Category: Internet/Web

Sleep Well: Create a $10.50 Incredible Backup Server in the Cloud with WebDAV

With the impending demise of Copy.com, it seemed like a good time to revisit the subject of backups and to do a little advance preparation for that rainy day when your Incredible PBX™ server decides it’s taken its last breath. We recently documented how to build an Incredible PBX in the Cloud for a one-time cost of $10.50. And we showed you how to build a Linux Sandbox in the Cloud for the same bargain-basement price. Today, we’re adding a third way to spend one day’s lunch money with our new Backup Server in the Cloud at CloudAtCost. And, like the other two, a one-time investment of $10.50 gets you a 10GB cloud repository to store your most important Asterisk® files for life!1 If you’re feeling really adventurous, you can double or quadruple your resources and your storage capacity at the same great 70% off rates with CloudAtCost coupon code: TAKE70. Some have asked us for a referral code to give credit where credit is due. Thanks for thinking of us, but we already have all of the CloudAtCost resources we could ever use. So this one, like the two before it, is on us!



We recommend you start by building an Incredible PBX platform at CloudAtCost using our previous tutorial. Is it production-ready? Probably not. Is it a good standby server which can swing into action when your primary server croaks? Absolutely. Can it be used for off-site storage of backups from your primary Incredible PBX server? You bet. And today we’ll show you how. It’s about a 10-minute process once you have Incredible PBX up and running in the Cloud. We’ll also provide an updated Incredible Backup script to transparently upload backup images to your new CloudAtCost backup server.

Got DAV?It’s been quite a while since we first explored WebDAV back in 2005. Today we’re going to bolt on WebDAV to your existing Incredible PBX platform so that some of that spare storage space in the Cloud can be used to house snapshot images of your Incredible PBX production server. Since this will be a fully-functioning Incredible PBX server in addition to serving as a backup server, it can perform double-duty as a hot standby on a moment’s notice. When disaster strikes, restore the latest backup which happens to be colocated on your Cloud server, and you’ll be back in business.

Overview. As you probably know, WebDAV is an acronym for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac and Linux worlds, WebDAV provides a Disk Volume that “looks and feels” like any other networked hard disk. In the Windows world, WebDAV is called Web Folders. They can be used like any other mapped drive in Network Neighborhood. If you’re still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people with access rights don’t change the same file at the same time.

Initial Setup of WebDAV in the Cloud. For today, we’re assuming you already have a functioning Incredible PBX server at CloudAtCost running under CentOS 6.7. If not, start with our tutorial here. If you’d prefer to use the Linux Sandbox configuration for your WebDAV platform, skip down to the next section. To keep things simple, we’re going to set up a separate dav directory within your existing Incredible PBX cloud server to use for WebDAV storage. This means files and folders managed with WebDAV will appear in /var/www/html/dav on your server. We’ll password-protect the directory using Apache web credentials for the admin user. You first must set up these credentials by issuing the following command while logged into your server as root:

htpasswd /etc/pbx/wwwpasswd admin

To activate WebDAV on your Incredible PBX server at CloudAtCost, while still logged into your server as root, issue the following commands:

mkdir /var/www/html/dav
chown asterisk:asterisk /var/www/html/dav
chown asterisk:asterisk /var/lib/dav
cd /etc/pbx/httpdconf
wget http://incrediblepbx.com/dav.conf
service httpd restart

Keep in mind that WebDAV is running on an Incredible PBX server which means that remote HTTP access will require that your remote IP address be in the IPtables WhiteList. You can add it easily using the add-ip or add-fqdn utilities in /root. Don’t forget, or none of this will work.

Setting Up WebDAV on a CloudAtCost Linux Sandbox. If you’d prefer to set up WebDAV on a Linux Sandbox at CloudAtCost rather than the Incredible PBX platform, begin by installing the sandbox by following along in the Nerd Vittles tutorial. Once you’re up an running, issue the following commands to activate WebDAV:

mkdir /etc/pbx
htpasswd -c /etc/pbx/wwwpasswd admin
mkdir /var/www/html/dav
chown apache:apache /var/www/html/dav
cd /etc/httpd/conf.d
wget http://incrediblepbx.com/dav.conf
service httpd restart

You won’t have to whitelist the IP address of your local Incredible PBX server in the IPtables firewall running on your WebDAV server at CloudAtCost because port 80 already is whitelisted in the default Linux Sandbox setup.

Accessing WebDAV in the Cloud. As installed, you’ll need your username (admin) and your Apache password assigned above to access your WebDAV server in the Cloud. Use a browser for read only access to the dav directory at the IP address of your server, e.g. http://23.45.67.89/dav. Or establish a network share to the WebDAV resource for read and write access.

Configuring a Local CentOS/SL Server for WebDAV Access. Linux needs something special in order to treat remote WebDAV resources as part of your local file system. Fortunately, there is a packaged solution that does all the heavy lifting for you. On every CentOS/Scientific Linux server from which you want to access remote WebDAV resources, issue the following commands while logged into the server as root:

yum -y install davfs2
mkdir /dav
cd /root
wget http://incrediblepbx.com/incrediblebackup-dav
chmod +x incrediblebackup-dav

Configuring a Local Debian/Ubuntu/Raspbian Server for WebDAV Access. The setup drill is much the same as it is for CentOS except the package installation syntax needs to be adjusted. On every Debian, Ubuntu, or Raspbian (Raspberry Pi) server from which you want to access remote WebDAV resources, issue the following commands while logged into the server as root:

apt-get -y install davfs2
mkdir /dav
cd /root
wget http://incrediblepbx.com/incrediblebackup-dav
chmod +x incrediblebackup-dav

Connecting to Your WebDAV Server in the Cloud. The new Incredible Backup script, /root/incrediblebackup-dav, will automatically make a connection to your new WebDAV server in the Cloud once you’ve entered your admin credentials and the IP address of your WebDAV server. Do this by editing incrediblebackup-dav. Just plug in your admin password and the IP address of your WebDAV server in the Cloud. Then save the file.

In case you’re curious, here is the command to access WebDAV as a file system from your local server. Assuming admin:passwd555 were your remote Apache credentials and 23.45.67.89 was the IP address of your CloudAtCost server, the mount command would look like this:

echo passwd555 | mount.davfs http://23.45.67.89/dav /dav -o username=admin

All of the /dav files on the WebDAV server in the Cloud then would be accessible in the /dav directory on your local server until the WebDAV connection was closed/unmounted. You can add, edit, and delete files and directories. All of your local changes will automatically be synchronized with your WebDAV server in the Cloud.

To close the WebDAV connection, issue the following command:

umount.davfs /dav

Making a Backup to Your WebDAV Server in the Cloud. This is the easy part. Once everything is in place and you have configured the Incredible Backup script with your admin credentials and WebDAV server’s IP address, you’re ready to kick off a backup. Just issue the following command while logged into your server as root:

/root/incrediblebackup-dav

Restoring a Backup from Your WebDAV Server in the Cloud. There are two ways to do this. If your local server and Cloud-based server are running identical versions of Incredible PBX, then you can restore the backup image to your Cloud server and run Incredible PBX in the Cloud. Simply move the desired backup file from /var/www/html/dav on the Cloud server to /backup and then run incrediblerestore from the /root folder. Once the restore completes, reboot your Cloud server, reconfigure the IP addresses of your phones, and you’re back in business.

If you’d prefer to restore a backup from the Cloud to a local server, then you would first build a new server to match the one from which the backup was originally made. Next, configure the new server to support WebDAV access to your Cloud-based server following the tutorial above. Then execute the following commands after logging into your local server as root. Use the credentials, IP address, and actual backup filename saved on your Cloud server:

mkdir /backup
cd /root
echo passwd555 | mount.davfs http://23.45.67.89/dav /dav -o username=admin
cp /dav/backupfilename.tar.gz /backup/.
umount.davfs /dav
./incrediblerestore /backup/backupfilename.tar.gz
rm /backup/backupfilename.tar.gz

WebDAV Cautionary Notes and Gotchas. First, WebDAV does a lot of heavy lifting under the covers because its intended for use as a collaboration tool by multiple people accessing and updating the same resources. So synchronization is important. When we’re moving huge files from a local server to the WebDAV cloud, this synchronization activity can give the appearance that your server has hung either during the backup procedure or thereafter. It hasn’t. So, after you run the Incredible Backup script to upload a new backup image, leave your server alone for a while. On your local server, don’t attempt to list /dav or otherwise use it for about an hour to be safe. On a Raspberry Pi, just be patient while the backup procedure completes. After that, you should be good to go. Depending upon the Linux flavor of your local server, the Incredible Backup script may not dismount your WebDAV resource successfully. You can do this manually LATER although it won’t hurt anything to leave the connection in place. As noted above, the dismount command is umount.davfs /dav.

Second, be very careful in configuring Incredible Backup to make certain that you specify the correct IP address for your WebDAV server in the Cloud. WebDAV will try to connect to any IP address, and you don’t want to inadvertently upload your backup files to someone else’s server. Third, ALWAYS use a web browser to access your WebDAV server in the Cloud after your backup completes to make certain that a backup with the current date and time is shown in the directory listing. Particularly with RedHat OS flavors, it may take some time for the entire tarball upload to complete even though the script will indicate it has finished. Again, patience is a virtue. Don’t reboot. Things will get sorted out in due course.

Finally, as with other network connections, if the WebDAV connection fails for some reason, your backup would be stored locally in the /dav folder rather than on WebDAV in the Cloud. That’s obviously not too helpful in the event of a local disk crash. So don’t forget to check your WebDAV server in the Cloud to verify successful completion of the backup.

Enjoy!

Republished: Monday, April 25, 2016





Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. The lifetime promise is, of course, in the eye of the beholder. It may be your lifetime but, more than likely, it’s the lifetime of CloudAtCost. The two are not necessarily the same so plan accordingly. 🙂 []

    Four Months in Paradise: Free International VoIP Calling From Your Cellphone

    Following our article documenting how to set up free cellphone service in the United States using the Sprint reseller, RingPlus, we received a number of questions seeking ways to add free or low cost international calling to the RingPlus offerings. Today we’ll provide a quick tutorial on how to turn any cellphone into a terrific platform to make free international calls, lots of them. As of this writing, for every 10 euros ($11.27) you deposit into your account, you’ll get 300 minutes a week of free calls to 44 countries for 120 days. You can also call anywhere else in the world at very reasonable per minute rates that compare favorably with other SIP providers around the world. In addition to the freebies, for the mathematically challenged, today we’ll also show you how to minimize international calling charges on any U.S. cellphone using Incredible PBX with DISA and your choice of SIP providers. Some provide all-you-can-eat international calling to certain countries for a monthly fee while others charge by the minute depending upon the destination. Do some Googling. The beauty of a PBX and SIP trunks is you can mix and match as many providers as you like to take advantage of favorable calling rates to multiple countries. We’re going to start with the almost-free option because we like to share great deals.

    There are a few things you need to know about the so-called Betamax VoIP services up front. Most importantly, they change rates and free countries more frequently than college kids change partners. Betamax also has dozens of companies offering similar services with differing rates and freebies. You can keep track of the daily changes on this Facebook page. Here’s a 5-year old spreadsheet that will give you a good idea of what you’re up against. Don’t depend upon it for the current rates. You’ll need to visit the actual site(s) of your choice for their current rate tables or visit the site maintained by Betamax for a country-by-country comparison by provider. That’s another way of saying DON’T BLAME US IF YOUR 3-HOUR CALL TO ANTARCTICA CHANGED FROM 20¢ PER MINUTE TO $1 PER MINUTE OVERNIGHT. IT PROBABLY WON’T, BUT THEN AGAIN IT MIGHT. Before making a lengthy call to a remote destination, spend the two minutes it takes to look up the current rate and make a snapshot of the web page for your records. Here’s another tip. If you make frequent calls to Antarctica, spend a little time doing your homework. Review the latest Betamax spreadsheet to track down the cheapest rates. Then double-check the actual sites for the current rates. There’s a $150 difference in the cost of a 3-hour call at €.20/minute from one Betamax site versus the €.906/minute rate at another Betamax site. THIS CAN AND OFTEN DOES CHANGE! As it happens, two of the lowest cost providers still offer the calls at the same two-year-old €.20/minute rate.

    Today we’ll be focusing on the company we’ve tracked for many years, FreeVoipDeal.com. Except for the domain name, the setup with other Betamax providers is similar but not identical. And, of course, you’ll have to kick in another deposit to make free calls from each site. The length of the Freebie period also may vary so read the terms carefully. FreeVoipDeal actually hasn’t changed much since our last visit about two years ago. In fact, we still had most of our ten euro credit so we could play all we wanted even though the calls were no longer free since our four month window had long since expired.

    Here’s last week’s Freebie list by country compared to two years ago. Don’t depend upon it! Check their actual web site or the Betamax country summary for current freebies and current rates. Here’s another neat little trick to remember. When you visit the FreeVoipDeal Rate Table, just click on the Out of Minutes tab for a quick listing of all the Free Calling Countries as well as the rates once you use up your four months of free calls. With two exceptions for mobile calls to Malaysia and South Korea, all of the “free countries” still had a rate of 1.1¢ per minute. Not bad!

    Here’s How the Free International Calling Procedure Works

    There are really two ways to make international calls from your smartphone. You can either load an app to make the calls if your cellphone supports it. Or you can dial a secondary number using the traditional dialer on your cellphone, enter an access code, and then dial the international number. We’re going to begin with the latter option because it works with any cellphone and it’s safer in numerous ways. At the end of the article, we’ll also show you how to load an app and make the calls that way if you like living dangerously.

    So let’s start with the basics. The way this will work when we’re finished today is you’ll pick up your cellphone and dial a phone number assigned to your own Incredible PBX. The call will be answered and a sweet lady named Allison will ask you for a password. Once you enter it correctly, you’ll get a secondary dial tone. You then can dial any international number that you have preauthorized on your PBX, and the call will be routed out through your FreeVoipDeal trunk to its destination. When the person answers, you will have made your first free international call using your cellphone.

    The key components include the Incredible PBX platform with the DISA application to provide secondary dialtone for processing international calls. A phone number and trunk will receive incoming calls bound for DISA from your cellphone. An inbound route will only forward incoming calls to DISA that match your cellphone number. A secondary trunk from FreeVoipDeal or other providers will be used to process outgoing international calls that are dialed using DISA. We’ll create an outbound route or rule for every country to which you want to authorize international calling. Each of these outbound routes will point to the least expensive (or free) trunk to complete the call. In the VoIP world, you actually could have dozens of outbound trunks that handle international calls based upon the country codes of each international call. This lets you take advantage of the best calling rates for each country. We will block international calls to country codes you have not specifically authorized.

    Just to restate the obvious, a misconfigured DISA application that allows the world to make international calls on your nickel can get expensive quickly. We’ll protect today’s setup with two layers of protection. First, we’ll require that the CallerID of the incoming call match your cellphone number. While this isn’t failsafe since CallerID numbers can be spoofed, it does reduce the risk considerably because the bad guys will have to know BOTH your cellphone number and the incoming phone number managing DISA on your PBX. Without those two phone numbers, nobody gets to the DISA application at all. Second, for incoming Incredible PBX calls from a number matching your cellphone number, the caller will be prompted for a six-digit password, and you can make it longer if you will sleep better. Just remember, compromising DISA on your PBX is just as risky as handing out your credit card to a stranger so follow the setup steps carefully. And then TEST, TEST, TEST to make sure strangers can’t access your DISA setup. We’ll show you how.

    Eight Is Enough: Choosing an Incredible PBX Platform for International Calling

    Before any of this will work, you’ll obviously need an Incredible PBX. The software is free. The cost of the hardware depends upon the Incredible PBX platform you choose. This could be a PBX hosted in the Cloud, or it could be a PBX running as a virtual machine on your desktop computer or VMware corporate server, or it could be a PBX running on dedicated hardware in your home or office. Here are some choices with approximate prices and links to the tutorials to set them up. After downloading the Incredible PBX software from SourceForge, the setup process only takes 30 minutes or less.

    1. Incredible PBX in the Cloud at CloudAtCost ($10.50 one-time fee)
    2. Incredible PBX in the Digital Ocean Cloud ($5 a month after 2 free months)
    3. Incredible PBX in the RentPBX Cloud ($15 a month with Coupon Code: NOGOTCHAS)
    4. Incredible PBX running under VirtualBox on your Desktop PC (free)
    5. Incredible PBX running on your company’s VMware server (free)
    6. Incredible PBX running on standalone Raspberry Pi 3 ($35++)
    7. Incredible PBX running on standalone Intel NUC ($200)
    8. Incredible PBX running on your favorite old clunker (free)

    Configuring Incredible PBX for International Calling with DISA

    Here’s an overview of the setup drill for today once you have Incredible PBX running. We’ll walk through each of the six steps below. Don’t get frustrated. There are a lot of steps, but none of them are difficult. Just don’t skip any.

    1. Set Up Your Trunk to Process Incoming DISA Calls
    2. Set Up Your Trunk(s) to Process Outgoing International Calls
    3. Configure DISA with a Very Secure Password
    4. Configure an Inbound Route to Limit Incoming DISA Calls to Your Cellphone #
    5. Configure an Outbound Route for Each International Country Code
    6. Test, Test, Test

    1. Setting Up a Trunk to Process Incoming DISA Calls

    Before you can make calls to your PBX, it’ll need a phone number (known affectionately as a DID). As installed, Incredible PBX includes preconfigured SIP trunks from about a dozen SIP providers. All you’ll need is credentials from the company you wish to use. Most providers of DID trunks offer a monthly flat rate for unlimited incoming calls. There’s a great deal from our Platinum Sponsor, Vitelity, at the end of this article. And their international calling rates are extremely competitive.

    In addition to SIP trunks, Incredible PBX is preconfigured to support Google Voice trunks for those living in the United States. These trunks are free and provide unlimited incoming and outgoing calls throughout the U.S. and Canada. Because this option is free, you’d be crazy not to use it for today’s application if it’s available where you live. The setup procedure is covered in detail in all of the Incredible PBX installation tutorials referenced above. So start there.

    2. Setting Up a Trunk to Process Outgoing International Calls

    We’re going to walk you through setting up a trunk with FreeVoipDeal to handle free international calls to certain countries documented above. This may not be the best fit for you depending upon the international destinations you wish to call. Figure that out first! Then adjust the trunk settings below to match each SIP provider trunk you wish to create. There’s no limit to the number you can have. And, with most of these providers, you pay by the minute for international calls anyway so there is no harm in configuring multiple trunks to take advantage of the best rates calling the countries of your choice. The same applies to all-you-can-eat and “free” trunks except there are varying fees for using the services so you’re probably not going to want a dozen of them even if some of the calls are free after making a periodic deposit. One other word of warning. Some Betamax sites such as powervoip.com have good calling rates, but they tack on a 3.9¢ connection fee to every call. If you make lengthy calls, it’s not a big deal. If you make numerous short calls, it drives your discount calling rates through the roof. So start with the pink and green entries on the old spreadsheet we referenced for the cheapest historical rates and then visit the actual sites and read the fine print. One of our favorite Betamax sites for many tourist destinations is HotVoIP.com.



    To add new trunks to Incredible PBX, use a browser to access the IP address of your server. Choose Incredible GUI Administration from the Admin menu of the Kennonsoft GUI (shown above) by clicking on User to switch. The default username is admin and the password is what you set when the install completed. Once the Incredible PBX GUI appears, click the Connectivity tab and choose Trunks -> Add SIP (chan_sip) Trunk.

    For Trunk Name, enter FreeVoipDeal. In the Dialed Number Manipulation Rules section, add a rule for each country code you wish to activate. You can decipher the Country Code for any country at this link. For example, for the United Kingdom, you’d enter a rule like this where 44 is the Country Code and each X represents a required digit in the local area code and phone number. The trailing period means the number includes one or more additional digits. NOTE: DISA calls will not have to be prefixed with 011 to place international calls. Just enter the country code and number to be called. And, I am told that only 441, 442, and perhaps 443 calls to the U.K. are free since those are the designated landline prefixes.




    If there are other countries, you wish to support with this trunk provider, you’d click Add More Dial Pattern Fields and insert an additional rule for each country following the example above. If you’ll be using this trunk to make calls in the U.S. and Canada as well, the correct Match Pattern is 1NXXNXXXXXX, and calls will need to be dialed with the 1 to avoid conflicts with international dialing. And, by the way, calls to Alaska and Hawaii are also free!

    Next, we need to enter the Outgoing Settings. For the Trunk Name, enter freevoipdeal. Clear out the entries in Peer Details section and enter the following using your actual FreeVoipDeal credentials for yourusername and yourpassword:

    authuser=yourusername
    username=yourusername
    secret=yourpassword
    type=peer
    qualify=yes
    nat=yes
    insecure=port,invite
    host=sip.freevoipdeal.com
    fromdomain=sip.freevoipdeal.com
    dtmfmode=auto
    disallow=all
    canreinvite=no
    allow=alaw&ulaw
    

    Finally, clear out the default entries in User Details and click the Submit Changes button and then red Apply Config button to save your new trunk.

    Spoofing Your CallerID. When setting up your FreeVoipDeal account, you can set up one or more numbers to use as your CallerID number on FreeVoipDeal calls. You simply verify the number with a code sent by SMS or phone call from their service. Once you’ve gone through the verification procedure, you can spoof the outbound CallerID on FreeVoipDeal calls using your actual cellphone number. Just add the following entries to your Trunk settings replacing 9991234567 with your cellphone number. Special thanks to @hillclimber on the PIAF Forum for the tip.

    fromuser=0019991234567
    sendrpid=yes
    

    3. Configuring DISA to Support International Calling

    In the Incredible PBX GUI, we’ll set up DISA by clicking the Applications tab and choosing DISA. Add your new DISA configuration by following this sample. Use a VERY secure password. It’s your phone bill. Once you’ve finished, click the Submit Changes button and then red Apply Config button to save your new DISA setup.



    4. Configuring an Inbound Route for Your Incoming DISA Calls

    Here’s where we lock down your setup so that Incredible PBX only accepts DISA calls from your cellphone number. If you want to allow additional people to use your DISA setup or if you have multiple cellphones, then simply create multiple inbound routes with the 10-digit numbers of each phone to be supported.

    In the Incredible PBX GUI, we’ll set up a new Inbound Route by clicking the Connectivity tab and choosing Inbound Routes. If you plan to support multiple phones, then create multiple inbound routes and give each of them a unique Description and CallerID Number that matches the phone number of the cellphone to be supported. Be sure to check the CID Priority Route checkbox and set the correct Destination for your incoming calls. Just fill in the blanks appropriately using this template as a guide. Once you’ve finished, click the Submit button and then red Apply Config button to save your new Inbound Route.



    5. Configuring an Outbound Route for Each International Country Code

    The DISA application is going to obtain the phone number to be dialed and will pass that to the Outbound Routes module. The job of the Outbound Routes module is to examine the phone number passed to it from DISA to figure out which trunk to use to make the outbound call. It then will pass the call to the appropriate trunk which sends the outgoing call on its way to the destination.

    For each Dialed Number Manipulation Rule in every Trunk that you set up in Step #2 above, you’ll need a matching Outbound Route if your PBX is used to place calls using multiple trunks. If you’re only using one provider for all of your outbound calls, then we can use a more generic Outbound Route. It’s always a good idea to create the one-to-one match between Outbound Routes and Trunks to make certain that outbound calls are sent to the correct Trunk for processing. So let’s do that using the U.K. trunk we created above.

    In the Incredible PBX GUI, we’ll set up a new Outbound Route by clicking the Connectivity tab and choosing Outbound Routes. When the template appears, notice in the far right column that there’s a listing of all your existing Outbound Routes. Calls are actually processed sequentially using the order that these Outbound Routes appear in the list. If there’s no number match in the top route or if the call via the top route fails, processing drops to the next route in the list until there is a match AND a successful connection. You can adjust the sequence by dragging the Outbound Routes to a different position in the priority list.

    It’s important to use specificity in your Outbound Routes (especially with International calling) to make certain that a call isn’t inadvertently processed by a secondary trunk. For example, if you have a Google Voice trunk in addition to a FreeVoipDeal trunk, we want to make certain that calls to England are processed by the FreeVoipDeal trunk and that 10-digit numbers starting with area code 440 (Cleveland) are routed out through Google Voice. The easiest way to do this is to require the Outbound Route Match Pattern for U.K. calls to be at least 11 digits, e.g. 44XXXXXXXX. (the trailing period is important in that it requires at least one more digit for a match). And we can force a Hangup if the FreeVoipDeal trunk is not available for some reason by adjusting the Destination on Congestion setting. This keeps the call routing from dropping down to the next available Outbound Route in the list if FreeVoipDeal happens to be off-line at some point. So our Outbound Route for U.K. calls should look something like this:



    The final step is to move the new Outbound Route for U.K. calls to the top of the Outbound Routes listing in the right column to assure that it is processed first. Once you’ve done that, click the Submit Changes button and then red Apply Config button to save your new Outbound Route AND the adjusted Outbound Route Priority List.

    Another alternative in creating Outbound Routes is to use a Dial Prefix that never matches a real phone number to direct calls to a particular trunk. For example, you might use 08 as a dial prefix for FreeVoipDeal calls. By placing 08 in the Prefix column of the Dial Pattern, it will get stripped off before the number is actually passed to the FreeVoipDeal trunk for processing. We actually prefer this setup because it adds an additional layer of security for international calls. If someone were to break into your DISA application by knowing your cellphone number AND your DID AND your DISA password, it’s unlikely they’d also know to prefix outgoing international calls with some arbitrary dial prefix. Just don’t use 08 in case they’re a Nerd Vittles reader. 😉

    6. Test, Test, Test!

    The easiest way to test the new setup is to place a couple of calls and to watch the Asterisk CLI (asterisk -rvvvvvvvvvv) and see how the calls are processed and who answers at the other end. Then you can apologize for reaching the wrong number.

    You can make up your own test methodology, but here’s one that works for us. There are several tests you need to make. First, call your Incredible PBX DID from your authorized cellphone and enter a correct DISA password to see if you get dial tone to make an international call. Then repeat the drill with an invalid password and make sure you don’t get a dial tone. Next, call your Incredible PBX DID from a phone other than your authorized cellphone. You should not get a prompt for a DISA password. Finally, we use the first three digits of a U.K. number to identify a matching NANPA area code. Then, we find hotels in the two matching cities. For example, one might attempt to call a hotel in Bath, England (44 1… ……) and a hotel in Bermuda (441-…-….). The U.K. call should go through, and the Bermuda call should fail. If you pass all three tests with flying colors, you’re good to go.

    Using FreeVoipDeal’s MobileVoIP App Instead of Incredible PBX with DISA

    FreeVoIPDeal also offers a MobileVoIP app that can be used directly on your smartphone (Android, iOS, and Windows phone versions available) using any Wi-Fi, UMTS, 4G/LTE, 3G, GPRS or EDGE connection. The drawback is the lack of the three extra layers of security protection that Incredible PBX using DISA offers. MobileVOIP lets you log in with your registered Betamax credentials and offers the option to use your existing VoIP credit from your smartphone. The downside is that anyone with the app and your credentials can call anywhere and talk for as long as they like on your nickel using any of your registered CallerIDs. You’ve been warned. For more information or to download the app for your mobile device, go here. Remember to dial the “+1” country code prefix for U.S./Canada calls. Enjoy!

    Originally published: Monday, March 21, 2016


    Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    It’s Back: $10.50 Buys an Incredible PBX in the Cloud For Life… If You Hurry

    In January, we began our new series on Cloud Computing by documenting how to build an awesome LAMP server in the Cloud using Linux. Today we’re again going to show you how to use the same Cloud platform and take advantage of the $10.50 coupon code TAKE70 to build an Incredible PBX in the Cloud FOR LIFE. When you’re finished, you’ll have a state-of-the-art Incredible PBX 13 server with hundreds of PBX features including free calling to the U.S. and Canada using any (free) Google Voice account. Keep in mind this isn’t $10.50 a month for your cloud server. It’s $10.50, period! The whole project takes less than an hour. Before we begin, let’s revisit our cautionary note for those that missed it in the previous article. It’s important.

    There’s lots to hate at Cloud At Cost, a Canadian provider that offers virtual machines in the cloud for a one-time fee with no recurring charges. For $35 $10.50, you get a virtual machine with 512MB of RAM, 10GB of storage, and a gigabit Internet connection FOR LIFE. We haven’t seen a week go by when Cloud at Cost didn’t offer some sort of discount. Today it’s 70% which brings the total cost down to $10.50. That’s less than a burger at Five Guys. That’s the good news. But, if security, 99.999% reliability, performance, and excellent customer support are your must-haves, then look elsewhere. So why would anyone in their right mind sign up for a cloud solution that didn’t offer those four things? Did we mention it’s $10.50 for a lifetime cloud server?

    If you take our recommendation and plunk down your $10.50, you’ll need to go into this with the right attitude. It’s not going to be flawless perfection computing. It’s a sandbox on which to experiment with [VoIP] and Cloud Computing. Will your virtual machine disintegrate at some juncture? Probably. Our experience is that the first couple days are critical. If you start seeing sluggish performance which degenerates to zero, don’t waste your time. Take good notes as you go along, delete the virtual machine, and rebuild a new one. It won’t cost you a dime, and it’ll save you hours of frustration. We suspect that bad folks get onto some of the servers and delight in bringing the machines to their knees. So the quicker you cut your losses, the better off you will be. Is CloudAtCost a good solution for production use? Absolutely Probably not so don’t try to fit a square peg in the round hole. It’s not gonna work, and you WILL be disappointed.

    Today’s experiment will give you a platform on which to learn before you decide upon a more permanent deployment solution. And it will give you a terrific home for a backup server once you do move to a long-term solution so your $10.50 won’t be wasted.


    The objective today is to show you how to build a rock-solid, secure VoIP server in the Cloud with all the bells and whistles you’d typically find on a PBX costing tens of thousands of dollars. Incredible PBX is pure GPL, open source code with one major difference. It’s FREE! And it’s supported by thousands of users on the PIAF Forum that started just like you.

    Some of you are probably wondering why you would want a PBX at all. Hearing is believing as they say. Spend a couple minutes and call our CloudAtCost demo server. We preconfigured it using everything provided in today’s tutorial. It’ll let you play with some of the features that a PBX offers such a voice dialing from a directory, news and weather forecasts, and much more. And, in case you’re wondering, it’s been running 24/7 for two full months without a single hiccup. To try it for yourself, just dial:

    Nerd Vittles Demo IVR Options
    1 – Call by Name (say “Delta Airlines” or “American Airlines” to try it out)
    2 – MeetMe Conference (password is 1234)
    3 – Wolfram Alpha (say “What planes are flying overhead now?”)
    4 – Lenny (The Telemarketer’s Worst Nightmare)
    5 – Today’s News Headlines
    6 – Weather Forecast (Just enter your ZIP Code!)
    7 – Today in History
    8 – Speak to a Real Person (or maybe just voicemail if we’re out)

    For long time readers of Nerd Vittles, you already know that the component we continually stress is security. Without that, the rest really doesn’t matter. You’ll be building a platform for someone else to hijack and use for nefarious purposes. When we’re finished today, you’ll have a cloud-based VoIP server that is totally invisible to the rest of the world except a short list of VoIP providers that have been thoroughly vetted by Nerd Vittles staff. You can whitelist additional locations and phones to meet your individual needs without worrying about your server being compromised.

    Creating Your Virtual Machine Platform in the Cloud

    To get started, you’ve got to cough up your $10.50 at Cloud at Cost using coupon code TAKE70. Once you’ve signed up, CloudAtCost will send you credentials to log into the Cloud at Cost Management Portal. Change your portal password IMMEDIATELY after logging in. Just go to SETTINGS and follow your nose. HINT: DC2 is the preferred data center!

    To create your virtual machine, click on the CLOUDPRO button and click Add New Server. If you’ve only purchased the $10.50 CloudPRO 1 platform, then you’ll need all of the available resources shown in the pick list. Leave CentOS 6.7 64bit selected as the OS Type and click Complete. Depending upon the type of special pricing that Cloud at Cost is offering when you sign up, the time to build your virtual machine can take anywhere from a minute to the better part of a day. Things have settled down since the 90% off week so new servers typically are ready in a few minutes. However, we’ve learned to build new virtual machines at night where possible. Then they’re usually available for use by the next morning. Luckily, this slow performance does not impact existing virtual machines that already are running in the CloudAtCost hosting facilities.

    Initial Configuration of Your CentOS 6.7 Virtual Machine

    With a little luck, your virtual machine soon will appear in your Cloud at Cost Management Portal and look something like what’s shown above. The red arrow points to the i button you’ll need to click to decipher the password for your new virtual machine. You’ll need both your IP address and the password for the new virtual machine in order to log into the server which is now up and running with a barebones CentOS 6.7 operating system. Note the yellow caution flag. That’s telling you that Cloud at Cost will automatically shut down your server in a week to save (them) computing resources. You can change the setting to keep your server running 24/7. Click Modify, Change Run Mode, and select Normal – Leave Powered On. Click Continue and OK to save your new settings.

    Finally, you’ll want to change the Host Name for your server to something more descriptive than c7…cloudpro.92… Click the Modify button again and click Rename Server to change it. IncrediblePBX13 has a nice ring to it, but to each his own.

    Logging into Your New CentOS 6.7 Virtual Machine

    In order to configure and manage your new CentOS 6.7 virtual machine, you’ll need to log into the new server using either SSH or, for Windows users, Putty. After installing Putty, run it and log in to the IP address of your VM with username root and the password you deciphered above. On a Mac, open a Terminal session and issue a command like this using the actual IP address of your new virtual machine:

    ssh root@12.34.56.78
    

    Before you do anything else, reset your Virtual Machine’s root password to something very secure: passwd

    Next, let’s address a couple of CloudAtCost quirks that may cause problems down the road. CloudAtCost has a nasty habit of not cleaning up after itself with fresh installs. The net result is your root password may get reset every time you reboot even though you changed it.

    sed -i '/exit 0/d' /etc/rc.local
    killall plymouthd
    echo killall plymouthd >> /etc/rc.local
    rm -f /etc/rc3.d/S97*
    echo "exit 0" >> /etc/rc.local
    

    Installing Incredible PBX 13 with CentOS 6.7

    Now we’re ready to build your VoIP server platform. There aren’t many steps so just cut-and-paste the code into your SSH or Putty session and review the results to make sure nothing comes unglued. If something does, the beauty of virtual machines is you can delete them instantly within your management portal and just start over whenever you like. So here we go…

    We’ll begin by permanently turning off SELINUX which causes more problems than it solves. The first command turns it off instantly. The second line assures that it’ll stay off whenever you reboot your virtual machine.

    setenforce 0
    sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
    

    Now let’s bring CentOS 6.7 up to current specs and add a few important applications:

    yum -y update
    yum -y install net-tools nano wget tar
    reboot
    

    Once your server reboots, we’re ready to kick off the Incredible PBX 13 install:

    cd /root
    wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz
    tar zxvf incrediblepbx*
    ./IncrediblePBX*
    

    When the install begins, read the license agreement and press ENTER to agree to the terms and get things rolling. Now would be a great time to go have breakfast or lunch. Come back in about an hour and your server should be ready to go.

    Implementing Dynamic DNS Service on Your Client Machines

    Unlike some other PBX offerings that leave your server exposed to the Internet, Incredible PBX is different. Unless the IP address from which you are accessing the server has been whitelisted, nobody on the Internet can see your server. The only exception is the preferred providers list and those on the same local area network (which is nobody in the case of CloudAtCost). As part of the Incredible PBX install, the IP address of the computer you used to perform the install was whitelisted automatically. But there may be other computers from which you wish to allow access to the PBX in order to deploy telephones at remote sites. Some of these sites may have dynamic IP addresses that change from time to time. Or you may have traveling salesman that land in a new hotel almost every night with a new IP address. Fortunately, there are a number of free and paid Dynamic DNS providers. For sites with dynamic IP addresses, simply choose a fully-qualified domain name (FQDN) to identify each location where you need computer access or need to deploy a phone. Then run a dynamic DNS update utility periodically from a computer or router at that site. It reports back the current public IP address of the site and your DNS provider updates the IP address assigned to that FQDN whenever there are changes.

    DNS update clients are available for Windows, Mac OS X, and many residential routers. They’re also available for Android devices. Then it’s just a matter of plugging in the remote users’ FQDNs so Incredible PBX knows to give them server access via the whitelist. You implement this in seconds using the add-ip and add-fqdn utilities in the /root directory.

    There are other ways to gain access as well using the PortKnocker utility or Travelin’ Man 4 from a telephone. Both of these are covered in the Incredible PBX 13 tutorial so we won’t repeat it here.

    Incredible PBX Preliminary Setup Steps

    First, let’s check things out and make sure everything is working as it should. With your favorite web browser, visit the IP address of your new server. You should see the default Incredible PBX page, the Kennonsoft Menu. It’s divided into two parts, a Users tab (shown below) and an Admin tab with additional options that we’ll cover shortly.

    Now we need to jump back to SSH or Putty and log back into your server as root. You’ll note that the Incredible PBX Automatic Update Utility is run each time you log in. This is how important security updates are pushed to your server so do it regularly. And, no, you don’t need to contribute to our open source projects unless you want to. You’ll still get the updates as they are released.

    After the Automatic Update Utility runs, the login script will execute status which tells you everything you need to know about the health of your server. After the initial install, it will look something like this with your server’s IP address obviously. We’ll cover the RED items down the road a bit.

    For now, we need to complete a few preliminary setup steps for Incredible PBX to make sure you can log into the various components which have been installed on your computer. There are several different credentials you will need. Most of these are configured using scripts in the /root folder of your server. First, you need your root password for the server itself, and you should have already set that up with a very secure password using passwd. These same credentials are used to login to WebMin.

    Next you’ll need an admin password for the Incredible PBX GUI. This is the management utility and Asterisk® code generator which consists of FreePBX® GPL modules that are open source and free to use. The admin password is set by running admin-pw-change in the /root directory.

    There are also a number of web-based applications such as Telephone Reminders, AsteriDex, phpMyAdmin, and VoiceMail & Recordings (User Control Panel). You obviously don’t want everyone with a telephone using all of these applications so they are protected using a couple different Apache web server credentials. First, you set up an admin password for the administrator-level applications using the htpasswd utility. Then you set up an end-user account and password for access to AsteriDex, Reminders, and the User Control Panel. With the User Control Panel, end users also will need a username and password for their particular phone extension and this is configured with the Incredible PBX GUI using Admin -> User Management -> Add New User. If this sounds convoluted, it’s really not. Apache credentials can be entered once in an administrator’s or end user’s browser and they’re stored permanently.

    Here is a checklist of the preliminary steps to complete before using your server:

    Make your root password very secure: passwd
    Create admin password for Incredible PBX GUI access: /root/admin-pw-change
    Create admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin
    Create joeuser password for web apps: htpasswd /etc/pbx/wwwpasswd joeuser
    Set up UCP accounts for Voicemail & Recordings access using Incredible PBX GUI
    Make a copy of your Knock codes: cat /root/knock.FAQ
    Decipher IP address and other info about your server: status
    Set your correct time zone: /root/timezone-setup

    Activating Incredible Fax on Your Server

    Incredible PBX also includes an optional (and free) faxing component that lets you send and receive faxes that are delivered to your email address. To activate Incredible Fax, run the following script and plug in your email address for delivery of incoming faxes: /root/incrediblefax11.sh. After entering your email address, you’ll be prompted for all sorts of additional information. Unless you have unusual requirements, pressing the ENTER key at every prompt is the appropriate response. You’ll need to reboot your server again when the fax installation is complete. Once you log back into your server as root, the bottom line of the status display should now be green UP entries.

    Managing Your Server with the Incredible PBX GUI

    About 99% of your time managing your server will be spent in the Incredible PBX GUI. To access it, fire up your browser and point to the IP address of your server. At the Kennonsoft menu, click on the Users tab which will change to Admin and bring up the Admin menu shown here:

    From the Administrator menu in the Kennonsoft GUI, click on Incredible PBX Administration. This will bring up the following menu:

    Click on the first icon to access the Incredible PBX GUI. You’ll be prompted for your credentials. For the username, enter admin. For the password, enter the password you set up using admin-pw-change above. You should then be greeted by the main status display in the Incredible GUI:

    If you’re new to Asterisk and FreePBX, here’s the one paragraph primer on what needs to happen before you can make free calls with Google Voice. You’ll obviously need a free Google Voice account. This gets you a phone number for people to call you and a vehicle to place calls to plain old telephones throughout the U.S. and Canada at no cost. You’ll also need a softphone or SIP phone (NOT a regular POTS telephone) to actually place and receive calls. YATE makes a free softphone for PCs, Macs, and Linux machines so download your favorite and install it on your desktop. Phones connect to extensions to work with Incredible PBX. Extensions talk to trunks (like Google Voice) to make and receive calls. We use outbound routes to direct outgoing calls from extensions to trunks, and we use inbound routes to route incoming calls from trunks to extensions to make your phones ring. In a nutshell, that’s how a PBX works. There are lots of bells and whistles that you can explore down the road.

    As configured after installation, you have everything you’ll need except a Google Voice trunk, and we’ll cover that next. Then we’ll add a softphone with your extension 701 credentials, and you’ll be ready to make and receive calls. Before we move on, let’s decipher your extension 701 password so that you’ll have it for later. Choose Applications -> Extensions -> 701 and scroll down the screen to the Secret field and write down your password. You can also change it if you like and click Submit and then the Red button to update your settings. While you’re here, write down your extension 701 Voicemail Password.

    Deploying Google Voice on Your Server

    That leaves one RED entry on your status display, GV OAUTH. Whether to use plain text passwords or OAUTH 2 credentials with Google Voice accounts presently is a matter of choice although Google regularly threatens to discontinue access to Google Voice without OAUTH authentication. We suggest you play with Google Voice using plain text passwords just to get your feet wet because OAUTH implementation gets complicated. When you get ready to deploy a permanent Incredible PBX server, that would be the appropriate time to switch to OAUTH. This tutorial (beginning at step 1b) will guide you through the process.

    If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

    We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.

    You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

    IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

    While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

    • Call ScreeningOFF
    • Call PresentationOFF
    • Caller ID (In)Display Caller’s Number
    • Caller ID (Out)Don’t Change Anything
    • Do Not DisturbOFF
    • Call Options (Enable Recording)OFF
    • Global Spam FilteringON

    Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

    One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

    Once you have your Google Voice account properly configured with Google, here is the proper sequence to get a Google Voice account working with Incredible PBX. First, using a browser, login to your Google Voice account. Second, make sure that Google Chat is activated in your Phone -> Settings. Third, in a separate browser tab, enable Less Secure Apps for your Google account. Fourth, in another separate browser tab, activate the Google Voice reset procedure. Fifth, in the Incredible PBX GUI, choose Connectivity -> Google Voice (Motif) and enter your Google Voice credentials:

    Sixth, save your settings by clicking Submit and the Red Button to reload the GUI. Finally, using SSH or Putty, log into your server as root and restart Asterisk: amportal restart.

    Setting Up a Soft Phone to Use with Incredible PBX

    Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and your extension 701 password. Click OK.

    Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:


    DEMO - Allison's IVR Demo
    947 - Weather by ZIP Code
    951 - Yahoo News
    *61 - Time of Day
    *68 - Wakeup Call
    TODAY - Today in History

    Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to use the free Google Voice account we set up above. Unlike traditional telephone service where you were 100% dependent upon MaBell, there is no such limitation with VoIP. The smarter long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started. Here are a few of our favorites:

    Originally published: Friday, January 29, 2016   Republished: Monday, March 14, 2016





    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    Mobile WiFi Shootout: Torture Testing the Best WiFi HotSpots for Your Vehicle

    What a difference a few years make. Bringing Internet connectivity to those in a vehicle who need Internet access but lack cellular data connectivity now is at the top of virtually every Road Warrior’s Wish List. Today we embark on our first major road trip of 2016 to test mobile WiFi hotspots from the four major carriers in the United States: AT&T, Verizon, Sprint, and T-Mobile. We’ve decided to use a variety of devices with the carriers in order to give you a good picture of what’s now available in the marketplace. One reason we decided to mix apples and oranges was because few providers actually manufacture their own devices, and the actual manufacturers (Netgear and Novatel among others) tend to produce almost identical devices for every carrier.

    You’ve got a number of options to set up a WiFi Hotspot in your vehicle. Here are the main ones:

    • Tethering through an existing Smartphone
    • Connecting through a dedicated MiFi device
    • Connecting through a 4G LTE router
    • Connecting through a vehicle’s 4G LTE service

    As long as you’re paying by the byte, virtually all of the cellphone providers now support tethering on a wide variety of smartphones. The major drawbacks are you’ll want a high performance smartphone if you plan to use it for tethering. And tethering eats through battery life in a hurry. Unless your phone is connected to a charger or wireless charging pad in the vehicle, this can be problematic on a long trip.

    Virtually all of the car manufacturers, domestic and foreign, now offer some sort of WiFi connectivity in their higher end vehicles. But you’ll typically pay a fee for their middleware plus the cost of your actual Internet usage using either your existing smartphone plan or a dedicated 4G connection in the vehicle. If you remember the price gouging on cellular calling directly from your vehicle, you’re going to love Mobile HotSpot pricing. It’s worse.

    With the Audi Mobile Internet Plan, we can sum it up in five words: Hold On to Your Wallet!

    Ford takes a different approach and uses your existing smartphone via Bluetooth as a Mobile HotSpot with SYNC® and MyFord Touch® (for a fee).

    Chrysler’s UConnect® takes the Ford approach and is offered on about two dozen new vehicles including the popular Jeep Cherokee and Grand Cherokee.

    Choosing WiFi Hotspot Platforms for Our Road Test

    For AT&T, we’ve chosen the integrated hotspot that is featured in many of the latest GM vehicles from Chevy, Buick, GMC, and Cadillac. For the complete 2015 and 2016 vehicle list, visit this GM site. Yes, trucks are included. On a monthly hotspot plan through GM’s OnStar service, 5 gigs of data runs $50 whether you subscribe to OnStar or not. Another option is to purchase a bucket of data which must be used within a year (which won’t be difficult). That runs $150 for 10 gigs of data with OnStar, or $200 without an OnStar subscription. A third option is the daily plan which costs $5 for each 250MB of data. Luckily, there is a more sane option for those that already have an AT&T Value Plan for one or more phones. You can add the hotspot in your vehicle for $10 a month, and it uses your existing bucket of data from your plan. The AT&T unlimited data plans for those with DirecTV service are not available for vehicle hotspots or any other hotspots or tethering for that matter. The two main advantages of the GM approach over many of the competitors are you’re not dependent upon a smartphone for your hotspot and there is a cellular antenna mounted on your roof which will generally provide better performance.

    StraightTalk’s Mobile HotSpot which also uses the AT&T network flunked on the basis of cost. $75 buys you 7GB of service for up to 60 days.

    For Verizon, we’ll be using the Verizon 4G LTE Mobile Hotspot MiFi® 5510L (aka JetPack) from Novatel Wireless. An excellent review of the device is available at PC Mag. For those that travel internationally, you may prefer the 4620LE which reportedly has double the battery life. We leave ours plugged into a USB port in the car so battery life is not really a concern. We’ve previously written about Verizon’s grandfathered unlimited 4G data plans and, if you’re lucky enough to have one, this option can’t be beat. Otherwise, like all things Verizon, data plans are expensive. $100 gets you 10GB which must be used within two months. $60 gets you 5GB for use within the same period. Although pricey, it’s half the cost of the GM plan without OnStar. And, trust us, Road Warriors won’t have to worry about not using up their bucket of data in two months.

    We’ve previously tested Verizon’s Tasman T1114 Verizon Wireless 4G LTE Broadband Router with Voice which is manufactured by Novatel. The main drawback of this device was that it required a 110 volt connection using a beefy 3 amp power brick. Our testing and that of PC Mag suggests it isn’t the best choice on the basis of performance either. Preliminary testing suggests the 5510L provides almost triple the data performance under identical conditions. And we found that to be true even after we added dual external antennas to the T1114. Don’t waste your money.

    For Sprint, we initially chose one of their MVNOs, Karma Go. And we were looking forward to giving it a workout on the highway. But it was not meant to be. If you follow the trade rags, you know that they originally promised unlimited data with their WiFi hotspot for $50 a month. That lasted about 45 days, and they cut the data rate from 5 Mbit to 1.5 claiming that some folks were using too much data. Duh! That approach lasted about two more weeks, and they implemented a 15GB cap on 4G service with throttled service thereafter that would have you yearning for your old 28.8 modem. Generally speaking, Sprint’s network isn’t that bad from a performance standpoint IF you have service at all. But, in light of all the bad karma surrounding this service, we wouldn’t recommend it to anyone at this juncture. We returned our device within the 45 day trial period for a refund. We’d suggest you do the same. In its place, we’ll be trying out the RingPlus phone that we wrote about last week and that also uses the Sprint network. Unfortunately, our phone lacks tethering capability.

    Boost Mobile’s MiFi offering which also uses the Sprint network didn’t make the cut either. It only supports 4G LTE which means you’re dead in the water once you’re out of range of a 4G LTE tower.

    An unlimited* 4G LTE data service on the T-Mobile network which we first considered was MetroPCS at $60/month ($55/month on a Family Plan). However, MetroPCS pulls the same stunt as AT&T in the fine print of their so-called “unlimited” plan. It indicates that your service will be “deprioritized” after reaching 23GB of LTE data usage. That’s the new word for crippled and throttled which these providers just can’t quite bring themselves to say.

    We saved the best for last. If you do have T-Mobile 4G service in your area (and most folks do as of the 2015 expansion), here’s a deal you can’t refuse. For $35 a month on the Simple Choice (post-paid) Plan, you get 6GB of data at 4G speeds and unlimited (throttled) data for the balance of the month. But there’s a silver lining with a 6GB or greater post-paid plan, you also get unlimited video streaming at DVD quality without additional cost for a couple dozen services including Netflix, Amazon Prime Video, ESPN, HBO, and numerous other providers. If you have kids and travel, this is a no-brainer! The complete list of BingeOn providers is available here. For our WiFi device, we chose the ZTE Z915 4G LTE Hotspot (above).

    HINT: Use our referral link and we both get $25 when you sign up. 🙂

    Data Usage in a Nutshell

    Before we hit the road, let’s provide some points of reference on data usage. The simplest to understand is NetFlix. At their lowest streaming video rate, you will burn through .3GB per hour. At the medium SD rate, it’s .7GB per hour. At the best video HD rate, you’ll burn through 3GB per hour. And Ultra HD gobbles up 7GB per hour. You can set the playback rate in your account under Profile -> Playback Settings. At the very lowest data rate, you’ll get about 11 movies out of 5GB of data. With a 4G connection and the NetFlix automatic data settings, you’re unlikely to make it through 2 movies with a 5GB plan. So you’re well advised to hard-code your playback rate before you hit the road if your family is into movies… unless you choose the BingeOn option with T-Mobile.

    A Few Words About T-Mobile’s Binge On Service

    The reported Gotchas with the Binge On feature are that it’s a lower quality video stream and once you use up your 4G data allowance for the month, the Binge On feature ceases to function. So you’d want to carefully choose your plan and monitor your data usage to avoid any surprises. As for the quality of the video stream, we’ve read the complaints about this. But it’s a red herring in our testing. Video playback is at DVD quality, and we’re having a hard time believing most folks need something better for a ride in the car, particularly on smartphones and tablets. And we noticed no appreciable degradation even on a 13″ notebook. There’s also been some squealing that BingeOn violates the FCC’s Network Neutrality rule. Our reading of the rule suggests otherwise. First and foremost, BingeOn is an optional service. Any consumer that doesn’t want it can turn it off. Second, for anyone that has ever managed a network with limited bandwidth, the first thing you come to appreciate is the need to control streaming media content. T-Mobile is well within the network neutrality guidelines in doing so, and they’ve done it in a vendor-neutral manner by applying a throttling mechanism to all streaming content that can be identified as such. For those that use encrypted communications for streaming, T-Mobile has offered to work with them to find a way to identify their streaming content so that they, too, can be included in the BingeOn program. Others have suggested that providing video streaming for free while charging for data associated with web browsing also violates network neutrality. We believe the clear intent of the rule was to outlaw discrimination in favor of particular vendors with regard to similar types of Internet content. Any other interpretation would mean that services such as free calling and free text messaging would also violate network neutrality. While this might thrill the Bell Sisters (Verizon and AT&T), it’s difficult to see how this benefits any consumer using the Internet.

    Ready, Set, Go: Let the Journey Begin

    For our 300-mile trip today, we’ve chosen a travel path that provides a good mix of interstate highways and less traveled state highways. The topography ranges from flat terrain to sparsely populated mountain areas where cellphone towers are few and far between. In between, there are a few metropolitan areas including Charleston, Columbia, Spartanburg, and Asheville. These are mixed with tiny towns including Waynesville and Sylva, North Carolina near our destination. Interestingly, these small towns reportedly boast some of the best cellular data performance in the country. We shall see.

    At the Nerd Vittles home base in Charleston, South Carolina, the data performance of the four major carriers is fairly consistent depending upon the time of day and day of the week. During business hours, a typical 4G LTE speed test looks something like this, not great but not that bad either. It’s certainly adequate for any type of activity one would typically need while traveling in a vehicle:

    We’ll be heading up I-26 from Charleston for over three hours before making a left turn in Asheville, North Carolina to head west via the Great Smoky Mountain Expressway. During the 300 mile journey, we’ll have non-stop movies playing with our T-Mobile BingeOn account in the back seat while the other cellular services are used for more mundane (and less costly) tasks such as checking email and surfing the net. From point A to point B, it’s all four-lane highways or better, quite a change from 30 years ago. In fact, you can even make the trip in a Tesla with a one-hour free charging detour:

    We’re big Spotify fans so most of our AT&T testing will involve listening to the latest Spotify playlists using Apple CarPlay. If the music hiccups, we’ll know we have an AT&T problem. From time to time, we’ll activate a WiFi network connection on our iPhone to check out performance of the Verizon and T-Mobile HotSpots. One of our travelers is a big Facebook gaming enthusiast and, to support that endeavor, we’ll configure her tablet to use the AT&T WiFi HotSpot built into the vehicle.

    Mobile Internet Scorecard

    Well, the results were pretty much what we expected. Sprint calling and T-Mobile streaming worked well along the interstates and went from bad to worse once we hit the state highways. AT&T and Verizon didn’t miss a beat door to door.

    T-Mobile remains the best bargain for streaming unless you have an unlimited data plan without throttling. Even then, the cost difference is staggering. Our unlimited Verizon plan now runs over $100 a month while T-Mobile is a flat $35. There were some random hiccups in the T-Mobile streaming from time to time which we never experienced with Verizon. But you can’t beat the price! Both AT&T and Verizon have dramatically improved their “mountain coverage” in the past year. In the past, Verizon coverage at our cabin was non-existent and AT&T only worked by strategically placing your smartphone on the outdoor fireplace mantle. Now both have reliable 4G service. Our Verizon HotSpot provides consistent 10Mb download and 5 Mb upload speeds, about 5 times the performance of the DSL connection provided by the local telephone company.

    Originally published: Monday, February 15, 2016






     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    I Have A Dream: Free Cellular Service with Integrated Remote SIP Connectivity

    As part of our Mobile Internet adventure this year, we’ve been scouring the countryside with two requirements in mind. First, we wanted a smartphone on which we could activate some type of free cellular service for making calls and sending text messages. Second, we wanted to integrate remote SIP connectivity using the same provider and phone number so that we could make and receive calls transparently using any SIP phone or Asterisk® server anywhere in the world. Sounds like a tall order, you say? Well, if you’ve enjoyed your Cloud@Cost Sandbox, you’re gonna love RingPlus!

    Yes, you’ll have to buy a compatible cellphone, but there are thousands to choose from. And, yes, you’ll need Sprint service in your neighborhood. Then you’ll have to cough up $10 to activate your cellular account. RingPlus offers dozens of plans.1 We recommend the Michelangelo plan which best meets what we’re trying to accomplish today, but the choice is all yours.2 With the Michelangelo plan, you can make and receive 1,000 minutes of free calls a month to anywhere in the U.S. (calls to Canada are 3¢ a minute), you can send and receive 1,000 free text messages a month, and you can use 500MB of free data service every month. You also can use your same account credentials with any SIP phone, softphone, or Asterisk server anywhere in the world to make and receive phone calls transparently using the same phone number as your smartphone. In other words, you can travel anywhere and make and receive phone calls just as if you were sitting in Atlanta, Georgia dialing from your smartphone. The SIP calls are deducted from your free minutes. No cellular service required at all. Meet RingPlus!


    So what’s the catch? How does RingPlus make money? Well, of course, they would prefer that you sign up for a plan with monthly fees. For those on the free plans, the only difference you will notice is an occasional ad which plays instead of a ring tone when you place outbound calls. This only occurs until the other party answers the call, and it can be all but eliminated by choosing a music selection in the RingPlus Radio feature in your RingPlus Dashboard.

    Who are the ones most likely to use something like this? Well, for openers, all of your kids unless you like springing for a $500 phone and spending $40+ dollars a month for cellular service for each of them. One of the other real beauties of RingPlus is you can set up a whitelist of numbers that can be called from the phone. Blacklists are supported as well. It’s perfect for kids just getting started with a cellphone. A second potential user group would be those who travel outside the United States and prefer not to pay exorbitant roaming rates for calls. Using a SIP phone connected to your RingPlus account, all of the international calls suddenly are free. And the calls are delivered with the same CallerID number as calls placed from your actual smartphone. In fact, your smartphone doesn’t have to be in service at all. A third and perhaps most important use for us was to serve as a failover trunk on one or more Asterisk servers. When all else fails, you can route outbound calls to your RingPlus SIP trunk for free calling using your RingPlus account. Doesn’t get any better than that.

    Official RingPlus WARNING: Starting April 17, 2016, per our carrier partner Sprint, Members and potential Members will no longer be able to activate prepaid devices which are not eligible under Sprint’s FED policies [Requires activation of prepaid phone on original Sprint MVNO network for at least one year!]. Such prepaid devices will no longer pass FED until actual eligibility date is met.

    There are probably numerous ways to put all these pieces in place so that things function just as we’ve described. Today we’ll share with you the solution that actually worked for us. You can take it from there and avoid the thousands of horror stories about incompatible smartphones. Be advised that acquiring used cellphones or even incompatible cellphones is a very dangerous and expensive business. If you buy one that happens to be stolen, or that has a balance due on the account, or that is incompatible with RingPlus, then you’ve bought a tiny boat anchor and not much else. So, our best advice is buy one from the provider. That’s the one and only RingPlus, and the smartphones start at just under $100. Many Sprint post-paid phones also work, such as the new iPhone SE (Sprint Model) from any Apple Store.

    If store employees will let you, find the Sprint postpaid phone that you like and look on the bottom of the box. There you will find the decimal value of the MEID. Log into http://nerd.bz/nvringplus and plug in the MEID to see if it is RingPlus compatible. If it passes, buy it. If it flunks, try another one. Whatever you do, DON’T BUY A PHONE IN AN OPENED BOX, AND DON’T OPEN THE BOX YET! Make certain there is a return policy in case things don’t work out as expected!

    Funny story. The Radio Shack employees at our local store were very savvy and refused to let me look at the MEID claiming it was a security issue. Fair enough. Of course, they were also curious why I wanted a phone without letting them configure it. Once I told them the deal, they all wanted one, too. They asked for the link to the MEID verification site and said they’d do it for me. Once it worked, excitement broke out in the room with all the staff reading an early copy of this article. While Radio Shack typically charges a $35 restocking fee on cell phones, that fee is waived if you return the phone in an unopened box. So the only thing you’re wasting if they insist that you purchase the phone is a little bit of your time and a lot of Radio Shack employee time if, in fact, the MEID flunks the verification test.

    Configuring Your Phone for RingPlus Service

    Now sign up for a RingPlus free plan using the MEID and ICC ID you previously verified. Michelangelo is probably the best bet if you missed our Twitter tip this past weekend. Deposit $10 in your new account, and activate it. Log into your RingPlus Dashboard, click on your phone in the upper right frame, and choose Manage Device. Write down your MSID, your phone number, and MSL. Once your account is active, then and only then unbox and turn on your phone. Go through the minimal setup steps by choosing your Language and choosing an available WiFi network. During this setup, RingPlus should push a PRL update to your new phone, and it will reboot. Check in Settings -> General -> About Phone -> Status and see if you have a phone number. If so, you’re good to go. If not, open the Phone Dialer application and dial ##72786# which should force another PRL update to your phone with another reboot. When it finishes, check again for a phone number and place an outbound call.

    Using a browser on your desktop computer, go back into the RingPlus Dashboard and sign in. Your phone device should show Active in the upper right corner of the screen. Click there and you’ll get a display like this:

    While still in the Device Settings Menu, click on the WiFi FluidCall option to decipher your SIP credentials. You’ll need these to set up your SIP phone or a SIP trunk on your Asterisk server. Your username is your 10-digit phone number, the domain name is sip.ringplus.net, and the password is a system-generated entry which you can recreate whenever you like. That’s probably a very good idea whenever you use public WiFi services to make calls with your SIP phone or a softphone.

    By the way, this isn’t some kludgy SIP-GSM gateway where the calls actually are routed out through your cellphone device. The RingPlus SIP gateway connects your SIP device directly to the Internet and simply uses your existing RingPlus CallerID to identify the calls. In short, you get the best of both worlds: a dirt cheap or free cellphone service plus a dirt cheap or free SIP trunk for use anywhere in the world.

    Configuring a RingPlus SIP Trunk with Asterisk

    If you’d like to set up your RingPlus number as a failover trunk on your Asterisk server, here is the setup that worked for us with Incredible PBX using your assigned 10-digit phone number for your username and fromuser settings and your assigned password for your secret. If you include a registration string and configure an inbound route using your RingPlus DID, then inbound calling will work as well. If you skip the registration step, then you can use the same RingPlus trunk on multiple Asterisk servers for emergency outbound calling. No firewall adjustments should be necessary.

    There are all sorts of other magic tricks you can implement using the RingPlus API, but you probably won’t need any of the features in light of the robust SIP connectivity RingPlus provides to an existing Asterisk server where the feature set is virtually unlimited. Be advised that you must make a call out at least once every 60 days to keep your account active. The simple way to do this is to set up a monthly reminder using your RingPlus trunk. Schedule the reminder to call out once every month using Telephone Reminders in Incredible PBX.

    RingPlus Gotcha Checklist

    Free service wouldn’t be free without a few land mines. So here’s a checklist to keep things running smoothly without any problems down the road. First, link your account to one of the social media options (Twitter, Facebook, or LinkedIn) when you sign up for service. You’ll find the link on your Dashboard under the Your Social Networks icon. Second, make at least one outbound call a month on every line you activate. As noted, this can be accomplished automatically using the Telephone Reminders application in Incredible PBX. Third, keep a valid credit card on file in your account at all times. Fourth, keep a positive balance in your account for each phone that you activate to avoid automatic replenishment at the original rate when you signed up for your plan. Fifth, be mindful of the Domino Effect. With some plans, if you allow a related plan to end (for example, Queen of Hearts when you also have an Ace of Hearts plan), then your better plan will be demoted in its feature set. Enjoy the Free Ride!

    Originally published: Monday, February 8, 2016





    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. Be advised that future upgrades of these “free” plans may go away after February 15 unless you join the Member+ program, the cost of which changes almost weekly. This will not affect those that already are participating in the program according to RingPlus. []
    2. In case you’re curious, a plan equivalent to the free Michelangelo plan at RingPlus would run you $41.00 per month at Ting. Ouch! []

    The Ultimate Linux Sandbox in the Cloud for Less Than a $35 Raspberry Pi 2

    Every few years we like to drop back and take a fresh look at the best way to get started with Linux. For those coming from the Windows World, it can be a painful process. Learning with a Cloud-based server can be especially dangerous because of the security risks. And then there’s the cost factor. Not everyone has several hundred dollars to buy hardware and, frankly, learning about Linux on a $35 Raspberry Pi can drive most newbies to drink. So today we’ll show you another way. It’s not necessarily a better way. But it’s different, and it’s loads of fun for not much money. Today’s project only takes 30 minutes.

    There’s lots to hate at Cloud At Cost, a Canadian provider that offers virtual machines in the cloud for a one-time fee with no recurring charges. For $35 or less, you get a virtual machine with 512MB of RAM, 10GB of storage, and a gigabit Internet connection FOR LIFE. We haven’t seen a week go by when Cloud at Cost didn’t offer some sort of discount. Today it’s 70% off with coupon code TAKE70 which brings the total cost down to $10.50. That’s less than a burger at Five Guys. That’s the good news. But, if security, 99.999% reliability, performance, and excellent customer support are your must-haves, then look elsewhere. So why would anyone in their right mind sign up for a cloud solution that didn’t offer those four things? Did we mention it’s $10.50 for a lifetime cloud server?

    If you take our recommendation and plunk down your Alexander Hamilton, you’ll need to go into this with the right attitude. It’s not going to be flawless perfection computing. It’s a sandbox on which to experiment with Linux and Cloud Computing. Will your virtual machine disintegrate at some juncture? Probably. Our experience is that the first couple days are critical. If you start seeing sluggish performance which degenerates to zero, don’t waste your time. Take good notes as you go along, delete the virtual machine, and rebuild a new one. It won’t cost you a dime, and it’ll save you hours of frustration. We suspect that bad folks get onto some of the servers and delight in bringing the machines to their knees. So the quicker you cut your losses, the better off you will be. Is CloudAtCost a good solution for production use? Absolutely not so don’t try to fit a square peg in the round hole. It’s not gonna work, and you WILL be disappointed. You’ve been warned. Let’s get started. ENJOY THE RIDE!

    Our objective today is to show you how to build a rock-solid, secure Linux server in the Cloud with all the bells and whistles that make Linux the server platform of choice for almost every organization in the world. We’ll finish up by showing you how to embellish the platform with WordPress to do something that’s special for you whether it’s your own blog like Nerd Vittles, or a school newspaper, or an on-line shopping site to sell comic books. The basic foundation for most Linux platforms is called a LAMP server which stands for Linux, Apache, MySQL, and PHP. Linux is an open source operating system that includes contributions from thousands of developers around the world. Apache is the web server platform on which most commercial businesses stake their reputation. MySQL is the open source database management system now owned by Oracle. If it’s good enough for Facebook, it’s good enough for you. And PHP is THE web-based programming language that will let you build almost any application using Linux, Apache, and MySQL.

    So what’s the big deal? There are thousands of online tutorials that will show you how to build a LAMP server. For long time readers of Nerd Vittles, you already know that the component we continually stress is security. Without that, the rest really doesn’t matter. You’ll be building a platform for someone else to hijack and use for nefarious purposes. When we’re finished today, you’ll have a cloud-based server that is totally invisible to the rest of the world with the exception of its web interface. And we’ll show you a simple way to reduce the exposure of your web interface to some of its most likely attackers. Will it be 100% secure? Nope. If you have a web server on the public Internet, it’s never going to be 100% secure because there’s always the chance of a software bug that nobody has yet discovered and corrected. THAT’S WHAT BACKUPS ARE FOR!

    Creating Your Virtual Machine Platform in the Cloud

    To get started, you’ve got to plunk down your $10.50 at Cloud at Cost using coupon code TAKE70. Once you’ve paid the piper, they will send you credentials to log into the Cloud at Cost Management Portal. Change your password IMMEDIATELY after logging in. Just go to SETTINGS and follow your nose.

    To create your virtual machine, click on the CLOUDPRO button and click Add New Server. If you’ve only purchased the $10.50 CloudPRO 1 platform, then you’ll need all of the available resources shown in the pick list. Leave CentOS 6.7 64bit selected as the OS Type and click Complete. Depending upon the type of special pricing that Cloud at Cost is offering when you sign up, the time to build your virtual machine can take anywhere from a minute to the better part of a day. We’ve learned to build new virtual machines at night, and they’re usually available for use by the next morning. Luckily, this slow performance does not impact existing virtual machines that already are running in their hosting facility.

    Initial Configuration of Your CentOS 6.7 Virtual Machine

    With a little luck, your virtual machine soon will appear in your Cloud at Cost Management Portal and look something like what’s shown above. The red arrow points to the i button you’ll need to click to decipher the password for your new virtual machine. You’ll need both the IP address and the password for your new virtual machine in order to log into the server which is now up and running with a barebones CentOS 6.7 operating system. Note the yellow caution flag. That’s telling you that Cloud at Cost will automatically shut down your server in a week to save (them) computing resources. You can change the setting to keep your server running 24/7. Click Modify, Change Run Mode, and select Normal – Leave Powered On. Click Continue and OK to save your new settings.

    Finally, you’ll want to change the Host Name for your server to something more descriptive than c7…cloudpro.92… Click the Modify button again and click Rename Server to make the change. Your management portal then will show the new server name as shown above.

    Logging into Your CentOS 6.7 Virtual Machine

    In order to configure and manage your new CentOS 6.7 virtual machine, you’ll need to log into the new server using either SSH or, for Windows users, Putty. After installing Putty, run it and log in to the IP address of your VM with username root and the password you deciphered above. On a Mac, open a Terminal session and issue a command like this using the actual IP address of your new virtual machine:

    ssh root@12.34.56.78
    

    Before you do anything else, reset your root password to something very secure: passwd

    Installing the LAMP Server Basics with CentOS 6.7

    Now we’re ready to build your LAMP server platform. We’ve chopped this up into lots of little steps so we can explain what’s happening as we go along. There’s nothing hard about this, but we want to document the process so you can repeat it at any time. As we go along, just cut-and-paste each clump of code into your SSH or Putty session and review the results to make sure nothing comes unglued. If something does, the beauty of virtual machines is you can delete them instantly within your management portal and just start over whenever you like. So here we go…

    We’ll begin by permanently turning off SELINUX which causes more problems than it solves. The first command turns it off instantly. The second line assures that it’ll stay off whenever you reboot your virtual machine.

    setenforce 0
    sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
    

    Now let’s bring CentOS 6.7 up to current specs and add a few important applications:

    yum -y update
    yum -y install nano wget expect net-tools dialog git xz
    yum -y install kernel-headers
    yum -y install kernel-devel
    reboot
    

    After reboot, log back in as root. Now we’ll set up your Apache web server and configure it to start whenever you reboot your server:

    yum -y install httpd
    service httpd start
    chkconfig httpd on
    

    Now let’s set up your MySQL server, bring it on line, and make sure it restarts after server reboots. Unless you plan to add Asterisk® and FreePBX® to your server down the road, you’ll want to uncomment the two commands that begin with # by removing the # symbol and replacing new-password with a very secure password for your root user account in MySQL. Be sure to run the last command to secure your server. After logging in, the correct answers are n,Y,Y,Y,Y.

    yum -y install mysql mysql-server
    service mysqld start
    chkconfig mysqld on
    #/usr/bin/mysqladmin -u root password 'new-password'
    #/usr/bin/mysqladmin -u root -p -h localhost.localdomain password 'new-password'
    mysql_secure_installation
    

    Next, we’ll set up PHP and configure it to work with MySQL:

    yum -y install php
    yum -y install php-mysql
    service httpd restart
    

    Finally let’s get SendMail installed and configured. Insert your actual email address in the last line and send yourself a test message to be sure it’s working. Be sure to check your spam folder since the message will show a sender address of localhost which many email systems including Gmail automatically identify as spam.

    yum -y install sendmail
    rpm -e postfix
    service sendmail restart
    yum -y install mailx
    echo "test" | mail -s testmessage youracctname@yourmailserver.com
    

    Installing Supplemental Repositories for CentOS 6.7

    One of the beauties of Linux is not being totally dependent upon CentOS for all of your packaged applications. Let’s add a few other repositories that can be used when you need to add a special package that is not in the CentOS repository. Let’s start with EPEL. We’ll disable it by default and only use it when we need it.

    yum -y install http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm
    sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/epel.repo
    

    We actually need the EPEL repo to install Fail2Ban for monitoring of attacks on certain Linux services such as SSH:

    yum --enablerepo=epel install fail2ban -y
    cd /etc
    wget http://incrediblepbx.com/fail2ban-lamp.tar.gz
    tar zxvf fail2ban-lamp.tar.gz
    

    We also need the EPEL repo to install ipset, a terrific addition to the IPtables Linux firewall that lets you quickly block entire countries from accessing your server:

    yum --enablerepo=epel install ipset -y
    

    Next, we’ll add a sample script that documents how the country blocking mechanism works with ipset.1 For a complete list of countries that can be blocked, go here. If you need a decoder badge to match abbreviations against country names, you’ll find it here. To add other countries, simply edit the shell script and clone lines 4-7 using the names of the countries and country zone files that you wish to add. Be sure to insert the new lines before the commands to restart iptables and fail2ban. This script will need to be run each time your server reboots and before IPtables is brought on line. We’ll handle that a little later.

    echo "#\!/bin/bash" > /etc/block-china.sh
    echo " " >> /etc/block-china.sh
    echo "cd /etc" >> /etc/block-china.sh
    echo "ipset -N china hash:net" >> /etc/block-china.sh
    echo "rm cn.zone" >> /etc/block-china.sh
    echo "wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone" >> /etc/block-china.sh
    echo "for i in $(cat /etc/cn.zone ); do ipset -A china $i; done" >> /etc/block-china.sh
    echo "service iptables restart" >> /etc/block-china.sh
    echo "service fail2ban restart" >> /etc/block-china.sh
    sed -i 's|\\||' /etc/block-china.sh
    chmod +x /etc/block-china.sh
    

    Another important repository is REMI. It is especially helpful if you decide to upgrade PHP from the default version 5.3 to one of the newer releases: 5.5 or 5.6. In this case, you’ll want to activate the specific repository to support the release you choose in /etc/yum.repos.d/remi-safe.repo.

    yum -y install http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
    sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/remi-safe.repo
    

    One final repository to have on hand is RPMForge, now renamed RepoForge. We’ll use it in a bit to install a dynamic DNS update utility which you actually won’t need at CloudAtCost since your server is assigned a static IP address. But it’s handy to have in the event you wish to assign a free FQDN to your server anyway.

    yum -y install http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
    sed -i 's|enabled = 1|enabled = 0|' /etc/yum.repos.d/rpmforge.repo
    

    Adding a Few Utilities to Round Out Your LAMP Server Deployment

    If you’re like us, you’ll want to test the speed of your Internet connection from time to time. Let’s install a free script that you can run at any time by logging into your server as root and issuing the command: /root/speedtest-cli

    cd /root
    wget -O speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest_cli.py
    chmod +x speedtest-cli
    

    Next, let’s put in place a simple status display which will quickly tell you what’s running and what’s not. We’ve borrowed some GPL code from Incredible PBX to help you out. Run status-lamp at any time for a snapshot of your server.

    cd /usr/local/sbin
    wget http://incrediblepbx.com/status-lamp.tar.gz
    tar zxvf status-lamp.tar.gz
    rm -f status-lamp.tar.gz
    

    Now we’ll put the Linux Swiss Army Knife in place. It’s called WebMin, and it provides a GUI to configure almost everything in Linux. Pick up a good WebMin book from your public library to get started. Once installed, you access WebMin from your browser at the IP address of your server on the default port of 10000: https://serverIPaddress:10000. It’s probably a good idea to change this port number and the commented out line shows how to do it with the new port being 9001 in the example. The way in which we typically configure the Linux firewall will block all access to WebMin except from an IP address which you have whitelisted, e.g. your home computer’s public IP address.

    cd /root
    yum -y install perl perl-Net-SSLeay openssl perl-IO-Tty
    yum -y install http://prdownloads.sourceforge.net/webadmin/webmin-1.780-1.noarch.rpm
    #sed -i 's|10000|9001|g' /etc/webmin/miniserv.conf
    service webmin restart
    chkconfig webmin on
    

    Tweaking Your CloudAtCost Setup Improves Performance and Improves Security

    Finally, let’s address a couple of CloudAtCost quirks that may cause problems down the road. CloudAtCost has a nasty habit of not cleaning up after itself with fresh installs. The net result is your root password gets reset every time you reboot.

    killall plymouthd
    echo killall plymouthd >> /etc/rc.local
    rm -f /etc/rc3.d/S97*
    

    With the exception of firewall configuration, which is so important that we’re covering it separately below, you now have completed the LAMP server installation. After completing the firewall steps in the next section, simply reboot your server and you’re ready to go.

    The Most Important Step: Configuring the Linux IPtables Firewall

    RULE #1: DON’T BUILD SERVERS EXPOSED TO THE INTERNET WITHOUT ROCK-SOLID SECURITY!

    As installed by CloudAtCost, your server provides ping and SSH access from a remote computer and nothing else. The good news: it’s pretty safe. The bad news: it can’t do anything useful for anybody because all web access to the server is blocked. We want to fix that, tighten up SSH access to restrict it to your IP address, and deploy country blocking to show you how.

    As we implement the firewall changes, you need to be extremely careful in your typing so that you don’t accidentally lock yourself out of your own server. A typo in an IP address is all it takes. The good news is that, if you do lock yourself out, you still can gain access via the CloudAtCost Management Portal by clicking the Console button of your virtual machine. Because the console is on the physical machine and the lo interface is whitelisted, you can log in and disable the firewall temporarily: service iptables stop. Then fix the typo and restart the firewall: service iptables start.

    First, let’s download the new IPtables config file into your root folder and take a look at it.

    cd /root
    wget http://incrediblepbx.com/iptables-lamp.tar.gz
    tar zxvf iptables-lamp.tar.gz
    

    Now edit the /root/iptables-lamp file by issuing the command: nano -w /root/iptables-lamp

    You can scroll up and down through the file with Ctl-V and Ctl-Y. Cursor keys work as well. Once you make changes, save your work: Ctl-X, Y, ENTER. You’re now an expert with the nano text editor, an absolutely essential Linux tool.

    Here’s what that file actually looks like:

    *filter
    :INPUT DROP [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -p icmp -j DROP
    -A INPUT -i lo -j ACCEPT
    -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
    -A INPUT -m state --state INVALID -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN              -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST              -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST              -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags ACK,FIN FIN                  -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG                  -j DROP
    -A INPUT -p tcp -m set --match-set china src                    -j DROP
    -A INPUT -p udp -m udp --dport 53 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
    -A INPUT -p udp -m udp --dport 123 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 123 -j ACCEPT
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    #-A INPUT -s 12.34.56.78 -j ACCEPT
    #-A INPUT -s yourFQDN.dyndns.org -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A FORWARD -j REJECT --reject-with icmp-host-prohibited
    COMMIT
    

    Reminder: If you add another country to your block-china script, don’t forget to add a corresponding new country entry to your iptables file. See line 17 above that includes the word “china” for the syntax. There’s nothing much else to tweak except the two commented out (brown) lines that begin with #. First, remove the # symbol by moving the cursor to the right of the first one and hitting the backspace/delete key on your keyboard. Replace 12.34.56.78 with the public IP address of the computer from which you will be accessing your virtual machine. If you need multiple entries for multiple computers at different addresses, clone the line by pressing Ctrl-K and then Ctrl-U twice. Yes, we know. Some folks IP addresses change from time to time. In the next section, we’ll show you how to set up a Dynamic DNS entry with a utility that will keep track of your current IP address. In this case, uncomment the second commented line and replace yourFQDN.dyndns.org with your dynamic DNS address. Be very careful to assure that your FQDN is always on line. If the firewall cannot verify your DNS entry when it starts, the IPtables firewall will not start which means your server will be left unprotected. HINT: IP addresses are much safer because they are never verified.

    Once you have your addresses configured, save the file: Ctl-X, Y, ENTER. Then issue the following commands to copy everything into place and restart the firewall.

    mv /etc/sysconfig/iptables /etc/sysconfig/iptables.orig
    cp -p /root/iptables-lamp /etc/sysconfig/iptables
    echo "/etc/block-china.sh" >> /etc/rc.local
    /etc/block-china.sh
    

    Always, always, always check to be sure your firewall is functioning: iptables -nL. If you don’t see your desktop computer’s public IP address near the end of the listing, then the firewall is dead. status-lamp should also show IPtables down. Check for an error message which will tell you the problematic line so you can correct it.

    Implementing Dynamic DNS Service on Your Virtual Machine

    There are a number of free and paid Dynamic DNS providers. The way this works is you choose a fully-qualified domain name (FQDN) to identify your computer. Then you run a dynamic DNS update utility periodically from that computer. It reports back the current public IP address of your computer and your provider updates the IP address assigned to your FQDN if it has changed. In addition to supporting sites with ever changing IP addresses, it also allows you to permanently assign an FQDN to your computer or server so that it can be accessed without using a cryptic IP address.

    If that computer happens to be an Incredible PBX server or a LAMP server that you’ve set up using this tutorial, then the following will get the DNS client update utility loaded using the RPM Forge repository that we previously installed:

    yum --enablerepo=rpmforge install ddclient -y
    

    Similar DNS update clients are available for Windows, Mac OS X, and many residential routers. Then it’s just a matter of plugging in the credentials for your dynamic DNS provider and your FQDN. In the case of the CentOS client, the config file is /etc/ddclient/ddclient.conf. Now reboot your server and pick up a good book on Linux to begin your adventure.

    Now For Some Fun…

    First, let’s check things out and make sure everything is working as it should. With your favorite web browser, visit the IP address of your new server. You should see the default Apache page:

    Next, let’s be sure that PHP is working as it should. While still logged into your server as root using SSH or Putty, issue the following commands and make up some file name to replace test4567 in both lines. Be sure to keep the .php file name extension. Note to gurus: Yes, we know the second line below is unnecessary if you remove the space after the less than symbol in the first line. Unfortunately, WordPress forces the space into the display which left us no alternative.

    echo "< ?php phpinfo(); ?>" > /var/www/html/test4567.php
    sed -i 's|< |<|' /var/www/html/test4567.php
    

    Now jump back to your web browser and access the new page you just created using the IP address of your server and the file name you made up: http://12.34.56.78/test4567.php

    The PHPinfo listing will tell you everything you ever wanted to know about your web server setup including all of the PHP functions that have been enabled. That’s why you want an obscure file name for the page. You obviously don’t want to share that information with every bad guy on the planet. Remember. This is a public-facing web site that anyone on the Internet can access if they know or guess your IP address.

    When you’re ready to set up your own web site, just name it index.php and store the file in the /var/www/html directory of your server. In the meantime, issuing the following command will assure that anyone accessing your site gets a blank page until you’re ready to begin your adventure:

    echo " " > /var/www/html/index.php
    

    Ready to learn PHP programming? There’s no shortage of books to get you started.

    Adding WordPress to Your LAMP Server

    Where to begin with WordPress? What used to be a simple platform for bloggers has morphed into an all-purpose tool that makes building virtually any type of web site child’s play. If you want to see what’s possible, take a look at the templates and sample sites shown on WPZOOM. Unless you’re an art major and savvy web designer, this will be the best $70 you ever spent. One of these templates will have your site up and running in minutes once we put the WordPress pieces in place. For the big spenders, $149 will give you access to over 50 gorgeous templates which you can download and use to your heart’s content on multiple sites. And, no, your sites don’t blow up after a year. You just can’t download any additional templates or updates unless you renew your subscription. The other alternative is choose from thousands of templates that are provided across the Internet as well as in the WordPress application itself.

    WordPress templates run the gamut from blogs to newsletters to photographer sites to e-commerce to business portfolios to video to travel to magazines to newspapers to education to food to recipes to restaurants and more. Whew! There literally is nothing you can’t put together in minutes using a WordPress template. But, before you can begin, we need to get WordPress installed on your server. This is optional, of course. And, if you follow along and add WordPress, we’ve set it up in such a way that WordPress becomes the primary application for your site. Stated differently, when people use a browser to access your site, your WordPress template will immediately display. When we finish the basic WordPress setup and once you upload an image or two, you’ll have a site that looks something like this:

    Before you begin, we strongly recommend that you acquire a domain for your site if you plan to use it for anything but experimentation. The reason is because it can be complicated to migrate a WordPress site from one location to another.2 Once you’ve acquired your domain, point the domain to the IP address of your new server. With a dirt cheap registrar such as Omnis.com, it’s easy:

    Now let’s get started. To begin, we need to load the WordPress application onto your server:

    cd /root
    mkdir wordpress
    cd wordpress
    wget http://wordpress.org/latest.tar.gz
    tar -xvzf latest.tar.gz -C /var/www/html
    

    Next, we’ll configure MySQL to support WordPress. We’re assuming that you have NOT already created root passwords for MySQL. If you have, you’ll need to add -pYourPassword to the various commands below immediately after root. There is no space between -p and your root password. Also edit the first line and make up a new password (replacing XYZ below) for the wordpress user account that will manage WordPress on your server before you cut and paste the code:

    mysql -u root -e 'CREATE USER wordpress@localhost IDENTIFIED BY "XYZ";'
    mysql -u root -e 'CREATE DATABASE wordpress;'
    mysql -u root -e 'GRANT ALL ON wordpress.* TO wordpress@localhost;'
    mysql -u root -e 'FLUSH PRIVILEGES;'
    

    Next, we need to configure WordPress with your new MySQL credentials. Before you cut and paste, replace XYZ in the fourth line with the password you assigned in the preceding MySQL step:

    cp /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php
    sed -i 's|database_name_here|wordpress|' /var/www/html/wordpress/wp-config.php
    sed -i 's|username_here|wordpress|' /var/www/html/wordpress/wp-config.php
    sed -i 's|password_here|XYZ|' /var/www/html/wordpress/wp-config.php
    chown -R apache:apache /var/www/html/wordpress
    

    Before you forget, take a moment and create a very secure password for your MySQL root user accounts. Here are the commands. Just replace new-password with your new password before you cut and paste. Note that you also will be prompted for this password when you execute the second command because you will now have a root user password in place from executing the first command.

    /usr/bin/mysqladmin -u root password 'new-password'
    /usr/bin/mysqladmin -u root -p -h localhost.localdomain password 'new-password'
    

    Finally, we need to modify your Apache web server to support WordPress as the primary application. Be sure to enter your actual email address in the third line before you cut and paste the code below:

    echo " " >> /etc/httpd/conf/httpd.conf
    echo "<virtualhost *:80>" >> /etc/httpd/conf/httpd.conf
    echo 'ServerAdmin somebody@somedomain.com' >> /etc/httpd/conf/httpd.conf
    echo "DocumentRoot /var/www/html/wordpress" >> /etc/httpd/conf/httpd.conf
    echo "ServerName wordpress" >> /etc/httpd/conf/httpd.conf
    echo "ErrorLog /var/log/httpd/wordpress-error-log" >> /etc/httpd/conf/httpd.conf
    echo "CustomLog /var/log/httpd/wordpress-acces-log common" >> /etc/httpd/conf/httpd.conf
    echo "</virtualhost>" >> /etc/httpd/conf/httpd.conf
    echo " " >> /etc/httpd/conf/httpd.conf
    service httpd restart
    

    That should do it. Open a browser and navigate to the IP address of your server. You should be greeted with the following form. Fill in the blanks as desired. The account you’re setting up will be the credentials you use to add and modify content on your WordPress site when you click Log In (as shown above). Make the username obscure and the password even more so. Remember, it’s a public web site accessible worldwide! When you click Install WordPress, you’ll be off to the races.

    After your server whirs away for a minute or two, you will be greeted with the WordPress login prompt. With the username and password you entered above, you’ll be ready to start configuring your WordPress site.

    Once you’re logged in, navigate to Appearance -> Themes and click Add New Theme. There’s you will find literally hundreds of free WordPress templates that can be installed in a matter of seconds if WPZOOM is too rich for your blood. For a terrific all-purpose (free) theme, try Atahualpa. We’ll leave our actual demo site running for a bit in case you want to explore and check out its performance. Installing and configuring the new theme took less than a minute:

    A Final Word to the Wise. WordPress is relatively secure but new vulnerabilities are discovered regularly. Keep your templates, plug-ins, AND the WordPress application up to date at all times! The WordFence plug-in is a must-have. And we strongly recommend adding the following lines to your WordPress config file which then will let WordPress update everything automatically. Microsoft has given automatic updates a bad name, but in the case of WordPress, they work well.

    echo "define('WP_AUTO_UPDATE_CORE', true);" >> /var/www/html/wordpress/wp-config.php
    echo "add_filter( 'auto_update_plugin', '__return_true' );" >> /var/www/html/wordpress/wp-config.php
    echo "add_filter( 'auto_update_theme', '__return_true' );" >> /var/www/html/wordpress/wp-config.php
    

    Special Thanks: Our special tip of the hat goes to a few web sites that we found helpful in putting this article together especially Unixmen and Matt Wilcox & friends and Programming-Review.

    Wondering What to Build Next with your new $10.50 Server in the Sky? Check out the latest Nerd Vittles tutorial. Turn it into a VoIP server FOR LIFE with free calling to/from the U.S. and Canada. Call for free demo:


    Originally published: Monday, January 25, 2016





    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. It doesn’t take long for the probing to begin. So watch your logs, look up the IP addresses to identify the countries, and block them unless you happen to be expecting visitors from that part of the world:
      [Sun Jan 24 00:36:12 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/w00tw00t.at.blackhats.romanian.anti-sec:)
      [Sun Jan 24 00:36:12 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/phpMyAdmin
      [Sun Jan 24 00:36:13 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/phpmyadmin
      [Sun Jan 24 00:36:13 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/pma
      [Sun Jan 24 00:36:13 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/myadmin
      [Sun Jan 24 00:36:14 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/MyAdmin
      [Mon Jan 25 00:29:29 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/w00tw00t.at.blackhats.romanian.anti-sec:)
      [Mon Jan 25 00:29:29 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/phpMyAdmin
      [Mon Jan 25 00:29:29 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/phpmyadmin
      [Mon Jan 25 00:29:30 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/pma
      [Mon Jan 25 00:29:30 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/myadmin
      [Mon Jan 25 00:29:30 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/MyAdmin
      []
    2. Should you ever have to migrate your WordPress site from one domain to another, here are two helpful tools to consider: the Automatic Domain Name Changer Plugin and the one we use, WordPress-Domain-Changer. []