resources/backup/fusionpbx-maintenance | 137 ++++ Install_Scripts/debian/resources/colors.sh | 25 + Install_Scripts/debian/resources/config.sh | 29 + .../debian/resources/environment.sh | 103 +++ Install_Scripts/debian/resources/fail2ban.sh | 37 ++ .../resources/fail2ban/auth-challenge-ip.conf | 21 + .../resources/fail2ban/freeswitch-acl.conf | 20 + .../resources/fail2ban/freeswitch-ip.conf | 20 + .../debian/resources/fail2ban/freeswitch.conf | 18 + .../resources/fail2ban/fusionpbx-404.conf | 27 + .../resources/fail2ban/fusionpbx-mac.conf | 20 + .../debian/resources/fail2ban/fusionpbx.conf | 25 + .../debian/resources/fail2ban/jail.local | 143 ++++ .../debian/resources/fail2ban/nginx-404.conf | 5 + .../debian/resources/fail2ban/nginx-dos.conf | 14 + .../fail2ban/sip-auth-challenge.conf | 21 + .../resources/fail2ban/sip-auth-failure.conf | 21 + Install_Scripts/debian/resources/finish.sh | 145 ++++ Install_Scripts/debian/resources/fusionpbx.sh | 35 + .../debian/resources/fusionpbx/config.php | 47 ++ Install_Scripts/debian/resources/ioncube.sh | 126 ++++ Install_Scripts/debian/resources/iptables.sh | 68 ++ .../debian/resources/letsencrypt.sh | 130 ++++ .../resources/letsencrypt/domain_name.conf | 22 + Install_Scripts/debian/resources/monit.sh | 19 + .../debian/resources/monit/freeswitch | 3 + .../debian/resources/monit/shell.sh | 5 + Install_Scripts/debian/resources/nftables.sh | 30 + Install_Scripts/debian/resources/nginx.sh | 84 +++ .../debian/resources/nginx/fusionpbx | 305 +++++++++ Install_Scripts/debian/resources/php.sh | 139 ++++ .../debian/resources/postgresql.sh | 116 ++++ .../debian/resources/postgresql/create.sh | 31 + .../debian/resources/postgresql/dsn.sh | 70 ++ .../debian/resources/postgresql/empty.sh | 27 + .../debian/resources/postgresql/iptables.sh | 54 ++ .../debian/resources/postgresql/node.sh | 177 +++++ .../debian/resources/postgresql/pg_hba.conf | 97 +++ .../debian/resources/postgresql/pg_hba.sh | 62 ++ .../resources/postgresql/postgresql.conf | 618 ++++++++++++++++++ Install_Scripts/debian/resources/random.sh | 4 + .../debian/resources/reboot_phones.sh | 37 ++ .../debian/resources/reset_admin_password.sh | 32 + Install_Scripts/debian/resources/sngrep.sh | 27 + Install_Scripts/debian/resources/switch.sh | 52 ++ .../debian/resources/switch/conf-copy.sh | 3 + .../debian/resources/switch/dsn.sh | 57 ++ .../debian/resources/switch/package-all.sh | 27 + .../resources/switch/package-master-all.sh | 9 + .../debian/resources/switch/package-master.sh | 31 + .../resources/switch/package-permissions.sh | 13 + .../resources/switch/package-release.sh | 56 ++ .../resources/switch/package-systemd.sh | 13 + .../debian/resources/switch/repo.sh | 25 + .../debian/resources/switch/source-master.sh | 41 ++ .../resources/switch/source-permissions.sh | 5 + .../debian/resources/switch/source-release.sh | 143 ++++ .../debian/resources/switch/source-systemd.sh | 15 + .../resources/switch/source-to-package.sh | 24 + .../source/etc.default.freeswitch.package | 2 + .../source/etc.default.freeswitch.source | 4 + .../switch/source/freeswitch.service.package | 62 ++ .../switch/source/freeswitch.service.source | 57 ++ .../resources/switch/source/mod_pgsql.patch | 53 ++ .../debian/resources/upgrade/php.sh | 44 ++ Install_Scripts/ubuntu/install.sh | 60 ++ Install_Scripts/ubuntu/pre-install.sh | 13 + Install_Scripts/ubuntu/resources/arguments.sh | 48 ++ .../ubuntu/resources/backup/fusionpbx-backup | 27 + .../resources/backup/fusionpbx-maintenance | 119 ++++ Install_Scripts/ubuntu/resources/colors.sh | 25 + Install_Scripts/ubuntu/resources/config.sh | 28 + .../ubuntu/resources/environment.sh | 95 +++ Install_Scripts/ubuntu/resources/fail2ban.sh | 35 + .../resources/fail2ban/auth-challenge-ip.conf | 21 + .../resources/fail2ban/freeswitch-ip.conf | 20 + .../ubuntu/resources/fail2ban/freeswitch.conf | 18 + .../resources/fail2ban/fusionpbx-404.conf | 27 + .../resources/fail2ban/fusionpbx-mac.conf | 20 + .../ubuntu/resources/fail2ban/fusionpbx.conf | 25 + .../ubuntu/resources/fail2ban/jail.local | 131 ++++ .../ubuntu/resources/fail2ban/nginx-404.conf | 5 + .../ubuntu/resources/fail2ban/nginx-dos.conf | 14 + .../fail2ban/sip-auth-challenge.conf | 21 + .../resources/fail2ban/sip-auth-failure.conf | 21 + Install_Scripts/ubuntu/resources/finish.sh | 145 ++++ Install_Scripts/ubuntu/resources/fusionpbx.sh | 35 + .../ubuntu/resources/fusionpbx/config.php | 47 ++ Install_Scripts/ubuntu/resources/ioncube.sh | 94 +++ Install_Scripts/ubuntu/resources/iptables.sh | 48 ++ .../ubuntu/resources/letsencrypt.sh | 127 ++++ .../resources/letsencrypt/domain_name.conf | 22 + Install_Scripts/ubuntu/resources/nginx.sh | 67 ++ .../ubuntu/resources/nginx/fusionpbx | 268 ++++++++ Install_Scripts/ubuntu/resources/php.sh | 106 +++ .../ubuntu/resources/postgresql.sh | 90 +++ .../ubuntu/resources/postgresql/create.sh | 28 + .../ubuntu/resources/postgresql/dsn.sh | 70 ++ .../ubuntu/resources/postgresql/empty.sh | 27 + .../ubuntu/resources/postgresql/iptables.sh | 54 ++ .../ubuntu/resources/postgresql/node.sh | 172 +++++ .../ubuntu/resources/postgresql/pg_hba.conf | 97 +++ .../ubuntu/resources/postgresql/pg_hba.sh | 62 ++ .../resources/postgresql/postgresql.conf | 618 ++++++++++++++++++ Install_Scripts/ubuntu/resources/random.sh | 4 + .../ubuntu/resources/reboot_phones.sh | 37 ++ .../ubuntu/resources/reset_admin_password.sh | 32 + Install_Scripts/ubuntu/resources/sngrep.sh | 23 + Install_Scripts/ubuntu/resources/switch.sh | 51 ++ .../ubuntu/resources/switch/conf-copy.sh | 3 + .../ubuntu/resources/switch/dsn.sh | 57 ++ .../ubuntu/resources/switch/package-all.sh | 23 + .../resources/switch/package-master-all.sh | 9 + .../ubuntu/resources/switch/package-master.sh | 29 + .../resources/switch/package-permissions.sh | 7 + .../resources/switch/package-release.sh | 47 ++ .../resources/switch/package-systemd.sh | 13 + .../ubuntu/resources/switch/source-master.sh | 41 ++ .../resources/switch/source-permissions.sh | 5 + .../ubuntu/resources/switch/source-release.sh | 119 ++++ .../ubuntu/resources/switch/source-systemd.sh | 15 + .../resources/switch/source-to-package.sh | 24 + .../source/etc.default.freeswitch.package | 4 + .../source/etc.default.freeswitch.source | 4 + .../switch/source/freeswitch.service.package | 56 ++ .../switch/source/freeswitch.service.source | 57 ++ .../ubuntu/resources/upgrade/php.sh | 22 + 131 files changed, 7713 insertions(+) create mode 100755 Install_Scripts/debian/install.sh create mode 100755 Install_Scripts/debian/pre-install.sh create mode 100755 Install_Scripts/debian/resources/arguments.sh create mode 100755 Install_Scripts/debian/resources/backup/fusionpbx-backup create mode 100755 Install_Scripts/debian/resources/backup/fusionpbx-maintenance create mode 100755 Install_Scripts/debian/resources/colors.sh create mode 100755 Install_Scripts/debian/resources/config.sh create mode 100755 Install_Scripts/debian/resources/environment.sh create mode 100755 Install_Scripts/debian/resources/fail2ban.sh create mode 100644 Install_Scripts/debian/resources/fail2ban/auth-challenge-ip.conf create mode 100644 Install_Scripts/debian/resources/fail2ban/freeswitch-acl.conf create mode 100755 Install_Scripts/debian/resources/fail2ban/freeswitch-ip.conf create mode 100755 Install_Scripts/debian/resources/fail2ban/freeswitch.conf create mode 100755 Install_Scripts/debian/resources/fail2ban/fusionpbx-404.conf create mode 100644 Install_Scripts/debian/resources/fail2ban/fusionpbx-mac.conf create mode 100755 Install_Scripts/debian/resources/fail2ban/fusionpbx.conf create mode 100755 Install_Scripts/debian/resources/fail2ban/jail.local create mode 100755 Install_Scripts/debian/resources/fail2ban/nginx-404.conf create mode 100755 Install_Scripts/debian/resources/fail2ban/nginx-dos.conf create mode 100644 Install_Scripts/debian/resources/fail2ban/sip-auth-challenge.conf create mode 100755 Install_Scripts/debian/resources/fail2ban/sip-auth-failure.conf create mode 100755 Install_Scripts/debian/resources/finish.sh create mode 100755 Install_Scripts/debian/resources/fusionpbx.sh create mode 100755 Install_Scripts/debian/resources/fusionpbx/config.php create mode 100755 Install_Scripts/debian/resources/ioncube.sh create mode 100755 Install_Scripts/debian/resources/iptables.sh create mode 100755 Install_Scripts/debian/resources/letsencrypt.sh create mode 100755 Install_Scripts/debian/resources/letsencrypt/domain_name.conf create mode 100644 Install_Scripts/debian/resources/monit.sh create mode 100644 Install_Scripts/debian/resources/monit/freeswitch create mode 100644 Install_Scripts/debian/resources/monit/shell.sh create mode 100644 Install_Scripts/debian/resources/nftables.sh create mode 100755 Install_Scripts/debian/resources/nginx.sh create mode 100755 Install_Scripts/debian/resources/nginx/fusionpbx create mode 100755 Install_Scripts/debian/resources/php.sh create mode 100755 Install_Scripts/debian/resources/postgresql.sh create mode 100755 Install_Scripts/debian/resources/postgresql/create.sh create mode 100755 Install_Scripts/debian/resources/postgresql/dsn.sh create mode 100755 Install_Scripts/debian/resources/postgresql/empty.sh create mode 100755 Install_Scripts/debian/resources/postgresql/iptables.sh create mode 100755 Install_Scripts/debian/resources/postgresql/node.sh create mode 100755 Install_Scripts/debian/resources/postgresql/pg_hba.conf create mode 100755 Install_Scripts/debian/resources/postgresql/pg_hba.sh create mode 100755 Install_Scripts/debian/resources/postgresql/postgresql.conf create mode 100755 Install_Scripts/debian/resources/random.sh create mode 100755 Install_Scripts/debian/resources/reboot_phones.sh create mode 100755 Install_Scripts/debian/resources/reset_admin_password.sh create mode 100755 Install_Scripts/debian/resources/sngrep.sh create mode 100755 Install_Scripts/debian/resources/switch.sh create mode 100755 Install_Scripts/debian/resources/switch/conf-copy.sh create mode 100755 Install_Scripts/debian/resources/switch/dsn.sh create mode 100755 Install_Scripts/debian/resources/switch/package-all.sh create mode 100755 Install_Scripts/debian/resources/switch/package-master-all.sh create mode 100755 Install_Scripts/debian/resources/switch/package-master.sh create mode 100755 Install_Scripts/debian/resources/switch/package-permissions.sh create mode 100755 Install_Scripts/debian/resources/switch/package-release.sh create mode 100755 Install_Scripts/debian/resources/switch/package-systemd.sh create mode 100644 Install_Scripts/debian/resources/switch/repo.sh create mode 100755 Install_Scripts/debian/resources/switch/source-master.sh create mode 100755 Install_Scripts/debian/resources/switch/source-permissions.sh create mode 100755 Install_Scripts/debian/resources/switch/source-release.sh create mode 100755 Install_Scripts/debian/resources/switch/source-systemd.sh create mode 100755 Install_Scripts/debian/resources/switch/source-to-package.sh create mode 100755 Install_Scripts/debian/resources/switch/source/etc.default.freeswitch.package create mode 100755 Install_Scripts/debian/resources/switch/source/etc.default.freeswitch.source create mode 100755 Install_Scripts/debian/resources/switch/source/freeswitch.service.package create mode 100755 Install_Scripts/debian/resources/switch/source/freeswitch.service.source create mode 100644 Install_Scripts/debian/resources/switch/source/mod_pgsql.patch create mode 100755 Install_Scripts/debian/resources/upgrade/php.sh create mode 100755 Install_Scripts/ubuntu/install.sh create mode 100755 Install_Scripts/ubuntu/pre-install.sh create mode 100755 Install_Scripts/ubuntu/resources/arguments.sh create mode 100755 Install_Scripts/ubuntu/resources/backup/fusionpbx-backup create mode 100755 Install_Scripts/ubuntu/resources/backup/fusionpbx-maintenance create mode 100755 Install_Scripts/ubuntu/resources/colors.sh create mode 100755 Install_Scripts/ubuntu/resources/config.sh create mode 100755 Install_Scripts/ubuntu/resources/environment.sh create mode 100755 Install_Scripts/ubuntu/resources/fail2ban.sh create mode 100644 Install_Scripts/ubuntu/resources/fail2ban/auth-challenge-ip.conf create mode 100755 Install_Scripts/ubuntu/resources/fail2ban/freeswitch-ip.conf create mode 100755 Install_Scripts/ubuntu/resources/fail2ban/freeswitch.conf create mode 100755 Install_Scripts/ubuntu/resources/fail2ban/fusionpbx-404.conf create mode 100644 Install_Scripts/ubuntu/resources/fail2ban/fusionpbx-mac.conf create mode 100755 Install_Scripts/ubuntu/resources/fail2ban/fusionpbx.conf create mode 100755 Install_Scripts/ubuntu/resources/fail2ban/jail.local create mode 100755 Install_Scripts/ubuntu/resources/fail2ban/nginx-404.conf create mode 100755 Install_Scripts/ubuntu/resources/fail2ban/nginx-dos.conf create mode 100644 Install_Scripts/ubuntu/resources/fail2ban/sip-auth-challenge.conf create mode 100755 Install_Scripts/ubuntu/resources/fail2ban/sip-auth-failure.conf create mode 100755 Install_Scripts/ubuntu/resources/finish.sh create mode 100755 Install_Scripts/ubuntu/resources/fusionpbx.sh create mode 100755 Install_Scripts/ubuntu/resources/fusionpbx/config.php create mode 100755 Install_Scripts/ubuntu/resources/ioncube.sh create mode 100755 Install_Scripts/ubuntu/resources/iptables.sh create mode 100755 Install_Scripts/ubuntu/resources/letsencrypt.sh create mode 100755 Install_Scripts/ubuntu/resources/letsencrypt/domain_name.conf create mode 100755 Install_Scripts/ubuntu/resources/nginx.sh create mode 100755 Install_Scripts/ubuntu/resources/nginx/fusionpbx create mode 100755 Install_Scripts/ubuntu/resources/php.sh create mode 100755 Install_Scripts/ubuntu/resources/postgresql.sh create mode 100755 Install_Scripts/ubuntu/resources/postgresql/create.sh create mode 100755 Install_Scripts/ubuntu/resources/postgresql/dsn.sh create mode 100755 Install_Scripts/ubuntu/resources/postgresql/empty.sh create mode 100755 Install_Scripts/ubuntu/resources/postgresql/iptables.sh create mode 100755 Install_Scripts/ubuntu/resources/postgresql/node.sh create mode 100755 Install_Scripts/ubuntu/resources/postgresql/pg_hba.conf create mode 100755 Install_Scripts/ubuntu/resources/postgresql/pg_hba.sh create mode 100755 Install_Scripts/ubuntu/resources/postgresql/postgresql.conf create mode 100755 Install_Scripts/ubuntu/resources/random.sh create mode 100755 Install_Scripts/ubuntu/resources/reboot_phones.sh create mode 100755 Install_Scripts/ubuntu/resources/reset_admin_password.sh create mode 100755 Install_Scripts/ubuntu/resources/sngrep.sh create mode 100755 Install_Scripts/ubuntu/resources/switch.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/conf-copy.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/dsn.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/package-all.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/package-master-all.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/package-master.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/package-permissions.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/package-release.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/package-systemd.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/source-master.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/source-permissions.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/source-release.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/source-systemd.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/source-to-package.sh create mode 100755 Install_Scripts/ubuntu/resources/switch/source/etc.default.freeswitch.package create mode 100755 Install_Scripts/ubuntu/resources/switch/source/etc.default.freeswitch.source create mode 100755 Install_Scripts/ubuntu/resources/switch/source/freeswitch.service.package create mode 100755 Install_Scripts/ubuntu/resources/switch/source/freeswitch.service.source create mode 100755 Install_Scripts/ubuntu/resources/upgrade/php.sh diff --git a/Install_Scripts/debian/install.sh b/Install_Scripts/debian/install.sh new file mode 100755 index 0000000..fd57f0b --- /dev/null +++ b/Install_Scripts/debian/install.sh @@ -0,0 +1,61 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./resources/config.sh +. ./resources/colors.sh +. ./resources/environment.sh + +# removes the cd img from the /etc/apt/sources.list file (not needed after base install) +sed -i '/cdrom:/d' /etc/apt/sources.list + +#Update to latest packages +verbose "Update installed packages" +apt-get update && apt-get upgrade -y + +#Add dependencies +apt-get install -y wget +apt-get install -y lsb-release +apt-get install -y systemd +apt-get install -y systemd-sysv +apt-get install -y ca-certificates +apt-get install -y dialog +apt-get install -y nano +apt-get install -y net-tools + +#SNMP +apt-get install -y snmpd +echo "rocommunity public" > /etc/snmp/snmpd.conf +service snmpd restart + +#IPTables +resources/iptables.sh + +#sngrep +resources/sngrep.sh + +#FusionPBX +resources/fusionpbx.sh + +#PHP +resources/php.sh + +#NGINX web server +resources/nginx.sh + +#FreeSWITCH +resources/switch.sh + +#Fail2ban +resources/fail2ban.sh + +#Postgres +resources/postgresql.sh + +#set the ip address +server_address=$(hostname -I) + +#add the database schema, user and groups +resources/finish.sh diff --git a/Install_Scripts/debian/pre-install.sh b/Install_Scripts/debian/pre-install.sh new file mode 100755 index 0000000..d87fdb5 --- /dev/null +++ b/Install_Scripts/debian/pre-install.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +#upgrade the packages +apt-get update && apt-get upgrade -y + +#install packages +apt-get install -y git lsb-release + +#get the install script +cd /usr/src && git clone https://github.com/fusionpbx/fusionpbx-install.sh.git + +#change the working directory +cd /usr/src/fusionpbx-install.sh/debian diff --git a/Install_Scripts/debian/resources/arguments.sh b/Install_Scripts/debian/resources/arguments.sh new file mode 100755 index 0000000..a8a2fae --- /dev/null +++ b/Install_Scripts/debian/resources/arguments.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +#Process command line options only if we haven't been processed once +if [ -z "$CPU_CHECK" ]; then + export script_name=`basename "$0"` + ARGS=$(getopt -n '$script_name' -o h -l help,use-switch-source,use-switch-package-all,use-switch-master,use-switch-package-unofficial-arm,use-php5-package,use-system-master,no-cpu-check -- "$@") + + if [ $? -ne 0 ]; then + error "Failed parsing options." + exit 1 + fi + + export USE_SWITCH_SOURCE=false + export USE_SWITCH_PACKAGE_ALL=false + export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=false + export USE_PHP5_PACKAGE=false + export USE_SWITCH_MASTER=false + export USE_SYSTEM_MASTER=false + export CPU_CHECK=true + HELP=false + + while true; do + case "$1" in + --use-switch-source ) export USE_SWITCH_SOURCE=true; shift ;; + --use-switch-package-all ) export USE_SWITCH_PACKAGE_ALL=true; shift ;; + --use-switch-master ) export USE_SWITCH_MASTER=true; shift ;; + --use-system-master ) export USE_SYSTEM_MASTER=true; shift ;; + --use-php5-package ) export USE_PHP5_PACKAGE=true; shift ;; + --use-switch-package-unofficial-arm ) export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=true; export USE_PHP5_PACKAGE=true; shift ;; + --no-cpu-check ) export CPU_CHECK=false; shift ;; + -h | --help ) HELP=true; shift ;; + -- ) shift; break ;; + * ) break ;; + esac + done + + if [ .$HELP = .true ]; then + warning "Debian installer script" + warning " --use-switch-source will use freeswitch from source rather than ${green}(default:packages)" + warning " --use-switch-package-all if using packages use the meta-all package" + warning " --use-switch-package-unofficial-arm if your system is arm and you are using packages, use the unofficial arm repo and force php5* packages" + warning " --use-php5-package use php5* packages instead of ${green}(default:php7.0)" + warning " --use-switch-master will use master branch/packages for the switch instead of ${green}(default:stable)" + warning " --use-system-master will use master branch/packages for the system instead of ${green}(default:stable)" + warning " --no-cpu-check disable the cpu check ${green}(default:check)" + exit; + fi +fi \ No newline at end of file diff --git a/Install_Scripts/debian/resources/backup/fusionpbx-backup b/Install_Scripts/debian/resources/backup/fusionpbx-backup new file mode 100755 index 0000000..d02564b --- /dev/null +++ b/Install_Scripts/debian/resources/backup/fusionpbx-backup @@ -0,0 +1,27 @@ +#!/bin/sh + +export PGPASSWORD="zzz" +db_host=127.0.0.1 +db_port=5432 + +now=$(date +%Y-%m-%d) +mkdir -p /var/backups/fusionpbx/postgresql + +echo "Backup Started" + +#delete postgres backups +find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm -f {} \; + +#delete the main backup +find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm -f {} \; + +#backup the database +pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql + +#package +#tar --exclude='/var/lib/freeswitch/recordings/*/archive' -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch /usr/share/freeswitch/sounds/music/ + +#source +#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf /usr/local/freeswitch/sounds/music/ + +echo "Backup Completed" diff --git a/Install_Scripts/debian/resources/backup/fusionpbx-maintenance b/Install_Scripts/debian/resources/backup/fusionpbx-maintenance new file mode 100755 index 0000000..5541945 --- /dev/null +++ b/Install_Scripts/debian/resources/backup/fusionpbx-maintenance @@ -0,0 +1,137 @@ +#!/bin/sh + +#settings +export PGPASSWORD="zzz" +db_host=127.0.0.1 +db_port=5432 +switch_package=true # true or false + +purge_voicemail=false +purge_call_recordings=false +purge_cdrs=false +purge_fax=false +purge_switch_logs=true +purge_php_sessions=true +purge_database_transactions=true +purge_email_queue=false +purge_fax_queue=true + +days_keep_voicemail=90 +days_keep_call_recordings=90 +days_keep_cdrs=90 +days_keep_fax=90 +days_keep_switch_logs=7 +days_keep_php_sessions=8 +days_keep_database_transactions=30 +days_keep_email_queue=30 +days_keep_fax_queue=30 + +#set the date +now=$(date +%Y-%m-%d) + +#make sure the directory exists +if [ -e /var/backups/fusionpbx/postgresql ]; then + echo "postgres backup directory exists" +else + mkdir -p /var/backups/fusionpbx/postgresql +fi + +#show message to the console +echo "Maintenance Started" + +if [ .$purge_switch_logs = .true ]; then + #delete freeswitch logs older 7 days + if [ .$switch_package = .true ]; then + find /var/log/freeswitch/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \; + else + find /usr/local/freeswitch/log/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \; + fi +else + echo "not purging Freeswitch logs" +fi + +if [ .$purge_fax = .true ]; then + #delete fax older than 90 days + if [ .$switch_package = .true ]; then + echo "."; + find /var/lib/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \; + find /var/lib/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \; + else + echo "."; + find /usr/local/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \; + find /usr/local/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \; + fi + #delete from the database + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'" + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_logs WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'" +else + echo "not purging Faxes" +fi + +if [ .$purge_call_recordings = .true ]; then + #delete call recordings older than 90 days + if [ .$switch_package = .true ]; then + find /var/lib/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \; + find /var/lib/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \; + else + find /usr/local/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \; + find /usr/local/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \; + fi + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_call_recordings WHERE call_recording_date < NOW() - INTERVAL '90 days'" +else + echo "not purging Recordings." +fi + +if [ .$purge_voicemail = .true ]; then + #delete voicemail older than 90 days + if [ .$switch_package = .true ]; then + echo "."; + find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \; + find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \; + else + echo "."; + find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \; + find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \; + fi + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '$days_keep_voicemail days'" +else + echo "not purging voicemails." +fi + +if [ .$purge_cdrs = .true ]; then + #delete call detail records older 90 days + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '$days_keep_cdrs days'" +else + echo "not purging CDRs." +fi + +#delete php sessions +if [ .$purge_php_sessions = .true ]; then + find /var/lib/php/sessions/* -name 'sess_*' -mtime +$days_keep_php_sessions -exec rm {} \; +else + echo "not purging PHP Sessions." +fi + +#delete database_transactions older 90 days +if [ .$purge_database_transactions = .true ]; then + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_database_transactions where transaction_date < NOW() - INTERVAL '$days_keep_database_transactions days'" +else + echo "not purging database_transactions." +fi + +#delete email_queue older 30 days +if [ .$purge_email_queue = .true ]; then + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_email_queue where email_status = 'sent' and email_date < NOW() - INTERVAL '$days_keep_email_queue days'" +else + echo "not purging email_queue." +fi + +#delete fax_queue older 30 days +if [ .$purge_fax_queue = .true ]; then + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_queue where fax_status = 'sent' and fax_date < NOW() - INTERVAL '$days_keep_fax_queue days'" +else + echo "not purging fax_queue." +fi + +#completed message +echo "Maintenance Completed"; diff --git a/Install_Scripts/debian/resources/colors.sh b/Install_Scripts/debian/resources/colors.sh new file mode 100755 index 0000000..499a17b --- /dev/null +++ b/Install_Scripts/debian/resources/colors.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +verbose () { + echo "${green}$1${normal}" +} +error () { + echo "${red}$1${normal}" + } +warning () { + echo "${yellow}$1${normal}" +} + +# check for color support +if test -t 1; then + + # see if it supports colors... + ncolors=$(tput colors) + + if test -n "$ncolors" && test $ncolors -ge 8; then + normal="$(tput sgr0)" + red="$(tput setaf 1)" + green="$(tput setaf 2)" + yellow="$(tput setaf 3)" + fi +fi diff --git a/Install_Scripts/debian/resources/config.sh b/Install_Scripts/debian/resources/config.sh new file mode 100755 index 0000000..d37134b --- /dev/null +++ b/Install_Scripts/debian/resources/config.sh @@ -0,0 +1,29 @@ + +# FusionPBX Settings +domain_name=ip_address # hostname, ip_address or a custom value +system_username=admin # default username admin +system_password=random # random or a custom value +system_branch=master # master, stable + +# FreeSWITCH Settings +switch_branch=stable # master, stable +switch_source=true # true (source compile) or false (binary package) +switch_package=false # true (binary package) or false (source compile) +switch_version=1.10.7 # which source code to download, only for source +switch_tls=true # true or false +switch_token= # Get the auth token from https://signalwire.com + # Signup or Login -> Profile -> Personal Auth Token +# Sofia-Sip Settings +sofia_version=1.13.8 # release-version for sofia-sip to use + +# Database Settings +database_password=random # random or a custom value (safe characters A-Z, a-z, 0-9) +database_repo=official # PostgreSQL official, system, 2ndquadrant +database_version=latest # requires repo official +database_host=127.0.0.1 # hostname or IP address +database_port=5432 # port number +database_backup=false # true or false + +# General Settings +php_version=7.4 # PHP version 7.1, 7.3, 7.4 +letsencrypt_folder=true # true or false diff --git a/Install_Scripts/debian/resources/environment.sh b/Install_Scripts/debian/resources/environment.sh new file mode 100755 index 0000000..7f3a5b4 --- /dev/null +++ b/Install_Scripts/debian/resources/environment.sh @@ -0,0 +1,103 @@ +#!/bin/sh + +#make sure lsb release is installed +apt-get install lsb-release + +#operating system details +os_name=$(lsb_release -is) +os_codename=$(lsb_release -cs) +os_mode='unknown' + +#cpu details +cpu_name=$(uname -m) +cpu_architecture='unknown' +cpu_mode='unknown' + +#set the environment path +export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +#check what the CPU and OS are +if [ .$cpu_name = .'armv6l' ]; then + # RaspberryPi Zero + os_mode='32' + cpu_mode='32' + cpu_architecture='arm' +elif [ .$cpu_name = .'armv7l' ]; then + # RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time + os_mode='32' + cpu_mode='32' + cpu_architecture='arm' +elif [ .$cpu_name = .'armv8l' ]; then + # No test case for armv8l + os_mode='unknown' + cpu_mode='64' + cpu_architecture='arm' +elif [ .$cpu_name = .'aarch64' ]; then + os_mode='64' + cpu_mode='64' + cpu_architecture='arm' +elif [ .$cpu_name = .'i386' ]; then + os_mode='32' + if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then + cpu_mode='64' + else + cpu_mode='32' + fi + cpu_architecture='x86' +elif [ .$cpu_name = .'i686' ]; then + os_mode='32' + if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then + cpu_mode='64' + else + cpu_mode='32' + fi + cpu_architecture='x86' +elif [ .$cpu_name = .'x86_64' ]; then + os_mode='64' + if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then + cpu_mode='64' + else + cpu_mode='32' + fi + cpu_architecture='x86' +else + error "You are using an unsupported cpu '$cpu_name'" + exit 3 +fi + +if [ .$cpu_architecture = .'arm' ]; then + if [ .$os_mode = .'32' ]; then + verbose "Correct CPU and Operating System detected, using the ARM repo" + elif [ .$os_mode = .'64' ]; then + error "You are using a 64bit arm OS this is unsupported" + switch_source=true + switch_package=false + else + error "Unknown OS mode $os_mode this is unsupported" + switch_source=true + switch_package=false + fi +elif [ .$cpu_architecture = .'x86' ]; then + if [ .$os_mode = .'32' ]; then + error "You are using a 32bit OS this is unsupported" + if [ .$cpu_mode = .'64' ]; then + warning " Your CPU is 64bit you should consider reinstalling with a 64bit OS" + fi + switch_source=true + switch_package=false + elif [ .$os_mode = .'64' ]; then + verbose "Correct CPU and Operating System detected" + else + error "Unknown Operating System mode '$os_mode' is unsupported" + switch_source=true + switch_package=false + fi +else + error "You are using an unsupported architecture '$cpu_architecture'" + warning "Detected environment was :-" + warning "os_name:'$os_name'" + warning "os_codename:'$os_codename'" + warning "os_mode:'$os_mode'" + warning "cpu_name:'$cpu_name'" + exit 3 +fi diff --git a/Install_Scripts/debian/resources/fail2ban.sh b/Install_Scripts/debian/resources/fail2ban.sh new file mode 100755 index 0000000..87525ea --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban.sh @@ -0,0 +1,37 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Installing Fail2ban" + +#add the dependencies +apt-get install -y fail2ban + +#move the filters +cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf +cp fail2ban/freeswitch-acl.conf /etc/fail2ban/filter.d/freeswitch-acl.conf +cp fail2ban/sip-auth-failure.conf /etc/fail2ban/filter.d/sip-auth-failure.conf +cp fail2ban/sip-auth-challenge.conf /etc/fail2ban/filter.d/sip-auth-challenge.conf +cp fail2ban/auth-challenge-ip.conf /etc/fail2ban/filter.d/auth-challenge-ip.conf +cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf +cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf +cp fail2ban/fusionpbx-mac.conf /etc/fail2ban/filter.d/fusionpbx-mac.conf +cp fail2ban/fusionpbx-404.conf /etc/fail2ban/filter.d/fusionpbx-404.conf +cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf +cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf +cp fail2ban/jail.local /etc/fail2ban/jail.local + +#update config if source is being used +#if [ .$switch_source = .true ]; then +# sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local +#fi + +#restart fail2ban +/usr/sbin/service fail2ban restart diff --git a/Install_Scripts/debian/resources/fail2ban/auth-challenge-ip.conf b/Install_Scripts/debian/resources/fail2ban/auth-challenge-ip.conf new file mode 100644 index 0000000..dab8f7b --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban/auth-challenge-ip.conf @@ -0,0 +1,21 @@ +# Fail2Ban configuration file +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#[WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [+972592277524@xxx.xxx.xxx.xxx] from ip 209.160.120.12 +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((INVITE|REGISTER)\) on sofia profile \'.*\' for \[.*@\d+.\d+.\d+.\d+\] from ip + + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/debian/resources/fail2ban/freeswitch-acl.conf b/Install_Scripts/debian/resources/fail2ban/freeswitch-acl.conf new file mode 100644 index 0000000..9fe8e4e --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban/freeswitch-acl.conf @@ -0,0 +1,20 @@ +# Fail2Ban configuration file +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#2021-02-03 16:27:57.292697 [WARNING] sofia_reg.c:2353 IP 62.210.78.91 Rejected by register acl "domains" +failregex = \[WARNING\] sofia_reg.c:\d+ IP Rejected by register acl + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/debian/resources/fail2ban/freeswitch-ip.conf b/Install_Scripts/debian/resources/fail2ban/freeswitch-ip.conf new file mode 100755 index 0000000..3fee3b6 --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban/freeswitch-ip.conf @@ -0,0 +1,20 @@ +# Fail2Ban configuration file +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#2014-12-01 00:47:54.331821 [WARNING] sofia_reg.c:2752 Can't find user [1000@xxx.xxx.xxx.xxx] from 62.210.151.162 +failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/debian/resources/fail2ban/freeswitch.conf b/Install_Scripts/debian/resources/fail2ban/freeswitch.conf new file mode 100755 index 0000000..98c40af --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban/freeswitch.conf @@ -0,0 +1,18 @@ +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip + \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = + diff --git a/Install_Scripts/debian/resources/fail2ban/fusionpbx-404.conf b/Install_Scripts/debian/resources/fail2ban/fusionpbx-404.conf new file mode 100755 index 0000000..ada405c --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban/fusionpbx-404.conf @@ -0,0 +1,27 @@ +# Fail2Ban configuration file +# inbound route - 404 not found + + +[Definition] + + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#failregex = [hostname] FusionPBX: \[\] authentication failed +#[hostname] variable doesn't seem to work in every case. Do this instead: +failregex = 404 not found + + +#EXECUTE sofia/external/8888888888888@example.fusionpbx.com log([inbound routes] 404 not found 82.68.115.62) + + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/debian/resources/fail2ban/fusionpbx-mac.conf b/Install_Scripts/debian/resources/fail2ban/fusionpbx-mac.conf new file mode 100644 index 0000000..3bdff68 --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban/fusionpbx-mac.conf @@ -0,0 +1,20 @@ +# Fail2Ban configuration file +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#Oct 9 02:56:16 m1 fusionpbx-provision[28628]: [10.0.0.1] invalid mac address 000000000000 +failregex = \[\] invalid mac address + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/debian/resources/fail2ban/fusionpbx.conf b/Install_Scripts/debian/resources/fail2ban/fusionpbx.conf new file mode 100755 index 0000000..ff1b5c9 --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban/fusionpbx.conf @@ -0,0 +1,25 @@ +# Fail2Ban configuration file +# +# Author: soapee01 +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#failregex = [hostname] FusionPBX: \[\] authentication failed +#[hostname] variable doesn't seem to work in every case. Do this instead: +failregex = .* FusionPBX: \[\] authentication failed for + = .* FusionPBX: \[\] provision attempt bad password for + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = + diff --git a/Install_Scripts/debian/resources/fail2ban/jail.local b/Install_Scripts/debian/resources/fail2ban/jail.local new file mode 100755 index 0000000..6f6b703 --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban/jail.local @@ -0,0 +1,143 @@ +[ssh] +enabled = true +port = 22 +protocol = ssh +filter = sshd +logpath = /var/log/auth.log +action = iptables-allports[name=sshd, protocol=all] +maxretry = 6 +findtime = 60 +bantime = 86400 + +[freeswitch] +enabled = false +port = 5060:5091 +protocol = all +filter = freeswitch +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=freeswitch, protocol=all] +maxretry = 10 +findtime = 60 +bantime = 3600 +# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed + +[freeswitch-acl] +enabled = false +port = 5060:5091 +protocol = all +filter = freeswitch-acl +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=freeswitch-acl, protocol=all] +maxretry = 900 +findtime = 60 +bantime = 86400 + +[freeswitch-ip] +enabled = false +port = 5060:5091 +protocol = all +filter = freeswitch-ip +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=freeswitch-ip, protocol=all] +maxretry = 1 +findtime = 60 +bantime = 86400 + +[auth-challenge-ip] +enabled = false +port = 5060:5091 +protocol = all +filter = auth-challenge-ip +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=auth-challenge-ip, protocol=all] +maxretry = 1 +findtime = 60 +bantime = 86400 + +[sip-auth-challenge] +enabled = false +port = 5060:5091 +protocol = all +filter = sip-auth-challenge +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=sip-auth-challenge, protocol=all] +maxretry = 100 +findtime = 60 +bantime = 7200 + +[sip-auth-failure] +enabled = false +port = 5060:5091 +protocol = all +filter = sip-auth-failure +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=sip-auth-failure, protocol=all] +maxretry = 6 +findtime = 60 +bantime = 7200 + +[fusionpbx-404] +enabled = false +port = 5060:5091 +protocol = all +filter = fusionpbx-404 +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=fusionpbx-404, protocol=all] +maxretry = 6 +findtime = 60 +bantime = 86400 + +[fusionpbx] +enabled = true +port = 80,443 +protocol = tcp +filter = fusionpbx +logpath = /var/log/auth.log +action = iptables-allports[name=fusionpbx, protocol=all] +# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed +maxretry = 20 +findtime = 60 +bantime = 3600 + +[fusionpbx-mac] +enabled = true +port = 80,443 +protocol = tcp +filter = fusionpbx-mac +logpath = /var/log/syslog +action = iptables-allports[name=fusionpbx-mac, protocol=all] +# sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed +maxretry = 10 +findtime = 60 +bantime = 86400 + +[nginx-404] +enabled = true +port = 80,443 +protocol = tcp +filter = nginx-404 +logpath = /var/log/nginx/access*.log +action = iptables-allports[name=nginx-404, protocol=all] +bantime = 3600 +findtime = 60 +maxretry = 300 + +[nginx-dos] +# Based on apache-badbots but a simple IP check (any IP requesting more than +# 300 pages in 60 seconds, or 5p/s average, is suspicious) +enabled = true +port = 80,443 +protocol = tcp +filter = nginx-dos +logpath = /var/log/nginx/access*.log +action = iptables-allports[name=nginx-dos, protocol=all] +findtime = 60 +bantime = 86400 +maxretry = 800 diff --git a/Install_Scripts/debian/resources/fail2ban/nginx-404.conf b/Install_Scripts/debian/resources/fail2ban/nginx-404.conf new file mode 100755 index 0000000..f121f41 --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban/nginx-404.conf @@ -0,0 +1,5 @@ +# Fail2Ban configuration file +# +[Definition] +failregex = - - \[.*\] "(GET|POST).*HTTP[^ ]* 404 +ignoreregex = diff --git a/Install_Scripts/debian/resources/fail2ban/nginx-dos.conf b/Install_Scripts/debian/resources/fail2ban/nginx-dos.conf new file mode 100755 index 0000000..6e2cd23 --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban/nginx-dos.conf @@ -0,0 +1,14 @@ +# Fail2Ban configuration file + +[Definition] +# Option: failregex +# Notes.: Regexp to catch a generic call from an IP address. +# Values: TEXT +# +failregex = ^ -.*"(GET|POST).*HTTP.*"$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/debian/resources/fail2ban/sip-auth-challenge.conf b/Install_Scripts/debian/resources/fail2ban/sip-auth-challenge.conf new file mode 100644 index 0000000..fcd4414 --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban/sip-auth-challenge.conf @@ -0,0 +1,21 @@ +# Fail2Ban configuration file +# +# Author: soapee01 +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/debian/resources/fail2ban/sip-auth-failure.conf b/Install_Scripts/debian/resources/fail2ban/sip-auth-failure.conf new file mode 100755 index 0000000..0d4ee23 --- /dev/null +++ b/Install_Scripts/debian/resources/fail2ban/sip-auth-failure.conf @@ -0,0 +1,21 @@ +# Fail2Ban configuration file +# +# Author: soapee01 +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/debian/resources/finish.sh b/Install_Scripts/debian/resources/finish.sh new file mode 100755 index 0000000..eeb811e --- /dev/null +++ b/Install_Scripts/debian/resources/finish.sh @@ -0,0 +1,145 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh + +#database details +database_username=fusionpbx +if [ .$database_password = .'random' ]; then + database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +fi + +#allow the script to use the new password +export PGPASSWORD=$database_password + +#update the database password +#sudo -u postgres psql --host=$database_host --port=$database_port --username=$database_username -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';" +#sudo -u postgres psql --host=$database_host --port=$database_port --username=$database_username -c "ALTER USER freeswitch WITH PASSWORD '$database_password';" +sudo -u postgres psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';" +sudo -u postgres psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';" + +#install the database backup +cp backup/fusionpbx-backup /etc/cron.daily +cp backup/fusionpbx-maintenance /etc/cron.daily +chmod 755 /etc/cron.daily/fusionpbx-backup +chmod 755 /etc/cron.daily/fusionpbx-maintenance +sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-backup +sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-maintenance + +#add the config.php +mkdir -p /etc/fusionpbx +chown -R www-data:www-data /etc/fusionpbx +cp fusionpbx/config.php /etc/fusionpbx +sed -i /etc/fusionpbx/config.php -e s:"{database_host}:$database_host:" +sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:' +sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:" + +#add the database schema +cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1 + +#get the server hostname +if [ .$domain_name = .'hostname' ]; then + domain_name=$(hostname -f) +fi + +#get the ip address +if [ .$domain_name = .'ip_address' ]; then + domain_name=$(hostname -I | cut -d ' ' -f1) +fi + +#get the domain_uuid +domain_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); + +#add the domain name +psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');" + +#app defaults +cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php + +#add the user +user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); +user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); +user_name=$system_username +if [ .$system_password = .'random' ]; then + user_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +else + user_password=$system_password +fi +password_hash=$(php -r "echo md5('$user_salt$user_password');"); +psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');" + +#get the superadmin group_uuid +#echo "psql --host=$database_host --port=$database_port --username=$database_username -qtAX -c \"select group_uuid from v_groups where group_name = 'superadmin';\"" +group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -qtAX -c "select group_uuid from v_groups where group_name = 'superadmin';"); + +#add the user to the group +user_group_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); +group_name=superadmin +#echo "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');" +psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');" + +#update xml_cdr url, user and password +xml_cdr_username=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +xml_cdr_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:$database_host:" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:" + +#app defaults +cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade.php + +#restart freeswitch +/bin/systemctl daemon-reload +/bin/systemctl restart freeswitch + +#install the email_queue service +cp /var/www/fusionpbx/app/email_queue/resources/service/debian.service /etc/systemd/system/email_queue.service +systemctl enable email_queue +systemctl start email_queue +systemctl daemon-reload + +#install the event_guard service +cp /var/www/fusionpbx/app/event_guard/resources/service/debian.service /etc/systemd/system/event_guard.service +/bin/systemctl enable event_guard +/bin/systemctl start event_guard +/bin/systemctl daemon-reload + +#welcome message +echo "" +echo "" +verbose "Installation Notes. " +echo "" +echo " Please save the this information and reboot this system to complete the install. " +echo "" +echo " Use a web browser to login." +echo " domain name: https://$domain_name" +echo " username: $user_name" +echo " password: $user_password" +echo "" +echo " The domain name in the browser is used by default as part of the authentication." +echo " If you need to login to a different domain then use username@domain." +echo " username: $user_name@$domain_name"; +echo "" +echo " Official FusionPBX Training" +echo " Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com." +echo " Available online and in person. Includes documentation and recording." +echo "" +echo " Location: Online" +echo " Admin Training: TBA" +echo " Advanced Training: TBA" +echo " Continuing Education: https://www.fusionpbx.com/training" +echo " Timezone: https://www.timeanddate.com/weather/usa/idaho" +echo "" +echo " Additional information." +echo " https://fusionpbx.com/members.php" +echo " https://fusionpbx.com/training.php" +echo " https://fusionpbx.com/support.php" +echo " https://www.fusionpbx.com" +echo " http://docs.fusionpbx.com" +echo "" diff --git a/Install_Scripts/debian/resources/fusionpbx.sh b/Install_Scripts/debian/resources/fusionpbx.sh new file mode 100755 index 0000000..556b2e6 --- /dev/null +++ b/Install_Scripts/debian/resources/fusionpbx.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh + +#send a message +verbose "Installing FusionPBX" + +#install dependencies +apt-get install -y vim git dbus haveged ssl-cert qrencode +apt-get install -y ghostscript libtiff5-dev libtiff-tools at + +#get the branch +if [ .$system_branch = .'master' ]; then + verbose "Using master" + branch="" +else + system_major=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1) + system_minor=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $system_major.* | cut -d/ -f3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2) + system_version=$system_major.$system_minor + verbose "Using version $system_version" + branch="-b $system_version" +fi + +#add the cache directory +mkdir -p /var/cache/fusionpbx +chown -R www-data:www-data /var/cache/fusionpbx + +#get the source code +git clone $branch https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx +chown -R www-data:www-data /var/www/fusionpbx diff --git a/Install_Scripts/debian/resources/fusionpbx/config.php b/Install_Scripts/debian/resources/fusionpbx/config.php new file mode 100755 index 0000000..7d2df2c --- /dev/null +++ b/Install_Scripts/debian/resources/fusionpbx/config.php @@ -0,0 +1,47 @@ + + Portions created by the Initial Developer are Copyright (C) 2008-2016 + the Initial Developer. All Rights Reserved. + + Contributor(s): + Mark J Crane +*/ + +//set the database type + $db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection + +//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here. + //$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename + //$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable + +//pgsql: database connection information + $db_host = '{database_host}'; + $db_port = '5432'; + $db_name = 'fusionpbx'; + $db_username = '{database_username}'; + $db_password = '{database_password}'; + +//show errors + ini_set('display_errors', '1'); + //error_reporting (E_ALL); // Report everything + //error_reporting (E_ALL ^ E_NOTICE); // hide notices + error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings + +?> diff --git a/Install_Scripts/debian/resources/ioncube.sh b/Install_Scripts/debian/resources/ioncube.sh new file mode 100755 index 0000000..60d6d12 --- /dev/null +++ b/Install_Scripts/debian/resources/ioncube.sh @@ -0,0 +1,126 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#show cpu details +echo "cpu architecture: $cpu_architecture" +echo "cpu name: $cpu_name" + +#make sure unzip is install +apt-get install -y unzip + +#remove the ioncube directory if it exists +if [ -d "ioncube" ]; then + rm -Rf ioncube; +fi + +#get the ioncube load and unzip it +if [ .$cpu_architecture = .'x86' ]; then + #get the ioncube 64 bit loader + wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.zip + + #uncompress the file + unzip ioncube_loaders_lin_x86-64.zip + + #remove the zip file + rm ioncube_loaders_lin_x86-64.zip +elif [ .$cpu_architecture = ."arm" ]; then + if [ .$cpu_name = .'armv7l' ]; then + #get the ioncube 64 bit loader + wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_armv7l.zip + + #uncompress the file + unzip ioncube_loaders_lin_armv7l.zip + + #remove the zip file + rm ioncube_loaders_lin_armv7l.zip + fi +fi + +#set the version of php +if [ ."$os_codename" = ."bullseye" ]; then + php_version=7.4 +fi +if [ ."$os_codename" = ."buster" ]; then + php_version=7.3 +fi +if [ ."$os_codename" = ."stretch" ]; then + php_version=7.1 +fi +if [ ."$os_codename" = ."jessie" ]; then + php_version=7.1 +fi + +#copy the loader to the correct directory +if [ ."$php_version" = ."5.6" ]; then + #copy the php extension .so into the php lib directory + cp ioncube/ioncube_loader_lin_5.6.so /usr/lib/php5/20131226 + + #add the 00-ioncube.ini file + echo "zend_extension = /usr/lib/php5/20131226/ioncube_loader_lin_5.6.so" > /etc/php5/fpm/conf.d/00-ioncube.ini + echo "zend_extension = /usr/lib/php5/20131226/ioncube_loader_lin_5.6.so" > /etc/php5/cli/conf.d/00-ioncube.ini + + #restart the service + service php5-fpm restart +fi +if [ ."$php_version" = ."7.0" ]; then + #copy the php extension .so into the php lib directory + cp ioncube/ioncube_loader_lin_7.0.so /usr/lib/php/20151012 + + #add the 00-ioncube.ini file + echo "zend_extension = /usr/lib/php/20151012/ioncube_loader_lin_7.0.so" > /etc/php/7.0/fpm/conf.d/00-ioncube.ini + echo "zend_extension = /usr/lib/php/20151012/ioncube_loader_lin_7.0.so" > /etc/php/7.0/cli/conf.d/00-ioncube.ini + + #restart the service + service php7.0-fpm restart +fi +if [ ."$php_version" = ."7.1" ]; then + #copy the php extension .so into the php lib directory + cp ioncube/ioncube_loader_lin_7.1.so /usr/lib/php/20160303 + + #add the 00-ioncube.ini file + echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/fpm/conf.d/00-ioncube.ini + echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/cli/conf.d/00-ioncube.ini + + #restart the service + service php7.1-fpm restart +fi +if [ ."$php_version" = ."7.2" ]; then + #copy the php extension .so into the php lib directory + cp ioncube/ioncube_loader_lin_7.2.so /usr/lib/php/20170718 + + #add the 00-ioncube.ini file + echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/fpm/conf.d/00-ioncube.ini + echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/cli/conf.d/00-ioncube.ini + + #restart the service + service php7.2-fpm restart +fi +if [ ."$php_version" = ."7.3" ]; then + #copy the php extension .so into the php lib directory + cp ioncube/ioncube_loader_lin_7.3.so /usr/lib/php/20180731 + + #add the 00-ioncube.ini file + echo "zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so" > /etc/php/7.3/fpm/conf.d/00-ioncube.ini + echo "zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so" > /etc/php/7.3/cli/conf.d/00-ioncube.ini + + #restart the service + service php7.3-fpm restart +fi +if [ ."$php_version" = ."7.4" ]; then + #copy the php extension .so into the php lib directory + cp ioncube/ioncube_loader_lin_7.4.so /usr/lib/php/20190902 + + #add the 00-ioncube.ini file + echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/fpm/conf.d/00-ioncube.ini + echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/cli/conf.d/00-ioncube.ini + + #restart the service + service php7.4-fpm restart +fi diff --git a/Install_Scripts/debian/resources/iptables.sh b/Install_Scripts/debian/resources/iptables.sh new file mode 100755 index 0000000..b77b075 --- /dev/null +++ b/Install_Scripts/debian/resources/iptables.sh @@ -0,0 +1,68 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + + +#add the includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Configuring IPTables" + +#defaults to nftables by default this enables iptables +if [ ."$os_codename" = ."buster" ]; then + update-alternatives --set iptables /usr/sbin/iptables-legacy + update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy +fi +if [ ."$os_codename" = ."bullseye" ]; then + apt-get install -y iptables + update-alternatives --set iptables /usr/sbin/iptables-legacy + update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy +fi + +#remove ufw +ufw reset +ufw disable +apt-get remove -y ufw +#apt-get purge ufw + +#run iptables commands +iptables -A INPUT -i lo -j ACCEPT +iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "system " --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "system " --algo bm --icase +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "exec." --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "exec." --algo bm --icase +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase +iptables -A INPUT -p tcp --dport 22 -j ACCEPT +iptables -A INPUT -p tcp --dport 80 -j ACCEPT +iptables -A INPUT -p tcp --dport 443 -j ACCEPT +iptables -A INPUT -p tcp --dport 7443 -j ACCEPT +iptables -A INPUT -p tcp --dport 5060:5091 -j ACCEPT +iptables -A INPUT -p udp --dport 5060:5091 -j ACCEPT +iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT +iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT +iptables -A INPUT -p udp --dport 1194 -j ACCEPT +iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46 +iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 26 +iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 26 +iptables -P INPUT DROP +iptables -P FORWARD DROP +iptables -P OUTPUT ACCEPT + +#answer the questions for iptables persistent +echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections +echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections +apt-get install -y iptables-persistent diff --git a/Install_Scripts/debian/resources/letsencrypt.sh b/Install_Scripts/debian/resources/letsencrypt.sh new file mode 100755 index 0000000..dd486d9 --- /dev/null +++ b/Install_Scripts/debian/resources/letsencrypt.sh @@ -0,0 +1,130 @@ +#!/bin/sh + +# FusionPBX - Install +# Mark J Crane +# Copyright (C) 2018 +# All Rights Reserved. + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh + +#Add dependencies +apt-get install -y curl + +#remove dehyrdated letsencrypt script +rm /usr/local/sbin/dehydrated +rm -R /usr/src/dehydrated +#rm -R /etc/dehydrated/ +#rm -R /usr/src/dns-01-manual +#rm -R /var/www/dehydrated + +#request the domain name, email address and wild card domain +read -p 'Domain Name: ' domain_name +read -p 'Email Address: ' email_address + +#get and install dehydrated +cd /usr/src && git clone https://github.com/lukas2511/dehydrated.git +cd /usr/src/dehydrated +cp dehydrated /usr/local/sbin +mkdir -p /var/www/dehydrated +mkdir -p /etc/dehydrated/certs + +#wildcard detection +wildcard_domain=$(echo $domain_name | cut -c1-1) +if [ "$wildcard_domain" = "*" ]; then + wildcard_domain="true" +else + wildcard_domain="false" +fi + +#remove the wildcard and period +if [ .$wildcard_domain = ."true" ]; then + domain_name=$(echo "$domain_name" | cut -c3-255) +fi + +#manual dns hook +if [ .$wildcard_domain = ."true" ]; then + cd /usr/src + git clone https://github.com/gheja/dns-01-manual.git + cd /usr/src/dns-01-manual/ + cp hook.sh /etc/dehydrated/hook.sh + chmod 755 /etc/dehydrated/hook.sh +fi + +#copy config and hook.sh into /etc/dehydrated +cd /usr/src/dehydrated +cp docs/examples/config /etc/dehydrated +#cp docs/examples/hook.sh /etc/dehydrated + +#update the dehydrated config +#sed "s#CONTACT_EMAIL=#CONTACT_EMAIL=$email_address" -i /etc/dehydrated/config +sed -i 's/#CONTACT_EMAIL=/CONTACT_EMAIL="'"$email_address"'"/g' /etc/dehydrated/config +sed -i 's/#WELLKNOWN=/WELLKNOWN=/g' /etc/dehydrated/config + +#accept the terms +./dehydrated --register --accept-terms --config /etc/dehydrated/config + +#set the domain alias +domain_alias=$(echo "$domain_name" | head -n1 | cut -d " " -f1) + +#create an alias when using wildcard dns +if [ .$wildcard_domain = ."true" ]; then + echo "*.$domain_name > $domain_name" > /etc/dehydrated/domains.txt +fi + +#add the domain name to domains.txt +if [ .$wildcard_domain = ."false" ]; then + echo "$domain_name" > /etc/dehydrated/domains.txt +fi + +#request the certificates +if [ .$wildcard_domain = ."true" ]; then + ./dehydrated --cron --domain *.$domain_name --preferred-chain "ISRG Root X1" --algo rsa --alias $domain_alias --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge dns-01 --hook /etc/dehydrated/hook.sh +fi +if [ .$wildcard_domain = ."false" ]; then + ./dehydrated --cron --alias $domain_alias --preferred-chain "ISRG Root X1" --algo rsa --config /etc/dehydrated/config --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge http-01 +fi + +#make sure the nginx ssl directory exists +mkdir -p /etc/nginx/ssl + +#update nginx config +sed "s@ssl_certificate[ \t]*/etc/ssl/certs/nginx.crt;@ssl_certificate /etc/dehydrated/certs/$domain_alias/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx +sed "s@ssl_certificate_key[ \t]*/etc/ssl/private/nginx.key;@ssl_certificate_key /etc/dehydrated/certs/$domain_alias/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx + +#read the config +/usr/sbin/nginx -t && /usr/sbin/nginx -s reload + +#setup freeswitch tls +if [ .$switch_tls = ."true" ]; then + + #make sure the freeswitch directory exists + mkdir -p /etc/freeswitch/tls + + #make sure the freeswitch certificate directory is empty + rm /etc/freeswitch/tls/* + + #combine the certs into all.pem + cat /etc/dehydrated/certs/$domain_alias/fullchain.pem > /etc/freeswitch/tls/all.pem + cat /etc/dehydrated/certs/$domain_alias/privkey.pem >> /etc/freeswitch/tls/all.pem + #cat /etc/dehydrated/certs/$domain_alias/chain.pem >> /etc/freeswitch/tls/all.pem + + #copy the certificates + cp /etc/dehydrated/certs/$domain_alias/cert.pem /etc/freeswitch/tls + cp /etc/dehydrated/certs/$domain_alias/chain.pem /etc/freeswitch/tls + cp /etc/dehydrated/certs/$domain_alias/fullchain.pem /etc/freeswitch/tls + cp /etc/dehydrated/certs/$domain_alias/privkey.pem /etc/freeswitch/tls + + #add symbolic links + ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem + ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem + ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem + ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem + + #set the permissions + chown -R www-data:www-data /etc/freeswitch/tls + +fi diff --git a/Install_Scripts/debian/resources/letsencrypt/domain_name.conf b/Install_Scripts/debian/resources/letsencrypt/domain_name.conf new file mode 100755 index 0000000..a6705bf --- /dev/null +++ b/Install_Scripts/debian/resources/letsencrypt/domain_name.conf @@ -0,0 +1,22 @@ +# the domain we want to get the cert for; +# technically it's possible to have multiple of this lines, but it only worked +# with one domain for me, another one only got one cert, so I would recommend +# separate config files per domain. +domains = {domain_name} + +# increase key size +rsa-key-size = 2048 # Or 4096 + +# the current closed beta (as of 2015-Nov-07) is using this server +server = https://acme-v01.api.letsencrypt.org/directory + +# this address will receive renewal reminders +email = {email_address} + +# turn off the ncurses UI, we want this to be run as a cronjob +text = True + +# authenticate by placing a file in the webroot (under .well-known/acme-challenge/) +# and then letting LE fetch it +authenticator = webroot +webroot-path = /var/www/letsencrypt/ diff --git a/Install_Scripts/debian/resources/monit.sh b/Install_Scripts/debian/resources/monit.sh new file mode 100644 index 0000000..9e00d3d --- /dev/null +++ b/Install_Scripts/debian/resources/monit.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh + +#install monit +apt-get install -y monit + +#make the monit shell script executable +chmod 755 monit/shell.sh + +#copy the freeswitch monit config +cp monit/freeswitch /etc/monit/conf.d + +#restart monit +service monit restart diff --git a/Install_Scripts/debian/resources/monit/freeswitch b/Install_Scripts/debian/resources/monit/freeswitch new file mode 100644 index 0000000..f7d93ef --- /dev/null +++ b/Install_Scripts/debian/resources/monit/freeswitch @@ -0,0 +1,3 @@ +check process freeswitch with pidfile /run/freeswitch/freeswitch.pid +start program = "/usr/src/fusionpbx-install.sh/debian/resources/monit/./shell.sh" +stop program = "/usr/bin/freeswitch -stop" diff --git a/Install_Scripts/debian/resources/monit/shell.sh b/Install_Scripts/debian/resources/monit/shell.sh new file mode 100644 index 0000000..5b16695 --- /dev/null +++ b/Install_Scripts/debian/resources/monit/shell.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +mkdir -p /var/run/freeswitch +chown -R www-data:www-data /var/run/freeswitch +/usr/bin/freeswitch -nc -u www-data -g www-data -nonat diff --git a/Install_Scripts/debian/resources/nftables.sh b/Install_Scripts/debian/resources/nftables.sh new file mode 100644 index 0000000..4729c38 --- /dev/null +++ b/Install_Scripts/debian/resources/nftables.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#add the includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Configuring nftables" + +#run iptables commands +nft add rule ip filter INPUT iifname "lo" counter accept +nft add rule ip filter INPUT ct state related,established counter accept +nft add rule ip filter INPUT tcp dport 22 counter accept +nft add rule ip filter INPUT tcp dport 80 counter accept +nft add rule ip filter INPUT tcp dport 443 counter accept +nft add rule ip filter INPUT tcp dport 7443 counter accept +nft add rule ip filter INPUT tcp dport 5060-5091 counter accept +nft add rule ip filter INPUT udp dport 5060-5091 counter accept +nft add rule ip filter INPUT udp dport 16384-32768 counter accept +nft add rule ip filter INPUT icmp type echo-request counter accept +nft add rule ip filter INPUT udp dport 1194 counter accept +nft add rule ip mangle OUTPUT udp sport 16384-32768 counter ip dscp set 0x2e +nft add rule ip mangle OUTPUT tcp sport 5060-5091 counter ip dscp set 0x1a +nft add rule ip mangle OUTPUT udp sport 5060-5091 counter ip dscp set 0x1a + + diff --git a/Install_Scripts/debian/resources/nginx.sh b/Install_Scripts/debian/resources/nginx.sh new file mode 100755 index 0000000..d12d013 --- /dev/null +++ b/Install_Scripts/debian/resources/nginx.sh @@ -0,0 +1,84 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Installing the web server" + +#change the version of php for arm +if [ ."$cpu_architecture" = ."arm" ]; then + #Pi2 and Pi3 Raspbian + #Odroid + if [ ."$os_codename" = ."stretch" ]; then + php_version=7.2 + else + php_version=5.6 + fi +fi + +#set the version of php +if [ ."$os_codename" = ."bullseye" ]; then + php_version=7.4 +fi +if [ ."$os_codename" = ."buster" ]; then + php_version=7.3 +fi +if [ ."$os_codename" = ."stretch" ]; then + php_version=7.1 +fi +if [ ."$os_codename" = ."jessie" ]; then + php_version=7.1 +fi + +#enable fusionpbx nginx config +cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx + +#prepare socket name +if [ ."$php_version" = ."5.6" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g' +fi +if [ ."$php_version" = ."7.0" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g' +fi +if [ ."$php_version" = ."7.1" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g' +fi +if [ ."$php_version" = ."7.2" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.2-fpm.sock;#g' +fi +if [ ."$php_version" = ."7.3" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.3-fpm.sock;#g' +fi +if [ ."$php_version" = ."7.4" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.4-fpm.sock;#g' +fi +ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx + +#self signed certificate +ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key +ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt + +#remove the default site +rm /etc/nginx/sites-enabled/default + +#update config if LetsEncrypt folder is unwanted +# if [ .$letsencrypt_folder = .false ]; then +# sed -i '151,155d' /etc/nginx/sites-available/fusionpbx +# fi + +#add the letsencrypt directory +if [ .$letsencrypt_folder = .true ]; then + mkdir -p /var/www/letsencrypt/ +fi + +#flush systemd cache +systemctl daemon-reload + +#restart nginx +service nginx restart diff --git a/Install_Scripts/debian/resources/nginx/fusionpbx b/Install_Scripts/debian/resources/nginx/fusionpbx new file mode 100755 index 0000000..30988bc --- /dev/null +++ b/Install_Scripts/debian/resources/nginx/fusionpbx @@ -0,0 +1,305 @@ + +server { + listen 127.0.0.1:80; + server_name 127.0.0.1; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 80M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Allow the upgrade routines to run longer than normal + location = /core/upgrade/index.php { + fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + fastcgi_read_timeout 15m; + } + + # Disable viewing .htaccess & .htpassword & .db & .git + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } + location ~ /\.git { + deny all; + } + location ~ /\.lua { + deny all; + } + location ~ /\. { + deny all; + } +} + +server { + listen 80; + server_name fusionpbx; + + #redirect letsencrypt to dehydrated + location ^~ /.well-known/acme-challenge { + default_type "text/plain"; + auth_basic "off"; + alias /var/www/dehydrated; + } + + #rewrite rule - send to https with an exception for provisioning + if ($uri !~* ^.*(provision|xml_cdr|firmware).*$) { + rewrite ^(.*) https://$host$1 permanent; + break; + } + + #REST api + if ($uri ~* ^.*/api/.*$) { + rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last; + break; + } + + #algo + rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last; + + #mitel + rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last; + rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last; + + #grandstream + rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1; + rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml; + rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last; + #grandstream-wave softphone by ext because Android doesn't pass MAC. + rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1; + + #aastra + rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg; + #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last; + + #yealink + #rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2; + rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last; + + #polycom + rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg"; + #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2; + rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg"; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml"; + + #cisco + rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last; + rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml; + + #Escene + rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last; + rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last; + + #Vtech + rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml; + + #Digium + rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg"; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg"; + + #Snom + rewrite "^.*/provision/-([A-Fa-f0-9]{12})?$" /app/provision/index.php?mac=$1; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 80M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Allow the upgrade routines to run longer than normal + location = /core/upgrade/index.php { + fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + fastcgi_read_timeout 15m; + } + + # Disable viewing .htaccess & .htpassword & .db & .git + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } + location ~ /\.git { + deny all; + } + location ~ /\.lua { + deny all; + } + location ~ /\. { + deny all; + } +} + +server { + listen 443 ssl; + #listen 443 ssl http2; + server_name fusionpbx; + + ssl_certificate /etc/ssl/certs/nginx.crt; + ssl_certificate_key /etc/ssl/private/nginx.key; + ssl_protocols TLSv1.2 TLSv1.3; + #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_ciphers DHE-RSA-AES256-SHA:AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_session_cache shared:SSL:40m; + ssl_session_timeout 2h; + ssl_session_tickets off; + + #redirect letsencrypt to dehydrated + location ^~ /.well-known/acme-challenge { + default_type "text/plain"; + auth_basic "off"; + alias /var/www/dehydrated; + } + + #REST api + if ($uri ~* ^.*/api/.*$) { + rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last; + break; + } + + #message media + rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last; + + #algo + rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last; + + #mitel + rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last; + rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last; + + #grandstream + rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1; + rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml; + rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last; + #grandstream-wave softphone by ext because Android doesn't pass MAC. + rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1; + + #aastra + rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg; + #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last; + + #yealink + #rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2; + rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last; + + #polycom + rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg"; + #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2; + rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg"; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml"; + + #cisco + rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last; + rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml; + + #Escene + rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last; + rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last; + + #Vtech + rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml; + + #Digium + rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg"; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg"; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 80M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Allow the upgrade routines to run longer than normal + location = /core/upgrade/index.php { + fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + fastcgi_read_timeout 15m; + } + + # Disable viewing .htaccess & .htpassword & .db & .git + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } + location ~ /\.git { + deny all; + } + location ~ /\.lua { + deny all; + } + location ~ /\. { + deny all; + } +} diff --git a/Install_Scripts/debian/resources/php.sh b/Install_Scripts/debian/resources/php.sh new file mode 100755 index 0000000..0ad92e3 --- /dev/null +++ b/Install_Scripts/debian/resources/php.sh @@ -0,0 +1,139 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Configuring PHP" + +#add the repository +if [ ."$os_name" = ."Ubuntu" ]; then + #16.10.x - */yakkety/ + #16.04.x - */xenial/ + #14.04.x - */trusty/ + if [ ."$os_codename" = ."trusty" ]; then + which add-apt-repository || apt-get install -y software-properties-common + LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php + fi +elif [ ."$cpu_architecture" = ."arm" ]; then + #Pi2 and Pi3 Raspbian, #Odroid + #if [ ."$os_codename" = ."stretch" ]; then + # php_version=7.0 + #fi + if [ ."$os_codename" = ."buster" ]; then + php_version=7.3 + fi + if [ ."$os_codename" = ."bullseye" ]; then + php_version=7.4 + fi +else + #11.x - bullseye + #10.x - buster + #9.x - stretch + #8.x - jessie + apt-get -y install apt-transport-https lsb-release ca-certificates + if [ ."$os_codename" = ."jessie" ]; then + wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg + sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' + fi + if [ ."$os_codename" = ."stretch" ]; then + wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg + sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' + fi + if [ ."$os_codename" = ."buster" ]; then + php_version=7.3 + fi + if [ ."$os_codename" = ."bullseye" ]; then + php_version=7.4 + fi +fi +apt-get update -y + +#install dependencies +apt-get install -y nginx +if [ ."$php_version" = ."" ]; then + apt-get install -y php php-cli php-fpm php-pgsql php-sqlite3 php-odbc php-curl php-imap php-xml php-gd +fi +if [ ."$php_version" = ."5.6" ]; then + apt-get install -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-gd +fi +if [ ."$php_version" = ."7.0" ]; then + apt-get install -y php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-xml php7.0-gd php7.0-mbstring +fi +if [ ."$php_version" = ."7.1" ]; then + apt-get install -y php7.1 php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd php7.1-mbstring +fi +if [ ."$php_version" = ."7.2" ]; then + apt-get install -y php7.2 php7.2-cli php7.2-fpm php7.2-pgsql php7.2-sqlite3 php7.2-odbc php7.2-curl php7.2-imap php7.2-xml php7.2-gd php7.2-mbstring +fi +if [ ."$php_version" = ."7.3" ]; then + apt-get install -y php7.3 php7.3-cli php7.3-fpm php7.3-pgsql php7.3-sqlite3 php7.3-odbc php7.3-curl php7.3-imap php7.3-xml php7.3-gd php7.3-mbstring +fi +if [ ."$php_version" = ."7.4" ]; then + apt-get install -y php7.4 php7.4-cli php7.4-dev php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd php7.4-mbstring +fi + +#update config if source is being used +if [ ."$php_version" = ."5" ]; then + verbose "version 5.x" + php_ini_file='/etc/php5/fpm/php.ini' +fi +if [ ."$php_version" = ."7.0" ]; then + verbose "version 7.0" + php_ini_file='/etc/php/7.0/fpm/php.ini' +fi +if [ ."$php_version" = ."7.1" ]; then + verbose "version 7.1" + php_ini_file='/etc/php/7.1/fpm/php.ini' +fi +if [ ."$php_version" = ."7.2" ]; then + verbose "version 7.2" + php_ini_file='/etc/php/7.2/fpm/php.ini' +fi +if [ ."$php_version" = ."7.3" ]; then + verbose "version 7.3" + php_ini_file='/etc/php/7.3/fpm/php.ini' +fi +if [ ."$php_version" = ."7.4" ]; then + verbose "version 7.4" + php_ini_file='/etc/php/7.4/fpm/php.ini' +fi +sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file +sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file +sed 's#;max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file +sed 's#; max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file + +#install ioncube +if [ .$cpu_architecture = .'x86' ]; then + . ./ioncube.sh +fi + +#restart php-fpm +systemctl daemon-reload +if [ ."$php_version" = ."5.6" ]; then + systemctl restart php5-fpm +fi +if [ ."$php_version" = ."7.0" ]; then + systemctl restart php7.0-fpm +fi +if [ ."$php_version" = ."7.1" ]; then + systemctl restart php7.1-fpm +fi +if [ ."$php_version" = ."7.2" ]; then + systemctl restart php7.2-fpm +fi +if [ ."$php_version" = ."7.3" ]; then + systemctl restart php7.3-fpm +fi +if [ ."$php_version" = ."7.4" ]; then + systemctl restart php7.4-fpm +fi + +#init.d +#/usr/sbin/service php5-fpm restart +#/usr/sbin/service php7.0-fpm restart diff --git a/Install_Scripts/debian/resources/postgresql.sh b/Install_Scripts/debian/resources/postgresql.sh new file mode 100755 index 0000000..5057890 --- /dev/null +++ b/Install_Scripts/debian/resources/postgresql.sh @@ -0,0 +1,116 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +echo "Install PostgreSQL" + +#generate a random password +password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64) + +#install message +echo "Install PostgreSQL and create the database and users\n" + +#included in the distribution +if [ ."$database_repo" = ."system" ]; then + if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then + apt-get install -y sudo postgresql + else + apt-get install -y sudo postgresql-client + fi +fi + +#postgres official repository +if [ ."$database_repo" = ."official" ]; then + if [ ."$os_codename" = ."jessie" ]; then + echo "deb http://apt.postgresql.org/pub/repos/apt/ $os_codename-pgdg main" > /etc/apt/sources.list.d/postgresql.list + wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - + apt-get update && apt-get upgrade -y + fi + if [ ."$os_codename" = ."stretch" ]; then + echo "deb http://apt.postgresql.org/pub/repos/apt/ $os_codename-pgdg main" > /etc/apt/sources.list.d/postgresql.list + wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - + apt-get update && apt-get upgrade -y + fi + if [ ."$os_codename" = ."buster" ]; then + echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main" > /etc/apt/sources.list.d/postgresql.list + wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - + fi + if [ ."$os_codename" = ."bullseye" ]; then + echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main" > /etc/apt/sources.list.d/postgresql.list + wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - + fi + if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then + if [ ."$database_version" = ."latest" ]; then + apt-get install -y sudo postgresql + fi + if [ ."$database_version" = ."9.6" ]; then + apt-get install -y sudo postgresql-$database_version + fi + if [ ."$database_version" = ."9.4" ]; then + apt-get install -y sudo postgresql-$database_version + fi + else + apt-get install -y sudo postgresql-client + fi +fi + +#add PostgreSQL and 2ndquadrant repos +if [ ."$database_repo" = ."2ndquadrant" ]; then + if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then + apt install -y curl + curl https://dl.2ndquadrant.com/default/release/get/deb | bash + if [ ."$os_codename" = ."buster" ]; then + sed -i /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list -e 's#buster#stretch#g' + fi + if [ ."$os_codename" = ."bullseye" ]; then + sed -i /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list -e 's#bullseye#stretch#g' + fi + apt update + apt-get install -y sudo postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4 + fi +fi + +#systemd +if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then + systemctl daemon-reload + systemctl restart postgresql +fi + +#init.d +#/usr/sbin/service postgresql restart + +#install the database backup +#cp backup/fusionpbx-backup /etc/cron.daily +#cp backup/fusionpbx-maintenance /etc/cron.daily +#chmod 755 /etc/cron.daily/fusionpbx-backup +#chmod 755 /etc/cron.daily/fusionpbx-maintenance +#sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-backup +#sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-maintenance + +#move to /tmp to prevent a red herring error when running sudo with psql +cwd=$(pwd) +cd /tmp + +if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then + # add the databases, users and grant permissions to them + sudo -u postgres psql -c "CREATE DATABASE fusionpbx;"; + sudo -u postgres psql -c "CREATE DATABASE freeswitch;"; + sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';" + sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';" + sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;" + sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;" + sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;" + # ALTER USER fusionpbx WITH PASSWORD 'newpassword'; +fi + +cd $cwd + +#set the ip address +#server_address=$(hostname -I) diff --git a/Install_Scripts/debian/resources/postgresql/create.sh b/Install_Scripts/debian/resources/postgresql/create.sh new file mode 100755 index 0000000..6de2cbc --- /dev/null +++ b/Install_Scripts/debian/resources/postgresql/create.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the working directory +cwd=$(pwd) +cd /tmp + +#set client encoding +sudo -u postgres psql -p $database_port -c "SET client_encoding = 'UTF8';"; + +#add the database users and databases +sudo -u postgres psql -p $database_port -c "CREATE DATABASE fusionpbx;"; +sudo -u postgres psql -p $database_port -c "CREATE DATABASE freeswitch;"; + +#add the users and grant permissions +sudo -u postgres psql -p $database_port -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';" +sudo -u postgres psql -p $database_port -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$database_password';" +sudo -u postgres psql -p $database_port -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;" +sudo -u postgres psql -p $database_port -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;" +sudo -u postgres psql -p $database_port -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;" + +#reload the config +sudo -u postgres psql -p $database_port -c "SELECT pg_reload_conf();" + +#restart postgres +#systemctl restart postgresql diff --git a/Install_Scripts/debian/resources/postgresql/dsn.sh b/Install_Scripts/debian/resources/postgresql/dsn.sh new file mode 100755 index 0000000..7728d1d --- /dev/null +++ b/Install_Scripts/debian/resources/postgresql/dsn.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the date +now=$(date +%Y-%m-%d) + +#get the database password +if [ .$database_password = .'random' ]; then + read -p "Enter the database password: " database_password +fi + +#whether to load the schema +read -p "Auto create schemas (y/n): " auto_create_schema + +#whether to load the schema +read -p "Load schema with primary keys (y/n): " load_schema + +#set PGPASSWORD +export PGPASSWORD=$database_password + +#disable auto create schemas +if [ .$auto_create_schema = ."n" ]; then + sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'::' +fi + +#load the schema +if [ .$load_schema = ."y" ]; then + sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d freeswitch -c "create extension pgcrypto;"; + sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d freeswitch -f /var/www/fusionpbx/resources/install/sql/switch.sql -L /tmp/schema.log; +fi + +#enable odbc-dsn in the xml +sed -i /etc/freeswitch/autoload_configs/db.conf.xml -e s:'::' +sed -i /etc/freeswitch/autoload_configs/fifo.conf.xml -e s:'::' +sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'::' + +#enable odbc-dsn in the sip profiles +sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "update v_sip_profile_settings set sip_profile_setting_enabled = 'true' where sip_profile_setting_name = 'odbc-dsn';"; + +#add the dsn variables +sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);"; +sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'pgsql://hostaddr=$database_host port=$database_port dbname=freeswitch user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);"; +sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///var/lib/freeswitch/db/callcenter.db', 'DSN', 'true', '0', null, null);"; + +#add the +echo "" >> /etc/freeswitch/vars.xml +echo "" >> /etc/freeswitch/vars.xml +echo "" >> /etc/freeswitch/vars.xml +echo "" >> /etc/freeswitch/vars.xml + +#remove the sqlite database files +dbs="/var/lib/freeswitch/db/core.db /var/lib/freeswitch/db/fifo.db /var/lib/freeswitch/db/call_limit.db /var/lib/freeswitch/db/sofia_reg_*" +for db in ${dbs}; +do + if [ -f $db ]; then + echo "Deleting $db"; + rm $db + fi +done + +#flush memcache +/usr/bin/fs_cli -x 'memcache flush' + +#restart freeswitch +service freeswitch restart diff --git a/Install_Scripts/debian/resources/postgresql/empty.sh b/Install_Scripts/debian/resources/postgresql/empty.sh new file mode 100755 index 0000000..e65914c --- /dev/null +++ b/Install_Scripts/debian/resources/postgresql/empty.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +#database settings +db_host=127.0.0.1 +db_port=5432 + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the database password +export PGPASSWORD=$database_password + +#set the date +now=$(date +%Y-%m-%d) + +#make sure the backup directory exists +mkdir -p /var/backups/fusionpbx/postgresql + +#backup the database +pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_auto_$now.sql + +#empty the fusionpbx database +sudo -u postgres psql -d fusionpbx -c "drop schema public cascade;"; +sudo -u postgres psql -d fusionpbx -c "create schema public;"; diff --git a/Install_Scripts/debian/resources/postgresql/iptables.sh b/Install_Scripts/debian/resources/postgresql/iptables.sh new file mode 100755 index 0000000..5116b86 --- /dev/null +++ b/Install_Scripts/debian/resources/postgresql/iptables.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the date +now=$(date +%Y-%m-%d) + +#show this server's addresses +server_address=$(hostname -I); +echo "This Server Address: $server_address" + +#nodes addresses +read -p "Enter all Node IP Addresses: " nodes + +#determine whether to add iptable rules +read -p 'Add iptable rules (y/n): ' iptables_add + +#settings summary +echo "-----------------------------"; +echo " Summary"; +echo "-----------------------------"; +echo "All Node IP Addresses: $nodes"; +echo "Add iptable rules: $iptables_add"; +echo ""; + +#verify +read -p 'Is the information correct (y/n): ' verified +if [ .$verified != ."y" ]; then + echo "Goodbye"; + exit 0; +fi + +#iptables rules +if [ .$iptables_add = ."y" ]; then + for node in $nodes; do + /usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32 + /usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 22000 -s ${node}/32 + done + apt-get remove iptables-persistent -y + echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections + apt-get install -y iptables-persistent +fi + +#set the working directory +cwd=$(pwd) +cd /tmp + +#message to user +echo "Completed" diff --git a/Install_Scripts/debian/resources/postgresql/node.sh b/Install_Scripts/debian/resources/postgresql/node.sh new file mode 100755 index 0000000..fadf2f3 --- /dev/null +++ b/Install_Scripts/debian/resources/postgresql/node.sh @@ -0,0 +1,177 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the date +now=$(date +%Y-%m-%d) + +#set the database password +if [ .$database_password = .'random' ]; then + database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +fi + +#show this server's addresses +server_address=$(hostname -I); +echo "This Server Address: $server_address" + +#nodes addresses +read -p "Enter all Node IP Addresses: " nodes + +#request the domain and email +read -p 'Create Group (y/n): ' group_create +if [ .$group_create = ."y" ]; then + read -p 'Enter this Nodes Address: ' node_1; +else + read -p 'Join using node already in group: ' node_1; + read -p 'Enter this Nodes Address: ' node_2; +fi + +#determine which database to replicate +read -p 'Replicate the FusionPBX Database (y/n): ' system_replicate + +#determine which database to replicate +read -p 'Replicate the FreeSWITCH Database (y/n): ' switch_replicate + +#determine whether to add iptable rules +read -p 'Add iptable rules (y/n): ' iptables_add + +#settings summary +echo "-----------------------------"; +echo " Summary"; +echo "-----------------------------"; +echo "Create Group: $group_create"; +echo "All Node IP Addresses: $nodes"; +if [ .$group_create = ."y" ]; then + echo "This Nodes Address: $node_1"; +else + echo "Join using node in group: $node_1"; + echo "This Node Address: $node_2"; +fi +echo "Replicate the FusionPBX Database: $system_replicate"; +echo "Replicate the FreeSWITCH Database: $switch_replicate"; +echo "Add iptable rules: $iptables_add"; +echo ""; + +#verify +read -p 'Is the information correct (y/n): ' verified +if [ .$verified != ."y" ]; then + echo "Goodbye"; + exit 0; +fi + +#add the 2ndquadrant repo +if [ .$database_version = ."9.6" ]; then + echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' > /etc/apt/sources.list.d/2ndquadrant.list + /usr/bin/wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add - + apt-get update && apt-get upgrade -y + apt-get install -y sudo postgresql-9.6-bdr-plugin +fi + +#iptables rules +if [ .$iptables_add = ."y" ]; then + for node in $nodes; do + /usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32 + /usr/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 22000 -s ${node}/32 + done + apt-get remove iptables-persistent -y + echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections + apt-get install -y iptables-persistent + systemctl restart fail2ban +fi + +#setup ssl +sed -i /etc/postgresql/$database_version/main/postgresql.conf -e s:'snakeoil.key:snakeoil-postgres.key:' +cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil-postgres.key +chown postgres:postgres /etc/ssl/private/ssl-cert-snakeoil-postgres.key +chmod 600 /etc/ssl/private/ssl-cert-snakeoil-postgres.key + +#postgresql.conf - append settings +cp /etc/postgresql/$database_version/main/postgresql.conf /etc/postgresql/$database_version/main/postgresql.conf-$now +#cat ../postgresql/postgresql.conf > /etc/postgresql/$database_version/main/postgresql.conf +echo "listen_addresses = '*'" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "#listen_addresses = '127.0.0.1,xxx.xxx.xxx.xxx'" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "shared_preload_libraries = 'bdr'" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "wal_level = 'logical'" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "track_commit_timestamp = on" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "max_connections = 100" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "max_wal_senders = 10" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "max_replication_slots = 48" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "max_worker_processes = 48" >> /etc/postgresql/$database_version/main/postgresql.conf + +#pg_hba.conf - append settings +cp /etc/postgresql/$database_version/main/pg_hba.conf /etc/postgresql/$database_version/main/pg_hba.conf-$now +cat ../postgresql/pg_hba.conf > /etc/postgresql/$database_version/main/pg_hba.conf +#chmod 640 /etc/postgresql/$database_version/main/pg_hba.conf +#chown -R postgres:postgres /etc/postgresql/$database_version/main +echo "host all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +echo "hostssl all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +echo "hostssl replication postgres 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +for node in $nodes; do + echo "host all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf + echo "hostssl all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf + echo "hostssl replication postgres ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +done + + +#reload configuration +systemctl daemon-reload + +#reload the config +sudo -u postgres psql -p $database_port -c "SELECT pg_reload_conf();" + +#restart postgres +systemctl restart postgresql + +#set the working directory +cwd=$(pwd) +cd /tmp + +#add the postgres extensions +sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION btree_gist;"; +sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION bdr;"; +sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION btree_gist;"; +sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION bdr;"; + +#add master nodes +if [ .$group_create = ."y" ]; then + #add first node + if [ .$system_replicate = ."y" ]; then + sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');"; + fi + if [ .$switch_replicate = ."y" ]; then + sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');"; + fi +else + #add additional master nodes + if [ .$system_replicate = ."y" ]; then + sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');"; + fi + if [ .$switch_replicate = ."y" ]; then + sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');"; + fi +fi + +#load the freeswitch database +#sudo -u postgres psql -d freeswitch -f /var/www/fusionpbx/resources/install/sql/switch.sql -L /tmp/switch-sql.log + +#sleeping +if [ .$group_create = ."n" ]; then + echo "Sleeping for 15 seconds"; + for i in `seq 1 15`; do + echo $i + sleep 1 + done +fi + +#add extension pgcrypto +if [ .$group_create = ."n" ]; then + sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION pgcrypto;"; +fi + +#message to user +echo "Completed" diff --git a/Install_Scripts/debian/resources/postgresql/pg_hba.conf b/Install_Scripts/debian/resources/postgresql/pg_hba.conf new file mode 100755 index 0000000..8e8dae9 --- /dev/null +++ b/Install_Scripts/debian/resources/postgresql/pg_hba.conf @@ -0,0 +1,97 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", +# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that +# "password" sends passwords in clear text; "md5" is preferred since +# it sends encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can +# use "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database superuser can access the database using some other method. +# Noninteractive access to all databases is required during automatic +# maintenance (custom daily cronjobs, replication, and similar tasks). +# +# Database administrative login by Unix domain socket +local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all peer +# IPv4 local connections: +host all all 127.0.0.1/32 trust +# IPv6 local connections: +host all all ::1/128 md5 +# Allow replication connections from localhost, by a user with the +# replication privilege. +#local replication postgres peer +#host replication postgres 127.0.0.1/32 md5 +#host replication postgres ::1/128 md5 diff --git a/Install_Scripts/debian/resources/postgresql/pg_hba.sh b/Install_Scripts/debian/resources/postgresql/pg_hba.sh new file mode 100755 index 0000000..4609a91 --- /dev/null +++ b/Install_Scripts/debian/resources/postgresql/pg_hba.sh @@ -0,0 +1,62 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the date +now=$(date +%Y-%m-%d) + +#show this server's addresses +server_address=$(hostname -I); +echo "This Server Address: $server_address" + +#nodes addresses +read -p "Enter all Node IP Addresses: " nodes + +#determine whether to add iptable rules +read -p 'Add ip address to pg_hba (y/n): ' pg_hba_add + +#settings summary +echo "-----------------------------"; +echo " Summary"; +echo "-----------------------------"; +echo "All Node IP Addresses: $nodes"; +echo "Add ip addresses to pg_hba: $pg_hba_add"; +echo ""; + +#verify +read -p 'Is the information correct (y/n): ' verified +if [ .$verified != ."y" ]; then + echo "Goodbye"; + exit 0; +fi + +#pg_hba.conf - append settings +cp /etc/postgresql/$database_version/main/pg_hba.conf /etc/postgresql/$database_version/main/pg_hba.conf-$now +cat ../postgresql/pg_hba.conf > /etc/postgresql/$database_version/main/pg_hba.conf +#chmod 640 /etc/postgresql/$database_version/main/pg_hba.conf +#chown -R postgres:postgres /etc/postgresql/$database_version/main +echo "host all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +echo "hostssl all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +echo "hostssl replication postgres 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +for node in $nodes; do + echo "host all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf + echo "hostssl all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf + echo "hostssl replication postgres ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +done + +#reload configuration +systemctl daemon-reload + +#restart postgres +service postgresql restart + +#set the working directory +cwd=$(pwd) +cd /tmp + +#message to user +echo "Completed" diff --git a/Install_Scripts/debian/resources/postgresql/postgresql.conf b/Install_Scripts/debian/resources/postgresql/postgresql.conf new file mode 100755 index 0000000..e0c0b75 --- /dev/null +++ b/Install_Scripts/debian/resources/postgresql/postgresql.conf @@ -0,0 +1,618 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, or use "pg_ctl reload". Some +# parameters, which are marked below, require a server shutdown and restart to +# take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +data_directory = '/var/lib/postgresql/9.4/main' # use data in another directory + # (change requires restart) +hba_file = '/etc/postgresql/9.4/main/pg_hba.conf' # host-based authentication file + # (change requires restart) +ident_file = '/etc/postgresql/9.4/main/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +external_pid_file = '/var/run/postgresql/9.4-main.pid' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +#listen_addresses = 'localhost' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +ssl = true # (change requires restart) +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + # (change requires restart) +#ssl_prefer_server_ciphers = on # (change requires restart) +#ssl_ecdh_curve = 'prime256v1' # (change requires restart) +#ssl_renegotiation_limit = 0 # amount of data between renegotiations +ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change requires restart) +ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil-postgres.key' # (change requires restart) +#ssl_ca_file = '' # (change requires restart) +#ssl_crl_file = '' # (change requires restart) +#password_encryption = on +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + +# - Disk - + +#temp_file_limit = -1 # limits per-session temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +#wal_level = minimal # minimal, archive, hot_standby, or logical + # (change requires restart) +#fsync = on # turns forced synchronization on or off +#synchronous_commit = on # synchronization level; + # off, local, remote_write, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each +#checkpoint_timeout = 5min # range 30s-1h +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # allows archiving to be done + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +#max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +#max_replication_slots = 0 # max number of replication slots +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = off # "on" allows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'pg_log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' + +# This is only relevant when logging to eventlog (win32): +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'UTC' + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#update_process_title = on +stats_temp_directory = '/var/run/postgresql/9.4-main.pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user",public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'UTC' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'en_US.UTF-8' # locale for system error message + # strings +lc_monetary = 'en_US.UTF-8' # locale for monetary formatting +lc_numeric = 'en_US.UTF-8' # locale for number formatting +lc_time = 'en_US.UTF-8' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#quote_all_identifiers = off +#sql_inheritance = on +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here +listen_addresses = '*' +#listen_addresses = '127.0.0.1,xxx.xxx.xxx.xxx' +shared_preload_libraries = 'bdr' +wal_level = 'logical' +track_commit_timestamp = on +max_connections = 100 +max_wal_senders = 10 +max_replication_slots = 48 +max_worker_processes = 48 diff --git a/Install_Scripts/debian/resources/random.sh b/Install_Scripts/debian/resources/random.sh new file mode 100755 index 0000000..d00fc00 --- /dev/null +++ b/Install_Scripts/debian/resources/random.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +random=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +echo $random diff --git a/Install_Scripts/debian/resources/reboot_phones.sh b/Install_Scripts/debian/resources/reboot_phones.sh new file mode 100755 index 0000000..17e6611 --- /dev/null +++ b/Install_Scripts/debian/resources/reboot_phones.sh @@ -0,0 +1,37 @@ +#!/bin/bash +#This script will reboot all the phones in a particular domain for a specified model. A pause is optional. + +#gather parameters +read -p "Enter the Domain to Reboot (example: abc.net):" domain +read -p "Enter the phone type to reboot (polycom, yealink, cisco):" vendor +read -p "Enter the time in seconds to pause between phones:" pausetime + +#create a temp file +NOW=$(date +"%Y%m%d_%H%M%S") +FILE="registrations-$NOW.csv" + +#gather the registrations from freeswitch +eval 'fs_cli -x "show registrations" > $FILE' + +#create some variables +N=0 +ARR=() + +#set the internal field separator +IFS="," +INPUT=$FILE + +#Loop through the registrations and reboot +[ ! -f $INPUT ] &while read reg_user realm extra +do + if [ ."$realm" = ."$domain" ]; then + eval 'fs_cli -x "luarun app.lua event_notify internal reboot $reg_user@$realm $vendor"' + if [ "$pausetime" > 0 ]; then + sleep $pausetime + fi + fi +done < $INPUT +IFS=$OLDIFS + +#remove the file +rm $FILE diff --git a/Install_Scripts/debian/resources/reset_admin_password.sh b/Install_Scripts/debian/resources/reset_admin_password.sh new file mode 100755 index 0000000..75bd60c --- /dev/null +++ b/Install_Scripts/debian/resources/reset_admin_password.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh + +#count the users +admin_users=$(sudo -u postgres psql fusionpbx -Atc "select count(*) from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'") + +if [ .$admin_users = .'0' ]; then + error "i could not find the user '$system_username' in the database, check your resources/config.sh is correct" +elif [ .$admin_users = .'' ]; then + error "something went wrong, see errors above"; +else + admin_uuids=$(sudo -u postgres psql fusionpbx -Atc "select v_users.user_uuid from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'") + for admin_uuid in $admin_uuids; do + user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); + if [ .$system_password = .'random' ]; then + user_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g') + else + user_password=$system_password + fi + password_hash=$(php -r "echo md5('$user_salt$user_password');"); + sudo -u postgres psql fusionpbx -c "update v_users SET password='$password_hash', salt='$user_salt' where user_uuid='$admin_uuid'" + admin_domain=$(sudo -u postgres psql fusionpbx -Atc "select domain_name from v_users JOIN v_domains USING (domain_uuid) where username='$system_username'") + verbose " $system_username@$admin_domain has had it's password reset." + verbose " password: $user_password" + done +fi diff --git a/Install_Scripts/debian/resources/sngrep.sh b/Install_Scripts/debian/resources/sngrep.sh new file mode 100755 index 0000000..94c887e --- /dev/null +++ b/Install_Scripts/debian/resources/sngrep.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#add sngrep +if [ ."$cpu_architecture" = ."arm" ]; then + #source install + apt-get install -y git autoconf automake gcc make libncurses5-dev libpcap-dev libssl-dev libpcre3-dev + cd /usr/src && git clone https://github.com/irontec/sngrep + cd /usr/src/sngrep && ./bootstrap.sh + cd /usr/src/sngrep && ./configure + cd /usr/src/sngrep && make install +else + #package install + if [ ."$os_codename" = ."jessie" ]; then + echo "deb http://packages.irontec.com/debian $os_codename main" > /etc/apt/sources.list.d/sngrep.list + wget http://packages.irontec.com/public.key -q -O - | apt-key add - + fi + apt-get update + apt-get install -y sngrep +fi diff --git a/Install_Scripts/debian/resources/switch.sh b/Install_Scripts/debian/resources/switch.sh new file mode 100755 index 0000000..d74dfe9 --- /dev/null +++ b/Install_Scripts/debian/resources/switch.sh @@ -0,0 +1,52 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./environment.sh + +if [ .$switch_source = .true ]; then + if [ ."$switch_branch" = "master" ]; then + switch/source-master.sh + else + switch/source-release.sh + fi + + #copy the switch conf files to /etc/freeswitch + switch/conf-copy.sh + + #set the file permissions + #switch/source-permissions.sh + switch/package-permissions.sh + + #systemd service + #switch/source-systemd.sh + switch/package-systemd.sh +fi + +if [ .$switch_package = .true ]; then + if [ ."$switch_branch" = "master" ]; then + if [ .$switch_package_all = .true ]; then + switch/package-master-all.sh + else + switch/package-master.sh + fi + else + if [ .$switch_package_all = .true ]; then + switch/package-all.sh + else + switch/package-release.sh + fi + fi + + #copy the switch conf files to /etc/freeswitch + switch/conf-copy.sh + + #set the file permissions + switch/package-permissions.sh + + #systemd service + switch/package-systemd.sh +fi diff --git a/Install_Scripts/debian/resources/switch/conf-copy.sh b/Install_Scripts/debian/resources/switch/conf-copy.sh new file mode 100755 index 0000000..8d910a8 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/conf-copy.sh @@ -0,0 +1,3 @@ +mv /etc/freeswitch /etc/freeswitch.orig +mkdir /etc/freeswitch +cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch diff --git a/Install_Scripts/debian/resources/switch/dsn.sh b/Install_Scripts/debian/resources/switch/dsn.sh new file mode 100755 index 0000000..b96c5b7 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/dsn.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the date +now=$(date +%Y-%m-%d) + +#get the database password +if [ .$database_password = .'random' ]; then + read -p "Enter the database password: " database_password +fi + +#set PGPASSWORD +export PGPASSWORD=$database_password + +#enable auto create schemas +sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'::' +sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'::' + +#enable odbc-dsn in the xml +sed -i /etc/freeswitch/autoload_configs/db.conf.xml -e s:'::' +sed -i /etc/freeswitch/autoload_configs/fifo.conf.xml -e s:'::' +sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'::' + +#enable odbc-dsn in the sip profiles +sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "update v_sip_profile_settings set sip_profile_setting_enabled = 'true' where sip_profile_setting_name = 'odbc-dsn';"; + +#add the dsn variables +sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);"; +sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'sqlite:///dev/shm/core.db', 'DSN', 'true', '0', null, null);"; +sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///dev/shm/callcenter.db', 'DSN', 'true', '0', null, null);"; + +#update the vars.xml file +echo "" >> /etc/freeswitch/vars.xml +echo "" >> /etc/freeswitch/vars.xml +echo "" >> /etc/freeswitch/vars.xml +echo "" >> /etc/freeswitch/vars.xml + +#remove the sqlite database files +dbs="/var/lib/freeswitch/db/core.db /var/lib/freeswitch/db/fifo.db /var/lib/freeswitch/db/call_limit.db /var/lib/freeswitch/db/sofia_reg_*" +for db in ${dbs}; +do + if [ -f $db ]; then + echo "Deleting $db"; + rm $db + fi +done + +#flush memcache +/usr/bin/fs_cli -x 'memcache flush' + +#restart freeswitch +service freeswitch restart diff --git a/Install_Scripts/debian/resources/switch/package-all.sh b/Install_Scripts/debian/resources/switch/package-all.sh new file mode 100755 index 0000000..67de09b --- /dev/null +++ b/Install_Scripts/debian/resources/switch/package-all.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh +. ../colors.sh +. ../environment.sh + +apt-get update && apt-get install -y ntp curl memcached haveged apt-transport-https +apt-get update && apt-get install -y wget lsb-release gnupg2 + +if [ ."$cpu_architecture" = ."x86" ]; then + wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add - + echo "deb http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list + echo "deb-src http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list +fi +if [ ."$cpu_architecture" = ."arm" ]; then + wget -O - https://files.freeswitch.org/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add - + echo "deb http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list + echo "deb-src http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list +fi +apt-get update && apt-get install -y freeswitch-meta-all freeswitch-all-dbg gdb + +#make sure that postgresql is started before starting freeswitch +sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:' diff --git a/Install_Scripts/debian/resources/switch/package-master-all.sh b/Install_Scripts/debian/resources/switch/package-master-all.sh new file mode 100755 index 0000000..bfc2320 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/package-master-all.sh @@ -0,0 +1,9 @@ +#!/bin/sh +apt-get update && apt-get install -y ntp curl memcached haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list +apt-get update && apt-get install -y freeswitch-meta-all freeswitch-all-dbg gdb + +#make sure that postgresql is started before starting freeswitch +sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:' diff --git a/Install_Scripts/debian/resources/switch/package-master.sh b/Install_Scripts/debian/resources/switch/package-master.sh new file mode 100755 index 0000000..023cf59 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/package-master.sh @@ -0,0 +1,31 @@ +#!/bin/sh +apt-get update && apt-get install -y curl memcached haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list +apt-get update +apt-get install -y gnupg gnupg2 +apt-get install -y wget lsb-release +apt-get install -y ntp gdb +apt-get install -y freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor +apt-get install -y freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie +apt-get install -y freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback +apt-get install -y freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi +apt-get install -y freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg +apt-get install -y freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say +apt-get install -y freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout +apt-get install -y freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache +apt-get install -y freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite +apt-get install -y freeswitch-mod-pgsql +apt-get install -y freeswitch-music-default + +#make sure that postgresql is started before starting freeswitch +sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:' + +#remove the music package to protect music on hold from package updates +mkdir -p /usr/share/freeswitch/sounds/temp +mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp +apt-get remove -y freeswitch-music-default +mkdir -p /usr/share/freeswitch/sounds/music/default +mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default +rm -R /usr/share/freeswitch/sounds/temp diff --git a/Install_Scripts/debian/resources/switch/package-permissions.sh b/Install_Scripts/debian/resources/switch/package-permissions.sh new file mode 100755 index 0000000..038e1c9 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/package-permissions.sh @@ -0,0 +1,13 @@ +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#default permissions +chown -R www-data:www-data /etc/freeswitch +chown -R www-data:www-data /var/lib/freeswitch +chown -R www-data:www-data /usr/share/freeswitch +chown -R www-data:www-data /var/log/freeswitch +chown -R www-data:www-data /var/run/freeswitch +chown -R www-data:www-data /var/cache/fusionpbx diff --git a/Install_Scripts/debian/resources/switch/package-release.sh b/Install_Scripts/debian/resources/switch/package-release.sh new file mode 100755 index 0000000..f992b2f --- /dev/null +++ b/Install_Scripts/debian/resources/switch/package-release.sh @@ -0,0 +1,56 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh +. ../colors.sh +. ../environment.sh + +apt-get update && apt-get install -y curl memcached haveged apt-transport-https +apt-get update && apt-get install -y gnupg gnupg2 +apt-get update && apt-get install -y wget lsb-release + +if [ ."$cpu_architecture" = ."x86" ]; then + wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/debian-release/signalwire-freeswitch-repo.gpg + echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf + echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list + echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list +fi +if [ ."$cpu_architecture" = ."arm" ]; then + wget --http-user=signalwire --http-password=$switch_token -O - https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add - + echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf + echo "deb https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list + echo "deb-src https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list +fi + +apt-get update +apt-get install -y gdb ntp +apt-get install -y freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-mod-console freeswitch-mod-logfile +apt-get install -y freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie +apt-get install -y freeswitch-sounds-es-ar-mario freeswitch-mod-say-es freeswitch-mod-say-es-ar +apt-get install -y freeswitch-sounds-fr-ca-june freeswitch-mod-say-fr +apt-get install -y freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback +apt-get install -y freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo freeswitch-mod-httapi +apt-get install -y freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg +apt-get install -y freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say +apt-get install -y freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout +apt-get install -y freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache +apt-get install -y freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory +apt-get install -y freeswitch-mod-av freeswitch-mod-flite freeswitch-mod-distributor freeswitch-meta-codecs +apt-get install -y freeswitch-mod-pgsql +apt-get install -y freeswitch-music-default +apt-get install -y libyuv-dev + +#make sure that postgresql is started before starting freeswitch +sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:' + +#remove the music package to protect music on hold from package updates +mkdir -p /usr/share/freeswitch/sounds/temp +mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp +mv /usr/share/freeswitch/sounds/music/default/*000 /usr/share/freeswitch/sounds/temp +apt-get remove -y freeswitch-music-default +mkdir -p /usr/share/freeswitch/sounds/music/default +mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default +rm -R /usr/share/freeswitch/sounds/temp diff --git a/Install_Scripts/debian/resources/switch/package-systemd.sh b/Install_Scripts/debian/resources/switch/package-systemd.sh new file mode 100755 index 0000000..9bc629c --- /dev/null +++ b/Install_Scripts/debian/resources/switch/package-systemd.sh @@ -0,0 +1,13 @@ +apt-get remove -y freeswitch-systemd +cp "$(dirname $0)/source/freeswitch.service.package" /lib/systemd/system/freeswitch.service +cp "$(dirname $0)/source/etc.default.freeswitch.package" /etc/default/freeswitch +chmod 644 /lib/systemd/system/freeswitch.service +if [ -e /proc/user_beancounters ] +then + #Disable CPU Scheduler for OpenVZ, not supported on OpenVZ." + sed -i -e "s/CPUSchedulingPolicy=rr/;CPUSchedulingPolicy=rr/g" /lib/systemd/system/freeswitch.service +fi +systemctl enable freeswitch +systemctl unmask freeswitch.service +systemctl daemon-reload +systemctl start freeswitch diff --git a/Install_Scripts/debian/resources/switch/repo.sh b/Install_Scripts/debian/resources/switch/repo.sh new file mode 100644 index 0000000..d58f7be --- /dev/null +++ b/Install_Scripts/debian/resources/switch/repo.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh +. ../colors.sh +. ../environment.sh + +apt-get update && apt-get install -y curl memcached haveged apt-transport-https +apt-get update && apt-get install -y gnupg gnupg2 +apt-get update && apt-get install -y wget lsb-release + +if [ ."$cpu_architecture" = ."x86" ]; then + wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/debian-release/signalwire-freeswitch-repo.gpg + echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf + echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list + echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list +fi +if [ ."$cpu_architecture" = ."arm" ]; then + wget -O - https://files.freeswitch.org/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add - + echo "deb http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list + echo "deb-src http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list +fi diff --git a/Install_Scripts/debian/resources/switch/source-master.sh b/Install_Scripts/debian/resources/switch/source-master.sh new file mode 100755 index 0000000..a7eaa5b --- /dev/null +++ b/Install_Scripts/debian/resources/switch/source-master.sh @@ -0,0 +1,41 @@ +#!/bin/sh +echo "Installing the FreeSWITCH source" +DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev +apt-get install -y unzip libpq-dev libvlc-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev + +apt-get update && apt-get install -y ntp curl haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +apt-get update && apt-get upgrade +apt-get install -y freeswitch-video-deps-most + +git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch +cd /usr/src/freeswitch + +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_pgsql:formats/mod_pgsql:' +./bootstrap.sh -j +#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs +./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs + +#make mod_shout-install +make +rm -rf /usr/local/freeswitch/{lib,mod,bin}/* +make install +make sounds-install moh-install +make hd-sounds-install hd-moh-install +make cd-sounds-install cd-moh-install + +#move the music into music/default directory +mkdir -p /usr/local/freeswitch/sounds/music/default +mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default + +#configure system service +ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli +cp "$(dirname $0)/source/freeswitch.service" /lib/systemd/system/freeswitch.service diff --git a/Install_Scripts/debian/resources/switch/source-permissions.sh b/Install_Scripts/debian/resources/switch/source-permissions.sh new file mode 100755 index 0000000..4a6906e --- /dev/null +++ b/Install_Scripts/debian/resources/switch/source-permissions.sh @@ -0,0 +1,5 @@ +#setup owner and group, permissions and sticky +chmod -R ug+rw /usr/local/freeswitch +touch /usr/local/freeswitch/freeswitch.log +chown -R www-data:www-data /usr/local/freeswitch +find /usr/local/freeswitch -type d -exec chmod 2770 {} \; diff --git a/Install_Scripts/debian/resources/switch/source-release.sh b/Install_Scripts/debian/resources/switch/source-release.sh new file mode 100755 index 0000000..8dc6bb8 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/source-release.sh @@ -0,0 +1,143 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh +. ../environment.sh + +#upgrade packages +apt update && apt upgrade -y + +# install dependencies +apt install -y autoconf automake devscripts g++ git-core libncurses5-dev libtool make libjpeg-dev +apt install -y pkg-config flac libgdbm-dev libdb-dev gettext sudo equivs mlocate git dpkg-dev libpq-dev +apt install -y liblua5.2-dev libtiff5-dev libperl-dev libcurl4-openssl-dev libsqlite3-dev libpcre3-dev +apt install -y devscripts libspeexdsp-dev libspeex-dev libldns-dev libedit-dev libopus-dev libmemcached-dev +apt install -y libshout3-dev libmpg123-dev libmp3lame-dev yasm nasm libsndfile1-dev libuv1-dev libvpx-dev +apt install -y libavformat-dev libswscale-dev libvlc-dev python3-distutils + +#install dependencies that depend on the operating system version +if [ ."$os_codename" = ."stretch" ]; then + apt install -y libvpx4 swig3.0 +fi +if [ ."$os_codename" = ."buster" ]; then + apt install -y libvpx5 swig3.0 +fi +if [ ."$os_codename" = ."bullseye" ]; then + apt install -y libvpx6 swig4.0 +fi + +# additional dependencies +apt install -y sqlite3 unzip + +#we are about to move out of the executing directory so we need to preserve it to return after we are done +CWD=$(pwd) + +#install the following dependencies if the switch version is greater than 1.10.0 +if [ $(echo "$switch_version" | tr -d '.') -gt 1100 ]; then + + # libks build-requirements + apt install -y cmake uuid-dev + + # libks + cd /usr/src + git clone https://github.com/signalwire/libks.git libks + cd libks + cmake . + make + make install + + # libks C includes + export C_INCLUDE_PATH=/usr/include/libks + + # sofia-sip + cd /usr/src + #git clone https://github.com/freeswitch/sofia-sip.git sofia-sip + wget https://github.com/freeswitch/sofia-sip/archive/refs/tags/v$sofia_version.zip + unzip v$sofia_version.zip + rm -R sofia-sip + mv sofia-sip-$sofia_version sofia-sip + cd sofia-sip + sh autogen.sh + ./configure + make + make install + + # spandsp + cd /usr/src + git clone https://github.com/freeswitch/spandsp.git spandsp + cd spandsp + sh autogen.sh + ./configure + make + make install + ldconfig +fi + +echo "Using version $switch_version" +cd /usr/src +#git clone -b v1.8 https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch + +#1.8 and older +if [ $(echo "$switch_version" | tr -d '.') -lt 1100 ]; then + wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.zip + rm -R freeswitch + unzip freeswitch-$switch_version.zip + mv freeswitch-$switch_version freeswitch + cd /usr/src/freeswitch +fi + +#1.10.0 and newer +if [ $(echo "$switch_version" | tr -d '.') -gt 1100 ]; then + wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.-release.zip + unzip freeswitch-$switch_version.-release.zip + rm -R freeswitch + mv freeswitch-$switch_version.-release freeswitch + cd /usr/src/freeswitch +fi + +# bootstrap is needed if using git +#./bootstrap.sh -j + +#apply patch +patch -u /usr/src/freeswitch/src/mod/databases/mod_pgsql/mod_pgsql.c -i /usr/src/fusionpbx-install.sh/debian/resources/switch/source/mod_pgsql.patch + +# enable required modules +#sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_av:formats/mod_av:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_nibblebill:applications/mod_nibblebill:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_pgsql:formats/mod_pgsql:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#say/mod_say_es:say/mod_say_es:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#say/mod_say_fr:say/mod_say_fr:' + +#disable module or install dependency libks to compile signalwire +sed -i /usr/src/freeswitch/modules.conf -e s:'applications/mod_signalwire:#applications/mod_signalwire:' +sed -i /usr/src/freeswitch/modules.conf -e s:'endpoints/mod_skinny:#endpoints/mod_skinny:' +sed -i /usr/src/freeswitch/modules.conf -e s:'endpoints/mod_verto:#endpoints/mod_verto:' + +# prepare the build +#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs +./configure -C --enable-portable-binary --disable-dependency-tracking \ +--prefix=/usr --localstatedir=/var --sysconfdir=/etc \ +--with-openssl --enable-core-pgsql-support + +# compile and install +make +make install +make sounds-install moh-install +make hd-sounds-install hd-moh-install +make cd-sounds-install cd-moh-install + +#move the music into music/default directory +mkdir -p /usr/share/freeswitch/sounds/music/default +mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/music/default + +#return to the executing directory +cd $CWD diff --git a/Install_Scripts/debian/resources/switch/source-systemd.sh b/Install_Scripts/debian/resources/switch/source-systemd.sh new file mode 100755 index 0000000..e1d9e96 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/source-systemd.sh @@ -0,0 +1,15 @@ +#cp "$(dirname $0)/source/freeswitch.service.source" /lib/systemd/system/freeswitch.service +cp "$(dirname $0)/source/freeswitch.service.source" /etc/systemd/system/freeswitch.service +cp "$(dirname $0)/source/etc.default.freeswitch.source" /etc/default/freeswitch +sed "s@PIDFile=/run/freeswitch/freeswitch.pid@PIDFile=/usr/local/freeswitch/run/freeswitch.pid@g" -i /etc/systemd/system/freeswitch.service + +if [ -e /proc/user_beancounters ] +then + #Disable CPU Scheduler for OpenVZ, not supported on OpenVZ." + sed -i -e "s/CPUSchedulingPolicy=rr/;CPUSchedulingPolicy=rr/g" /lib/systemd/system/freeswitch.service + +fi +systemctl enable freeswitch +systemctl unmask freeswitch.service +systemctl daemon-reload +systemctl start freeswitch diff --git a/Install_Scripts/debian/resources/switch/source-to-package.sh b/Install_Scripts/debian/resources/switch/source-to-package.sh new file mode 100755 index 0000000..332a034 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/source-to-package.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +#make sure the etc fusionpbx directory exists +mkdir -p /etc/fusionpbx + +#remove init.d startup script +mv /etc/init.d/freeswitch /usr/src/init.d.freeswitch +update-rc.d -f freeswitch remove + +#add the the freeswitch package +$(dirname $0)/package-release.sh + +#install freeswitch systemd.d +$(dirname $0)/package-systemd.sh + +#update fail2ban +sed -i /etc/fail2ban/jail.local -e s:'/usr/local/freeswitch/log:/var/log/freeswitch:' +sytemctl restart fail2ban + +#move source files to package directories +rsync -avz /usr/local/freeswitch/conf/* /etc/freeswitch +rsync -avz /usr/local/freeswitch/recordings /var/lib/freeswitch +rsync -avz /usr/local/freeswitch/storage /var/lib/freeswitch +rsync -avz /usr/local/freeswitch/scripts /usr/share/freeswitch diff --git a/Install_Scripts/debian/resources/switch/source/etc.default.freeswitch.package b/Install_Scripts/debian/resources/switch/source/etc.default.freeswitch.package new file mode 100755 index 0000000..41cd075 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/source/etc.default.freeswitch.package @@ -0,0 +1,2 @@ +# /etc/default/freeswitch +DAEMON_OPTS="-nonat" diff --git a/Install_Scripts/debian/resources/switch/source/etc.default.freeswitch.source b/Install_Scripts/debian/resources/switch/source/etc.default.freeswitch.source new file mode 100755 index 0000000..a0fcec5 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/source/etc.default.freeswitch.source @@ -0,0 +1,4 @@ +# /etc/default/freeswitch +FS_USER="www-data" +FS_GROUP="www-data" +DAEMON_OPTS="-nonat -ncwait -u www-data -g www-data" diff --git a/Install_Scripts/debian/resources/switch/source/freeswitch.service.package b/Install_Scripts/debian/resources/switch/source/freeswitch.service.package new file mode 100755 index 0000000..97b1a57 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/source/freeswitch.service.package @@ -0,0 +1,62 @@ +;;;;; Author: Travis Cross + +[Unit] +Description=freeswitch +Wants=network-online.target +Requires=network.target local-fs.target +After=network.target network-online.target local-fs.target + +[Service] +; service +Type=forking +PIDFile=/run/freeswitch/freeswitch.pid +Environment="DAEMON_OPTS=-nonat" +Environment="USER=www-data" +Environment="GROUP=www-data" +EnvironmentFile=-/etc/default/freeswitch +ExecStartPre=/bin/mkdir -p /var/run/freeswitch +ExecStartPre=/bin/chown -R ${USER}:${GROUP} /var/lib/freeswitch /var/log/freeswitch /etc/freeswitch /usr/share/freeswitch /var/run/freeswitch +ExecStartPre=/bin/sleep 10 +ExecStart=/usr/bin/freeswitch -u ${USER} -g ${GROUP} -ncwait ${DAEMON_OPTS} +TimeoutSec=45s +Restart=always +; exec +;User=${USER} +;Group=${GROUP} +LimitCORE=infinity +LimitNOFILE=100000 +LimitNPROC=60000 +LimitSTACK=250000 +LimitRTPRIO=infinity +LimitRTTIME=infinity +IOSchedulingClass=realtime +IOSchedulingPriority=2 +CPUSchedulingPolicy=rr +CPUSchedulingPriority=89 +UMask=0007 +NoNewPrivileges=false + +; alternatives which you can enforce by placing a unit drop-in into +; /etc/systemd/system/freeswitch.service.d/*.conf: +; +; User=freeswitch +; Group=freeswitch +; ExecStart= +; ExecStart=/usr/bin/freeswitch -ncwait -nonat -rp +; +; empty ExecStart is required to flush the list. +; +; if your filesystem supports extended attributes, execute +; setcap 'cap_net_bind_service,cap_sys_nice=+ep' /usr/bin/freeswitch +; this will also allow socket binding on low ports +; +; otherwise, remove the -rp option from ExecStart and +; add these lines to give real-time priority to the process: +; +; PermissionsStartOnly=true +; ExecStartPost=/bin/chrt -f -p 1 $MAINPID +; +; execute "systemctl daemon-reload" after editing the unit files. + +[Install] +WantedBy=multi-user.target diff --git a/Install_Scripts/debian/resources/switch/source/freeswitch.service.source b/Install_Scripts/debian/resources/switch/source/freeswitch.service.source new file mode 100755 index 0000000..fa59f90 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/source/freeswitch.service.source @@ -0,0 +1,57 @@ +;;;;; Author: Travis Cross + +[Unit] +Description=freeswitch +After=syslog.target network.target local-fs.target postgresql.service haveged.service + +[Service] +; service +Type=forking +PIDFile=/run/freeswitch/freeswitch.pid +Environment="DAEMON_OPTS=-nonat" +EnvironmentFile=-/etc/default/freeswitch +ExecStart=/usr/local/freeswitch/bin/freeswitch -u www-data -g www-data -ncwait $DAEMON_OPTS +;ExecStart=/usr/local/freeswitch/bin/freeswitch -u freeswitch -g freeswitch -ncwait $DAEMON_OPTS +TimeoutSec=45s +Restart=always +; exec +User=root +Group=daemon +LimitCORE=infinity +LimitNOFILE=100000 +LimitNPROC=60000 +LimitSTACK=250000 +LimitRTPRIO=infinity +LimitRTTIME=infinity +IOSchedulingClass=realtime +IOSchedulingPriority=2 +CPUSchedulingPolicy=rr +CPUSchedulingPriority=89 +UMask=0007 + + + +; alternatives which you can enforce by placing a unit drop-in into +; /etc/systemd/system/freeswitch.service.d/*.conf: +; +; User=freeswitch +; Group=freeswitch +; ExecStart= +; ExecStart=/usr/bin/freeswitch -ncwait -nonat -rp +; +; empty ExecStart is required to flush the list. +; +; if your filesystem supports extended attributes, execute +; setcap 'cap_net_bind_service,cap_sys_nice=+ep' /usr/bin/freeswitch +; this will also allow socket binding on low ports +; +; otherwise, remove the -rp option from ExecStart and +; add these lines to give real-time priority to the process: +; +; PermissionsStartOnly=true +; ExecStartPost=/bin/chrt -f -p 1 $MAINPID +; +; execute "systemctl daemon-reload" after editing the unit files. + +[Install] +WantedBy=multi-user.target diff --git a/Install_Scripts/debian/resources/switch/source/mod_pgsql.patch b/Install_Scripts/debian/resources/switch/source/mod_pgsql.patch new file mode 100644 index 0000000..1382e59 --- /dev/null +++ b/Install_Scripts/debian/resources/switch/source/mod_pgsql.patch @@ -0,0 +1,53 @@ +--- mod_pgsql.c 2021-10-24 14:22:28.000000000 -0400 ++++ mod_pgsql.c.new 2022-08-08 21:16:02.000000000 -0400 +@@ -36,6 +36,7 @@ + #include + + #include ++#include + + #ifndef _WIN32 + #include +@@ -597,7 +598,7 @@ + goto done; + } else { + switch (result->status) { +-#if POSTGRESQL_MAJOR_VERSION >= 9 && POSTGRESQL_MINOR_VERSION >= 2 ++#if PG_VERSION_NUM >= 90002 + case PGRES_SINGLE_TUPLE: + /* Added in PostgreSQL 9.2 */ + #endif +@@ -756,24 +757,29 @@ + *result_out = res; + res->status = PQresultStatus(res->result); + switch (res->status) { +-//#if (POSTGRESQL_MAJOR_VERSION == 9 && POSTGRESQL_MINOR_VERSION >= 2) || POSTGRESQL_MAJOR_VERSION > 9 ++#if PG_VERSION_NUM >= 90002 + case PGRES_SINGLE_TUPLE: + /* Added in PostgreSQL 9.2 */ +-//#endif ++#endif + case PGRES_TUPLES_OK: + { + res->rows = PQntuples(res->result); + res->cols = PQnfields(res->result); + } + break; +-//#if (POSTGRESQL_MAJOR_VERSION == 9 && POSTGRESQL_MINOR_VERSION >= 1) || POSTGRESQL_MAJOR_VERSION > 9 ++#if PG_VERSION_NUM >= 90001 + case PGRES_COPY_BOTH: + /* Added in PostgreSQL 9.1 */ +-//#endif ++#endif + case PGRES_COPY_OUT: + case PGRES_COPY_IN: + case PGRES_COMMAND_OK: + break; ++#if PG_VERSION_NUM >= 140001 ++ case PGRES_PIPELINE_ABORTED: ++ case PGRES_PIPELINE_SYNC: ++ break; ++#endif + case PGRES_EMPTY_QUERY: + switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Query (%s) returned PGRES_EMPTY_QUERY\n", handle->sql); + case PGRES_BAD_RESPONSE: diff --git a/Install_Scripts/debian/resources/upgrade/php.sh b/Install_Scripts/debian/resources/upgrade/php.sh new file mode 100755 index 0000000..f11eaa7 --- /dev/null +++ b/Install_Scripts/debian/resources/upgrade/php.sh @@ -0,0 +1,44 @@ +#!/bin/sh + +#remove php5 +apt remove -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-gd + +#remove php 7.0 +apt remove -y php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-xml php7.0-gd + +#remove php 7.1 +apt remove -y php7.1 php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd + +#remove php 7.2 +apt remove -y php7.2 php7.2-cli php7.2-fpm php7.2-pgsql php7.2-sqlite3 php7.2-odbc php7.2-curl php7.2-imap php7.2-xml php7.2-gd + +#remove php 7.3 +apt remove -y php7.3 php7.3-cli php7.3-fpm php7.3-pgsql php7.3-sqlite3 php7.3-odbc php7.3-curl php7.3-imap php7.3-xml php7.3-gd + +#remove php 7.4 +apt remove -y php7.4 php7.4-cli php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd + +#add a repo for php 7.x +apt-get -y install apt-transport-https lsb-release ca-certificates +wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg +sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' +apt-get update + +#install php +apt-get install -y php7.1 php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd php7.1-ldap + +#update the unix socket name +sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g' + +#set the PHP ini file path +php_ini_file='/etc/php/7.1/fpm/php.ini' + +#update config if source is being used +sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file +sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file +sed 's#;max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file +sed 's#; max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file + +#restart nginx +service nginx restart + diff --git a/Install_Scripts/ubuntu/install.sh b/Install_Scripts/ubuntu/install.sh new file mode 100755 index 0000000..40f1f15 --- /dev/null +++ b/Install_Scripts/ubuntu/install.sh @@ -0,0 +1,60 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./resources/config.sh +. ./resources/colors.sh +. ./resources/environment.sh + +# removes the cd img from the /etc/apt/sources.list file (not needed after base install) +sed -i '/cdrom:/d' /etc/apt/sources.list + +#Update to latest packages +verbose "Update installed packages" +apt-get update && apt-get upgrade -y + +#Add dependencies +apt-get install -y wget +apt-get install -y lsb-release +apt-get install -y systemd +apt-get install -y systemd-sysv +apt-get install -y ca-certificates +apt-get install -y dialog +apt-get install -y nano + +#SNMP +apt-get install -y snmpd +echo "rocommunity public" > /etc/snmp/snmpd.conf +service snmpd restart + +#IPTables +resources/iptables.sh + +#sngrep +resources/sngrep.sh + +#FusionPBX +resources/fusionpbx.sh + +#PHP +resources/php.sh + +#NGINX web server +resources/nginx.sh + +#Postgres +resources/postgresql.sh + +#FreeSWITCH +resources/switch.sh + +#Fail2ban +resources/fail2ban.sh + +#set the ip address +server_address=$(hostname -I) + +#add the database schema, user and groups +resources/finish.sh diff --git a/Install_Scripts/ubuntu/pre-install.sh b/Install_Scripts/ubuntu/pre-install.sh new file mode 100755 index 0000000..8e55453 --- /dev/null +++ b/Install_Scripts/ubuntu/pre-install.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +#upgrade the packages +apt-get update && apt-get upgrade -y + +#install packages +apt-get install -y git lsb-release + +#get the install script +cd /usr/src && git clone https://github.com/fusionpbx/fusionpbx-install.sh.git + +#change the working directory +cd /usr/src/fusionpbx-install.sh/ubuntu diff --git a/Install_Scripts/ubuntu/resources/arguments.sh b/Install_Scripts/ubuntu/resources/arguments.sh new file mode 100755 index 0000000..a8a2fae --- /dev/null +++ b/Install_Scripts/ubuntu/resources/arguments.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +#Process command line options only if we haven't been processed once +if [ -z "$CPU_CHECK" ]; then + export script_name=`basename "$0"` + ARGS=$(getopt -n '$script_name' -o h -l help,use-switch-source,use-switch-package-all,use-switch-master,use-switch-package-unofficial-arm,use-php5-package,use-system-master,no-cpu-check -- "$@") + + if [ $? -ne 0 ]; then + error "Failed parsing options." + exit 1 + fi + + export USE_SWITCH_SOURCE=false + export USE_SWITCH_PACKAGE_ALL=false + export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=false + export USE_PHP5_PACKAGE=false + export USE_SWITCH_MASTER=false + export USE_SYSTEM_MASTER=false + export CPU_CHECK=true + HELP=false + + while true; do + case "$1" in + --use-switch-source ) export USE_SWITCH_SOURCE=true; shift ;; + --use-switch-package-all ) export USE_SWITCH_PACKAGE_ALL=true; shift ;; + --use-switch-master ) export USE_SWITCH_MASTER=true; shift ;; + --use-system-master ) export USE_SYSTEM_MASTER=true; shift ;; + --use-php5-package ) export USE_PHP5_PACKAGE=true; shift ;; + --use-switch-package-unofficial-arm ) export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=true; export USE_PHP5_PACKAGE=true; shift ;; + --no-cpu-check ) export CPU_CHECK=false; shift ;; + -h | --help ) HELP=true; shift ;; + -- ) shift; break ;; + * ) break ;; + esac + done + + if [ .$HELP = .true ]; then + warning "Debian installer script" + warning " --use-switch-source will use freeswitch from source rather than ${green}(default:packages)" + warning " --use-switch-package-all if using packages use the meta-all package" + warning " --use-switch-package-unofficial-arm if your system is arm and you are using packages, use the unofficial arm repo and force php5* packages" + warning " --use-php5-package use php5* packages instead of ${green}(default:php7.0)" + warning " --use-switch-master will use master branch/packages for the switch instead of ${green}(default:stable)" + warning " --use-system-master will use master branch/packages for the system instead of ${green}(default:stable)" + warning " --no-cpu-check disable the cpu check ${green}(default:check)" + exit; + fi +fi \ No newline at end of file diff --git a/Install_Scripts/ubuntu/resources/backup/fusionpbx-backup b/Install_Scripts/ubuntu/resources/backup/fusionpbx-backup new file mode 100755 index 0000000..4118f6b --- /dev/null +++ b/Install_Scripts/ubuntu/resources/backup/fusionpbx-backup @@ -0,0 +1,27 @@ +#!/bin/sh + +export PGPASSWORD="zzz" +db_host=127.0.0.1 +db_port=5432 + +now=$(date +%Y-%m-%d) +mkdir -p /var/backups/fusionpbx/postgresql + +echo "Backup Started" + +#delete postgres backups +find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm -f {} \; + +#delete the main backup +find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm -f {} \; + +#backup the database +pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql + +#package +tar --exclude='/var/lib/freeswitch/recordings/*/archive' -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch /usr/share/freeswitch/sounds/music/ + +#source +#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf /usr/local/freeswitch/sounds/music/ + +echo "Backup Completed" diff --git a/Install_Scripts/ubuntu/resources/backup/fusionpbx-maintenance b/Install_Scripts/ubuntu/resources/backup/fusionpbx-maintenance new file mode 100755 index 0000000..78d906e --- /dev/null +++ b/Install_Scripts/ubuntu/resources/backup/fusionpbx-maintenance @@ -0,0 +1,119 @@ +#!/bin/sh + +#settings +export PGPASSWORD="zzz" +db_host=127.0.0.1 +db_port=5432 +switch_package=true # true or false + +purge_voicemail=false +purge_call_recordings=false +purge_cdrs=false +purge_fax=false +purge_switch_logs=true +purge_php_sessions=true +purge_database_transactions=true + +days_keep_voicemail=90 +days_keep_call_recordings=90 +days_keep_cdrs=90 +days_keep_fax=90 +days_keep_switch_logs=7 +days_keep_php_sessions=8 +days_keep_database_transactions=30 + +#set the date +now=$(date +%Y-%m-%d) + +#make sure the directory exists +if [ -e /var/backups/fusionpbx/postgresql ]; then + echo " " +else + mkdir -p /var/backups/fusionpbx/postgresql +fi + +#show message to the console +echo "Maintenance Started" + +if [ .$purge_switch_logs = .true ]; then + #delete freeswitch logs older 7 days + if [ .$switch_package = .true ]; then + find /var/log/freeswitch/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \; + else + find /usr/local/freeswitch/log/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \; + fi +else + echo "not purging Freeswitch logs" +fi + +if [ .$purge_fax = .true ]; then + #delete fax older than 90 days + if [ .$switch_package = .true ]; then + echo "."; + find /var/lib/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \; + find /var/lib/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \; + else + echo "."; + find /usr/local/freeswitch/storage/fax/* -name '*.tif' -mtime +$days_keep_fax -exec rm {} \; + find /usr/local/freeswitch/storage/fax/* -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \; + fi + #delete from the database + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'" + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_logs WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'" +else + echo "not purging Faxes" +fi + +if [ .$purge_call_recordings = .true ]; then + #delete call recordings older than 90 days + if [ .$switch_package = .true ]; then + find /var/lib/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \; + find /var/lib/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \; + else + find /usr/local/freeswitch/recordings/*/archive/* -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \; + find /usr/local/freeswitch/recordings/*/archive/* -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \; + fi + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_call_recordings WHERE call_recording_date < NOW() - INTERVAL '90 days'" +else + echo "not purging Recordings." +fi + +if [ .$purge_voicemail = .true ]; then + #delete voicemail older than 90 days + if [ .$switch_package = .true ]; then + echo "."; + find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \; + find /var/lib/freeswitch/storage/voicemail/default/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \; + else + echo "."; + find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \; + find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \; + fi + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '$days_keep_voicemail days'" +else + echo "not purging voicemails." +fi + +if [ .$purge_cdrs = .true ]; then + #delete call detail records older 90 days + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '$days_keep_cdrs days'" +else + echo "not purging CDRs." +fi + +#delete php sessions +if [ .$purge_php_sessions = .true ]; then + find /var/lib/php/sessions/* -name 'sess_*' -mtime +$days_keep_php_sessions -exec rm {} \; +else + echo "not purging PHP Sessions." +fi + +#delete database_transactions older 90 days +if [ .$purge_database_transactions = .true ]; then + psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_database_transactions where transaction_date < NOW() - INTERVAL '$days_keep_database_transactions days'" +else + echo "not purging database_transactions." +fi + +#completed message +echo "Maintenance Completed"; diff --git a/Install_Scripts/ubuntu/resources/colors.sh b/Install_Scripts/ubuntu/resources/colors.sh new file mode 100755 index 0000000..499a17b --- /dev/null +++ b/Install_Scripts/ubuntu/resources/colors.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +verbose () { + echo "${green}$1${normal}" +} +error () { + echo "${red}$1${normal}" + } +warning () { + echo "${yellow}$1${normal}" +} + +# check for color support +if test -t 1; then + + # see if it supports colors... + ncolors=$(tput colors) + + if test -n "$ncolors" && test $ncolors -ge 8; then + normal="$(tput sgr0)" + red="$(tput setaf 1)" + green="$(tput setaf 2)" + yellow="$(tput setaf 3)" + fi +fi diff --git a/Install_Scripts/ubuntu/resources/config.sh b/Install_Scripts/ubuntu/resources/config.sh new file mode 100755 index 0000000..3691aaf --- /dev/null +++ b/Install_Scripts/ubuntu/resources/config.sh @@ -0,0 +1,28 @@ + +# FusionPBX Settings +domain_name=ip_address # hostname, ip_address or a custom value +system_username=admin # default username admin +system_password=random # random or a custom value +system_branch=master # master, stable + +# FreeSWITCH Settings +switch_branch=stable # master, stable +switch_source=true # true or false +switch_package=false # true or false +switch_version=1.10.7 # only for source +switch_tls=true # true or false + +# Sofia-Sip Settings +sofia_version=1.13.6 # release-version for sofia-sip to use + +# Database Settings +database_password=random # random or a custom value (safe characters A-Z, a-z, 0-9) +database_repo=system # PostgreSQL official, system, 2ndquadrant +database_version=13 # requires repo official +database_host=127.0.0.1 # hostname or IP address +database_port=5432 # port number +database_backup=false # true or false + +# General Settings +php_version=7.4 # PHP version 5.6 or 7.0, 7.1, 7.2 +letsencrypt_folder=true # true or false diff --git a/Install_Scripts/ubuntu/resources/environment.sh b/Install_Scripts/ubuntu/resources/environment.sh new file mode 100755 index 0000000..b4953c8 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/environment.sh @@ -0,0 +1,95 @@ +#!/bin/sh + +#make sure lsb release is installed +apt-get install lsb-release + +#operating system details +os_name=$(lsb_release -is) +os_codename=$(lsb_release -cs) +os_mode='unknown' + +#cpu details +cpu_name=$(uname -m) +cpu_architecture='unknown' +cpu_mode='unknown' + +#check what the CPU and OS are +if [ .$cpu_name = .'armv7l' ]; then + # RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time + os_mode='32' + cpu_mode='32' + cpu_architecture='arm' +elif [ .$cpu_name = .'armv8l' ]; then + # No test case for armv8l + os_mode='unknown' + cpu_mode='64' + cpu_architecture='arm' +elif [ .$cpu_name = .'aarch64' ]; then + os_mode='64' + cpu_mode='64' + cpu_architecture='arm' +elif [ .$cpu_name = .'i386' ]; then + os_mode='32' + if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then + cpu_mode='64' + else + cpu_mode='32' + fi + cpu_architecture='x86' +elif [ .$cpu_name = .'i686' ]; then + os_mode='32' + if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then + cpu_mode='64' + else + cpu_mode='32' + fi + cpu_architecture='x86' +elif [ .$cpu_name = .'x86_64' ]; then + os_mode='64' + if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then + cpu_mode='64' + else + cpu_mode='32' + fi + cpu_architecture='x86' +else + error "You are using an unsupported cpu '$cpu_name'" + exit 3 +fi + +if [ .$cpu_architecture = .'arm' ]; then + if [ .$os_mode = .'32' ]; then + verbose "Correct CPU and Operating System detected, using the ARM repo" + elif [ .$os_mode = .'64' ]; then + error "You are using a 64bit arm OS this is unsupported" + switch_source=true + switch_package=false + else + error "Unknown OS mode $os_mode this is unsupported" + switch_source=true + switch_package=false + fi +elif [ .$cpu_architecture = .'x86' ]; then + if [ .$os_mode = .'32' ]; then + error "You are using a 32bit OS this is unsupported" + if [ .$cpu_mode = .'64' ]; then + warning " Your CPU is 64bit you should consider reinstalling with a 64bit OS" + fi + switch_source=true + switch_package=false + elif [ .$os_mode = .'64' ]; then + verbose "Correct CPU and Operating System detected" + else + error "Unknown Operating System mode '$os_mode' is unsupported" + switch_source=true + switch_package=false + fi +else + error "You are using an unsupported architecture '$cpu_architecture'" + warning "Detected environment was :-" + warning "os_name:'$os_name'" + warning "os_codename:'$os_codename'" + warning "os_mode:'$os_mode'" + warning "cpu_name:'$cpu_name'" + exit 3 +fi diff --git a/Install_Scripts/ubuntu/resources/fail2ban.sh b/Install_Scripts/ubuntu/resources/fail2ban.sh new file mode 100755 index 0000000..d26a36c --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fail2ban.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh + +#send a message +verbose "Installing Fail2ban" + +#add the dependencies +apt-get install -y fail2ban + +#move the filters +cp fail2ban/sip-auth-failure.conf /etc/fail2ban/filter.d/sip-auth-failure.conf +cp fail2ban/sip-auth-challenge.conf /etc/fail2ban/filter.d/sip-auth-challenge.conf +cp fail2ban/auth-challenge-ip.conf /etc/fail2ban/filter.d/auth-challenge-ip.conf +cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf +cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf +cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf +cp fail2ban/fusionpbx-mac.conf /etc/fail2ban/filter.d/fusionpbx-mac.conf +cp fail2ban/fusionpbx-404.conf /etc/fail2ban/filter.d/fusionpbx-404.conf +cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf +cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf +cp fail2ban/jail.local /etc/fail2ban/jail.local + +#update config if source is being used +#if [ .$switch_source = .true ]; then +# sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local +#fi + +#restart fail2ban +/usr/sbin/service fail2ban restart diff --git a/Install_Scripts/ubuntu/resources/fail2ban/auth-challenge-ip.conf b/Install_Scripts/ubuntu/resources/fail2ban/auth-challenge-ip.conf new file mode 100644 index 0000000..dab8f7b --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fail2ban/auth-challenge-ip.conf @@ -0,0 +1,21 @@ +# Fail2Ban configuration file +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#[WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [+972592277524@xxx.xxx.xxx.xxx] from ip 209.160.120.12 +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((INVITE|REGISTER)\) on sofia profile \'.*\' for \[.*@\d+.\d+.\d+.\d+\] from ip + + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/ubuntu/resources/fail2ban/freeswitch-ip.conf b/Install_Scripts/ubuntu/resources/fail2ban/freeswitch-ip.conf new file mode 100755 index 0000000..3fee3b6 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fail2ban/freeswitch-ip.conf @@ -0,0 +1,20 @@ +# Fail2Ban configuration file +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#2014-12-01 00:47:54.331821 [WARNING] sofia_reg.c:2752 Can't find user [1000@xxx.xxx.xxx.xxx] from 62.210.151.162 +failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/ubuntu/resources/fail2ban/freeswitch.conf b/Install_Scripts/ubuntu/resources/fail2ban/freeswitch.conf new file mode 100755 index 0000000..98c40af --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fail2ban/freeswitch.conf @@ -0,0 +1,18 @@ +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip + \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = + diff --git a/Install_Scripts/ubuntu/resources/fail2ban/fusionpbx-404.conf b/Install_Scripts/ubuntu/resources/fail2ban/fusionpbx-404.conf new file mode 100755 index 0000000..ada405c --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fail2ban/fusionpbx-404.conf @@ -0,0 +1,27 @@ +# Fail2Ban configuration file +# inbound route - 404 not found + + +[Definition] + + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#failregex = [hostname] FusionPBX: \[\] authentication failed +#[hostname] variable doesn't seem to work in every case. Do this instead: +failregex = 404 not found + + +#EXECUTE sofia/external/8888888888888@example.fusionpbx.com log([inbound routes] 404 not found 82.68.115.62) + + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/ubuntu/resources/fail2ban/fusionpbx-mac.conf b/Install_Scripts/ubuntu/resources/fail2ban/fusionpbx-mac.conf new file mode 100644 index 0000000..3bdff68 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fail2ban/fusionpbx-mac.conf @@ -0,0 +1,20 @@ +# Fail2Ban configuration file +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#Oct 9 02:56:16 m1 fusionpbx-provision[28628]: [10.0.0.1] invalid mac address 000000000000 +failregex = \[\] invalid mac address + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/ubuntu/resources/fail2ban/fusionpbx.conf b/Install_Scripts/ubuntu/resources/fail2ban/fusionpbx.conf new file mode 100755 index 0000000..ff1b5c9 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fail2ban/fusionpbx.conf @@ -0,0 +1,25 @@ +# Fail2Ban configuration file +# +# Author: soapee01 +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#failregex = [hostname] FusionPBX: \[\] authentication failed +#[hostname] variable doesn't seem to work in every case. Do this instead: +failregex = .* FusionPBX: \[\] authentication failed for + = .* FusionPBX: \[\] provision attempt bad password for + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = + diff --git a/Install_Scripts/ubuntu/resources/fail2ban/jail.local b/Install_Scripts/ubuntu/resources/fail2ban/jail.local new file mode 100755 index 0000000..08bcbfe --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fail2ban/jail.local @@ -0,0 +1,131 @@ +[ssh] +enabled = true +port = 22 +protocol = ssh +filter = sshd +logpath = /var/log/auth.log +action = iptables-allports[name=sshd, protocol=all] +maxretry = 5 +findtime = 7200 +bantime = 86400 + +[freeswitch] +enabled = false +port = 5060:5091 +protocol = all +filter = freeswitch +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=freeswitch, protocol=all] +maxretry = 5 +findtime = 600 +bantime = 3600 +# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed + +[freeswitch-ip] +enabled = false +port = 5060:5091 +protocol = all +filter = freeswitch-ip +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=freeswitch-ip, protocol=all] +maxretry = 1 +findtime = 30 +bantime = 86400 + +[auth-challenge-ip] +enabled = false +port = 5060:5091 +protocol = all +filter = auth-challenge-ip +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=auth-challenge-ip, protocol=all] +maxretry = 1 +findtime = 30 +bantime = 86400 + +[sip-auth-challenge] +enabled = false +port = 5060:5091 +protocol = all +filter = sip-auth-challenge +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=sip-auth-challenge, protocol=all] +maxretry = 50 +findtime = 30 +bantime = 7200 + +[sip-auth-failure] +enabled = false +port = 5060:5091 +protocol = all +filter = sip-auth-failure +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=sip-auth-failure, protocol=all] +maxretry = 3 +findtime = 30 +bantime = 7200 + +[fusionpbx-404] +enabled = false +port = 5060:5091 +protocol = all +filter = fusionpbx-404 +logpath = /var/log/freeswitch/freeswitch.log +#logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=fusionpbx-404, protocol=all] +maxretry = 3 +findtime = 300 +bantime = 86400 + +[fusionpbx] +enabled = true +port = 80,443 +protocol = tcp +filter = fusionpbx +logpath = /var/log/auth.log +action = iptables-allports[name=fusionpbx, protocol=all] +# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed +maxretry = 10 +findtime = 600 +bantime = 3600 + +[fusionpbx-mac] +enabled = true +port = 80,443 +protocol = tcp +filter = fusionpbx-mac +logpath = /var/log/syslog +action = iptables-allports[name=fusionpbx-mac, protocol=all] +# sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed +maxretry = 5 +findtime = 300 +bantime = 86400 + +[nginx-404] +enabled = true +port = 80,443 +protocol = tcp +filter = nginx-404 +logpath = /var/log/nginx/access*.log +action = iptables-allports[name=nginx-404, protocol=all] +bantime = 3600 +findtime = 60 +maxretry = 120 + +[nginx-dos] +# Based on apache-badbots but a simple IP check (any IP requesting more than +# 300 pages in 60 seconds, or 5p/s average, is suspicious) +enabled = true +port = 80,443 +protocol = tcp +filter = nginx-dos +logpath = /var/log/nginx/access*.log +action = iptables-allports[name=nginx-dos, protocol=all] +findtime = 60 +bantime = 86400 +maxretry = 300 diff --git a/Install_Scripts/ubuntu/resources/fail2ban/nginx-404.conf b/Install_Scripts/ubuntu/resources/fail2ban/nginx-404.conf new file mode 100755 index 0000000..f121f41 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fail2ban/nginx-404.conf @@ -0,0 +1,5 @@ +# Fail2Ban configuration file +# +[Definition] +failregex = - - \[.*\] "(GET|POST).*HTTP[^ ]* 404 +ignoreregex = diff --git a/Install_Scripts/ubuntu/resources/fail2ban/nginx-dos.conf b/Install_Scripts/ubuntu/resources/fail2ban/nginx-dos.conf new file mode 100755 index 0000000..6e2cd23 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fail2ban/nginx-dos.conf @@ -0,0 +1,14 @@ +# Fail2Ban configuration file + +[Definition] +# Option: failregex +# Notes.: Regexp to catch a generic call from an IP address. +# Values: TEXT +# +failregex = ^ -.*"(GET|POST).*HTTP.*"$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/ubuntu/resources/fail2ban/sip-auth-challenge.conf b/Install_Scripts/ubuntu/resources/fail2ban/sip-auth-challenge.conf new file mode 100644 index 0000000..fcd4414 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fail2ban/sip-auth-challenge.conf @@ -0,0 +1,21 @@ +# Fail2Ban configuration file +# +# Author: soapee01 +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/ubuntu/resources/fail2ban/sip-auth-failure.conf b/Install_Scripts/ubuntu/resources/fail2ban/sip-auth-failure.conf new file mode 100755 index 0000000..0d4ee23 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fail2ban/sip-auth-failure.conf @@ -0,0 +1,21 @@ +# Fail2Ban configuration file +# +# Author: soapee01 +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/Install_Scripts/ubuntu/resources/finish.sh b/Install_Scripts/ubuntu/resources/finish.sh new file mode 100755 index 0000000..554f41b --- /dev/null +++ b/Install_Scripts/ubuntu/resources/finish.sh @@ -0,0 +1,145 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh + +#database details +database_host=127.0.0.1 +database_port=5432 +database_username=fusionpbx +if [ .$database_password = .'random' ]; then + database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +fi + +#allow the script to use the new password +export PGPASSWORD=$database_password + +#update the database password +sudo -u postgres psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';" +sudo -u postgres psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';" + +#install the database backup +cp backup/fusionpbx-backup /etc/cron.daily +cp backup/fusionpbx-maintenance /etc/cron.daily +chmod 755 /etc/cron.daily/fusionpbx-backup +chmod 755 /etc/cron.daily/fusionpbx-maintenance +sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-backup +sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-maintenance + +#add the config.php +mkdir -p /etc/fusionpbx +chown -R www-data:www-data /etc/fusionpbx +cp fusionpbx/config.php /etc/fusionpbx +sed -i /etc/fusionpbx/config.php -e s:"{database_host}:$database_host:" +sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:' +sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:" + +#add the database schema +cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1 + +#get the server hostname +if [ .$domain_name = .'hostname' ]; then + domain_name=$(hostname -f) +fi + +#get the ip address +if [ .$domain_name = .'ip_address' ]; then + domain_name=$(hostname -I | cut -d ' ' -f1) +fi + +#get the domain_uuid +domain_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); + +#add the domain name +psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');" + +#app defaults +cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php + +#add the user +user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); +user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); +user_name=$system_username +if [ .$system_password = .'random' ]; then + user_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +else + user_password=$system_password +fi +password_hash=$(php -r "echo md5('$user_salt$user_password');"); +psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');" + +#get the superadmin group_uuid +group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -t -c "select group_uuid from v_groups where group_name = 'superadmin';"); +group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//') + +#add the user to the group +user_group_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); +group_name=superadmin +psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');" + +#update xml_cdr url, user and password +xml_cdr_username=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +xml_cdr_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:127.0.0.1:" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:" + +#app defaults +cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php + +#restart freeswitch +/bin/systemctl daemon-reload +/bin/systemctl restart freeswitch + +#install the email_queue service +cp /var/www/fusionpbx/app/email_queue/resources/service/debian.service /etc/systemd/system/email_queue.service +systemctl enable email_queue +systemctl start email_queue +systemctl daemon-reload + +#install the event_guard service +cp /var/www/fusionpbx/app/event_guard/resources/service/debian.service /etc/systemd/system/event_guard.service +/bin/systemctl enable event_guard +/bin/systemctl start event_guard +/bin/systemctl daemon-reload + +#welcome message +echo "" +echo "" +verbose "Installation has completed." +echo "" +echo " Use a web browser to login." +echo " domain name: https://$domain_name" +echo " username: $user_name" +echo " password: $user_password" +echo "" +echo " The domain name in the browser is used by default as part of the authentication." +echo " If you need to login to a different domain then use username@domain." +echo " username: $user_name@$domain_name"; +echo "" +echo " Official FusionPBX Training" +echo " Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com." +echo " Available online and in person. Includes documentation and recording." +echo "" +echo " Location: Online" +echo " Admin Training: TBA" +echo " Advanced Training: TBA" +echo " Continuing Education: https://www.fusionpbx.com/training" +echo " Timezone: https://www.timeanddate.com/weather/usa/idaho" +echo "" +echo " Additional information." +echo " https://fusionpbx.com/members.php" +echo " https://fusionpbx.com/training.php" +echo " https://fusionpbx.com/support.php" +echo " https://www.fusionpbx.com" +echo " http://docs.fusionpbx.com" +echo "" + + + diff --git a/Install_Scripts/ubuntu/resources/fusionpbx.sh b/Install_Scripts/ubuntu/resources/fusionpbx.sh new file mode 100755 index 0000000..556b2e6 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fusionpbx.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh + +#send a message +verbose "Installing FusionPBX" + +#install dependencies +apt-get install -y vim git dbus haveged ssl-cert qrencode +apt-get install -y ghostscript libtiff5-dev libtiff-tools at + +#get the branch +if [ .$system_branch = .'master' ]; then + verbose "Using master" + branch="" +else + system_major=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1) + system_minor=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $system_major.* | cut -d/ -f3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2) + system_version=$system_major.$system_minor + verbose "Using version $system_version" + branch="-b $system_version" +fi + +#add the cache directory +mkdir -p /var/cache/fusionpbx +chown -R www-data:www-data /var/cache/fusionpbx + +#get the source code +git clone $branch https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx +chown -R www-data:www-data /var/www/fusionpbx diff --git a/Install_Scripts/ubuntu/resources/fusionpbx/config.php b/Install_Scripts/ubuntu/resources/fusionpbx/config.php new file mode 100755 index 0000000..7d2df2c --- /dev/null +++ b/Install_Scripts/ubuntu/resources/fusionpbx/config.php @@ -0,0 +1,47 @@ + + Portions created by the Initial Developer are Copyright (C) 2008-2016 + the Initial Developer. All Rights Reserved. + + Contributor(s): + Mark J Crane +*/ + +//set the database type + $db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection + +//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here. + //$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename + //$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable + +//pgsql: database connection information + $db_host = '{database_host}'; + $db_port = '5432'; + $db_name = 'fusionpbx'; + $db_username = '{database_username}'; + $db_password = '{database_password}'; + +//show errors + ini_set('display_errors', '1'); + //error_reporting (E_ALL); // Report everything + //error_reporting (E_ALL ^ E_NOTICE); // hide notices + error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings + +?> diff --git a/Install_Scripts/ubuntu/resources/ioncube.sh b/Install_Scripts/ubuntu/resources/ioncube.sh new file mode 100755 index 0000000..aef2661 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/ioncube.sh @@ -0,0 +1,94 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#make sure unzip is install +apt-get install -y unzip + +#remove the ioncube directory if it exists +if [ -d "ioncube" ]; then + rm -Rf ioncube; +fi + +#get the ioncube load and unzip it +if [ .$cpu_architecture = .'x86' ]; then + #get the ioncube 64 bit loader + wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.zip + + #uncompress the file + unzip ioncube_loaders_lin_x86-64.zip + + #remove the zip file + rm ioncube_loaders_lin_x86-64.zip +elif [ ."$cpu_architecture" = ."arm" ]; then + if [ .$cpu_name = .'armv7l' ]; then + #get the ioncube 64 bit loader + wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_armv7l.zip + + #uncompress the file + unzip ioncube_loaders_lin_armv7l.zip + + #remove the zip file + rm ioncube_loaders_lin_armv7l.zip + fi +fi + +#copy the loader to the correct directory +if [ ."$php_version" = ."5.6" ]; then + #copy the php extension .so into the php lib directory + cp ioncube/ioncube_loader_lin_5.6.so /usr/lib/php5/20131226 + + #add the 00-ioncube.ini file + echo "zend_extension = /usr/lib/php5/20131226/ioncube_loader_lin_5.6.so" > /etc/php5/fpm/conf.d/00-ioncube.ini + + #restart the service + service php5-fpm restart +fi +if [ ."$php_version" = ."7.0" ]; then + #copy the php extension .so into the php lib directory + cp ioncube/ioncube_loader_lin_7.0.so /usr/lib/php/20151012 + + #add the 00-ioncube.ini file + echo "zend_extension = /usr/lib/php/20151012/ioncube_loader_lin_7.0.so" > /etc/php/7.0/fpm/conf.d/00-ioncube.ini + + #restart the service + service php7.0-fpm restart +fi +if [ ."$php_version" = ."7.1" ]; then + #copy the php extension .so into the php lib directory + cp ioncube/ioncube_loader_lin_7.1.so /usr/lib/php/20160303 + + #add the 00-ioncube.ini file + echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/fpm/conf.d/00-ioncube.ini + + #restart the service + service php7.1-fpm restart +fi +if [ ."$php_version" = ."7.2" ]; then + #copy the php extension .so into the php lib directory + cp ioncube/ioncube_loader_lin_7.2.so /usr/lib/php/20170718 + + #add the 00-ioncube.ini file + echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/fpm/conf.d/00-ioncube.ini + echo "zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so" > /etc/php/7.2/cli/conf.d/00-ioncube.ini + + #restart the service + service php7.2-fpm restart +fi +if [ ."$php_version" = ."7.4" ]; then + #copy the php extension .so into the php lib directory + cp ioncube/ioncube_loader_lin_7.4.so /usr/lib/php/20190902 + + #add the 00-ioncube.ini file + echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/fpm/conf.d/00-ioncube.ini + echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/cli/conf.d/00-ioncube.ini + + #restart the service + service php7.4-fpm restart +fi diff --git a/Install_Scripts/ubuntu/resources/iptables.sh b/Install_Scripts/ubuntu/resources/iptables.sh new file mode 100755 index 0000000..a12ce7c --- /dev/null +++ b/Install_Scripts/ubuntu/resources/iptables.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +. ./config.sh +. ./colors.sh + +#send a message +verbose "Configuring IPTables" + +#run iptables commands +iptables -A INPUT -i lo -j ACCEPT +iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "exec." --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "exec." --algo bm --icase +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "system " --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "system " --algo bm --icase +iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase +iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase +iptables -A INPUT -p tcp --dport 22 -j ACCEPT +iptables -A INPUT -p tcp --dport 80 -j ACCEPT +iptables -A INPUT -p tcp --dport 443 -j ACCEPT +iptables -A INPUT -p tcp --dport 7443 -j ACCEPT +iptables -A INPUT -p tcp --dport 5060:5091 -j ACCEPT +iptables -A INPUT -p udp --dport 5060:5091 -j ACCEPT +iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT +iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT +iptables -A INPUT -p udp --dport 1194 -j ACCEPT +iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46 +iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 26 +iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 26 +iptables -P INPUT DROP +iptables -P FORWARD DROP +iptables -P OUTPUT ACCEPT + +#answer the questions for iptables persistent +echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections +echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections +apt-get install -y iptables-persistent diff --git a/Install_Scripts/ubuntu/resources/letsencrypt.sh b/Install_Scripts/ubuntu/resources/letsencrypt.sh new file mode 100755 index 0000000..841fe81 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/letsencrypt.sh @@ -0,0 +1,127 @@ +#!/bin/sh + +# FusionPBX - Install +# Mark J Crane +# Copyright (C) 2018 +# All Rights Reserved. + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh + +#remove dehyrdated letsencrypt script +rm /usr/local/sbin/dehydrated +rm -R /usr/src/dehydrated +#rm -R /etc/dehydrated/ +#rm -R /usr/src/dns-01-manual +#rm -R /var/www/dehydrated + +#request the domain name, email address and wild card domain +read -p 'Domain Name: ' domain_name +read -p 'Email Address: ' email_address + +#get and install dehydrated +cd /usr/src && git clone https://github.com/dehydrated-io/dehydrated.git +cd /usr/src/dehydrated +cp dehydrated /usr/local/sbin +mkdir -p /var/www/dehydrated +mkdir -p /etc/dehydrated/certs + +#wildcard detection +wilcard_domain=$(echo $domain_name | cut -c1-1) +if [ "$wilcard_domain" = "*" ]; then + wilcard_domain="true" +else + wilcard_domain="false" +fi + +#remove the wildcard and period +if [ .$wilcard_domain = ."true" ]; then + domain_name=$(echo "$domain_name" | cut -c3-255) +fi + +#manual dns hook +if [ .$wilcard_domain = ."true" ]; then + cd /usr/src + git clone https://github.com/gheja/dns-01-manual.git + cd /usr/src/dns-01-manual/ + cp hook.sh /etc/dehydrated/hook.sh + chmod 755 /etc/dehydrated/hook.sh +fi + +#copy config and hook.sh into /etc/dehydrated +cd /usr/src/dehydrated +cp docs/examples/config /etc/dehydrated +#cp docs/examples/hook.sh /etc/dehydrated + +#update the dehydrated config +#sed "s#CONTACT_EMAIL=#CONTACT_EMAIL=$email_address" -i /etc/dehydrated/config +sed -i 's/#CONTACT_EMAIL=/CONTACT_EMAIL="'"$email_address"'"/g' /etc/dehydrated/config +sed -i 's/#WELLKNOWN=/WELLKNOWN=/g' /etc/dehydrated/config + +#accept the terms +dehydrated --register --accept-terms --config /etc/dehydrated/config + +#set the domain alias +domain_alias=$(echo "$domain_name" | head -n1 | cut -d " " -f1) + +#create an alias when using wildcard dns +if [ .$wilcard_domain = ."true" ]; then + echo "*.$domain_name > $domain_name" > /etc/dehydrated/domains.txt +fi + +#add the domain name to domains.txt +if [ .$wilcard_domain = ."false" ]; then + echo "$domain_name" > /etc/dehydrated/domains.txt +fi + +#request the certificates +if [ .$wilcard_domain = ."true" ]; then + dehydrated --cron --domain *.$domain_name --preferred-chain "ISRG Root X1" --algo rsa --alias $domain_alias --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge dns-01 --hook /etc/dehydrated/hook.sh +fi +if [ .$wilcard_domain = ."false" ]; then + dehydrated --cron --preferred-chain "ISRG Root X1" --algo rsa --alias $domain_alias --config /etc/dehydrated/config --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge http-01 +fi + +#make sure the nginx ssl directory exists +mkdir -p /etc/nginx/ssl + +#update nginx config +sed "s@ssl_certificate /etc/ssl/certs/nginx.crt;@ssl_certificate /etc/dehydrated/certs/$domain_alias/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx +sed "s@ssl_certificate_key /etc/ssl/private/nginx.key;@ssl_certificate_key /etc/dehydrated/certs/$domain_alias/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx + +#read the config +/usr/sbin/nginx -t && /usr/sbin/nginx -s reload + +#setup freeswitch tls +if [ .$switch_tls = ."true" ]; then + + #make sure the freeswitch directory exists + mkdir -p /etc/freeswitch/tls + + #make sure the freeswitch certificate directory is empty + rm /etc/freeswitch/tls/* + + #combine the certs into all.pem + cat /etc/dehydrated/certs/$domain_alias/fullchain.pem > /etc/freeswitch/tls/all.pem + cat /etc/dehydrated/certs/$domain_alias/privkey.pem >> /etc/freeswitch/tls/all.pem + #cat /etc/dehydrated/certs/$domain_alias/chain.pem >> /etc/freeswitch/tls/all.pem + + #copy the certificates + cp /etc/dehydrated/certs/$domain_alias/cert.pem /etc/freeswitch/tls + cp /etc/dehydrated/certs/$domain_alias/chain.pem /etc/freeswitch/tls + cp /etc/dehydrated/certs/$domain_alias/fullchain.pem /etc/freeswitch/tls + cp /etc/dehydrated/certs/$domain_alias/privkey.pem /etc/freeswitch/tls + + #add symbolic links + ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem + ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem + ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem + ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem + + #set the permissions + chown -R www-data:www-data /etc/freeswitch/tls + +fi diff --git a/Install_Scripts/ubuntu/resources/letsencrypt/domain_name.conf b/Install_Scripts/ubuntu/resources/letsencrypt/domain_name.conf new file mode 100755 index 0000000..a6705bf --- /dev/null +++ b/Install_Scripts/ubuntu/resources/letsencrypt/domain_name.conf @@ -0,0 +1,22 @@ +# the domain we want to get the cert for; +# technically it's possible to have multiple of this lines, but it only worked +# with one domain for me, another one only got one cert, so I would recommend +# separate config files per domain. +domains = {domain_name} + +# increase key size +rsa-key-size = 2048 # Or 4096 + +# the current closed beta (as of 2015-Nov-07) is using this server +server = https://acme-v01.api.letsencrypt.org/directory + +# this address will receive renewal reminders +email = {email_address} + +# turn off the ncurses UI, we want this to be run as a cronjob +text = True + +# authenticate by placing a file in the webroot (under .well-known/acme-challenge/) +# and then letting LE fetch it +authenticator = webroot +webroot-path = /var/www/letsencrypt/ diff --git a/Install_Scripts/ubuntu/resources/nginx.sh b/Install_Scripts/ubuntu/resources/nginx.sh new file mode 100755 index 0000000..00e63ef --- /dev/null +++ b/Install_Scripts/ubuntu/resources/nginx.sh @@ -0,0 +1,67 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Installing the web server" + +#change the version of php for arm +if [ ."$cpu_architecture" = ."arm" ]; then + #Pi2 and Pi3 Raspbian + #Odroid + if [ ."$os_codename" = ."focal" ]; then + php_version=7.4 + else + php_version=5.6 + fi +fi + +#enable fusionpbx nginx config +cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx + +#prepare socket name +if [ ."$php_version" = ."5.6" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g' +fi +if [ ."$php_version" = ."7.0" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g' +fi +if [ ."$php_version" = ."7.1" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g' +fi +if [ ."$php_version" = ."7.2" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.2-fpm.sock;#g' +fi +if [ ."$php_version" = ."7.4" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.4-fpm.sock;#g' +fi +ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx + +#self signed certificate +ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key +ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt + +#remove the default site +rm /etc/nginx/sites-enabled/default + +#update config if LetsEncrypt folder is unwanted +if [ .$letsencrypt_folder = .false ]; then + sed -i '151,155d' /etc/nginx/sites-available/fusionpbx +fi + +#add the letsencrypt directory +if [ .$letsencrypt_folder = .true ]; then + mkdir -p /var/www/letsencrypt/ +fi + +#flush systemd cache +systemctl daemon-reload + +#restart nginx +service nginx restart diff --git a/Install_Scripts/ubuntu/resources/nginx/fusionpbx b/Install_Scripts/ubuntu/resources/nginx/fusionpbx new file mode 100755 index 0000000..f602bcf --- /dev/null +++ b/Install_Scripts/ubuntu/resources/nginx/fusionpbx @@ -0,0 +1,268 @@ + +server { + listen 127.0.0.1:80; + server_name 127.0.0.1; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 80M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Allow the upgrade routines to run longer than normal + location = /core/upgrade/index.php { + fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + fastcgi_read_timeout 15m; + } + + # Disable viewing .htaccess & .htpassword & .db & .git + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } + location ~ /.git/ { + deny all; + } +} + +server { + listen 80; + server_name fusionpbx; + + #redirect letsencrypt to dehydrated + location ^~ /.well-known/acme-challenge { + default_type "text/plain"; + auth_basic "off"; + alias /var/www/dehydrated; + } + + #rewrite rule - send to https with an exception for provisioning + if ($uri !~* ^.*(provision|xml_cdr).*$) { + rewrite ^(.*) https://$host$1 permanent; + break; + } + + #REST api + if ($uri ~* ^.*/api/.*$) { + rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last; + break; + } + + #algo + rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last; + + #mitel + rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last; + rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last; + + #grandstream + rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1; + rewrite "^.*/provision/pb/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml; + #grandstream-wave softphone by ext because Android doesn't pass MAC. + rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1; + + #aastra + rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg; + #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last; + + #yealink + #rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2; + rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last; + + #polycom + rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg"; + #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2; + rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg"; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml"; + + #cisco + rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last; + + #Escene + rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last; + rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last; + + #Vtech + rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 80M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Allow the upgrade routines to run longer than normal + location = /core/upgrade/index.php { + fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + fastcgi_read_timeout 15m; + } + + # Disable viewing .htaccess & .htpassword & .db & .git + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } + location ~ /.git/ { + deny all; + } +} + +server { + listen 443 ssl; + server_name fusionpbx; + + ssl_certificate /etc/ssl/certs/nginx.crt; + ssl_certificate_key /etc/ssl/private/nginx.key; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!ADH:!MD5:!aNULL; + #ssl_dhparam + + #redirect letsencrypt to dehydrated + location ^~ /.well-known/acme-challenge { + default_type "text/plain"; + auth_basic "off"; + alias /var/www/dehydrated; + } + + #REST api + if ($uri ~* ^.*/api/.*$) { + rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last; + break; + } + + #message media + rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last; + + #algo + rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last; + + #mitel + rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last; + rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last; + + #grandstream + rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1; + rewrite "^.*/provision/pb/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml; + #grandstream-wave softphone by ext because Android doesn't pass MAC. + rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1; + + #aastra + rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg; + #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last; + + #yealink + #rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2; + rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last; + + #polycom + rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg"; + #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2; + rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg"; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml"; + + #cisco + rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last; + + #Escene + rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last; + rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last; + + #Vtech + rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 80M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Allow the upgrade routines to run longer than normal + location = /core/upgrade/index.php { + fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + fastcgi_read_timeout 15m; + } + + # Disable viewing .htaccess & .htpassword & .db & .git + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } + location ~ /.git/ { + deny all; + } +} diff --git a/Install_Scripts/ubuntu/resources/php.sh b/Install_Scripts/ubuntu/resources/php.sh new file mode 100755 index 0000000..7a09aba --- /dev/null +++ b/Install_Scripts/ubuntu/resources/php.sh @@ -0,0 +1,106 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Configuring PHP" + +#add the repository +if [ ."$os_name" = ."Ubuntu" ]; then + #20.04.x - /*bionic/ + if [ ."$os_codename" = ."focal" ]; then + echo "Ubuntu 20.04 LTS\n" + php_version=7.4 + fi + #18.04.x - /*bionic/ + if [ ."$os_codename" = ."bionic" ]; then + echo "Ubuntu 18.04 LTS\n" + php_version=7.2 + fi + #16.10.x - */yakkety/ + #16.04.x - */xenial/ + #14.04.x - */trusty/ + if [ ."$os_codename" = ."trusty" ]; then + which add-apt-repository || apt-get install -y software-properties-common + LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php + fi +elif [ ."$cpu_architecture" = ."arm" ]; then + echo "arm" +fi +apt-get update -y + +#install dependencies +apt-get install -y nginx +if [ ."$php_version" = ."5.6" ]; then + apt-get install -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-gd +fi +if [ ."$php_version" = ."7.0" ]; then + apt-get install -y php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-xml php7.0-gd php7.0-mbstring +fi +if [ ."$php_version" = ."7.1" ]; then + apt-get install -y php7.1 php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd php7.1-mbstring +fi +if [ ."$php_version" = ."7.2" ]; then + apt-get install -y php7.2 php7.2-cli php7.2-fpm php7.2-pgsql php7.2-sqlite3 php7.2-odbc php7.2-curl php7.2-imap php7.2-xml php7.2-gd php7.2-mbstring +fi +if [ ."$php_version" = ."7.4" ]; then + apt-get install -y php7.4 php7.4-cli php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd php7.4-mbstring +fi + +#update config if source is being used +if [ ."$php_version" = ."5" ]; then + verbose "version 5.x" + php_ini_file='/etc/php5/fpm/php.ini' +fi +if [ ."$php_version" = ."7.0" ]; then + verbose "version 7.0" + php_ini_file='/etc/php/7.0/fpm/php.ini' +fi +if [ ."$php_version" = ."7.1" ]; then + verbose "version 7.1" + php_ini_file='/etc/php/7.1/fpm/php.ini' +fi +if [ ."$php_version" = ."7.2" ]; then + verbose "version 7.2" + php_ini_file='/etc/php/7.2/fpm/php.ini' +fi +if [ ."$php_version" = ."7.4" ]; then + verbose "version 7.4" + php_ini_file='/etc/php/7.4/fpm/php.ini' +fi +sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file +sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file +sed 's#;max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file +sed 's#; max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file + +#install ioncube +if [ .$cpu_architecture = .'x86' ]; then + . ./ioncube.sh +fi + +#restart php-fpm +systemctl daemon-reload +if [ ."$php_version" = ."5.6" ]; then + systemctl restart php5-fpm +fi +if [ ."$php_version" = ."7.0" ]; then + systemctl restart php7.0-fpm +fi +if [ ."$php_version" = ."7.1" ]; then + systemctl restart php7.1-fpm +fi +if [ ."$php_version" = ."7.2" ]; then + systemctl restart php7.2-fpm +fi +if [ ."$php_version" = ."7.4" ]; then + systemctl restart php7.4-fpm +fi +#init.d +#/usr/sbin/service php5-fpm restart +#/usr/sbin/service php7.0-fpm restart diff --git a/Install_Scripts/ubuntu/resources/postgresql.sh b/Install_Scripts/ubuntu/resources/postgresql.sh new file mode 100755 index 0000000..92b9efd --- /dev/null +++ b/Install_Scripts/ubuntu/resources/postgresql.sh @@ -0,0 +1,90 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +echo "Install PostgreSQL" + +#generate a random password +password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64) + +#install message +echo "Install PostgreSQL and create the database and users\n" + +#included in the distribution +if [ ."$database_repo" = ."system" ]; then + apt-get install -y sudo postgresql +fi + +#postgres official repository +if [ ."$database_repo" = ."official" ]; then + echo "deb http://apt.postgresql.org/pub/repos/apt/ $os_codename-pgdg main" > /etc/apt/sources.list.d/postgresql.list + wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - + apt-get update && apt-get upgrade -y + if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then + if [ ."$database_version" = ."latest" ]; then + apt-get install -y sudo postgresql + fi + if [ ."$database_version" = ."14" ]; then + apt-get install -y sudo postgresql-$database_version + fi + if [ ."$database_version" = ."13" ]; then + apt-get install -y sudo postgresql-$database_version + fi + fi +fi + +#add PostgreSQL and 2ndquadrant repos +if [ ."$database_repo" = ."2ndquadrant" ]; then + if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then + apt install -y curl + curl https://dl.2ndquadrant.com/default/release/get/deb | bash + if [ ."$os_codename" = ."focal" ]; then + sed -i /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list -e 's#focal#bionic#g' + fi + apt update + apt-get install -y sudo postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4 + fi +fi + +#add additional dependencies +apt install -y libpq-dev + +#systemd +systemctl daemon-reload +systemctl restart postgresql + +#init.d +#/usr/sbin/service postgresql restart + +#install the database backup +#cp backup/fusionpbx-backup /etc/cron.daily +#cp backup/fusionpbx-maintenance /etc/cron.daily +#chmod 755 /etc/cron.daily/fusionpbx-backup +#chmod 755 /etc/cron.daily/fusionpbx-maintenance +#sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-backup +#sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-maintenance + +#move to /tmp to prevent a red herring error when running sudo with psql +cwd=$(pwd) +cd /tmp + +#add the databases, users and grant permissions to them +sudo -u postgres psql -c "CREATE DATABASE fusionpbx;"; +sudo -u postgres psql -c "CREATE DATABASE freeswitch;"; +sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';" +sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;" +#ALTER USER fusionpbx WITH PASSWORD 'newpassword'; +cd $cwd + +#set the ip address +#server_address=$(hostname -I) diff --git a/Install_Scripts/ubuntu/resources/postgresql/create.sh b/Install_Scripts/ubuntu/resources/postgresql/create.sh new file mode 100755 index 0000000..0da9048 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/postgresql/create.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the working directory +cwd=$(pwd) +cd /tmp + +#set client encoding +sudo -u postgres psql -p $database_port -c "SET client_encoding = 'UTF8';"; + +#add the database users and databases +sudo -u postgres psql -p $database_port -c "CREATE DATABASE fusionpbx;"; +sudo -u postgres psql -p $database_port -c "CREATE DATABASE freeswitch;"; + +#add the users and grant permissions +sudo -u postgres psql -p $database_port -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';" +sudo -u postgres psql -p $database_port -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$database_password';" +sudo -u postgres psql -p $database_port -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;" +sudo -u postgres psql -p $database_port -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;" +sudo -u postgres psql -p $database_port -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;" + +#restart postgres +service postgresql restart diff --git a/Install_Scripts/ubuntu/resources/postgresql/dsn.sh b/Install_Scripts/ubuntu/resources/postgresql/dsn.sh new file mode 100755 index 0000000..7728d1d --- /dev/null +++ b/Install_Scripts/ubuntu/resources/postgresql/dsn.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the date +now=$(date +%Y-%m-%d) + +#get the database password +if [ .$database_password = .'random' ]; then + read -p "Enter the database password: " database_password +fi + +#whether to load the schema +read -p "Auto create schemas (y/n): " auto_create_schema + +#whether to load the schema +read -p "Load schema with primary keys (y/n): " load_schema + +#set PGPASSWORD +export PGPASSWORD=$database_password + +#disable auto create schemas +if [ .$auto_create_schema = ."n" ]; then + sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'::' +fi + +#load the schema +if [ .$load_schema = ."y" ]; then + sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d freeswitch -c "create extension pgcrypto;"; + sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d freeswitch -f /var/www/fusionpbx/resources/install/sql/switch.sql -L /tmp/schema.log; +fi + +#enable odbc-dsn in the xml +sed -i /etc/freeswitch/autoload_configs/db.conf.xml -e s:'::' +sed -i /etc/freeswitch/autoload_configs/fifo.conf.xml -e s:'::' +sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'::' + +#enable odbc-dsn in the sip profiles +sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "update v_sip_profile_settings set sip_profile_setting_enabled = 'true' where sip_profile_setting_name = 'odbc-dsn';"; + +#add the dsn variables +sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);"; +sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'pgsql://hostaddr=$database_host port=$database_port dbname=freeswitch user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);"; +sudo -u postgres psql -h $database_host -p $database_port -U freeswitch -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///var/lib/freeswitch/db/callcenter.db', 'DSN', 'true', '0', null, null);"; + +#add the +echo "" >> /etc/freeswitch/vars.xml +echo "" >> /etc/freeswitch/vars.xml +echo "" >> /etc/freeswitch/vars.xml +echo "" >> /etc/freeswitch/vars.xml + +#remove the sqlite database files +dbs="/var/lib/freeswitch/db/core.db /var/lib/freeswitch/db/fifo.db /var/lib/freeswitch/db/call_limit.db /var/lib/freeswitch/db/sofia_reg_*" +for db in ${dbs}; +do + if [ -f $db ]; then + echo "Deleting $db"; + rm $db + fi +done + +#flush memcache +/usr/bin/fs_cli -x 'memcache flush' + +#restart freeswitch +service freeswitch restart diff --git a/Install_Scripts/ubuntu/resources/postgresql/empty.sh b/Install_Scripts/ubuntu/resources/postgresql/empty.sh new file mode 100755 index 0000000..e65914c --- /dev/null +++ b/Install_Scripts/ubuntu/resources/postgresql/empty.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +#database settings +db_host=127.0.0.1 +db_port=5432 + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the database password +export PGPASSWORD=$database_password + +#set the date +now=$(date +%Y-%m-%d) + +#make sure the backup directory exists +mkdir -p /var/backups/fusionpbx/postgresql + +#backup the database +pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_auto_$now.sql + +#empty the fusionpbx database +sudo -u postgres psql -d fusionpbx -c "drop schema public cascade;"; +sudo -u postgres psql -d fusionpbx -c "create schema public;"; diff --git a/Install_Scripts/ubuntu/resources/postgresql/iptables.sh b/Install_Scripts/ubuntu/resources/postgresql/iptables.sh new file mode 100755 index 0000000..13261fc --- /dev/null +++ b/Install_Scripts/ubuntu/resources/postgresql/iptables.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the date +now=$(date +%Y-%m-%d) + +#show this server's addresses +server_address=$(hostname -I); +echo "This Server Address: $server_address" + +#nodes addresses +read -p "Enter all Node IP Addresses: " nodes + +#determine whether to add iptable rules +read -p 'Add iptable rules (y/n): ' iptables_add + +#settings summary +echo "-----------------------------"; +echo " Summary"; +echo "-----------------------------"; +echo "All Node IP Addresses: $nodes"; +echo "Add iptable rules: $iptables_add"; +echo ""; + +#verify +read -p 'Is the information correct (y/n): ' verified +if [ .$verified != ."y" ]; then + echo "Goodbye"; + exit 0; +fi + +#iptables rules +if [ .$iptables_add = ."y" ]; then + for node in $nodes; do + iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32 + iptables -A INPUT -j ACCEPT -p tcp --dport 22000 -s ${node}/32 + done + apt-get remove iptables-persistent -y + echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections + apt-get install -y iptables-persistent +fi + +#set the working directory +cwd=$(pwd) +cd /tmp + +#message to user +echo "Completed" diff --git a/Install_Scripts/ubuntu/resources/postgresql/node.sh b/Install_Scripts/ubuntu/resources/postgresql/node.sh new file mode 100755 index 0000000..cd03bb5 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/postgresql/node.sh @@ -0,0 +1,172 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the date +now=$(date +%Y-%m-%d) + +#set the database password +if [ .$database_password = .'random' ]; then + database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +fi + +#show this server's addresses +server_address=$(hostname -I); +echo "This Server Address: $server_address" + +#nodes addresses +read -p "Enter all Node IP Addresses: " nodes + +#request the domain and email +read -p 'Create Group (y/n): ' group_create +if [ .$group_create = ."y" ]; then + read -p 'Enter this Nodes Address: ' node_1; +else + read -p 'Join using node already in group: ' node_1; + read -p 'Enter this Nodes Address: ' node_2; +fi + +#determine which database to replicate +read -p 'Replicate the FusionPBX Database (y/n): ' system_replicate + +#determine which database to replicate +read -p 'Replicate the FreeSWITCH Database (y/n): ' switch_replicate + +#determine whether to add iptable rules +read -p 'Add iptable rules (y/n): ' iptables_add + +#settings summary +echo "-----------------------------"; +echo " Summary"; +echo "-----------------------------"; +echo "Create Group: $group_create"; +echo "All Node IP Addresses: $nodes"; +if [ .$group_create = ."y" ]; then + echo "This Nodes Address: $node_1"; +else + echo "Join using node in group: $node_1"; + echo "This Node Address: $node_2"; +fi +echo "Replicate the FusionPBX Database: $system_replicate"; +echo "Replicate the FreeSWITCH Database: $switch_replicate"; +echo "Add iptable rules: $iptables_add"; +echo ""; + +#verify +read -p 'Is the information correct (y/n): ' verified +if [ .$verified != ."y" ]; then + echo "Goodbye"; + exit 0; +fi + +#add the 2ndquadrant repo +if [ .$database_version = ."9.6" ]; then + echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' > /etc/apt/sources.list.d/2ndquadrant.list + /usr/bin/wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add - + apt-get update && apt-get upgrade -y + apt-get install -y sudo postgresql-9.6-bdr-plugin +fi + +#iptables rules +if [ .$iptables_add = ."y" ]; then + for node in $nodes; do + iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32 + iptables -A INPUT -j ACCEPT -p tcp --dport 22000 -s ${node}/32 + done + apt-get remove iptables-persistent -y + echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections + apt-get install -y iptables-persistent +fi + +#setup ssl +sed -i /etc/postgresql/$database_version/main/postgresql.conf -e s:'snakeoil.key:snakeoil-postgres.key:' +cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil-postgres.key +chown postgres:postgres /etc/ssl/private/ssl-cert-snakeoil-postgres.key +chmod 600 /etc/ssl/private/ssl-cert-snakeoil-postgres.key + +#postgresql.conf - append settings +cp /etc/postgresql/$database_version/main/postgresql.conf /etc/postgresql/$database_version/main/postgresql.conf-$now +#cat ../postgresql/postgresql.conf > /etc/postgresql/$database_version/main/postgresql.conf +echo "listen_addresses = '*'" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "#listen_addresses = '127.0.0.1,xxx.xxx.xxx.xxx'" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "shared_preload_libraries = 'bdr'" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "wal_level = 'logical'" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "track_commit_timestamp = on" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "max_connections = 100" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "max_wal_senders = 10" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "max_replication_slots = 48" >> /etc/postgresql/$database_version/main/postgresql.conf +echo "max_worker_processes = 48" >> /etc/postgresql/$database_version/main/postgresql.conf + +#pg_hba.conf - append settings +cp /etc/postgresql/$database_version/main/pg_hba.conf /etc/postgresql/$database_version/main/pg_hba.conf-$now +cat ../postgresql/pg_hba.conf > /etc/postgresql/$database_version/main/pg_hba.conf +#chmod 640 /etc/postgresql/$database_version/main/pg_hba.conf +#chown -R postgres:postgres /etc/postgresql/$database_version/main +echo "host all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +echo "hostssl all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +echo "hostssl replication postgres 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +for node in $nodes; do + echo "host all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf + echo "hostssl all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf + echo "hostssl replication postgres ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +done + +#reload configuration +systemctl daemon-reload + +#restart postgres +service postgresql restart + +#set the working directory +cwd=$(pwd) +cd /tmp + +#add the postgres extensions +sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION btree_gist;"; +sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION bdr;"; +sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION btree_gist;"; +sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION bdr;"; + +#add master nodes +if [ .$group_create = ."y" ]; then + #add first node + if [ .$system_replicate = ."y" ]; then + sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');"; + fi + if [ .$switch_replicate = ."y" ]; then + sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');"; + fi +else + #add additional master nodes + if [ .$system_replicate = ."y" ]; then + sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');"; + fi + if [ .$switch_replicate = ."y" ]; then + sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');"; + fi +fi + +#load the freeswitch database +#sudo -u postgres psql -d freeswitch -f /var/www/fusionpbx/resources/install/sql/switch.sql -L /tmp/switch-sql.log + +#sleeping +if [ .$group_create = ."n" ]; then + echo "Sleeping for 15 seconds"; + for i in `seq 1 15`; do + echo $i + sleep 1 + done +fi + +#add extension pgcrypto +if [ .$group_create = ."n" ]; then + sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION pgcrypto;"; +fi + +#message to user +echo "Completed" diff --git a/Install_Scripts/ubuntu/resources/postgresql/pg_hba.conf b/Install_Scripts/ubuntu/resources/postgresql/pg_hba.conf new file mode 100755 index 0000000..8e8dae9 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/postgresql/pg_hba.conf @@ -0,0 +1,97 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", +# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that +# "password" sends passwords in clear text; "md5" is preferred since +# it sends encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can +# use "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database superuser can access the database using some other method. +# Noninteractive access to all databases is required during automatic +# maintenance (custom daily cronjobs, replication, and similar tasks). +# +# Database administrative login by Unix domain socket +local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all peer +# IPv4 local connections: +host all all 127.0.0.1/32 trust +# IPv6 local connections: +host all all ::1/128 md5 +# Allow replication connections from localhost, by a user with the +# replication privilege. +#local replication postgres peer +#host replication postgres 127.0.0.1/32 md5 +#host replication postgres ::1/128 md5 diff --git a/Install_Scripts/ubuntu/resources/postgresql/pg_hba.sh b/Install_Scripts/ubuntu/resources/postgresql/pg_hba.sh new file mode 100755 index 0000000..4609a91 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/postgresql/pg_hba.sh @@ -0,0 +1,62 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the date +now=$(date +%Y-%m-%d) + +#show this server's addresses +server_address=$(hostname -I); +echo "This Server Address: $server_address" + +#nodes addresses +read -p "Enter all Node IP Addresses: " nodes + +#determine whether to add iptable rules +read -p 'Add ip address to pg_hba (y/n): ' pg_hba_add + +#settings summary +echo "-----------------------------"; +echo " Summary"; +echo "-----------------------------"; +echo "All Node IP Addresses: $nodes"; +echo "Add ip addresses to pg_hba: $pg_hba_add"; +echo ""; + +#verify +read -p 'Is the information correct (y/n): ' verified +if [ .$verified != ."y" ]; then + echo "Goodbye"; + exit 0; +fi + +#pg_hba.conf - append settings +cp /etc/postgresql/$database_version/main/pg_hba.conf /etc/postgresql/$database_version/main/pg_hba.conf-$now +cat ../postgresql/pg_hba.conf > /etc/postgresql/$database_version/main/pg_hba.conf +#chmod 640 /etc/postgresql/$database_version/main/pg_hba.conf +#chown -R postgres:postgres /etc/postgresql/$database_version/main +echo "host all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +echo "hostssl all all 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +echo "hostssl replication postgres 127.0.0.1/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +for node in $nodes; do + echo "host all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf + echo "hostssl all all ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf + echo "hostssl replication postgres ${node}/32 trust" >> /etc/postgresql/$database_version/main/pg_hba.conf +done + +#reload configuration +systemctl daemon-reload + +#restart postgres +service postgresql restart + +#set the working directory +cwd=$(pwd) +cd /tmp + +#message to user +echo "Completed" diff --git a/Install_Scripts/ubuntu/resources/postgresql/postgresql.conf b/Install_Scripts/ubuntu/resources/postgresql/postgresql.conf new file mode 100755 index 0000000..e0c0b75 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/postgresql/postgresql.conf @@ -0,0 +1,618 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, or use "pg_ctl reload". Some +# parameters, which are marked below, require a server shutdown and restart to +# take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +data_directory = '/var/lib/postgresql/9.4/main' # use data in another directory + # (change requires restart) +hba_file = '/etc/postgresql/9.4/main/pg_hba.conf' # host-based authentication file + # (change requires restart) +ident_file = '/etc/postgresql/9.4/main/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +external_pid_file = '/var/run/postgresql/9.4-main.pid' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +#listen_addresses = 'localhost' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +ssl = true # (change requires restart) +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + # (change requires restart) +#ssl_prefer_server_ciphers = on # (change requires restart) +#ssl_ecdh_curve = 'prime256v1' # (change requires restart) +#ssl_renegotiation_limit = 0 # amount of data between renegotiations +ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change requires restart) +ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil-postgres.key' # (change requires restart) +#ssl_ca_file = '' # (change requires restart) +#ssl_crl_file = '' # (change requires restart) +#password_encryption = on +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + +# - Disk - + +#temp_file_limit = -1 # limits per-session temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +#wal_level = minimal # minimal, archive, hot_standby, or logical + # (change requires restart) +#fsync = on # turns forced synchronization on or off +#synchronous_commit = on # synchronization level; + # off, local, remote_write, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each +#checkpoint_timeout = 5min # range 30s-1h +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # allows archiving to be done + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +#max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +#max_replication_slots = 0 # max number of replication slots +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = off # "on" allows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'pg_log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' + +# This is only relevant when logging to eventlog (win32): +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'UTC' + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#update_process_title = on +stats_temp_directory = '/var/run/postgresql/9.4-main.pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user",public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'UTC' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'en_US.UTF-8' # locale for system error message + # strings +lc_monetary = 'en_US.UTF-8' # locale for monetary formatting +lc_numeric = 'en_US.UTF-8' # locale for number formatting +lc_time = 'en_US.UTF-8' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#quote_all_identifiers = off +#sql_inheritance = on +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here +listen_addresses = '*' +#listen_addresses = '127.0.0.1,xxx.xxx.xxx.xxx' +shared_preload_libraries = 'bdr' +wal_level = 'logical' +track_commit_timestamp = on +max_connections = 100 +max_wal_senders = 10 +max_replication_slots = 48 +max_worker_processes = 48 diff --git a/Install_Scripts/ubuntu/resources/random.sh b/Install_Scripts/ubuntu/resources/random.sh new file mode 100755 index 0000000..d00fc00 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/random.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +random=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +echo $random diff --git a/Install_Scripts/ubuntu/resources/reboot_phones.sh b/Install_Scripts/ubuntu/resources/reboot_phones.sh new file mode 100755 index 0000000..17e6611 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/reboot_phones.sh @@ -0,0 +1,37 @@ +#!/bin/bash +#This script will reboot all the phones in a particular domain for a specified model. A pause is optional. + +#gather parameters +read -p "Enter the Domain to Reboot (example: abc.net):" domain +read -p "Enter the phone type to reboot (polycom, yealink, cisco):" vendor +read -p "Enter the time in seconds to pause between phones:" pausetime + +#create a temp file +NOW=$(date +"%Y%m%d_%H%M%S") +FILE="registrations-$NOW.csv" + +#gather the registrations from freeswitch +eval 'fs_cli -x "show registrations" > $FILE' + +#create some variables +N=0 +ARR=() + +#set the internal field separator +IFS="," +INPUT=$FILE + +#Loop through the registrations and reboot +[ ! -f $INPUT ] &while read reg_user realm extra +do + if [ ."$realm" = ."$domain" ]; then + eval 'fs_cli -x "luarun app.lua event_notify internal reboot $reg_user@$realm $vendor"' + if [ "$pausetime" > 0 ]; then + sleep $pausetime + fi + fi +done < $INPUT +IFS=$OLDIFS + +#remove the file +rm $FILE diff --git a/Install_Scripts/ubuntu/resources/reset_admin_password.sh b/Install_Scripts/ubuntu/resources/reset_admin_password.sh new file mode 100755 index 0000000..75bd60c --- /dev/null +++ b/Install_Scripts/ubuntu/resources/reset_admin_password.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh + +#count the users +admin_users=$(sudo -u postgres psql fusionpbx -Atc "select count(*) from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'") + +if [ .$admin_users = .'0' ]; then + error "i could not find the user '$system_username' in the database, check your resources/config.sh is correct" +elif [ .$admin_users = .'' ]; then + error "something went wrong, see errors above"; +else + admin_uuids=$(sudo -u postgres psql fusionpbx -Atc "select v_users.user_uuid from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'") + for admin_uuid in $admin_uuids; do + user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); + if [ .$system_password = .'random' ]; then + user_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g') + else + user_password=$system_password + fi + password_hash=$(php -r "echo md5('$user_salt$user_password');"); + sudo -u postgres psql fusionpbx -c "update v_users SET password='$password_hash', salt='$user_salt' where user_uuid='$admin_uuid'" + admin_domain=$(sudo -u postgres psql fusionpbx -Atc "select domain_name from v_users JOIN v_domains USING (domain_uuid) where username='$system_username'") + verbose " $system_username@$admin_domain has had it's password reset." + verbose " password: $user_password" + done +fi diff --git a/Install_Scripts/ubuntu/resources/sngrep.sh b/Install_Scripts/ubuntu/resources/sngrep.sh new file mode 100755 index 0000000..36a1745 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/sngrep.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#add sngrep +if [ ."$cpu_architecture" = ."arm" ]; then + #source install + apt-get install -y git autoconf automake gcc make libncurses5-dev libpcap-dev libssl-dev libpcre3-dev + cd /usr/src && git clone https://github.com/irontec/sngrep + cd /usr/src/sngrep && ./bootstrap.sh + cd /usr/src/sngrep && ./configure + cd /usr/src/sngrep && make install +else + #package install + apt-get update + apt-get install -y sngrep +fi diff --git a/Install_Scripts/ubuntu/resources/switch.sh b/Install_Scripts/ubuntu/resources/switch.sh new file mode 100755 index 0000000..efed837 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch.sh @@ -0,0 +1,51 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh + +if [ .$switch_source = .true ]; then + if [ ."$switch_branch" = "master" ]; then + switch/source-master.sh + else + switch/source-release.sh + fi + + #copy the switch conf files to /etc/freeswitch + switch/conf-copy.sh + + #set the file permissions + #switch/source-permissions.sh + switch/package-permissions.sh + + #systemd service + #switch/source-systemd.sh + switch/package-systemd.sh +fi + +if [ .$switch_package = .true ]; then + if [ ."$switch_branch" = "master" ]; then + if [ .$switch_package_all = .true ]; then + switch/package-master-all.sh + else + switch/package-master.sh + fi + else + if [ .$switch_package_all = .true ]; then + switch/package-all.sh + else + switch/package-release.sh + fi + fi + + #copy the switch conf files to /etc/freeswitch + switch/conf-copy.sh + + #set the file permissions + switch/package-permissions.sh + + #systemd service + switch/package-systemd.sh +fi diff --git a/Install_Scripts/ubuntu/resources/switch/conf-copy.sh b/Install_Scripts/ubuntu/resources/switch/conf-copy.sh new file mode 100755 index 0000000..8d910a8 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/conf-copy.sh @@ -0,0 +1,3 @@ +mv /etc/freeswitch /etc/freeswitch.orig +mkdir /etc/freeswitch +cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch diff --git a/Install_Scripts/ubuntu/resources/switch/dsn.sh b/Install_Scripts/ubuntu/resources/switch/dsn.sh new file mode 100755 index 0000000..b96c5b7 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/dsn.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the date +now=$(date +%Y-%m-%d) + +#get the database password +if [ .$database_password = .'random' ]; then + read -p "Enter the database password: " database_password +fi + +#set PGPASSWORD +export PGPASSWORD=$database_password + +#enable auto create schemas +sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'::' +sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'::' + +#enable odbc-dsn in the xml +sed -i /etc/freeswitch/autoload_configs/db.conf.xml -e s:'::' +sed -i /etc/freeswitch/autoload_configs/fifo.conf.xml -e s:'::' +sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'::' + +#enable odbc-dsn in the sip profiles +sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "update v_sip_profile_settings set sip_profile_setting_enabled = 'true' where sip_profile_setting_name = 'odbc-dsn';"; + +#add the dsn variables +sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);"; +sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'sqlite:///dev/shm/core.db', 'DSN', 'true', '0', null, null);"; +sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///dev/shm/callcenter.db', 'DSN', 'true', '0', null, null);"; + +#update the vars.xml file +echo "" >> /etc/freeswitch/vars.xml +echo "" >> /etc/freeswitch/vars.xml +echo "" >> /etc/freeswitch/vars.xml +echo "" >> /etc/freeswitch/vars.xml + +#remove the sqlite database files +dbs="/var/lib/freeswitch/db/core.db /var/lib/freeswitch/db/fifo.db /var/lib/freeswitch/db/call_limit.db /var/lib/freeswitch/db/sofia_reg_*" +for db in ${dbs}; +do + if [ -f $db ]; then + echo "Deleting $db"; + rm $db + fi +done + +#flush memcache +/usr/bin/fs_cli -x 'memcache flush' + +#restart freeswitch +service freeswitch restart diff --git a/Install_Scripts/ubuntu/resources/switch/package-all.sh b/Install_Scripts/ubuntu/resources/switch/package-all.sh new file mode 100755 index 0000000..095636f --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/package-all.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh +. ../colors.sh +. ../environment.sh + +apt-get update && apt-get install -y ntp curl memcached haveged + +if [ ."$cpu_architecture" = ."arm" ]; then + echo "deb http://repo.sip247.com/debian/freeswitch-stable-armhf/ jessie main" > /etc/apt/sources.list.d/freeswitch.list + curl http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add - +else + echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list + curl http://files.freeswitch.org/repo/deb/freeswitch-1.6/key.gpg | apt-key add - +fi +apt-get update && apt-get install -y freeswitch-meta-all freeswitch-all-dbg gdb + +#make sure that postgresql is started before starting freeswitch +sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:' diff --git a/Install_Scripts/ubuntu/resources/switch/package-master-all.sh b/Install_Scripts/ubuntu/resources/switch/package-master-all.sh new file mode 100755 index 0000000..bfc2320 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/package-master-all.sh @@ -0,0 +1,9 @@ +#!/bin/sh +apt-get update && apt-get install -y ntp curl memcached haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list +apt-get update && apt-get install -y freeswitch-meta-all freeswitch-all-dbg gdb + +#make sure that postgresql is started before starting freeswitch +sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:' diff --git a/Install_Scripts/ubuntu/resources/switch/package-master.sh b/Install_Scripts/ubuntu/resources/switch/package-master.sh new file mode 100755 index 0000000..2db0c1e --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/package-master.sh @@ -0,0 +1,29 @@ +#!/bin/sh +apt-get update && apt-get install -y curl memcached haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list +apt-get update +apt-get install -y ntp gdb +apt-get install -y freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor +apt-get install -y freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie +apt-get install -y freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback +apt-get install -y freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi +apt-get install -y freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg +apt-get install -y freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say +apt-get install -y freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout +apt-get install -y freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache +apt-get install -y freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite +apt-get install -y freeswitch-mod-pgsql +apt-get install -y freeswitch-music-default + +#make sure that postgresql is started before starting freeswitch +sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:' + +#remove the music package to protect music on hold from package updates +mkdir -p /usr/share/freeswitch/sounds/temp +mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp +apt-get remove -y freeswitch-music-default +mkdir -p /usr/share/freeswitch/sounds/music/default +mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default +rm -R /usr/share/freeswitch/sounds/temp diff --git a/Install_Scripts/ubuntu/resources/switch/package-permissions.sh b/Install_Scripts/ubuntu/resources/switch/package-permissions.sh new file mode 100755 index 0000000..0ecf211 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/package-permissions.sh @@ -0,0 +1,7 @@ +#default permissions +chown -R www-data:www-data /etc/freeswitch +chown -R www-data:www-data /var/lib/freeswitch +chown -R www-data:www-data /usr/share/freeswitch +chown -R www-data:www-data /var/log/freeswitch +chown -R www-data:www-data /var/run/freeswitch +chown -R www-data:www-data /var/cache/fusionpbx diff --git a/Install_Scripts/ubuntu/resources/switch/package-release.sh b/Install_Scripts/ubuntu/resources/switch/package-release.sh new file mode 100755 index 0000000..2abc893 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/package-release.sh @@ -0,0 +1,47 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh +. ../colors.sh +. ../environment.sh + +apt-get update && apt-get install -y curl memcached haveged apt-transport-https + +if [ ."$os_codename" = ."xenial" ]; then + wget -O - https://files.freeswitch.org/repo/ubuntu-1604/freeswitch-1.6/freeswitch_archive_g0.pub | apt-key add - + echo "deb http://files.freeswitch.org/repo/ubuntu-1604/freeswitch-1.6/ xenial main" > /etc/apt/sources.list.d/freeswitch.list +else + wget -O - https://files.freeswitch.org/repo/ubuntu-1604/freeswitch-1.6/freeswitch_archive_g0.pub | apt-key add - + echo "deb http://files.freeswitch.org/repo/ubuntu-1604/freeswitch-1.6/ xenial main" > /etc/apt/sources.list.d/freeswitch.list +fi + +apt-get update +apt-get install -y gdb ntp +apt-get install -y freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-mod-console freeswitch-mod-logfile +apt-get install -y freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie +apt-get install -y freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback +apt-get install -y freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo freeswitch-mod-httapi +apt-get install -y freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg +apt-get install -y freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say +apt-get install -y freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout +apt-get install -y freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache +apt-get install -y freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory +apt-get install -y freeswitch-mod-flite freeswitch-mod-distributor freeswitch-meta-codecs +apt-get install -y freeswitch-mod-pgsql +apt-get install -y freeswitch-music-default +apt-get install -y libyuv-dev + +#make sure that postgresql is started before starting freeswitch +sed -i /lib/systemd/system/freeswitch.service -e s:'local-fs.target:local-fs.target postgresql.service:' + +#remove the music package to protect music on hold from package updates +mkdir -p /usr/share/freeswitch/sounds/temp +mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp +mv /usr/share/freeswitch/sounds/music/default/*000 /usr/share/freeswitch/sounds/temp +apt-get remove -y freeswitch-music-default +mkdir -p /usr/share/freeswitch/sounds/music/default +mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default +rm -R /usr/share/freeswitch/sounds/temp diff --git a/Install_Scripts/ubuntu/resources/switch/package-systemd.sh b/Install_Scripts/ubuntu/resources/switch/package-systemd.sh new file mode 100755 index 0000000..9bc629c --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/package-systemd.sh @@ -0,0 +1,13 @@ +apt-get remove -y freeswitch-systemd +cp "$(dirname $0)/source/freeswitch.service.package" /lib/systemd/system/freeswitch.service +cp "$(dirname $0)/source/etc.default.freeswitch.package" /etc/default/freeswitch +chmod 644 /lib/systemd/system/freeswitch.service +if [ -e /proc/user_beancounters ] +then + #Disable CPU Scheduler for OpenVZ, not supported on OpenVZ." + sed -i -e "s/CPUSchedulingPolicy=rr/;CPUSchedulingPolicy=rr/g" /lib/systemd/system/freeswitch.service +fi +systemctl enable freeswitch +systemctl unmask freeswitch.service +systemctl daemon-reload +systemctl start freeswitch diff --git a/Install_Scripts/ubuntu/resources/switch/source-master.sh b/Install_Scripts/ubuntu/resources/switch/source-master.sh new file mode 100755 index 0000000..b59b93b --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/source-master.sh @@ -0,0 +1,41 @@ +#!/bin/sh +echo "Installing the FreeSWITCH source" +DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev +apt-get install -y unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev libpq-dev libvlc-dev + +apt-get update && apt-get install -y ntp curl haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +apt-get update && apt-get upgrade +apt-get install -y freeswitch-video-deps-most + +git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch +cd /usr/src/freeswitch + +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_pgsql:formats/mod_pgsql:' +./bootstrap.sh -j +#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs +./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs + +#make mod_shout-install +make +rm -rf /usr/local/freeswitch/{lib,mod,bin}/* +make install +make sounds-install moh-install +make hd-sounds-install hd-moh-install +make cd-sounds-install cd-moh-install + +#move the music into music/default directory +mkdir -p /usr/local/freeswitch/sounds/music/default +mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default + +#configure system service +ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli +cp "$(dirname $0)/source/freeswitch.service" /lib/systemd/system/freeswitch.service diff --git a/Install_Scripts/ubuntu/resources/switch/source-permissions.sh b/Install_Scripts/ubuntu/resources/switch/source-permissions.sh new file mode 100755 index 0000000..4a6906e --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/source-permissions.sh @@ -0,0 +1,5 @@ +#setup owner and group, permissions and sticky +chmod -R ug+rw /usr/local/freeswitch +touch /usr/local/freeswitch/freeswitch.log +chown -R www-data:www-data /usr/local/freeswitch +find /usr/local/freeswitch -type d -exec chmod 2770 {} \; diff --git a/Install_Scripts/ubuntu/resources/switch/source-release.sh b/Install_Scripts/ubuntu/resources/switch/source-release.sh new file mode 100755 index 0000000..894c1d2 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/source-release.sh @@ -0,0 +1,119 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#upgrade packages +apt update && apt upgrade -y + +# install dependencies +apt install -y autoconf automake devscripts g++ git-core libncurses5-dev libtool make libjpeg-dev \ + pkg-config flac libgdbm-dev libdb-dev gettext sudo equivs mlocate git dpkg-dev libpq-dev \ + liblua5.2-dev libtiff5-dev libperl-dev libcurl4-openssl-dev libsqlite3-dev libpcre3-dev \ + devscripts libspeexdsp-dev libspeex-dev libldns-dev libedit-dev libopus-dev libmemcached-dev \ + libshout3-dev libmpg123-dev libmp3lame-dev yasm nasm libsndfile1-dev libuv1-dev libvpx-dev \ + libavformat-dev libswscale-dev libspandsp-dev pip libpq-dev libvlc-dev + +# additional dependencies +apt install -y swig3.0 unzip sox wget + +#we are about to move out of the executing directory so we need to preserve it to return after we are done +CWD=$(pwd) + +if [ $(echo "$switch_version" | tr -d '.') -gt 1103 ] +then +# libks build-requirements +#apt install -y cmake uuid-dev + +# libks +#cd /usr/src +#git clone https://github.com/signalwire/libks.git libks +#cd libks +#cmake . +#make +#make install + +# libks C includes +#export C_INCLUDE_PATH=/usr/include/libks + +# sofia-sip +cd /usr/src +#git clone https://github.com/freeswitch/sofia-sip.git sofia-sip +wget https://github.com/freeswitch/sofia-sip/archive/refs/tags/v$sofia_version.zip +unzip v$sofia_version.zip +rm -R sofia-sip +mv sofia-sip-$sofia_version sofia-sip +cd sofia-sip +sh autogen.sh +./configure +make +make install + +# spandsp +cd /usr/src +git clone https://github.com/freeswitch/spandsp.git spandsp +cd spandsp +sh autogen.sh +./configure +make +make install +ldconfig +fi + +echo "Using version $switch_version" +cd /usr/src +#git clone -b v1.8 https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch +#1.8 and older +#wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.zip +#unzip freeswitch-$switch_version.zip +#rm -R freeswitch +#mv freeswitch-$switch_version freeswitch +#cd /usr/src/freeswitch +#1.10.0 and newer +wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$switch_version.-release.zip -O freeswitch-$switch_version.-release.zip +unzip freeswitch-$switch_version.-release.zip +rm -R freeswitch +mv freeswitch-$switch_version.-release freeswitch +cd /usr/src/freeswitch + +# bootstrap is needed if using git +#./bootstrap.sh -j + +# enable required modules +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_pgsql:formats/mod_pgsql:' +sed -i /usr/src/freeswitch/modules.conf -e s:'endpoints/mod_verto:#endpoints/mod_verto:' +#sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:' + +#disable module or install dependency libks to compile signalwire +sed -i /usr/src/freeswitch/modules.conf -e s:'applications/mod_signalwire:#applications/mod_signalwire:' + +# prepare the build +#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs +./configure -C --enable-portable-binary --disable-dependency-tracking \ +--prefix=/usr --localstatedir=/var --sysconfdir=/etc \ +--with-openssl --enable-core-pgsql-support + +# compile and install +make + +rm -rf /usr/share/freeswitch/sounds/music/default + +make install +make sounds-install moh-install +make hd-sounds-install hd-moh-install +make cd-sounds-install cd-moh-install + +#move the music into music/default directory +mkdir -p /usr/share/freeswitch/sounds/music/default +mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/music/default + +#return to the executing directory +cd $CWD diff --git a/Install_Scripts/ubuntu/resources/switch/source-systemd.sh b/Install_Scripts/ubuntu/resources/switch/source-systemd.sh new file mode 100755 index 0000000..e1d9e96 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/source-systemd.sh @@ -0,0 +1,15 @@ +#cp "$(dirname $0)/source/freeswitch.service.source" /lib/systemd/system/freeswitch.service +cp "$(dirname $0)/source/freeswitch.service.source" /etc/systemd/system/freeswitch.service +cp "$(dirname $0)/source/etc.default.freeswitch.source" /etc/default/freeswitch +sed "s@PIDFile=/run/freeswitch/freeswitch.pid@PIDFile=/usr/local/freeswitch/run/freeswitch.pid@g" -i /etc/systemd/system/freeswitch.service + +if [ -e /proc/user_beancounters ] +then + #Disable CPU Scheduler for OpenVZ, not supported on OpenVZ." + sed -i -e "s/CPUSchedulingPolicy=rr/;CPUSchedulingPolicy=rr/g" /lib/systemd/system/freeswitch.service + +fi +systemctl enable freeswitch +systemctl unmask freeswitch.service +systemctl daemon-reload +systemctl start freeswitch diff --git a/Install_Scripts/ubuntu/resources/switch/source-to-package.sh b/Install_Scripts/ubuntu/resources/switch/source-to-package.sh new file mode 100755 index 0000000..332a034 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/source-to-package.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +#make sure the etc fusionpbx directory exists +mkdir -p /etc/fusionpbx + +#remove init.d startup script +mv /etc/init.d/freeswitch /usr/src/init.d.freeswitch +update-rc.d -f freeswitch remove + +#add the the freeswitch package +$(dirname $0)/package-release.sh + +#install freeswitch systemd.d +$(dirname $0)/package-systemd.sh + +#update fail2ban +sed -i /etc/fail2ban/jail.local -e s:'/usr/local/freeswitch/log:/var/log/freeswitch:' +sytemctl restart fail2ban + +#move source files to package directories +rsync -avz /usr/local/freeswitch/conf/* /etc/freeswitch +rsync -avz /usr/local/freeswitch/recordings /var/lib/freeswitch +rsync -avz /usr/local/freeswitch/storage /var/lib/freeswitch +rsync -avz /usr/local/freeswitch/scripts /usr/share/freeswitch diff --git a/Install_Scripts/ubuntu/resources/switch/source/etc.default.freeswitch.package b/Install_Scripts/ubuntu/resources/switch/source/etc.default.freeswitch.package new file mode 100755 index 0000000..456983a --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/source/etc.default.freeswitch.package @@ -0,0 +1,4 @@ +# /etc/default/freeswitch +FS_USER="www-data" +FS_GROUP="www-data" +DAEMON_OPTS="-nonat -ncwait -u www-data -g www-data -run /var/run/freeswitch" diff --git a/Install_Scripts/ubuntu/resources/switch/source/etc.default.freeswitch.source b/Install_Scripts/ubuntu/resources/switch/source/etc.default.freeswitch.source new file mode 100755 index 0000000..92c5380 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/source/etc.default.freeswitch.source @@ -0,0 +1,4 @@ +# /etc/default/freeswitch +FS_USER="www-data" +FS_GROUP="www-data" +DAEMON_OPTS="DAEMON_OPTS="-run /var/run/freeswitch -scripts /var/www/fusionpbx/app/scripts/resources/scripts/" diff --git a/Install_Scripts/ubuntu/resources/switch/source/freeswitch.service.package b/Install_Scripts/ubuntu/resources/switch/source/freeswitch.service.package new file mode 100755 index 0000000..d9e6a31 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/source/freeswitch.service.package @@ -0,0 +1,56 @@ +;;;;; Author: Travis Cross + +[Unit] +Description=freeswitch +After=syslog.target network.target local-fs.target postgresql.service + +[Service] +; service +Type=forking +PIDFile=/run/freeswitch/freeswitch.pid +Environment="DAEMON_OPTS=-nonat" +EnvironmentFile=-/etc/default/freeswitch +ExecStartPre=/bin/mkdir -p /var/run/freeswitch/ +ExecStartPre=/bin/chown -R www-data:www-data /var/run/freeswitch/ +ExecStart=/usr/bin/freeswitch -u www-data -g www-data -ncwait $DAEMON_OPTS +TimeoutSec=45s +Restart=always +; exec +User=root +Group=daemon +LimitCORE=infinity +LimitNOFILE=100000 +LimitNPROC=60000 +LimitSTACK=250000 +LimitRTPRIO=infinity +LimitRTTIME=infinity +IOSchedulingClass=realtime +IOSchedulingPriority=2 +CPUSchedulingPolicy=rr +CPUSchedulingPriority=89 +UMask=0007 + +; alternatives which you can enforce by placing a unit drop-in into +; /etc/systemd/system/freeswitch.service.d/*.conf: +; +; User=freeswitch +; Group=freeswitch +; ExecStart= +; ExecStart=/usr/bin/freeswitch -ncwait -nonat -rp +; +; empty ExecStart is required to flush the list. +; +; if your filesystem supports extended attributes, execute +; setcap 'cap_net_bind_service,cap_sys_nice=+ep' /usr/bin/freeswitch +; this will also allow socket binding on low ports +; +; otherwise, remove the -rp option from ExecStart and +; add these lines to give real-time priority to the process: +; +; PermissionsStartOnly=true +; ExecStartPost=/bin/chrt -f -p 1 $MAINPID +; +; execute "systemctl daemon-reload" after editing the unit files. + +[Install] +WantedBy=multi-user.target diff --git a/Install_Scripts/ubuntu/resources/switch/source/freeswitch.service.source b/Install_Scripts/ubuntu/resources/switch/source/freeswitch.service.source new file mode 100755 index 0000000..fa59f90 --- /dev/null +++ b/Install_Scripts/ubuntu/resources/switch/source/freeswitch.service.source @@ -0,0 +1,57 @@ +;;;;; Author: Travis Cross + +[Unit] +Description=freeswitch +After=syslog.target network.target local-fs.target postgresql.service haveged.service + +[Service] +; service +Type=forking +PIDFile=/run/freeswitch/freeswitch.pid +Environment="DAEMON_OPTS=-nonat" +EnvironmentFile=-/etc/default/freeswitch +ExecStart=/usr/local/freeswitch/bin/freeswitch -u www-data -g www-data -ncwait $DAEMON_OPTS +;ExecStart=/usr/local/freeswitch/bin/freeswitch -u freeswitch -g freeswitch -ncwait $DAEMON_OPTS +TimeoutSec=45s +Restart=always +; exec +User=root +Group=daemon +LimitCORE=infinity +LimitNOFILE=100000 +LimitNPROC=60000 +LimitSTACK=250000 +LimitRTPRIO=infinity +LimitRTTIME=infinity +IOSchedulingClass=realtime +IOSchedulingPriority=2 +CPUSchedulingPolicy=rr +CPUSchedulingPriority=89 +UMask=0007 + + + +; alternatives which you can enforce by placing a unit drop-in into +; /etc/systemd/system/freeswitch.service.d/*.conf: +; +; User=freeswitch +; Group=freeswitch +; ExecStart= +; ExecStart=/usr/bin/freeswitch -ncwait -nonat -rp +; +; empty ExecStart is required to flush the list. +; +; if your filesystem supports extended attributes, execute +; setcap 'cap_net_bind_service,cap_sys_nice=+ep' /usr/bin/freeswitch +; this will also allow socket binding on low ports +; +; otherwise, remove the -rp option from ExecStart and +; add these lines to give real-time priority to the process: +; +; PermissionsStartOnly=true +; ExecStartPost=/bin/chrt -f -p 1 $MAINPID +; +; execute "systemctl daemon-reload" after editing the unit files. + +[Install] +WantedBy=multi-user.target diff --git a/Install_Scripts/ubuntu/resources/upgrade/php.sh b/Install_Scripts/ubuntu/resources/upgrade/php.sh new file mode 100755 index 0000000..ab977ba --- /dev/null +++ b/Install_Scripts/ubuntu/resources/upgrade/php.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +#remove php5 +apt remove -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-gd + +#remove php 7.0 +apt remove -y php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-xml php7.0-gd + +#add a repo for php 7.1 +apt-get -y install apt-transport-https lsb-release ca-certificates +wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg +sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' +apt-get update + +#install php 7.1 +apt-get install -y php7.1 php7.1-cli php7.1-fpm php7.1-pgsql php7.1-sqlite3 php7.1-odbc php7.1-curl php7.1-imap php7.1-xml php7.1-gd + +#update the unix socket name +sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.1-fpm.sock;#g' + +#restart nginx +service nginx restart