#!/bin/bash # install_fusionpbx LICENSE=$( cat << DELIM #------------------------------------------------------------------------------ # # "THE WAF LICENSE" (version 1) # This is the Wife Acceptance Factor (WAF) License. # jamesdotfsatstubbornrosesd0tcom wrote this file. As long as you retain this # notice you can do whatever you want with it. If you appreciate the work, # please consider purchasing something from my wife's wishlist. That pays # bigger dividends to this coder than anything else I can think of ;). It also # keeps her happy while she's being ignored; so I can work on this stuff. # James Rose # # latest wishlist: http://www.stubbornroses.com/waf.html # # Credit: Based off of the BEER-WARE LICENSE (REVISION 42) by Poul-Henning Kamp # # Contributor(s): # Gill Abada # Mark J Crane # Andrew Stanaitis #------------------------------------------------------------------------------ DELIM ) #--------- #VARIABLES #--------- #Variables are for the auto installation option. #for apache set to a, for nginx/php-fpm set to n -> for an auto install, user mode will prompt APACHENGINX=n # for mysql set m. for sqlite set s. for postgresql set p SQLITEMYSQL=p # for postgresql v 9.0 (from ppa) set to 9 # must set SQLITEMYSQL to p POSTGRES9=9 # to start FreeSWITCH with -nonat option set SETNONAT to y SETNONAT=y # rm -Rf /opt? A default install doesn't have /opt so no worries # if you do, set to no, and it will link /usr/local/freeswitch to /opt/freeswitch #REMOVED OPTION #RMOPT=y # use freedtm/dahdi? y/n DO_DAHDI=n # default distro #DISTRO=precise #DISTRO=squeeze #DISTRO=precise #DISTRO=lucid #DISTRO=wheezy DISTRO=jessie #below is a list of modules we want to add to provide functionality for FusionPBX #don't worry about the applications/mod_ format. This script will find that in modules.conf #PAY ATTENTION TO THE SPACES POST AND PRE PARENTHESIS # mod_shout removed if [ $DO_DAHDI == "y" ]; then modules_add=( mod_curl ../../libs/freetdm/mod_freetdm mod_spandsp mod_dingaling mod_portaudio mod_callcenter mod_lcr mod_cidlookup mod_flite mod_memcache mod_codec2 mod_pocketsphinx mod_xml_cdr mod_say_es mod_say_en ) else modules_add=( mod_curl mod_spandsp mod_dingaling mod_callcenter mod_lcr mod_cidlookup mod_memcache mod_codec2 mod_pocketsphinx mod_xml_cdr mod_say_es mod_say_en ) fi #------- #DEFINES #------- VERSION="Version - using subversion, no longer keeping track. WAF License" FSGIT=https://freeswitch.org/stash/scm/fs/freeswitch.git FSSTABLE=file FSStablefile=freeswitch-1.4.26 FSDB=p #right now, make -j not working. see: jira FS-3005 CORES=$(/bin/grep processor -c /proc/cpuinfo) #CORES=1 FQDN=$(hostname -f) #SRCPATH="/usr/src/freeswitch" #DEFAULT SRCPATH="/usr/src/freeswitch" #EN_PATH="/usr/local/freeswitch/conf/autoload_configs" #DEFAULT EN_PATH="/usr/local/freeswitch/conf/autoload_configs" WWW_PATH="/var/www" #used for Apache #WWW_PATH="/var/www/html" GUI_NAME=fusionpbx INST_FPBX=git #INST_FPBX=svn #INST_FPBX=tgz #full path required #TGZ_FILE="/home/coltpbx/fusionpbx-1.2.1.tar.gz" FUSIONPBX_GIT_SERVER=https://github.com FUSIONPBX_GIT_CONTRIBUTER=fusionpbx FUSIONPBX_GIT_PROJECT=fusionpbx FUSIONPBX_GIT_ASKBRANCH=0 FSREV=false #IF FSCHECKOUTVER is true, FSSTABLE needs to be false FSCHECKOUTVER=false FPBXREV="1876" FBPXCHECKOUTVER=false #dev #URLSCRIPT="http://fusionpbx.googlecode.com/svn/branches/dev/scripts/install/ubuntu/install_fusionpbx.sh" #trunk #URLSCRIPT="https://fusionpbx.googlecode.com/svn/trunk/scripts/install/ubuntu/install_fusionpbx.sh" URLSCRIPT="https://raw.githubusercontent.com/fusionpbx/fusionpbx-scripts/master/install/ubuntu/install_fusionpbx.sh" INSFUSION=0 INSFREESWITCH=0 UPGFUSION=0 UPGFREESWITCH=0 #--------- # NOTES #--------- # This Script installs or upgrades FreeSWITCH and FusionPBX on a fresh install of # Ubuntu 10.04 LTS [lucid]. It tries to edit all appropriate files, and # set the permissions correctly. #When you install ubuntu, you should select the "Manual package selection" option. #This way we can keep the install to the bare minimum. This script will install #everything you need (and nothing) - hopefully, you don't. Just quit tasksel #--------- #FUNCTIONS #--------- function nativepgsql { /bin/echo /bin/echo "By default, FreeSWITCH is using sqlite, until we tell it not to." /bin/echo "FreeSWITCH can be configured to use postgresql natively, but it is" /bin/echo "not always advantageous to do so." read -p " Use Postgres (p) or Sqlite (s) [p/S]? " FSDB case $FSDB in [pP]) #tell FS about the postgresql database... echo " Please type in the password for the freeswitch database you configured below." read -p "Password: " FSDBPASS FPATH="/var/www/fusionpbx/resources/templates/conf" /bin/echo "setting switch.conf.xml" sed -i $FPATH/autoload_configs/switch.conf.xml -e s,\<\/settings\>,,g -e s,\<\/configuration\>,,g cat >> $FPATH/autoload_configs/switch.conf.xml < EOF /bin/echo "setting callcenter.conf.xml" sed -i $FPATH/autoload_configs/callcenter.conf.xml -e s,\<\/settings\>,,g -e s,\<\/configuration\>,,g cat >> $FPATH/autoload_configs/callcenter.conf.xml < EOF /bin/echo "setting fifo.conf.xml" sed -i $FPATH/autoload_configs/fifo.conf.xml -e s,\<\/settings\>,,g -e s,\<\/configuration\>,,g cat >> $FPATH/autoload_configs/fifo.conf.xml < EOF /bin/echo "setting internal.conf.xml" sed -i $FPATH/sip_profiles/internal.xml -e s,\<\/settings\>,,g -e s,\<\/configuration\>,,g cat >> $FPATH/sip_profiles/internal.xml < EOF /bin/echo "setting external.conf.xml" sed -i $FPATH/sip_profiles/external.xml -e s,\<\/settings\>,,g -e s,\<\/configuration\>,,g cat >> $FPATH/sip_profiles/external.xml < EOF /bin/echo "setting db.conf.xml" sed -i $FPATH/autoload_configs/db.conf.xml -e s,\<\/settings\>,,g -e s,\<\/configuration\>,,g cat >> $FPATH/autoload_configs/db.conf.xml < EOF ;; *) /bin/echo "Ok, using sqlite, nothing more to do here." ;; esac } function nginxconfig { apt-get install -y ssl-cert ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt ln -s /etc/ssl/certs/nginx.crt $WWW_PATH/$GUI_NAME/$HOSTNAME.crt #don't forget to escape 'DELIM'. otherwise the $fastcgi part #gets escaped. #manually escaping now. needs variables.... /bin/cat > /etc/nginx/sites-available/$GUI_NAME < /etc/fail2ban/filter.d/$GUI_NAME.conf <<'DELIM' # Fail2Ban configuration file # # Author: soapee01 # [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # #failregex = [hostname] FusionPBX: \[\] authentication failed #[hostname] variable doesn't seem to work in every case. Do this instead: failregex = .* FusionPBX: \[\] authentication failed for = .* FusionPBX: \[\] provision attempt bad password for # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = DELIM /bin/grep -i $GUI_NAME /etc/fail2ban/jail.local > /dev/null if [ $? -eq 0 ]; then /bin/echo "FusionPBX Jail already set" else /bin/cat >> /etc/fail2ban/jail.local < /dev/null if [ $? -eq 0 ]; then #module is present in file. see if we need to enable it grep '#'${modules_compile[$index]} $SRCPATH/modules.conf > /dev/null if [ $? -eq 0 ]; then /bin/sed -i -e s,'#'${modules_compile[$index]},${modules_compile[$index]}, $SRCPATH/modules.conf /bin/echo " [ENABLED] ${modules_compile[$index]}" else /bin/echo " ${modules_compile[$index]} ALREADY ENABLED!" fi else #module is not present. Add to end of file #/bin/echo "did not find ${modules_compile[$index]}" /bin/echo ${modules_compile[$index]} >> $SRCPATH/modules.conf /bin/echo " [ADDED] ${modules_compile[$index]}" fi let "index = $index + 1" done #-------------- #end new way v2 #-------------- } function enable_modules { #------------ # new way v2 #------------ #ENABLE MODULES for FreeSWITCH # echo echo echo "Now enabling modules for FreeSWITCH in $EN_PATH/modules.conf.xml" index=0 module_count=`echo ${#modules_add[@]}` #get rid of any funky whitespace /bin/sed -i -e s,'','>-->', $EN_PATH/modules.conf.xml while [ "$index" -lt "$module_count" ] do #more strangness to take care of, example: #Now enabling modules for FreeSWITCH in /usr/local/freeswitch/conf/autoload_configs/modules.conf.xml #[ADDED] ../../libs/freetdm/mod_freetdm modules_add[$index]=`/bin/echo ${modules_add[$index]} | /bin/sed -e 's/.*mod_/mod_/'` grep ${modules_add[$index]} $EN_PATH/modules.conf.xml > /dev/null if [ $? -eq 0 ]; then #module is present in file, see if we need to enable it. grep '' $EN_PATH/modules.conf.xml > /dev/null if [ $? -eq 0 ]; then #/bin/echo "found ${modules_compile[$index]}" /bin/sed -i -e s,'','', \ $EN_PATH/modules.conf.xml /bin/echo " [ENABLED] ${modules_add[$index]}" else /bin/echo " ${modules_add[$index]} ALREADY ENABLED!" fi else #not in file. we need to add, and will do so below tag at top of file /bin/sed -i -e s,'','&\n ', $EN_PATH/modules.conf.xml /bin/echo " [ADDED] ${modules_add[$index]}" fi let "index = $index + 1" done #-------------- #end new way v2 #-------------- } function freeswitch_logfiles { /bin/echo /bin/echo "logrotate not happy with FS: see http://wiki.fusionpbx.com/index.php?title=RotateFSLogs doing differently now..." /bin/echo " SEE: /etc/cron.daily/freeswitch_log_rotation" /bin/cat > /etc/cron.daily/freeswitch_log_rotation <<'DELIM' #!/bin/bash # logrotate replacement script # put in /etc/cron.daily # don't forget to make it executable # you might consider changing /usr/local/freeswitch/conf/autoload_configs/logfile.conf.xml # #number of days of logs to keep NUMBERDAYS=30 FSPATH="/usr/local/freeswitch" $FSPATH/bin/fs_cli -x "fsctl send_sighup" |grep '+OK' >/tmp/rotateFSlogs if [ $? -eq 0 ]; then #-cmin 2 could bite us (leave some files uncompressed, eg 11M auto-rotate). Maybe -1440 is better? find $FSPATH/log/ -name "freeswitch.log.*" -cmin -2 -exec gzip {} \; find $FSPATH/log/ -name "freeswitch.log.*.gz" -mtime +$NUMBERDAYS -exec /bin/rm {} \; chown www-data.www-data $FSPATH/log/freeswitch.log chmod 660 $FSPATH/log/freeswitch.log logger FreeSWITCH Logs rotated /bin/rm /tmp/rotateFSlogs else logger FreeSWITCH Log Rotation Script FAILED mail -s '$HOST FS Log Rotate Error' root < /tmp/rotateFSlogs /bin/rm /tmp/rotateFSlogs fi DELIM /bin/chmod 755 /etc/cron.daily/freeswitch_log_rotation /bin/echo "Now dropping 10MB limit from FreeSWITCH" /bin/echo " This is so the rotation/compression part of the cron script" /bin/echo " will work properly." /bin/echo " SEE: /usr/local/freeswitch/conf/autoload_configs/logfile.conf.xml" # /bin/sed /usr/local/freeswitch/conf/autoload_configs/logfile.conf.xml -i -e s,\,\<\!\-\-\\ INSTALL_SCRIPT\-\-\>,g } case $1 in fix-https) nginxconfig ;; fix-permissions) /etc/init.d/freeswitch stop www_permissions /etc/init.d/freeswitch start ;; install-freeswitch) INSFUSION=0 INSFREESWITCH=1 UPGFUSION=0 UPGFREESWITCH=0 ;; install-fusionpbx) INSFUSION=1 INSFREESWITCH=0 UPGFUSION=0 UPGFREESWITCH=0 ;; install-both) INSFUSION=1 INSFREESWITCH=1 UPGFUSION=0 UPGFREESWITCH=0 ;; upgrade-fusionpbx) INSFUSION=0 INSFREESWITCH=0 UPGFUSION=1 UPGFREESWITCH=0 ;; upgrade-freeswitch) INSFUSION=0 INSFREESWITCH=0 UPGFUSION=0 UPGFREESWITCH=1 ;; upgrade-both) INSFUSION=0 INSFREESWITCH=0 UPGFUSION=1 UPGFREESWITCH=1 ;; version) /bin/echo " "$VERSION /bin/echo /bin/echo "$LICENSE" exit 0 ;; -v) /bin/echo " "$VERSION /bin/echo /bin/echo "$LICENSE" exit 0 ;; --version) /bin/echo " "$VERSION /bin/echo /bin/echo "$LICENSE" exit 0 ;; *) /bin/echo /bin/echo "This script should be called as:" /bin/echo " install_fusionpbx option1 option2" /bin/echo /bin/echo " option1:" /bin/echo " install-freeswitch" /bin/echo " install-fusionpbx" /bin/echo " install-both" /bin/echo " upgrade-freeswitch" /bin/echo " upgrade-fusionpbx" /bin/echo " fix-https" /bin/echo " fix-permissions" /bin/echo " version|--version|-v" /bin/echo /bin/echo " option2:" /bin/echo " user: option waits in certain places for the user to check for errors" /bin/echo " it is interactive and prompts you about what to install" /bin/echo " auto: tries an automatic install. Get a cup of coffee, this will" /bin/echo " take a while. FOR THE BRAVE!" /bin/echo /bin/echo " EXAMPLE" /bin/echo " install_fusionpbx install-both user" /bin/echo exit 0 ;; esac case $2 in user) DEBUG=1 ;; auto) DEBUG=0 ;; *) /bin/echo /bin/echo "This script should be called as:" /bin/echo " install_fusionpbx option1 option2" /bin/echo /bin/echo " option1:" /bin/echo " install-freeswitch" /bin/echo " install-fusionpbx" /bin/echo " install-both" /bin/echo " upgrade-freeswitch" /bin/echo " upgrade-fusionpbx" /bin/echo " fix-https" /bin/echo " fix-permissions" /bin/echo " version|--version|-v" /bin/echo /bin/echo " option2:" /bin/echo " user: option waits in certain places for the user to check for errors" /bin/echo " it is interactive and prompts you about what to install" /bin/echo " auto: tries an automatic install. Get a cup of coffee, this will" /bin/echo " take a while. FOR THE BRAVE!" /bin/echo /bin/echo " EXAMPLE" /bin/echo " install_fusionpbx install-both user" /bin/echo exit 0 ;; esac #--------------------- # ENVIRONMENT CHECKS #--------------------- #check for root if [ $EUID -ne 0 ]; then /bin/echo "This script must be run as root" 1>&2 exit 1 fi echo "Good, you are root." if [ ! -s /usr/bin/lsb_release ]; then /bin/echo "Tell your upstream distro to include lsb_release" /bin/echo apt-get upgrade && apt-get -y install lsb-release fi #check for internet connection /usr/bin/wget -q --tries=10 --timeout=5 http://www.google.com -O /tmp/index.google &> /dev/null if [ ! -s /tmp/index.google ]; then echo "No Internet connection. Exiting." /bin/rm /tmp/index.google #exit 1 else echo "Internet connection is working, continuing!" /bin/rm /tmp/index.google fi ##/bin/grep -i lucid /etc/lsb-release > /dev/null #lsb_release -c |grep -i lucid > /dev/null DISTRO_DETECT=$(lsb_release -c |sed -e s/Codename://g |sed -r 's/\s+//g') case $DISTRO_DETECT in lucid) #if [ $? -eq 0 ]; then DISTRO=lucid /bin/echo "Good, you're running Ubuntu 10.04 LTS codename Lucid" /bin/echo ;; #else # lsb_release -c |grep -i squeeze > /dev/null # if [ $? -eq 0 ]; then squeeze) DISTRO=squeeze /bin/echo "OK you're running Debian Squeeze. This script is known to work" /bin/echo " with apache/nginx and mysql|sqlite|postgres8 options" /bin/echo " Please consider providing feedback on repositories for nginx" /bin/echo " and php-fpm." /bin/echo CONTINUE=YES # fi ;; # lsb_release -c |grep -i wheezy > /dev/null # if [ $? -eq 0 ]; then wheezy) DISTRO=wheezy /bin/echo "OK you're running Debian Wheezy. This script is known to work" /bin/echo " with apache/nginx and sqlite|postgres9.4 options" /bin/echo " Please consider providing feedback on whether or not this works." /bin/echo CONTINUE=YES # fi ;; # lsb_release -c |grep -i precise > /dev/null # if [ $? -eq 0 ]; then precise) DISTRO=precise /bin/echo "OK you're running Ubuntu 12.04 LTS [precise]. This script is" /bin/echo " works fine." /bin/echo CONTINUE=YES ;; jessie) DISTRO=jessie /bin/echo "OK you're running Debian Jessie. This script is known to work" /bin/echo " with apache/nginx and sqlite|postgres9.4 options" /bin/echo " Please consider providing feedback on whether or not this works." /bin/echo CONTINUE=YES ;; # else *) /bin/echo "This script was written for Ubuntu 10.04 LTS codename Lucid, 12.04 LTS and Debian Squeeze" /bin/echo /bin/echo "Your OS appears to be:" lsb_release -a read -p "Do you want to continue [y|n]? " CONTINUE case "$CONTINUE" in [yY]*) /bin/echo "Ok, this doesn't always work..," /bin/echo " but we'll give it a go." #set the default to try to install like precise instead of lucid. PPA's aren't required for wheezy or precise going forward... DISTRO=precise ;; *) /bin/echo "Quitting." exit 1 ;; esac ;; # fi #fi esac #Check for new version WHEREAMI=$(echo "`pwd`/`basename $0`") wget $URLSCRIPT -O /tmp/install_fusionpbx.latest CURMD5=$(md5sum "$WHEREAMI" | sed -e "s/\ .*//") echo "The md5sum of the current script is: $CURMD5" NEWMD5=$(md5sum /tmp/install_fusionpbx.latest | sed -e "s/\ .*//") echo "The md5sum of the latest script is: $NEWMD5" if [[ "$CURMD5" == "$NEWMD5" ]]; then echo "files are the same, continuing" else echo "There is a new version of this script." echo " It is PROBABLY a good idea use the new version" echo " the new file is saved in /tmp/install_fusionpbx.latest" echo " to see the difference, run:" echo " diff -y /tmp/install_fusionpbx.latest $WHEREAMI" read -p "Continue with the current script [y/N]? " YESNO case $YESNO in [Yy]*) echo "OK, Continuing" echo " Deleting newest script in /tmp" rm /tmp/install_fusionpbx.latest ;; *) ;; esac fi #---------------------- #END ENVIRONMENT CHECKS #---------------------- #--------------------------------------- # INSTALL FREESWITCH #--------------------------------------- if [ $INSFREESWITCH -eq 1 ]; then /bin/echo "Upgrading the system, and adding the necessary dependencies for a FreeSWITCH compile" if [ $DEBUG -eq 1 ]; then /bin/echo read -p "Press Enter to continue..." fi /usr/bin/apt-get update /usr/bin/apt-get -y upgrade if [ $DISTRO == "precise" ]; then /usr/bin/apt-get -y install ssh vim git-core libjpeg-dev subversion build-essential \ autoconf automake devscripts gawk g++ git-core libtool make libncurses5-dev \ python-dev pkg-config libtiff4-dev php5-curl php5-imap php5-mcrypt lame \ libperl-dev libgdbm-dev gettext libssl-dev \ libcurl4-openssl-dev libpcre3-dev libspeex-dev libspeexdsp-dev \ libsqlite3-dev libedit-dev libgdbm-dev libmemcached-dev \ screen htop pkg-config bzip2 curl ntp memcached libldns-dev \ time bison unixodbc libmyodbc unixodbc-dev libtiff-tools elif [ $DISTRO == "wheezy" ]; then /usr/bin/apt-get -y install ssh vim git-core libjpeg-dev subversion build-essential \ autoconf automake devscripts gawk g++ git-core libtool make libncurses5-dev \ python-dev pkg-config libtiff5-dev libldns-dev \ libperl-dev libgdbm-dev libdb-dev gettext libcurl4-openssl-dev \ libpcre3-dev libspeex-dev libspeexdsp-dev libsqlite3-dev libedit-dev libpq-dev \ screen htop pkg-config bzip2 curl memcached ntp php5-curl php5-imap php5-mcrypt lame \ time bison libssl-dev unixodbc libmyodbc unixodbc-dev libtiff-tools libmemcached-dev elif [ $DISTRO == "jessie" ]; then /usr/bin/apt-get -y install ssh vim git-core libjpeg-dev subversion build-essential \ autoconf automake devscripts gawk g++ git-core libtool make libncurses5-dev \ python-dev pkg-config libtiff5-dev libldns-dev \ libperl-dev libgdbm-dev libdb-dev gettext libcurl4-openssl-dev \ libpcre3-dev libspeex-dev libspeexdsp-dev libsqlite3-dev libedit-dev libpq-dev \ screen htop pkg-config bzip2 curl memcached ntp php5-curl php5-imap php5-mcrypt lame \ time bison libssl-dev unixodbc libmyodbc unixodbc-dev libtiff-tools libmemcached-dev libtool-bin else /usr/bin/apt-get -y install ssh vim git-core libjpeg-dev subversion build-essential \ python-dev pkg-config libtiff5-dev libldns-dev \ libperl-dev libgdbm-dev libdb-dev gettext libcurl4-openssl-dev \ libpcre3-dev libspeex-dev libspeexdsp-dev libsqlite3-dev libedit-dev \ autoconf automake devscripts gawk g++ git-core libtool make libncurses5-dev libjpeg62-dev \ screen htop pkg-config bzip2 curl memcached ntp php5-curl php5-imap php5-mcrypt lame \ time bison libssl-dev unixodbc libmyodbc unixodbc-dev libtiff-tools libmemcached-dev fi #added libgnutls-dev libgnutls26 for dingaling... #gnutls no longer required for dingaling (git around oct 17 per mailing list..) # removed libgnutls-dev libgnutls26 if [ $DO_DAHDI == "y" ]; then #add stuff for free_tdm/dahdi apt-get -y install linux-headers-`uname -r` #add the headers so dahdi can build the modules... apt-get -y install dahdi fi LDRUN=0 /bin/echo -ne "Waiting on ldconfig to finish so bootstrap will work" while [ $LDRUN -eq 0 ] do echo -ne "." sleep 1 /usr/bin/pgrep -f ldconfig > /dev/null LDRUN=$? done /bin/echo /bin/echo /bin/echo "ldconfig is finished" /bin/echo if [ ! -e /tmp/install_fusion_status ]; then touch /tmp/install_fusion_status fi if [ $DEBUG -eq 1 ]; then /bin/echo read -p "Press Enter to continue check for errors" fi #----------------- # Databases #----------------- #Lets ask... sqlite or postgresql -- for user option only if [ $DEBUG -eq 1 ]; then /bin/echo "New Option..." /bin/echo " FreeSWITCH now has native support for PostgreSQL (no more odbc in the core)" /bin/echo " also note that freeswitch is now compiled with zrtp support" /bin/echo read -p " Would you like to install PostgreSQL or stay with Sqlite (p/S)? " SQLITEMYSQL case "$SQLITEMYSQL" in [pP]*) if [ $DISTRO = "wheezy" ]; then echo "wheezy is PostgreSQL 9.4 by default" POSTGRES9=9 elif [ $DISTRO = "jessie" ]; then echo "jessie is PostgreSQL 9.4 by default" POSTGRES9=9 else /bin/echo /bin/echo "OK, PostgreSQL! Would you prefer the stock verion 8.4" /bin/echo " or verion 9 from PPA?" /bin/echo read -p "PostgreSQL 8.4 or 9 [8/9]? " POSTGRES9 fi echo ;; esac fi case "$SQLITEMYSQL" in [Pp]*) /bin/echo -ne "Installing PostgeSQL" /bin/echo "DISTRO IS $DISTRO space" if [ $POSTGRES9 == "9" ]; then /bin/echo " version 9.x" if [ $DISTRO = "squeeze" ]; then #add squeeze repo /bin/echo "Adding debian backports for postgres9.1" /bin/echo "deb http://backports.debian.org/debian-backports squeeze-backports main" > /etc/apt/sources.list.d/squeeze-backports.list /usr/bin/apt-get update /usr/bin/apt-get -y -t squeeze-backports install postgresql-9.1 libpq-dev elif [ $DISTRO = "precise" ]; then POSTGRES9=9 #update repository for postgres 9.4 ... /bin/echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" > /etc/apt/sources.list.d/pgdg.list wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | sudo apt-key add - /usr/bin/apt-get update /usr/bin/apt-get -y install postgresql-9.4 libpq-dev elif [ $DISTRO = "wheezy" ]; then POSTGRES9=9 #update repository for postgres 9.4 ... /bin/echo "deb http://apt.postgresql.org/pub/repos/apt/ wheezy-pgdg main" > /etc/apt/sources.list.d/pgdg.list wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add - /usr/bin/apt-get update /usr/bin/apt-get -y install postgresql-9.4 libpq-dev php5-pgsql elif [ $DISTRO = "jessie" ]; then POSTGRES9=9 /usr/bin/apt-get update /usr/bin/apt-get -y install postgresql-9.4 libpq-dev php5-pgsql service postgresql status |grep down if [ $? -eq 0 ]; then echo "The postgresql service is not running" echo "It may have not detected the locale correctly" echo "In another screen you should create a new cluster" echo " example:" echo " pg_createcluster --locale en_US.UTF-8 --start 9.3 main" echo " then see if it is running with 'service postgresql status'" read -p " this script will pause until this issue is resolved" fi else #add the ppa /usr/bin/apt-add-repository ppa:pitti/postgresql /usr/bin/apt-get update /usr/bin/apt-get -y install postgresql-9.3 libpq-dev fi else /bin/echo " version 8.4" /usr/bin/apt-get -y install postgresql libpq-dev #The following NEW packages will be installed: # libpq5 php5-pgsql postgresql postgresql-8.4 postgresql-client-8.4 # postgresql-client-common postgresql-common fi #Fix pg_hba.conf cat > `find / -name pg_hba.conf` < /dev/null if [ $? -eq 0 ]; then /bin/echo "Git Already Done. Skipping" else cd /usr/src if [ "$FSSTABLE" == true ]; then echo "installing $FSStableVer of FreeSWITCH" /usr/bin/time /usr/bin/git clone $FSGIT cd /usr/src/freeswitch /usr/bin/git checkout $FSStableVer if [ $? -ne 0 ]; then #git had an error /bin/echo "GIT ERROR" exit 1 fi elif [ "$FSSTABLE" == file ]; then echo "installing $FSStablefile of FreeSWITCH" wget http://files.freeswitch.org/freeswitch-releases/$FSStablefile.tar.gz tar -zxvf $FSStablefile.tar.gz mkdir freeswitch cp -R $FSStablefile/* /usr/src/freeswitch/ cd /usr/src/freeswitch else echo "going dev branch." /usr/bin/time /usr/bin/git clone $FSGIT if [ $? -ne 0 ]; then #git had an error /bin/echo "GIT ERROR" exit 1 fi if [ $FSCHECKOUTVER == true ]; then echo "OK we'll check out FreeSWITCH version $FSREV" cd /usr/src/freeswitch /usr/bin/git checkout $FSREV if [ $? -ne 0 ]; then #git checkout had an error /bin/echo "GIT CHECKOUT ERROR" exit 1 fi fi /bin/echo "git_done" >> /tmp/install_fusion_status fi fi if [ -e /usr/src/FreeSWITCH ]; then /bin/ln -s /usr/src/FreeSWITCH /usr/src/freeswitch elif [ -e /usr/src/freeswitch.git ]; then /bin/ln -s /usr/src/freeswitch.git /usr/src/freeswitch fi if [ $DEBUG -eq 1 ]; then /bin/echo read -p "Press Enter to continue (check for errors)" fi #------------------------ # BOOTSTRAP FREESWITCH #------------------------ /bin/grep 'bootstrap_done' /tmp/install_fusion_status > /dev/null if [ $? -eq 0 ]; then /bin/echo "Bootstrap already done. skipping" elif [ "$FSSTABLE" == file ]; then echo "bootstrap not required" else #might see about -j option to bootstrap.sh /etc/init.d/ssh start cd /usr/src/freeswitch /bin/echo /bin/echo "FreeSWITCH Downloaded" /bin/echo /bin/echo "Bootstrapping." /bin/echo #next line failed (couldn't find file) not sure why. #it did run fine a second time. Go figure (really). #ldconfig culprit? if [ $CORES -gt 1 ]; then /bin/echo " multicore processor detected. Starting Bootstrap with -j" if [ $DEBUG -eq 1 ]; then /bin/echo read -p "Press Enter to continue (check for errors)" fi /usr/bin/time /usr/src/freeswitch/bootstrap.sh -j else /bin/echo " singlecore processor detected. Starting Bootstrap sans -j" if [ $DEBUG -eq 1 ]; then /bin/echo read -p "Press Enter to continue (check for errors)" fi /usr/bin/time /usr/src/freeswitch/bootstrap.sh fi if [ $? -ne 0 ]; then #bootstrap had an error /bin/echo "BOOTSTRAP ERROR" exit 1 else /bin/echo "bootstrap_done" >> /tmp/install_fusion_status fi fi if [ $DEBUG -eq 1 ]; then /bin/echo read -p "Press Enter to continue (check for errors)" fi #------------------------ # build modules.conf #------------------------ /bin/grep 'build_modules' /tmp/install_fusion_status > /dev/null if [ $? -eq 0 ]; then /bin/echo "Modules.conf Already edited" else #file exists and has been edited build_modules #check exit status if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: Failed to enable build modules in modules.conf." exit 1 else /bin/echo "build_modules" >> /tmp/install_fusion_status fi fi if [ $DEBUG -eq 1 ]; then /bin/echo read -p "Press Enter to continue (check for errors)" fi #------------------------ # CONFIGURE FREESWITCH #------------------------ /bin/grep 'config_done' /tmp/install_fusion_status > /dev/null if [ $? -eq 0 ]; then /bin/echo "FreeSWITCH already Configured! Skipping." else /bin/echo /bin/echo -ne "Configuring FreeSWITCH. This will take a while [~15 minutes]" /bin/sleep 1 /bin/echo -ne " ." /bin/sleep 1 /bin/echo -ne " ." /bin/sleep 1 /bin/echo -ne " ." case "$FSDB" in [Pp]*) #/usr/bin/time /usr/src/freeswitch/configure --enable-core-pgsql-support --enable-zrtp #zrtp busted atm. /usr/bin/time /usr/src/freeswitch/configure --enable-core-pgsql-support ;; *) #/usr/bin/time /usr/src/freeswitch/configure --enable-zrtp #zrtp busted atm /usr/bin/time /usr/src/freeswitch/configure ;; esac if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: FreeSWITCH Configure ERROR." exit 1 else /bin/echo "config_done" >> /tmp/install_fusion_status fi fi if [ $DEBUG -eq 1 ]; then /bin/echo read -p "Press Enter to continue (check for errors)" fi if [ -a /etc/init.d/freeswitch ]; then /bin/echo " In case of an install where FS exists (iso), stop FS" /etc/init.d/freeswitch stop fi #------------------------ # COMPILE FREESWITCH #------------------------ /bin/grep 'compile_done' /tmp/install_fusion_status > /dev/null if [ $? -eq 0 ]; then /bin/echo "FreeSWITCH already Compiled! Skipping." else #might see about -j cores option to make... /bin/echo /bin/echo -ne "Compiling FreeSWITCH. This might take a while [~30 minutes]" /bin/sleep 1 /bin/echo -ne "." /bin/sleep 1 /bin/echo -ne "." /bin/sleep 1 /bin/echo -ne "." #making sure pwd is correct cd /usr/src/freeswitch if [ $CORES -gt 1 ]; then /bin/echo " multicore processor detected. Compiling with -j $CORES" #per anthm compile the freeswitch core first, then the modules. /usr/bin/time /usr/bin/make -j $CORES core /usr/bin/time /usr/bin/make -j $CORES else /bin/echo " singlecore processor detected. Starting compile sans -j" /usr/bin/time /usr/bin/make fi if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: FreeSWITCH Build Failure." exit 1 else /bin/echo "compile_done" >> /tmp/install_fusion_status fi fi if [ $DEBUG -eq 1 ]; then /bin/echo read -p "Press Enter to continue (check for errors)" fi #------------------------ # INSTALL FREESWITCH #------------------------ /bin/grep 'install_done' /tmp/install_fusion_status > /dev/null if [ $? -eq 0 ]; then /bin/echo "FreeSWITCH already Installed! Skipping." else #dingaling/ubuntu has an issue. let's edit the file... #"--mode=relink gcc" --> "--mode=relink gcc -lgnutls" #tls no longer required for dingaling, so this weird issue doesn't happen. now uses openssl. # /bin/grep 'lgnutls' /usr/src/freeswitch/src/mod/endpoints/mod_dingaling/mod_dingaling.la > /dev/null # if [ $? -eq 0 ]; then # /bin/echo "dingaling fix already applied." # else # /bin/sed -i -e s,'--mode=relink gcc','--mode=relink gcc -lgnutls', /usr/src/freeswitch/src/mod/endpoints/mod_dingaling/mod_dingaling.la # fi cd /usr/src/freeswitch if [ $CORES -gt 1 ]; then /bin/echo " multicore processor detected. Installing with -j $CORES" /usr/bin/time /usr/bin/make -j $CORES install else /bin/echo " singlecore processor detected. Starting install sans -j" /usr/bin/time /usr/bin/make install fi #/usr/bin/time /usr/bin/make install if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: FreeSWITCH INSTALL Failure." exit 1 else /bin/echo "install_done" >> /tmp/install_fusion_status fi fi #------------------------ # FREESWITCH HD SOUNDS #------------------------ /bin/grep 'sounds_done' /tmp/install_fusion_status > /dev/null if [ $? -eq 0 ]; then /bin/echo "FreeSWITCH HD SOUNDS DONE! Skipping." else /bin/echo /bin/echo -ne "Installing FreeSWITCH HD sounds (16/8khz). This will take a while [~10 minutes]" /bin/sleep 1 /bin/echo -ne "." /bin/sleep 1 /bin/echo -ne "." /bin/sleep 1 /bin/echo "." cd /usr/src/freeswitch if [ $CORES -gt 1 ]; then /bin/echo " multicore processor detected. Installing with -j $CORES" /usr/bin/time /usr/bin/make -j $CORES hd-sounds-install else /bin/echo " singlecore processor detected. Starting install sans -j" /usr/bin/time /usr/bin/make hd-sounds-install fi #/usr/bin/time /usr/bin/make hd-sounds-install if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: FreeSWITCH make cdsounds-install ERROR." exit 1 else /bin/echo "sounds_done" >> /tmp/install_fusion_status fi fi if [ $DEBUG -eq 1 ]; then /bin/echo read -p "Press Enter to continue (check for errors)" fi #------------------------ # FREESWITCH MOH #------------------------ /bin/grep 'moh_done' /tmp/install_fusion_status > /dev/null if [ $? -eq 0 ]; then /bin/echo "FreeSWITCH MOH DONE! Skipping." else /bin/echo /bin/echo -ne "Installing FreeSWITCH HD Music On Hold sounds (16/8kHz). This will take a while [~10 minutes]" /bin/sleep 1 /bin/echo -ne "." /bin/sleep 1 /bin/echo -ne "." /bin/sleep 1 /bin/echo "." cd /usr/src/freeswitch if [ $CORES -gt 1 ]; then /bin/echo " multicore processor detected. Installing with -j $CORES" /usr/bin/time /usr/bin/make -j $CORES hd-moh-install else /bin/echo " singlecore processor detected. Starting install sans -j" /usr/bin/time /usr/bin/make hd-moh-install fi #/usr/bin/make hd-moh-install if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: FreeSWITCH make cd-moh-install ERROR." exit 1 else /bin/echo "moh_done" >> /tmp/install_fusion_status fi fi if [ $DEBUG -eq 1 ]; then /bin/echo read -p "Press Enter to continue (check for errors)" fi #------------------------ # FREESWITCH INIT #------------------------ #no need for tmp file. already handled... /bin/echo /bin/echo "Configuring /etc/init.d/freeswitch" /bin/grep local /etc/init.d/freeswitch > /dev/null if [ $? -eq 0 ]; then #file exists and has been edited /bin/echo "/etc/init.d/freeswitch already edited, skipping" elif [ -e /usr/src/freeswitch/debian/freeswitch.init ]; then /bin/sed /usr/src/freeswitch/debian/freeswitch.init -e s,opt,usr/local, >/etc/init.d/freeswitch else /bin/sed /usr/src/freeswitch/debian/freeswitch-sysvinit.freeswitch.init -e s,opt,usr/local, >/etc/init.d/freeswitch #DAEMON /bin/sed -i /etc/init.d/freeswitch -e s,^DAEMON=.*,DAEMON=/usr/local/freeswitch/bin/freeswitch, #DAEMON_ARGS /bin/sed -i /etc/init.d/freeswitch -e s,'^DAEMON_ARGS=.*','DAEMON_ARGS="-u www-data -g www-data -rp -nc -nonat"', #PIDFILE /bin/sed -i /etc/init.d/freeswitch -e s,^PIDFILE=.*,PIDFILE=/usr/local/freeswitch/run/\$NAME.pid, #WORKDIR /bin/sed -i /etc/init.d/freeswitch -e s,^WORKDIR=.*,WORKDIR=/usr/local/freeswitch/lib/, fi if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: Couldn't edit FreeSWITCH init script." exit 1 fi /bin/chmod 755 /etc/init.d/freeswitch /bin/echo "enabling FreeSWITCH to start at boot" /bin/mkdir /etc/freeswitch /bin/touch /etc/freeswitch/freeswitch.xml /bin/grep true /etc/default/freeswitch > /dev/null if [ $? -eq 0 ]; then #file exists and has been edited /bin/echo "/etc/default/freeswitch already edited, skipping" else if [ -e /usr/src/freeswitch/debian/freeswitch-sysvinit.freeswitch.default ]; then /bin/sed /usr/src/freeswitch/debian/freeswitch-sysvinit.freeswitch.default -e s,false,true, > /etc/default/freeswitch if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: Couldn't edit freeswitch RC script." exit 1 fi else /bin/sed /usr/src/freeswitch/debian/freeswitch.default -e s,false,true, > /etc/default/freeswitch if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: Couldn't edit freeswitch RC script." exit 1 fi fi if [ $DEBUG -eq 1 ]; then /bin/echo "Checking for a public IP Address..." PUBLICIP=no #turn off the auto-nat when we start freeswitch. #nasty syntax. searches for 10.a.b.c or 192.168.x.y addresses in ifconfig. /sbin/ifconfig | \ /bin/grep 'inet addr:' | \ /usr/bin/cut -d: -f2 | \ /usr/bin/awk '{ print $1}' | \ while read IPADDR; do echo "$IPADDR" | \ /bin/grep -e '^10\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' \ -e '^192\.168\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' \ -e '^127.0.0.1$' #-e '^172\.[16-31]\.[0-9]\{1,3\}\.[0-9]\{1,3\}' \ if [ $? -ne 0 ]; then PUBLICIP=yes fi done case "$PUBLICIP" in [Yy]*) if [ $DEBUG -eq 1 ]; then /bin/echo "You appear to have a public IP address." /bin/echo " I can make sure FreeSWITCH starts with" /bin/echo " the -nonat option (starts quicker)." /bin/echo read -p "Would you like for me to do this (y/n)? " SETNONAT fi ;; *) /bin/echo "Dynamic IP. leaving FreeSWITCH for aggressive nat" SETNONAT=no ;; esac fi case "$SETNONAT" in [Yy]*) /bin/sed /etc/default/freeswitch -i -e s,'FREESWITCH_PARAMS="-nc"','FREESWITCH_PARAMS="-nc -nonat -reincarnate"', /bin/echo "init script set to start 'freeswitch -nc -nonat'" ;; *) /bin/echo "OK, not using -nonat option." ;; esac /bin/echo /usr/sbin/update-rc.d -f freeswitch defaults fi /bin/echo #don't do this. If freeswitch is a machine name, it really screws this test. It #won't hurt to adduser a second time anyhow. #/bin/grep freeswitch /etc/passwd > /dev/null #if [ $? -eq 0 ]; then #user already exists # /bin/echo "FreeSWITCH user already exists, skipping..." #else /bin/echo "adding freeswitch user" /usr/sbin/adduser --disabled-password --quiet --system \ --home /usr/local/freeswitch \ --gecos "FreeSWITCH Voice Platform" --ingroup daemon \ freeswitch if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: Failed adding freeswitch user." exit 1 fi #fi /usr/sbin/adduser freeswitch audio /usr/sbin/groupadd freeswitch if [ $DO_DAHDI == "y" ]; then #dialout for dahdi /usr/sbin/adduser freeswitch dialout fi /bin/chown -R freeswitch:daemon /usr/local/freeswitch/ /bin/echo "removing 'other' permissions on freeswitch" /bin/chmod -R o-rwx /usr/local/freeswitch/ /bin/echo cd /usr/local/ /bin/chown -R freeswitch:daemon /usr/local/freeswitch /bin/echo "FreeSWITCH directories now owned by freeswitch.daemon" /usr/bin/find freeswitch -type d -exec /bin/chmod u=rwx,g=srx,o= {} \; /bin/echo "FreeSWITCH directories now sticky group. This will cause any files created" /bin/echo " to default to the daemon group so FreeSWITCH can read them" /bin/echo #/bin/echo "removing /opt blindly (hope nothing is there) and linking it" #/bin/echo " to /usr/local so FusionPBX won't complain" #Opt might have been created due to a type in adduser freeswitch (home was /opt) check... #this looks to be the case. #the latest FusionBPX is correctly detecting /usr/local/freeswitch # probably always did. #let's try removing opt altogether... #/bin/echo /bin/ln -s /usr/local/freeswitch/bin/fs_cli /usr/local/bin/ #if [ $DEBUG -eq 1 ]; then # /bin/echo "FreeSWITCH was installed to /usr/local." # /bin/echo " normally we don't want to see /opt" # /bin/echo " since FusionPBX. tries to find it" # /bin/echo " and you end up with having to symlink" # /bin/echo " /usr/local/freeswitch to /opt/freeswitch" # /bin/echo # /bin/echo " It would be easier to blow /opt away; but" # /bin/echo " this may not be a fresh Ubuntu install." # /bin/echo # read -p "Can I 'rm -Rf /opt (Y/n)? " RMOPT #fi #case "$RMOPT" in #[Yy]*) # /bin/rm -Rf /opt #;; #*) #/bin/echo "OK, linking /usr/local/freeswitch to /opt/freeswitch" #/bin/ln -s /usr/local/freeswitch /opt/freeswitch #;; #esac if [ $DEBUG -eq 1 ]; then /bin/echo /bin/echo "Press Enter to continue (check for errors)" read fi #------------------------ # enable modules.conf.xml #------------------------ /bin/grep 'enable_modules' /tmp/install_fusion_status > /dev/null if [ $? -eq 0 ]; then /bin/echo "Modules.conf.xml Already enabled" else #file exists and has been edited enable_modules #check exit status if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: Failed to enable modules in modules.conf.xml." exit 1 else /bin/echo "enable_modules" >> /tmp/install_fusion_status fi fi if [ $DEBUG -eq 1 ]; then /bin/echo read -p "Press Enter to continue (check for errors)" fi #----------------- #Setup logrotate #----------------- # if [ -a /etc/logrotate.d/freeswitch ]; then if [ -a /etc/cron.daily/freeswitch_log_rotation ]; then /bin/echo "Logrotate for FreeSWITCH Already Done!" #call log script creation function freeswitch_logfiles fi #----------------- #harden FreeSWITCH #----------------- /bin/echo -ne "HARDENING" sleep 1 /bin/echo -ne " ." sleep 1 /bin/echo -ne " ." sleep 1 /bin/echo -ne " ." /usr/bin/apt-get -y install fail2ban /bin/echo /bin/echo "Checking log-auth-failures" /bin/grep log-auth-failures /usr/local/freeswitch/conf/sip_profiles/internal.xml > /dev/null if [ $? -eq 0 ]; then #see if it's uncommented /bin/grep log-auth-failures /usr/local/freeswitch/conf/sip_profiles/internal.xml | /bin/grep '','', \ -e s,'','', \ /usr/local/freeswitch/conf/sip_profiles/internal.xml /bin/echo " [ENABLED] log-auth-failures - Was Commented!" else #it's commented and false. /bin/sed -i -e s,'','', \ -e s,'','', \ /usr/local/freeswitch/conf/sip_profiles/internal.xml /bin/echo " [ENABLED] log-auth-failures - Was Commented and False!" fi fi else #It's not present... /bin/sed -i -e s,'','&\n ', \ /usr/local/freeswitch/conf/sip_profiles/internal.xml /bin/echo " [ENABLED] log-auth-failures - Wasn't there!" fi if [ -a /etc/fail2ban/filter.d/freeswitch.conf ]; then /bin/echo "fail2ban filter for freeswitch already done!" else /bin/cat > /etc/fail2ban/filter.d/freeswitch.conf <<"DELIM" # Fail2Ban configuration file # # Author: Rupa SChomaker # [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = DELIM fi if [ -a /etc/fail2ban/filter.d/freeswitch-dos.conf ]; then /bin/echo "fail2ban filter for freeswitch-dos already done!" else /bin/cat > /etc/fail2ban/filter.d/freeswitch-dos.conf <<"DELIM" # Fail2Ban configuration file # # Author: soapee01 # [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = DELIM fi #see if we've done this before (as in an ISO was made #with this script but the source wasn't included #so we have to reinstall... /bin/grep freeswitch /etc/fail2ban/jail.local > /dev/null if [ $? -ne 0 ]; then #add the following stanzas to the end of our file (don't overwrite) /bin/cat >> /etc/fail2ban/jail.local <<'DELIM' [freeswitch-tcp] enabled = true port = 5060,5061,5080,5081 protocol = tcp filter = freeswitch logpath = /usr/local/freeswitch/log/freeswitch.log action = iptables-allports[name=freeswitch-tcp, protocol=all] maxretry = 5 findtime = 600 bantime = 600 # sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed [freeswitch-udp] enabled = true port = 5060,5061,5080,5081 protocol = udp filter = freeswitch logpath = /usr/local/freeswitch/log/freeswitch.log action = iptables-allports[name=freeswitch-udp, protocol=all] maxretry = 5 findtime = 600 bantime = 600 # sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed [freeswitch-dos] enabled = true port = 5060,5061,5080,5081 protocol = udp filter = freeswitch-dos logpath = /usr/local/freeswitch/log/freeswitch.log action = iptables-allports[name=freeswitch-dos, protocol=all] maxretry = 50 findtime = 30 bantime = 6000 DELIM else /bin/echo"fail2ban jail.local for freeswitch already done!" fi #problem with the way ubuntu logs ssh failures [fail2ban] # Failed password for root from 1.2.3.4 port 22 ssh2 # last message repeated 5 times # SOLUTION: Turn off RepeatedMsgReduction in rsyslog. /bin/echo "Turning off RepeatedMsgReduction in /etc/rsyslog.conf" #not sure what the deal is with the single quotes here. Fixed in v4.4.0 #/bin/sed -i 's/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/' /etc/rsyslog.conf /bin/sed -i 's/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/' /etc/rsyslog.conf /etc/init.d/rsyslog restart #bug in fail2ban. If you see this error #2011-02-27 14:11:42,326 fail2ban.actions.action: ERROR iptables -N fail2ban-freeswitch-tcp #http://www.fail2ban.org/wiki/index.php/Fail2ban_talk:Community_Portal#fail2ban.action.action_ERROR_on_startup.2Frestart /bin/grep -A 1 'time.sleep(0\.1)' /usr/bin/fail2ban-client |/bin/grep beautifier > /dev/null if [ $? -ne 0 ]; then /bin/sed -i -e s,beautifier\.setInputCmd\(c\),'time.sleep\(0\.1\)\n\t\t\tbeautifier.setInputCmd\(c\)', /usr/bin/fail2ban-client #this does slow the restart down quite a bit. else /bin/echo ' time.sleep(0.1) already added to /usr/bin/fail2ban-client' fi #still may have a problem with logrotate causing missing new FS log files. #should see log lines such as: #2011-02-13 06:37:59,889 fail2ban.filter : INFO Log rotation detected for /usr/local/freeswitch/log/freeswitch.log /etc/init.d/freeswitch start if [ $DISTRO == "jessie" ]; then sleep 5 /bin/systemctl restart fail2ban.service else /etc/init.d/fail2ban restart fi /bin/echo " fail2ban for ssh enabled by default" /bin/echo " Default is 3 failures before your IP gets blocked for 600 seconds" /bin/echo " SEE http://wiki.freeswitch.org/wiki/Fail2ban" /bin/echo /bin/echo /bin/echo "FreeSWITCH Installation Completed. Have Fun!" /bin/echo fi #--------------------------------------- # DONE INSTALLING FREESWITCH #--------------------------------------- #--------------------------------------- # INSTALL FUSIONPBX #--------------------------------------- if [ $INSFUSION -eq 1 ]; then /bin/echo "FYI, we will need to change ownership of all FreeSWITCH" /bin/echo " Directories to www-data.www-data" /bin/echo " We will also need to change the init script to" /bin/echo " start FreeSWITCH as the www-data user." /bin/echo /bin/echo "This is a workaround to FreeSWITCH jira FS-3016" /bin/echo " The better way would be to have FreeSWITCH and FusionPBX" /bin/echo " share group permissions; unfortunately, FreeSWITCH writes" /bin/echo " log files, voicemail, etc with group permissions off." /bin/echo /bin/echo "This behavior is hard coded into FreeSWITCH." /bin/echo " For now, you need to be aware that if an" /bin/echo " exploit is found for apache2 or nginx" /bin/echo " The attacker would have access to the entire" /bin/echo " FreeSWITCH directory. This isn't quite as bad as it seems though." /bin/echo " since simply having access to configuration can do damage" /bin/echo "Watch your logfiles." #read -p " press enter to continue." /bin/echo /bin/echo "Stopping FreeSWITCH..." /etc/init.d/freeswitch stop www_permissions #Lets ask... nginx or apache -- for user option only if [ $DEBUG -eq 1 ]; then /bin/echo "New Option..." read -p "Would you prefer Apache or Ngnix [nginx and php-fpm from ppa repos] (a/N)? " APACHENGINX fi #remastersys iso ditches the apt data. have to update /usr/bin/apt-get update #get reqs for both /usr/bin/apt-get -y install git-core python-software-properties subversion ghostscript #provides apt-add-repository #installs python-software-properties unattended-upgrades #/usr/bin/apt-get -y install ppa-purge #in backports. don't want that repo if [ ! -e /usr/sbin/ppa-purge ]; then /usr/bin/wget http://us.archive.ubuntu.com/ubuntu/pool/universe/p/ppa-purge/ppa-purge_0+bzr46.1~lucid1_all.deb -O /var/cache/apt/archives/ppa-purge_0+bzr46.1~lucid1_all.deb /usr/bin/dpkg -i /var/cache/apt/archives/ppa-purge_0+bzr46.1~lucid1_all.deb fi /usr/bin/apt-get -y install sqlite php5-cli php5-sqlite php5-odbc if [ $DISTRO = "precise" ]; then /usr/bin/apt-get -y install php-db fi if [ $DISTRO = "wheezy" ]; then /usr/bin/apt-get -y install install php5-sqlite php-db fi if [ $DISTRO = "jessie" ]; then /usr/bin/apt-get -y install install php5-sqlite php-db fi #----------------- # Apache #----------------- case "$APACHENGINX" in [Aa]*) #if [ $APACHENGINX == "a" ]; then if [ -e /usr/sbin/nginx ]; then #nginx is installed. /bin/echo /bin/echo "Nginx is installed, and you selected apache2." if [ $DEBUG -eq 1 ]; then /bin/echo /bin/echo " We need to remove nginx/php5-fpm. The packages" /bin/echo " are not purged, so configuration files will stay." /bin/echo read -p " Do you want to remove nginx/php5-fpm and install apache2 (y/n)? " YESNO else YESNO=y fi case "$YESNO" in [Yy]*) /bin/grep brianmercer /etc/apt/sources.list > /dev/null if [ $? -eq 0 ]; then /bin/echo "php-fpm ppa already add the old way. Fixing" /bin/sed -i -e s,'deb http://ppa.launchpad.net/brianmercer/php/ubuntu lucid main',, /etc/apt/sources.list fi /bin/grep nginx /etc/apt/sources.list > /dev/null if [ $? -ne 0 ]; then /bin/echo "nginx ppa already add the old way. Fixing" /bin/sed -i -e s,'deb http://ppa.launchpad.net/nginx/stable/ubuntu lucid main',, /etc/apt/sources.list fi #remove ppa's /usr/sbin/ppa-purge ppa:brianmercer/php /usr/sbin/ppa-purge ppa:nginx/stable #remove packages /usr/bin/apt-get -y remove nginx nginx-full libevent-1.4-2 libt1-5 \ php-apc php-pear php5-fpm php5-gd php5-memcache #ttf-dejavu-core fontconfig-config libfontconfig1 libxpm4 #removes x/gnome #libxslt1.1 libxslt1.1 #removes midori #libgd2-xpm #removed by ppa-purge #libgd2-noxpm #removed by ppa-purge /usr/bin/apt-get clean /usr/bin/apt-get update #re-install removed packages /usr/bin/apt-get -y install libgd2-noxpm /bin/echo " NGINX/PHP5-FPM REMOVED!" ;; *) /bin/echo "OK. We'll stop. Exiting!" exit 1 ;; esac fi /usr/bin/apt-get -y install apache2 libapache2-mod-php5 #installs: #apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap # /bin/grep fusionpbx /etc/apache2/sites-enabled/000-default > /dev/null # if [ $? -ne 0 ]; then if [ ! -e /etc/apache2/sites-enabled/$GUI_NAME ]; then #disable the default 000-default site /usr/sbin/a2dissite default #let's use a heredoc now, and do this the right way. #no 'quotes' with variables /bin/cat >> /etc/apache2/sites-available/$GUI_NAME < ServerAdmin webmaster@localhost ServerName $FQDN DocumentRoot $WWW_PATH/$GUI_NAME Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 DELIM /usr/sbin/a2ensite $GUI_NAME /bin/cat >> /etc/apache2/conf.d/securedb.conf <<'DELIM' # # The following lines prevent .db files from being # viewed by Web clients. # Order allow,deny Deny from all Satisfy all DELIM /etc/init.d/apache2 restart # /bin/sed -i -e s,"DocumentRoot /var/www","DocumentRoot /var/www/fusionpbx", \ # -e s,"","", \ # /etc/apache2/sites-enabled/000-default if [ $? -ne 0 ]; then #previous had an error # /bin/echo "ERROR: Failed edit of /etc/apache2/sites-enabled/000-default" /bin/echo "ERROR: Failed addtion of /etc/apache2/sites-enabled/$GUI_NAME" exit 1 else # /bin/echo "/etc/apache2/sites-enabled/000-default modified." /bin/echo "/etc/apache2/sites-enabled/$GUI_NAME added." /bin/echo " Root www directory is now $WWW_PATH/$GUI_NAME" fi else /bin/echo #/bin/echo "/etc/apache2/sites-enabled/000-default already edited. Skipping..." /bin/echo "/etc/apache2/sites-enabled/$GUI_NAME already there. Skipping..." fi /bin/grep 10M /etc/php5/apache2/php.ini > /dev/null if [ $? -ne 0 ]; then /bin/sed -i -e s,"upload_max_filesize = 2M","upload_max_filesize = 10M", /etc/php5/apache2/php.ini if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: failed edit of /etc/php5/apache2/php.ini upload_max_filesize = 10M." exit 1 fi else /bin/echo /bin/echo "/etc/php5/apache2/php.ini already edited. Skipping..." fi /bin/echo "document root for apache2 is:" /bin/echo " $WWW_PATH/$GUI_NAME" /bin/echo " php has an upload file size limit of 10 MegaBytes" /bin/echo /bin/echo "now install FusionPBX. This should go fast." /bin/echo ;; #----------------- # Apache Done #----------------- #----------------- # NGINX #----------------- *) #elif [ $APACHENGINX == "n" ] || [ $APACHENGINX == "N" ] || [ $APACHENGINX == "" ]; then # ^ would be almost there. empty read isn't caught. switching to case. more flexible... if [ -e /usr/sbin/apache2 ]; then #apache2 is installed. /bin/echo /bin/echo "Apache2 is installed, and you selected nginx/php5-fpm." if [ $DEBUG -eq 1 ]; then /bin/echo /bin/echo " We need to remove apache2, and php5. The packages" /bin/echo " are not purged, so configuration files will stay." /bin/echo /bin/echo " Do you want to remove apache2/php5 and install " read -p " nginx/php5-fpm (y/n)? " YESNO else YESNO=y fi case "$YESNO" in [Yy]*) #remove packages /usr/bin/apt-get -y remove apache2 apache2-mpm-prefork apache2-utils apache2.2-bin \ apache2.2-common libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 \ libaprutil1-ldap ssl-cert /bin/echo " APACHE2 REMOVED!" #removing libapr removes subversion! /usr/bin/apt-get -y install subversion ;; *) /bin/echo "OK. We'll stop. Exiting!" exit 1 ;; esac fi if [ $DISTRO = "squeeze" ]; then #setup debian repos for nginx/php5-fpm /bin/echo "adding dotdeb repository for php5-fpm and nginx" /bin/echo "deb http://packages.dotdeb.org squeeze all" > /etc/apt/sources.list.d/squeeze-dotdeb.list /usr/bin/wget -O /tmp/dotdeb.gpg http://www.dotdeb.org/dotdeb.gpg /bin/cat /tmp/dotdeb.gpg | apt-key add - /bin/rm /tmp/dotdeb.gpg /usr/bin/apt-get update elif [ $DISTRO = "wheezy" ]; then #included in main repo we have nginx [nginx-full] and php5-fpm echo "already in Debian 7.x [wheezy], nothing to add." elif [ $DISTRO = "jessie" ]; then #included in main repo we have nginx [nginx-full] and php5-fpm echo "already in Debian 8.x [jessie], nothing to add." elif [ $DISTRO = "precise" ]; then #included in main repo we have nginx [nginx-full] and php5-fpm echo "already in 12.04 LTS [precise], nothing to add." else #add-apt-repository ppa:brianmercer/php // apt-get -y install python-software-properties #Add php5-fpm ppa to the list /bin/grep brianmercer /etc/apt/sources.list > /dev/null if [ $? -eq 0 ]; then /bin/echo "php-fpm ppa already add the old way. Fixing" /bin/sed -i -e s,'deb http://ppa.launchpad.net/brianmercer/php/ubuntu lucid main',, /etc/apt/sources.list /usr/bin/apt-add-repository ppa:brianmercer/php elif [ ! -e /etc/apt/sources.list.d./brianmercer-php-lucid.list ]; then /bin/echo "Adding PPA for php-fpm" #/bin/echo "deb http://ppa.launchpad.net/brianmercer/php/ubuntu lucidmain" >> /etc/apt/sources.list #/usr/bin/apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8D0DC64F /usr/bin/apt-add-repository ppa:brianmercer/php else /bin/echo "php-fpm ppa already added." fi #Add NGINX-ppa to src list. /bin/grep nginx /etc/apt/sources.list > /dev/null if [ $? -ne 0 ]; then /bin/echo "nginx ppa already add the old way. Fixing" /bin/sed -i -e s,'deb http://ppa.launchpad.net/nginx/stable/ubuntu lucid main',, /etc/apt/sources.list /usr/bin/apt-add-repository ppa:nginx/stable elif [ ! -e /etc/apt/sources.list.d./nginx-stable-lucid.list ]; then /bin/echo "Adding PPA for latest nginx" /usr/bin/apt-add-repository ppa:nginx/stable #/bin/echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu lucid main" >> /etc/apt/sources.list #/usr/bin/apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C300EE8C else /bin/echo "nginx ppa already added" fi fi /usr/bin/apt-get update && /usr/bin/apt-get upgrade -y /usr/bin/apt-get -y install nginx #installs libgd2-noxpm libxslt1.1 nginx nginx-full if [ $DISTRO = "squeeze" ]; then /usr/bin/apt-get -y install php5-fpm php5-common php5-gd php-pear php5-memcache php5-apc php5-sqlite php5-json else #should work for precise /usr/bin/apt-get -y install php5-fpm php5-common php5-gd php-pear php5-memcache php-apc php5-json fi if [ $DISTRO = "squeeze" ]; then PHPINIFILE="/etc/php5/fpm/php.ini" PHPCONFFILE="/etc/php5/fpm/php-fpm.conf" elif [ $DISTRO = "precise" ]; then PHPINIFILE="/etc/php5/fpm/php.ini" #also exists, but www.conf used by default... #PHPCONFFILE="/etc/php5/fpm/php-fpm.conf" #max_children set in /etc/php5/fpm/pool.d/www.conf PHPCONFFILE="/etc/php5/fpm/pool.d/www.conf" elif [ $DISTRO = "lucid" ]; then #lucid ppa conf files changed 1/20/2013 PHPINIFILE="/etc/php5/fpm/php.ini" PHPCONFFILE="/etc/php5/fpm/pool.d/www.conf" elif [ $DISTRO = "wheezy" ]; then PHPINIFILE="/etc/php5/fpm/php.ini" PHPCONFFILE="/etc/php5/fpm/php-fpm.conf" elif [ $DISTRO = "jessie" ]; then PHPINIFILE="/etc/php5/fpm/php.ini" PHPCONFFILE="/etc/php5/fpm/php-fpm.conf" else PHPINIFILE="/etc/php5/fpm/php.ini" PHPCONFFILE="/etc/php5/fpm/php5-fpm.conf" fi /bin/grep 10M $PHPINIFILE > /dev/null if [ $? -ne 0 ]; then /bin/sed -i -e s,"upload_max_filesize = 2M","upload_max_filesize = 10M", $PHPINIFILE if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: failed edit of $PHPINIFILE upload_max_filesize = 10M." exit 1 fi else /bin/echo /bin/echo "/etc/php5/fpm/php.ini already edited. Skipping..." fi #change to socket grep "listen = 127.0.0.1:9000" $PHPCONFFILE |grep \; if [ $? -ne 0 ]; then /bin/sed -i $PHPCONFFILE -e s,listen\ \=\ 127\.0\.0\.\1\:9000,listen\ \=\ \/var\/run\/php5-fpm.sock, fi #uncomment lines that are needed for unix socket /bin/sed -i -e s,";listen.owner","listen.owner", $PHPCONFFILE /bin/sed -i -e s,";listen.group","listen.group", $PHPCONFFILE /bin/sed -i -e s,";listen.mode","listen.mode", $PHPCONFFILE ##Applying fix for cgi.fix_pathinfo /bin/grep 'cgi\.fix_pathinfo=0' $PHPINIFILE > /dev/null if [ $? -ne 0 ]; then /bin/sed -i -e s,';cgi\.fix_pathinfo=1','cgi\.fix_pathinfo=0', $PHPINIFILE if [ $? -ne 0 ]; then /bin/echo "ERROR: failed edit of $PHPINIFILE cgi.fix_pathinfo=0" exit 1 fi else /bin/echo /bin/echo "/etc/php5/fpm/php.ini already edited for cgi.fix_pathinfo. Skipping..." fi #We don't need so many php children. 1 per core should be fine FOR NOW. #/bin/sed -i -e s,"pm.max_children = 10","pm.max_children = 4", /etc/php5/fpm/php5-fpm.conf /bin/grep "pm.max_children = 4" $PHPCONFFILE > /dev/null if [ $? -ne 0 ]; then /bin/sed -i -e s,"pm.max_children = 10","pm.max_children = 4", $PHPCONFFILE if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: failed edit of $PHPCONFFILE pm.max_children = 4" exit 1 fi else /bin/echo /bin/echo "$PHPCONFFILE [children] already edited. Skipping..." fi #max_servers must be <= max_children /bin/grep "pm.max_spare_servers = 4" $PHPCONFFILE > /dev/null if [ $? -ne 0 ]; then /bin/sed -i -e s,"pm.max_spare_servers = 6","pm.max_spare_servers = 4", $PHPCONFFILE if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: failed edit of $PHPCONFFILE pm.max_spare_servers = 4" exit 1 fi else /bin/echo /bin/echo "pm.max_spare_servers not changed" fi #update auto-starts ###PHP5-fpm and nginx are wrong?? update-rc.d php5-fpm enable /etc/init.d/php5-fpm start ##setup niginx for fusionpbx & phpmyadmin! update-rc.d nginx enable /etc/init.d/nginx start #NGINX server config: rm /etc/nginx/sites-enabled/default /bin/grep '.db' /etc/nginx/sites-available/$GUI_NAME >> /dev/null if [ $? -ne 0 ]; then /bin/echo "Nginx insecure previous installation" /bin/echo " allows http access to FusionPBX database" /bin/echo " FIXING..." /bin/rm /etc/nginx/sites-available/$GUI_NAME fi if [ -a /etc/nginx/sites-available/$GUI_NAME ]; then /bin/echo "/etc/nginx/sites-available/$GUI_NAME already exists... skipping" else nginxconfig fi if [ $DISTRO = "lucid" ]; then /bin/grep fastcgi_param.*HTTPS.*\$https\; /etc/nginx/fastcgi_params if [ $? -eq 0 ]; then echo "Fixing a weird nginx fastcgi_parm issue" echo " you can also add the following stanzas to" echo " your /etc/nginx/sites-enabled/$GUI_NAME file" echo " set $https off; #for listen 80 and listen localhost" echo " set $https on; #for listen 443" /bin/sed -i /etc/nginx/fastcgi_params -e s/fastcgi_param.*HTTPS.*\$https\;/#fastcgi_param\ HTTPS\ \$https\;/ fi fi ;; esac #----------------- # NGINX Done #----------------- #else # /bin/echo "Didn't catch that. exiting" # exit 1 #fi cd $WWW_PATH if [ $DEBUG -eq 1 ]; then /bin/echo /bin/echo "Press Enter to continue (check for errors)" read fi /bin/echo "Stopping FreeSWITCH..." /usr/sbin/service freeswitch stop if [[ "$INST_FPBX" == "svn" ]]; then if [ $FBPXCHECKOUTVER == true ]; then /bin/echo "Going to install FusionPBX SVN Rev $FPBXREV" /usr/bin/svn checkout -r r$FPBXREV $FPBXBRANCH $WWW_PATH/$GUI_NAME else /bin/echo "Going to install FusionPBX latest SVN!" #removed -r r1877 r1877 from new install /usr/bin/svn checkout $FPBXBRANCH $WWW_PATH/$GUI_NAME fi elif [ $INST_FPBX == tgz ]; then /bin/tar -C $WWW_PATH -xzvf $TGZ_FILE elif [ $INST_FPBX == git ]; then FUSIONPBX_GIT="$FUSIONPBX_GIT_SERVER/$FUSIONPBX_GIT_CONTRIBUTER/$FUSIONPBX_GIT_PROJECT"; /usr/bin/git clone $FUSIONPBX_GIT cd $GUI_NAME; if [ $FUSIONPBX_GIT_ASKBRANCH == 1 ] then branches=() eval eval "$(/usr/bin/git for-each-ref --shell --format='branches+=(%(refname:short))' refs/remotes/ | perl -l -wpe "s{'\w+/}{'}")" for id in "${!branches[@]}"; do branch=${branches[$id]}; printf "[%s] %s" $id $branch; if [ $branch == 'master' ]; then printf " *default"; default_branch=$id; fi printf "\n"; done while true; do read -p "Which branch would you like to use? " branch if [[ -z $branch ]]; then branch=$default_branch; fi; if [[ -n "${branches[$branch]}" ]]; then break; fi; echo "Please choose a existing branch."; done /usr/bin/git checkout "${branches[$branch]}" fi; fi if [ ! -e $WWW_PATH/$GUI_NAME ]; then /bin/mv $WWW_PATH/fusionpbx $WWW_PATH/$GUI_NAME fi /usr/sbin/adduser freeswitch www-data /usr/sbin/adduser www-data daemon /bin/chown -R www-data:www-data $WWW_PATH/$GUI_NAME /bin/echo "freeswitch is now a member of the www-data group" /bin/echo " www-data is now a member of the daemon group" /usr/bin/find $WWW_PATH/$GUI_NAME -type f -exec /bin/chmod 644 {} \; /usr/bin/find $WWW_PATH/$GUI_NAME -type d -exec /bin/chmod 755 {} \; if [ $DEBUG -eq 1 ]; then /bin/echo /bin/echo "Press Enter to continue (check for errors)" read fi if [ $APACHENGINX == "a" ]; then /etc/init.d/apache2 restart elif [ $APACHENGINX == "n" ]; then /etc/init.d/nginx restart fi /bin/echo "FusionPBX install needs Write permissions on group to remove files" /bin/echo "The daemon group (of which www-data is a member) can now edit all files" /bin/echo " in your FreeSWITCH installation. This may or may not be desirable" /bin/echo /bin/echo "if you want to change this, run (as root)" /bin/echo " /usr/bin/find /usr/local/freeswitch -type f -exec /bin/chmod g-w {} \;" /bin/echo " /usr/bin/find /usr/local/freeswitch -type d -exec /bin/chmod g-w {} \;" /bin/echo " however; FusionPBX won't be able to make changes anymore" /usr/bin/find /usr/local/freeswitch -type f -exec /bin/chmod g+w {} \; /usr/bin/find /usr/local/freeswitch -type d -exec /bin/chmod g+w {} \; # /bin/echo "go to the web address in your browser to finish configuration" # /bin/echo ' http://'`/sbin/ifconfig eth0 | /bin/grep 'inet addr:' | /usr/bin/cut -d: -f2 | /usr/bin/awk '{ print $1}'` # /bin/echo "don't forget to start FreeSWITCH after the install!" # /bin/echo "/etc/init.d/freeswitch start" #FreeSWITCH needs read access to scripts in /var/www/fusionpbx/secure #per mcrane on IRC #mcrane: the easiest way to get it to work is have FreeSWITCH and the web server run under the same user # instead we made freeswitch user a member of the www-data group, and www-data user a member of the # daemon group. #added v3 #move the default extensions .noload #The default FusionPBX install removes the default FreeSWITCH password, so anyone can register #with these default FreeSWITCH extensions. They aren't 'in' FusionPBX anyhow, so we don't need #them. We will leave them for reference. /bin/echo "renaming default FreeSWITCH extensions .noload" for i in /usr/local/freeswitch/conf/directory/default/1*.xml;do mv $i $i.noload ; done if [ $DEBUG -eq 1 ]; then /bin/echo /bin/echo "Press Enter to continue (check for errors)" read fi /bin/echo /bin/echo "Finishing Up FusionPBX installation." /bin/echo "Now for a database..." /bin/echo #----------------- # MySQL #----------------- #Lets ask... sqlite or mysql -- for user option only if [ $DEBUG -eq 1 ]; then /bin/echo "New Option..." /bin/echo " SQlite is already installed (and required)" /bin/echo read -p " Would you like to install MySQL, PostgreSQL, or stay with Sqlite (m/p/S)? " SQLITEMYSQL case "$SQLITEMYSQL" in [pP]*) if [ $DISTRO = "wheezy" ]; then echo "precise is PostgreSQL 9.4 by default" POSTGRES9=9 elif [ $DISTRO = "jessie" ]; then echo "jessie is PostgreSQL 9.4 by default" POSTGRES9=9 else /bin/echo /bin/echo "OK, PostgreSQL! Would you prefer the stock verion 8.4" /bin/echo " or verion 9 from PPA?" /bin/echo read -p "PostgreSQL 8.4 or 9 [8/9]? " POSTGRES9 fi echo ;; esac fi case "$SQLITEMYSQL" in [Mm]*) #if [ $SQLITEMYSQL == "m" ]; then /bin/echo "Installing MySQL" /usr/bin/apt-get -y install mysql-server php5-mysql mysql-client if [ -e /usr/sbin/nginx ]; then #nginx is installed. /etc/init.d/php5-fpm restart /etc/init.d/nginx restart elif [ -e /usr/sbin/apache2 ]; then #apache2 is installed. /etc/init.d/apache2 restart fi start_freeswitch /bin/echo "Now you'll need to manually finish the install and come back" /bin/echo " This way I can finish up the last bit of permissions issues" /bin/echo " Just go to" /bin/echo ' http://'`/sbin/ifconfig eth0 | /bin/grep 'inet addr:' | /usr/bin/cut -d: -f2 | /usr/bin/awk '{ print $1}'` /bin/echo " MAKE SURE YOU CHOOSE MYSQL as your Database on the first page!!!" /bin/echo " ON the Second Page:" /bin/echo " Create Database Username: root" /bin/echo " Create Database Password: the_pw_you_set_during_install" /bin/echo " other options: whatever you like" /bin/echo " I will wait here until you get done with that." /bin/echo -ne " When MySQL is configured come back and press enter. " read ;; [Pp]*) #elif [ $SQLITEMYSQL == "p" ]; then #/bin/echo -ne "Installing PostgeSQL" #moving most of this to fs install /bin/echo "Time to add a $GUI_NAME user for the database." /bin/echo -ne " We will use $GUI_NAME as the username" /bin/echo -ne " please set the password." #add php postgres packages if [ $POSTGRES9 == "9" ]; then /bin/echo " version 9.3" if [ $DISTRO = "squeeze" ]; then #add squeeze repo /bin/echo "Adding debian backports for postgres9.1" /bin/echo "deb http://backports.debian.org/debian-backports squeeze-backports main" > /etc/apt/sources.list.d/squeeze-backports.list /usr/bin/apt-get update /usr/bin/apt-get -y -t squeeze-backports install php5-pgsql elif [ $DISTRO = "precise" ]; then #already there... /usr/bin/apt-get -y install php5-pgsql elif [ $DISTRO = "wheezy" ]; then POSTGRES9=9 #update repository for postgres 9.4 ... /bin/echo "deb http://apt.postgresql.org/pub/repos/apt/ wheezy-pgdg main" > /etc/apt/sources.list.d/pgdg.list wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add - /usr/bin/apt-get update /usr/bin/apt-get -y install postgresql-9.4 libpq-dev php5-pgsql elif [ $DISTRO = "jessie" ]; then POSTGRES9=9 /usr/bin/apt-get update /usr/bin/apt-get -y install postgresql-9.4 libpq-dev php5-pgsql else #add the ppa /usr/bin/apt-add-repository ppa:pitti/postgresql /usr/bin/apt-get update /usr/bin/apt-get -y install php5-pgsql fi else /bin/echo " version 8.4" /usr/bin/apt-get -y install postgresql libpq-dev #The following NEW packages will be installed: # libpq5 php5-pgsql postgresql postgresql-8.4 postgresql-client-8.4 # postgresql-client-common postgresql-common fi #Fix pg_hba.conf cat > `find / -name pg_hba.conf` < /dev/null if [ $? -eq 0 ]; then /bin/echo "Modules.conf Already edited" else #file exists and has been edited build_modules #check exit status if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: Failed to enable build modules in modules.conf." exit 1 else /bin/echo "build_modules" >> /tmp/install_fusion_status fi fi if [ $DEBUG -eq 1 ]; then /bin/echo /bin/echo "Press Enter to continue (check for errors)" read fi #------------------------ # make current #------------------------ /bin/grep 'made_current' /tmp/install_fusion_status > /dev/null if [ $? -eq 0 ]; then /bin/echo "Modules.conf Already edited" else /bin/echo /bin/echo ' going to run make curent' /bin/echo " Make current completely cleans the build environment and rebuilds FreeSWITCH™" /bin/echo " so it runs a long time. However, it will not overwrite files in a pre-existing" /bin/echo ' "conf" directory. Also, the clean targets leave the "modules.conf" file.' /bin/echo " This handles the git pull, cleanup, and rebuild in one step" /bin/echo ' src: http://wiki.freeswitch.org/wiki/Installation_Guide' cd /usr/src/freeswitch if [ $? -ne 0 ]; then #previous had an error /bin/echo "/usr/src/freeswitch does not exist" /bin/echo "you probably installed from a FusionPBX ISO which deleted this" /bin/echo "Directory to save space. rerun with install-freeswitch option" exit 1 fi cd /usr/src/freeswitch #get on the 1.2.x release first... echo echo echo "Checking to see which version of FreeSWITCH you are on" git status |grep "1.2" if [ $? -ne 0 ]; then echo "It appears that you are currently on the FreeSWITCH Git Master branch, or no branch." echo " We currently recommend that you switch to the 1.4.x branch," echo " since 1.5 [master]." echo read -p "Shall we change to the 1.4.x release branch [Y/n]? " YESNO else YESNO="no" fi case $YESNO in [Nn]*) echo "OK, staying on current...." FSSTABLE=false ;; *) echo "OK, switching to 1.4.x." FSSTABLE=true ;; esac if [ $FSSTABLE == true ]; then echo "OK we'll now use the 1.4.x release branch" cd /usr/src/freeswitch #odd edge case, I think from a specific version checkout # git status # Not currently on any branch. # Untracked files: # (use "git add ..." to include in what will be committed) # # src/mod/applications/mod_httapi/Makefile git status |grep -i "not currently" if [ $? -eq 0 ]; then echo "You are not on master branch. We have to fix that first" /usr/bin/git checkout master if [ $? -ne 0 ]; then #git checkout had an error /bin/echo "GIT CHECKOUT to 1.2.x ERROR" exit 1 fi fi #/usr/bin/time /usr/bin/git clone -b $FSStableVer git://stash.freeswitch.org/scm/fs/freeswitch.git /usr/bin/git pull if [ $? -ne 0 ]; then #git checkout had an error /bin/echo "GIT PULL to 1.2.x ERROR" exit 1 fi /usr/bin/git checkout $FSStableVer if [ $? -ne 0 ]; then #git checkout had an error /bin/echo "GIT CHECKOUT to 1.2.x ERROR" exit 1 fi #/usr/bin/git checkout master #if [ $? -ne 0 ]; then # #git checkout had an error # /bin/echo "GIT CHECKOUT to 1.2.x ERROR" # exit 1 #fi else echo "Staying on dev branch." fi cd /usr/src/freeswitch echo "reconfiguring mod_spandsp" make spandsp-reconf if [ $CORES > "1" ]; then /bin/echo " multicore processor detected. Upgrading with -j $CORES" /usr/bin/time /usr/bin/make -j $CORES current else /bin/echo " singlecore processor detected. Starting upgrade sans -j" /usr/bin/time /usr/bin/make current fi #/usr/bin/make current if [ $? -ne 0 ]; then #previous had an error /bin/echo "make current error" exit 1 fi if [ $DEBUG -eq 1 ]; then /bin/echo /bin/echo "I'm going to stop here and wait. FreeSWITCH has now been compiled and is ready to install" /bin/echo "but in order to do this we need to stop FreeSWITCH [which will dump any active calls]." /bin/echo "This should not take too long to finish, but we should try and time things correctly." /bin/echo "The current status of your switch is:" /bin/echo /usr/local/freeswitch/bin/fs_cli -x status /bin/echo /bin/echo -n "Press Enter to continue the upgrade." read fi /etc/init.d/freeswitch stop if [ $? -ne 0 ]; then #previous had an error /bin/echo "Init ERROR, couldn't stop Freeswitch" exit 1 fi /usr/bin/make install if [ $? -ne 0 ]; then #previous had an error /bin/echo "INSTALL ERROR!" exit 1 else /bin/echo "made_current" >> /tmp/install_fusion_status fi fi #------------------------ # enable modules.conf.xml #------------------------ /bin/grep 'enable_modules' /tmp/install_fusion_status > /dev/null if [ $? -eq 0 ]; then /bin/echo "Modules.conf.xml Already enabled" else #file exists and has been edited enable_modules #check exit status if [ $? -ne 0 ]; then #previous had an error /bin/echo "ERROR: Failed to enable modules in modules.conf.xml." exit 1 else /bin/echo "enable_modules" >> /tmp/install_fusion_status fi fi if [ $DEBUG -eq 1 ]; then /bin/echo /bin/echo "Press Enter to continue (check for errors)" read fi #check for logrotate and change to cron.daily if [ -a /etc/logrotate.d/freeswitch ]; then /bin/echo "System configured for logrotate, changing" /bin/echo " to new way." /bin/rm /etc/logrotate.d/freeswitch /etc/init.d/logrotate restart freeswitch_logfiles fi if [ -e $WWW_PATH/$GUI_NAME ]; then echo "I noticed that FusionPBX is installed too" echo "now going to fix freeswitch permissions from upgrade to be safe" www_permissions else echo "Standalone FreeSWITCH installation, no permissions to change" fi /etc/init.d/freeswitch start fi #------------------------------------ # DONE UPGRADING FREESWITCH #------------------------------------ #------------------------------------ # UPGRADE FusionPBX #------------------------------------ if [ $UPGFUSION -eq 1 ]; then /bin/echo "Resetting FreeSWITCH permissions to www-data in case you did" /bin/echo " a FreeSWITCH upgrade as well." www_permissions cd $WWW_PATH/$GUI_NAME /bin/echo /bin/echo "STOP! Make sure you are logged into fusionpbx as the superadmin (via browser)!" read -p "Have you done this yet (y/n)? " YESNO if [ $YESNO == "y" ]; then /bin/echo "Be really sure you are logged in as superadmin." /bin/echo " If nothing else, refresh the browser to make sure" /bin/echo " the session isn't stale." /bin/echo /bin/echo "If you haven't done this you risk not being able to Upgrade->Schema" /bin/echo " which will toast your database" /bin/echo FUSIONREV=$(svn info $WWW_PATH/$GUI_NAME |grep -i revision|sed -e s/Revision:\ //) if [ $FUSIONREV -le 1877 ]; then echo "The project is still working on an upgrade tool" echo " for the latest svn version. It is recommended" echo " that you stay with revision 1877. Your current" echo " revision is $FUSIONREV" echo read -p "Do we want Revision 1877, or latest (1877/latest)? " YESNO2 else read -p "Ready to upgrade (y/n)? " YESNO2 fi case $YESNO2 in [YylL]*) #svn... /usr/bin/svn update $FPBXBRANCH $WWW_PATH/$GUI_NAME /bin/chown -R www-data:www-data $WWW_PATH/$GUI_NAME #print message saying to hit advanced->upgrade schema /bin/echo "Done upgrading Files" /bin/echo "For the Upgrade to finish you MUST login to FusionPBX as superadmin" /bin/echo "and select Advanced -> Upgrade Schema" ;; [1]*) /usr/bin/svn update -r r1877 $FPBXBRANCH $WWW_PATH/$GUI_NAME /bin/chown -R www-data:www-data $WWW_PATH/$GUI_NAME #print message saying to hit advanced->upgrade schema /bin/echo "Done upgrading Files" /bin/echo "For the Upgrade to finish you MUST login to FusionPBX as superadmin" /bin/echo "and select Advanced -> Upgrade Schema" ;; *) echo "Bad option, exiting" exit 1 ;; esac else exit 1 fi read -p "Do you want to try and run the auto-upgrade php script from CLI (y/n)? " YESNO case $YESNO in [yY]*) echo "Starting... /usr/bin/php $WWW_PATH/$GUI_NAME/core/upgrade/upgrade.php" /usr/bin/php $WWW_PATH/$GUI_NAME/core/upgrade/upgrade.php echo "Done" ;; *) echo "OK, don't forget to run it yourself via GUI or here with" echo " /usr/bin/php $WWW_PATH/$GUI_NAME/core/upgrade/upgrade.php" ;; esac fusionfail2ban fi #------------------------------------ # DONE UPGRADING FusionPBX #------------------------------------ #success!!! if [ -e /tmp/install_fusion_status ]; then /bin/rm /tmp/install_fusion_status fi /bin/echo "Checking to see if FreeSWITCH is running!" /usr/bin/pgrep freeswitch if [ $? -ne 0 ]; then /etc/init.d/freeswitch start else /bin/echo " DONE!" fi exit 0 --------- #CHANGELOG #--------- # vSVN, now using SVN.... November 2011 #v4.4.0pre 2011 April 12 #BUGS: FS CHANGED!!! 2011-05-12 # Add libssl-dev # currently mod_cidlookup, mod_xml_curl mod_xml_cdr busted #BUGS: FS isn't started at end of install-both auto #BUGS: fix-https still throws usage help. check www-permissions too. #BUGS: Apache heredoc isn't escaping the variables. documentroot and servername wrong. #BUGS: dingaling still not compile right. let's change makefile and recompile module #ADD: zip compression to nginx #ADD: monit for freeswitch and nginx #add libssl-dev for secure sip. # ADD mod_spandsp for fax and g722 # apt-get install libtiff4-dev # Add NTP, maybe run sudo ntpdate ntp.ubuntu.com to make suer date is correct. # prevents make from dying (date in the future crap). # BUGS: Had quotes around nginx config # FS failed to start with script # Fail2Ban FS-dos has freeswitch2 in jail.local # Fail2ban not starting: # freeswitch-dos ports wrong in jail.local. # build again and run fail2ban-client -d to test. # Add Option to download FreeSWITCH compiled source as tar.gz for iso # Added Option --fix-permissions # checks FreeSWITCH init script # Added: upgrade-fusionpbx needs to fix permissions, since a FS upgrade kills them. # FIXED Logrotate for nginx # logfiles were: /var/log/fusionpbx_gui.*_log; # logfiles now: /var/log/nginx/*.log # Added: Fail2ban for FusionPBX failed login attempts # Need information on attempts/rate/etc # Added: Fail2ban for FusionPBX on failed provision attempts # Need information on attempts/rate/etc # Needs Testing! # FIXED: RepeatedMsgReduction wasn't getting set correctly in rsyslog.conf # Added Change Fail2ban on FreeSWITCH with attempts/rate/etc in config file (not default settings) # Added: Option to download GIT from GitHub repository (It's faster), see DEFINES # Make nginx/apache https by default # iso needs to regenerate certificates post install, ideally with 10 year expirations. # apt-get install ssl-cert # ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key # ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt # ln -s /etc/ssl/certs/nginx.crt /var/www/fusionpbx/$HOSTNAME.crt # /etc/init.d/nginx restart # FIXED nginx config to not block html files... Don't do block ~ .ht # Added FreeTDM, and Dahdi #v4.3.3 2011 January 31 # Added: smp compile support. Script works, make -j doesn't. see jira FS-3005 # Fixed: NGinx file size error # Added: Remove Nginx/php/apache properly # FIXED removing nginx removes gnome/x. # Added: Postgres (seems good) # Fixed: Set up apache properly (fusionpbx file instead of default, use heredoc) # TODO: look into setting up FS for mysql/pgsql # Fixed: sqlite http request issue for nginx/apache # Added: now doing ppa's the ubuntu way with apt-add-repository # Added: set up auto install for nginx/apache, mysql/postgresql/sqlite, setnonat. # Added: now prompts for rm -Rf /opt (or variable for auto-install). # There's a bug in either ppa-purge or apt-add-repository (likely latter). # if you install nginx, change your mind, install apache, change your mind again # and re-install nginx, the repository for nginx/php5-fpm gets removed proerly # [a '#' covers repo], but when re-enabling, the '#' gets replaced, and an 'n' # is left on a newline afterward, preventing update/install from that repo. # Fixed: Checking for nginx/apache2 binary instead of init scripts for if[x] restart #v4.3.2.1 2011 January 1 # small problem when selecting nginx and sqlite. php5-fpm needed to restart # so FusionPBX could see the FreeSWITCH directory. #v4.3.2 2010 December 30 # logrotate was improperly setup. Needed to send sighup to fs_cli # Caused FS to die the first time it tried to log after rotation. # php5-cli is a dependancy. required for voicemail to email, and fax to email. # added an nginx/php-fpm option. You can change a variable (for auto run) # or it will prompt you when you install fusionpbx in user mode # mysql added as an option. # problem with the way ubuntu logs ssh failures [fail2ban] # Failed password for root from 1.2.3.4 port 22 ssh2 # last message repeated 5 times # SOLUTION: Turn off RepeatedMsgReduction in rsyslog. # fail2ban: previous setup looked for freeswitch log in /var/log/freeswitch.log # log is actually /usr/local/freeswitch/log/freeswitch.log # Tries to see if you're on a static IP address. If you are, it wants to start # FreeSWITCH with the -nonat option to save some time. Also a new variable # TODO: Maybe probe cores and to the -b thing for quicker compile/bootstrap # TODO: IPTABLES #v4.3.1 2010 December 23 # look into make -j cores option # made a state save file. so if there's an error, don't re-bootstrap, configure, etc. # and remove it on a clean exit. # requests for modules add/enable for ugrade-freeswitch. DONE # mod dingaling needs libgnutls-dev libgnutls26 packages, and change: # "--mode=relink gcc" --> "--mode=relink gcc -lgnutls" # in /usr/src/freeswitch/src/mod/endpoints/mod_dingaling/mod_dingaling.la # appears to be an ubuntu problem.... #v4.3 2010 December 22 # under case upgrade-freeswitch, variables were not set properly. It upgraded fusionpbx.. fixed. # done: fail2ban error fixed. removed associated text # done: have install check for /etc/fail2ban. reinstall (as in from iso) duplicates some txt # done: remove or fix fusionpbx upgrade code. it either needs to log in # and then update and run the schema upgrade. or get rid of it. Fixed by prompting the user # to open a browser window, and warn. # done: get logrotate working... let's not fill the disk. # stop/start freeswitch for an upgrade, and an install... #v4.2 2010 December 17 # made some changes so the text flows correctly now that we use curl # to do install.php. # sent curl output to dev null.. # added apt-get update before we install apache since remastersys removes apt data # stopping FS before FusionPBX install, and starting afteward. # changed license to WAF v1 #v4.1 2010 December 15 # changing cd sounds (48/32/16/8khz) down to hd sounds (16/8Kkhz) #v4 2010 December 14 # now install-fusion|install-freeswitch|upgrade... # also adding curl commands to finish fusionpbx install. #v3 adding fail2ban et al. #v2 2010 December 07 # adds arrays to process the modules. should make this much easier to edit. # just make additions to modules_add # This should work fine (even on a 2nd run). #v1 2010 December 06 # was first cut