Posts tagged: iptables

The Ultimate VoIP Sandbox in the Cloud for Less Than a $35 Raspberry Pi 2

Last week we began our new series on Cloud Computing by documenting how to build an awesome LAMP server in the Cloud using Linux. Today we’re going to use the same platform but the price just dropped to $10.50 with coupon code TAKE70. We’ll show you how to build an equally powerful Incredible PBX 13 server with hundreds of PBX features including free calling to the U.S. and Canada using any (free) Google Voice account. Keep in mind this isn’t $10.50 a month for your cloud server. It’s $10.50, period! The whole project takes less than an hour. Before we begin, let’s revisit our cautionary note for those that missed last week’s article. It’s important.

There’s lots to hate at Cloud At Cost, a Canadian provider that offers virtual machines in the cloud for a one-time fee with no recurring charges. For $35 or less, you get a virtual machine with 512MB of RAM, 10GB of storage, and a gigabit Internet connection FOR LIFE. We haven’t seen a week go by when Cloud at Cost didn’t offer some sort of discount. Today it’s 70% which brings the total cost down to $10.50. That’s less than a burger at Five Guys. That’s the good news. But, if security, 99.999% reliability, performance, and excellent customer support are your must-haves, then look elsewhere. So why would anyone in their right mind sign up for a cloud solution that didn’t offer those four things? Did we mention it’s $10.50 for a lifetime cloud server?

If you take our recommendation and plunk down your $10.50, you’ll need to go into this with the right attitude. It’s not going to be flawless perfection computing. It’s a sandbox on which to experiment with [VoIP] and Cloud Computing. Will your virtual machine disintegrate at some juncture? Probably. Our experience is that the first couple days are critical. If you start seeing sluggish performance which degenerates to zero, don’t waste your time. Take good notes as you go along, delete the virtual machine, and rebuild a new one. It won’t cost you a dime, and it’ll save you hours of frustration. We suspect that bad folks get onto some of the servers and delight in bringing the machines to their knees. So the quicker you cut your losses, the better off you will be. Is CloudAtCost a good solution for production use? Absolutely not so don’t try to fit a square peg in the round hole. It’s not gonna work, and you WILL be disappointed.

Next we’ll cover three production-ready Cloud solutions that range in price from $5 to $15 a month. But today’s experiment will give you a platform on which to learn before you decide upon a more permanent deployment solution. And it will give you a terrific home for a backup server once you do move to a long-term solution so your $10.50 won’t be wasted.


The objective today is to show you how to build a rock-solid, secure VoIP server in the Cloud with all the bells and whistles you’d typically find on a PBX costing tens of thousands of dollars. Incredible PBX is pure GPL, open source code with one major difference. It’s FREE! And it’s supported by thousands of users on the PIAF Forum that started just like you.

Some of you are probably wondering why you would want a PBX at all. Hearing is believing as they say. Spend a couple minutes and call our demo server that we have preconfigured using everything covered in today’s tutorial. It’ll let you play with some of the features that a PBX offers such a voice dialing from a directory, news and weather forecasts, and much more. Just dial:

Nerd Vittles Demo IVR Options
1 – Call by Name (say “Delta Airlines” or “American Airlines” to try it out)
2 – MeetMe Conference (password is 1234)
3 – Wolfram Alpha (say “What planes are flying overhead now?”)
4 – Lenny (The Telemarketer’s Worst Nightmare)
5 – Today’s News Headlines
6 – Weather Forecast (say the city and state, province, or country)
7 – Today in History
8 – Speak to a Real Person (or maybe just voicemail if we’re out)

For long time readers of Nerd Vittles, you already know that the component we continually stress is security. Without that, the rest really doesn’t matter. You’ll be building a platform for someone else to hijack and use for nefarious purposes. When we’re finished today, you’ll have a cloud-based VoIP server that is totally invisible to the rest of the world except a short list of VoIP providers that have been thoroughly vetted by Nerd Vittles staff. You can whitelist additional locations and phones to meet your individual needs without worrying about your server being compromised.

Creating Your Virtual Machine Platform in the Cloud

To get started, you’ve got to cough up your $10.50 at Cloud at Cost using coupon code TAKE70. Once you’ve signed up, CloudAtCost will send you credentials to log into the Cloud at Cost Management Portal. Change your portal password IMMEDIATELY after logging in. Just go to SETTINGS and follow your nose.

To create your virtual machine, click on the CLOUDPRO button and click Add New Server. If you’ve only purchased the $10.50 CloudPRO 1 platform, then you’ll need all of the available resources shown in the pick list. Leave CentOS 6.7 64bit selected as the OS Type and click Complete. Depending upon the type of special pricing that Cloud at Cost is offering when you sign up, the time to build your virtual machine can take anywhere from a minute to the better part of a day. Things have settled down since the 90% off week so new servers typically are ready in a few minutes. However, we’ve learned to build new virtual machines at night where possible. Then they’re usually available for use by the next morning. Luckily, this slow performance does not impact existing virtual machines that already are running in the CloudAtCost hosting facilities.

Initial Configuration of Your CentOS 6.7 Virtual Machine

With a little luck, your virtual machine soon will appear in your Cloud at Cost Management Portal and look something like what’s shown above. The red arrow points to the i button you’ll need to click to decipher the password for your new virtual machine. You’ll need both your IP address and the password for the new virtual machine in order to log into the server which is now up and running with a barebones CentOS 6.7 operating system. Note the yellow caution flag. That’s telling you that Cloud at Cost will automatically shut down your server in a week to save (them) computing resources. You can change the setting to keep your server running 24/7. Click Modify, Change Run Mode, and select Normal – Leave Powered On. Click Continue and OK to save your new settings.

Finally, you’ll want to change the Host Name for your server to something more descriptive than c7…cloudpro.92… Click the Modify button again and click Rename Server to change it. IncrediblePBX13 has a nice ring to it, but to each his own.

Logging into Your New CentOS 6.7 Virtual Machine

In order to configure and manage your new CentOS 6.7 virtual machine, you’ll need to log into the new server using either SSH or, for Windows users, Putty. After installing Putty, run it and log in to the IP address of your VM with username root and the password you deciphered above. On a Mac, open a Terminal session and issue a command like this using the actual IP address of your new virtual machine:

ssh root@12.34.56.78

Before you do anything else, reset your Virtual Machine’s root password to something very secure: passwd

Installing Incredible PBX 13 with CentOS 6.7

Now we’re ready to build your VoIP server platform. There aren’t many steps so just cut-and-paste the code into your SSH or Putty session and review the results to make sure nothing comes unglued. If something does, the beauty of virtual machines is you can delete them instantly within your management portal and just start over whenever you like. So here we go…

We’ll begin by permanently turning off SELINUX which causes more problems than it solves. The first command turns it off instantly. The second line assures that it’ll stay off whenever you reboot your virtual machine.

setenforce 0
sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config

Now let’s bring CentOS 6.7 up to current specs and add a few important applications:

yum -y update
yum -y install net-tools nano wget tar

Now we’re ready to kick off the Incredible PBX 13 install:

cd /root
wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz
tar zxvf incrediblepbx*
./IncrediblePBX*

When the install begins, read the license agreement and press ENTER to agree to the terms and get things rolling. Now would be a great time to go have breakfast or lunch. Come back in about an hour and your server should be ready to go.

Tweaking Your CloudAtCost Setup Improves Performance and Improves Security

After you reboot your server, let’s address a couple of CloudAtCost quirks that may cause problems down the road. CloudAtCost has a nasty habit of not cleaning up after itself with fresh installs. The net result is your root password may get reset every time you reboot.

sed -i '/exit 0/d' /etc/rc.local
killall plymouthd
echo killall plymouthd >> /etc/rc.local
rm -f /etc/rc3.d/S97*
echo "exit 0" >> /etc/rc.local

Implementing Dynamic DNS Service on Your Client Machines

Unlike some other PBX offerings that leave your server exposed to the Internet, Incredible PBX is different. Unless the IP address from which you are accessing the server has been whitelisted, nobody on the Internet can see your server. The only exception is the preferred providers list and those on the same local area network (which is nobody in the case of CloudAtCost). As part of the Incredible PBX install, the IP address of the computer you used to perform the install was whitelisted automatically. But there may be other computers from which you wish to allow access to the PBX in order to deploy telephones at remote sites. Some of these sites may have dynamic IP addresses that change from time to time. Or you may have traveling salesman that land in a new hotel almost every night with a new IP address. Fortunately, there are a number of free and paid Dynamic DNS providers. For sites with dynamic IP addresses, simply choose a fully-qualified domain name (FQDN) to identify each location where you need computer access or need to deploy a phone. Then run a dynamic DNS update utility periodically from a computer or router at that site. It reports back the current public IP address of the site and your DNS provider updates the IP address assigned to that FQDN whenever there are changes.

DNS update clients are available for Windows, Mac OS X, and many residential routers. They’re also available for Android devices. Then it’s just a matter of plugging in the remote users’ FQDNs so Incredible PBX knows to give them server access via the whitelist. You implement this in seconds using the add-ip and add-fqdn utilities in the /root directory.

There are other ways to gain access as well using the PortKnocker utility or Travelin’ Man 4 from a telephone. Both of these are covered in the Incredible PBX 13 tutorial so we won’t repeat it here.

Incredible PBX Preliminary Setup Steps

First, let’s check things out and make sure everything is working as it should. With your favorite web browser, visit the IP address of your new server. You should see the default Incredible PBX page, the Kennonsoft Menu. It’s divided into two parts, a Users tab (shown below) and an Admin tab with additional options that we’ll cover shortly.

Now we need to jump back to SSH or Putty and log back into your server as root. You’ll note that the Incredible PBX Automatic Update Utility is run each time you log in. This is how important security updates are pushed to your server so do it regularly. And, no, you don’t need to contribute to our open source projects unless you want to. You’ll still get the updates as they are released.

After the Automatic Update Utility runs, the login script will execute status which tells you everything you need to know about the health of your server. After the initial install, it will look something like this with your server’s IP address obviously. We’ll cover the RED items down the road a bit.

For now, we need to complete a few preliminary setup steps for Incredible PBX to make sure you can log into the various components which have been installed on your computer. There are several different credentials you will need. Most of these are configured using scripts in the /root folder of your server. First, you need your root password for the server itself, and you should have already set that up with a very secure password using passwd. These same credentials are used to login to WebMin.

Next you’ll need an admin password for the Incredible PBX GUI. This is the management utility and Asterisk® code generator which consists of FreePBX® GPL modules that are open source and free to use. The admin password is set by running admin-pw-change in the /root directory.

There are also a number of web-based applications such as Telephone Reminders, AsteriDex, phpMyAdmin, and VoiceMail & Recordings (User Control Panel). You obviously don’t want everyone with a telephone using all of these applications so they are protected using a couple different Apache web server credentials. First, you set up an admin password for the administrator-level applications using the htpasswd utility. Then you set up an end-user account and password for access to AsteriDex, Reminders, and the User Control Panel. With the User Control Panel, end users also will need a username and password for their particular phone extension and this is configured with the Incredible PBX GUI using Admin -> User Management -> Add New User. If this sounds convoluted, it’s really not. Apache credentials can be entered once in an administrator’s or end user’s browser and they’re stored permanently.

Here is a checklist of the preliminary steps to complete before using your server:

Make your root password very secure: passwd
Create admin password for Incredible PBX GUI access: /root/admin-pw-change
Create admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin
Create joeuser password for web apps: htpasswd /etc/pbx/wwwpasswd joeuser
Set up UCP accounts for Voicemail & Recordings access using Incredible PBX GUI
Make a copy of your Knock codes: cat /root/knock.FAQ
Decipher IP address and other info about your server: status
Set your correct time zone: /root/timezone-setup

Activating Incredible Fax on Your Server

Incredible PBX also includes an optional (and free) faxing component that lets you send and receive faxes that are delivered to your email address. To activate Incredible Fax, run the following script and plug in your email address for delivery of incoming faxes: /root/incrediblefax11.sh. After entering your email address, you’ll be prompted for all sorts of additional information. Unless you have unusual requirements, pressing the ENTER key at every prompt is the appropriate response. You’ll need to reboot your server again when the fax installation is complete. Once you log back into your server as root, the bottom line of the status display should now be green UP entries.

Managing Your Server with the Incredible PBX GUI

About 99% of your time managing your server will be spent in the Incredible PBX GUI. To access it, fire up your browser and point to the IP address of your server. At the Kennonsoft menu, click on the Users tab which will change to Admin and bring up the Admin menu shown here:

From the Administrator menu in the Kennonsoft GUI, click on Incredible PBX Administration. This will bring up the following menu:

Click on the first icon to access the Incredible PBX GUI. You’ll be prompted for your credentials. For the username, enter admin. For the password, enter the password you set up using admin-pw-change above. You should then be greeted by the main status display in the Incredible GUI:

If you’re new to Asterisk and FreePBX, here’s the one paragraph primer on what needs to happen before you can make free calls with Google Voice. You’ll obviously need a free Google Voice account. This gets you a phone number for people to call you and a vehicle to place calls to plain old telephones throughout the U.S. and Canada at no cost. You’ll also need a softphone or SIP phone (NOT a regular POTS telephone) to actually place and receive calls. YATE makes a free softphone for PCs, Macs, and Linux machines so download your favorite and install it on your desktop. Phones connect to extensions to work with Incredible PBX. Extensions talk to trunks (like Google Voice) to make and receive calls. We use outbound routes to direct outgoing calls from extensions to trunks, and we use inbound routes to route incoming calls from trunks to extensions to make your phones ring. In a nutshell, that’s how a PBX works. There are lots of bells and whistles that you can explore down the road.

As configured after installation, you have everything you’ll need except a Google Voice trunk, and we’ll cover that next. Then we’ll add a softphone with your extension 701 credentials, and you’ll be ready to make and receive calls. Before we move on, let’s decipher your extension 701 password so that you’ll have it for later. Choose Applications -> Extensions -> 701 and scroll down the screen to the Secret field and write down your password. You can also change it if you like and click Submit and then the Red button to update your settings. While you’re here, write down your extension 701 Voicemail Password.

Deploying Google Voice on Your Server

That leaves one RED entry on your status display, GV OAUTH. Whether to use plain text passwords or OAUTH 2 credentials with Google Voice accounts presently is a matter of choice although Google regularly threatens to discontinue access to Google Voice without OAUTH authentication. We suggest you play with Google Voice using plain text passwords just to get your feet wet because OAUTH implementation gets complicated. When you get ready to deploy a permanent Incredible PBX server, that would be the appropriate time to switch to OAUTH. This tutorial (beginning at step 1b) will guide you through the process.

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Once you have your Google Voice account properly configured with Google, here is the proper sequence to get a Google Voice account working with Incredible PBX. First, using a browser, login to your Google Voice account. Second, make sure that Google Chat is activated in your Phone -> Settings. Third, in a separate browser tab, enable Less Secure Apps for your Google account. Fourth, in another separate browser tab, activate the Google Voice reset procedure. Fifth, in the Incredible PBX GUI, choose Connectivity -> Google Voice (Motif) and enter your Google Voice credentials:

Sixth, save your settings by clicking Submit and the Red Button to reload the GUI. Finally, using SSH or Putty, log into your server as root and restart Asterisk: amportal restart.

Setting Up a Soft Phone to Use with Incredible PBX

Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and your extension 701 password. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:


DEMO - Allison's IVR Demo
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
*68 - Wakeup Call
TODAY - Today in History

Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to use the free Google Voice account we set up above. Unlike traditional telephone service where you were 100% dependent upon MaBell, there is no such limitation with VoIP. The smarter long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started. Here are a few of our favorites:

Originally published: Friday, January 29, 2016





Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


Some Recent Nerd Vittles Articles of Interest…

The Ultimate Linux Sandbox in the Cloud for Less Than a $35 Raspberry Pi 2

Every few years we like to drop back and take a fresh look at the best way to get started with Linux. For those coming from the Windows World, it can be a painful process. Learning with a Cloud-based server can be especially dangerous because of the security risks. And then there’s the cost factor. Not everyone has several hundred dollars to buy hardware and, frankly, learning about Linux on a $35 Raspberry Pi can drive most newbies to drink. So today we’ll show you another way. It’s not necessarily a better way. But it’s different, and it’s loads of fun for not much money. Today’s project only takes 30 minutes.

There’s lots to hate at Cloud At Cost, a Canadian provider that offers virtual machines in the cloud for a one-time fee with no recurring charges. For $35 or less, you get a virtual machine with 512MB of RAM, 10GB of storage, and a gigabit Internet connection FOR LIFE. We haven’t seen a week go by when Cloud at Cost didn’t offer some sort of discount. Today it’s 70% off with coupon code TAKE70 which brings the total cost down to $10.50. That’s less than a burger at Five Guys. That’s the good news. But, if security, 99.999% reliability, performance, and excellent customer support are your must-haves, then look elsewhere. So why would anyone in their right mind sign up for a cloud solution that didn’t offer those four things? Did we mention it’s $10.50 for a lifetime cloud server?

If you take our recommendation and plunk down your Alexander Hamilton, you’ll need to go into this with the right attitude. It’s not going to be flawless perfection computing. It’s a sandbox on which to experiment with Linux and Cloud Computing. Will your virtual machine disintegrate at some juncture? Probably. Our experience is that the first couple days are critical. If you start seeing sluggish performance which degenerates to zero, don’t waste your time. Take good notes as you go along, delete the virtual machine, and rebuild a new one. It won’t cost you a dime, and it’ll save you hours of frustration. We suspect that bad folks get onto some of the servers and delight in bringing the machines to their knees. So the quicker you cut your losses, the better off you will be. Is CloudAtCost a good solution for production use? Absolutely not so don’t try to fit a square peg in the round hole. It’s not gonna work, and you WILL be disappointed. You’ve been warned. Let’s get started. ENJOY THE RIDE!

Our objective today is to show you how to build a rock-solid, secure Linux server in the Cloud with all the bells and whistles that make Linux the server platform of choice for almost every organization in the world. We’ll finish up by showing you how to embellish the platform with WordPress to do something that’s special for you whether it’s your own blog like Nerd Vittles, or a school newspaper, or an on-line shopping site to sell comic books. The basic foundation for most Linux platforms is called a LAMP server which stands for Linux, Apache, MySQL, and PHP. Linux is an open source operating system that includes contributions from thousands of developers around the world. Apache is the web server platform on which most commercial businesses stake their reputation. MySQL is the open source database management system now owned by Oracle. If it’s good enough for Facebook, it’s good enough for you. And PHP is THE web-based programming language that will let you build almost any application using Linux, Apache, and MySQL.

So what’s the big deal? There are thousands of online tutorials that will show you how to build a LAMP server. For long time readers of Nerd Vittles, you already know that the component we continually stress is security. Without that, the rest really doesn’t matter. You’ll be building a platform for someone else to hijack and use for nefarious purposes. When we’re finished today, you’ll have a cloud-based server that is totally invisible to the rest of the world with the exception of its web interface. And we’ll show you a simple way to reduce the exposure of your web interface to some of its most likely attackers. Will it be 100% secure? Nope. If you have a web server on the public Internet, it’s never going to be 100% secure because there’s always the chance of a software bug that nobody has yet discovered and corrected. THAT’S WHAT BACKUPS ARE FOR!

Creating Your Virtual Machine Platform in the Cloud

To get started, you’ve got to plunk down your $10.50 at Cloud at Cost using coupon code TAKE70. Once you’ve paid the piper, they will send you credentials to log into the Cloud at Cost Management Portal. Change your password IMMEDIATELY after logging in. Just go to SETTINGS and follow your nose.

To create your virtual machine, click on the CLOUDPRO button and click Add New Server. If you’ve only purchased the $10.50 CloudPRO 1 platform, then you’ll need all of the available resources shown in the pick list. Leave CentOS 6.7 64bit selected as the OS Type and click Complete. Depending upon the type of special pricing that Cloud at Cost is offering when you sign up, the time to build your virtual machine can take anywhere from a minute to the better part of a day. We’ve learned to build new virtual machines at night, and they’re usually available for use by the next morning. Luckily, this slow performance does not impact existing virtual machines that already are running in their hosting facility.

Initial Configuration of Your CentOS 6.7 Virtual Machine

With a little luck, your virtual machine soon will appear in your Cloud at Cost Management Portal and look something like what’s shown above. The red arrow points to the i button you’ll need to click to decipher the password for your new virtual machine. You’ll need both the IP address and the password for your new virtual machine in order to log into the server which is now up and running with a barebones CentOS 6.7 operating system. Note the yellow caution flag. That’s telling you that Cloud at Cost will automatically shut down your server in a week to save (them) computing resources. You can change the setting to keep your server running 24/7. Click Modify, Change Run Mode, and select Normal – Leave Powered On. Click Continue and OK to save your new settings.

Finally, you’ll want to change the Host Name for your server to something more descriptive than c7…cloudpro.92… Click the Modify button again and click Rename Server to make the change. Your management portal then will show the new server name as shown above.

Logging into Your CentOS 6.7 Virtual Machine

In order to configure and manage your new CentOS 6.7 virtual machine, you’ll need to log into the new server using either SSH or, for Windows users, Putty. After installing Putty, run it and log in to the IP address of your VM with username root and the password you deciphered above. On a Mac, open a Terminal session and issue a command like this using the actual IP address of your new virtual machine:

ssh root@12.34.56.78

Before you do anything else, reset your root password to something very secure: passwd

Installing the LAMP Server Basics with CentOS 6.7

Now we’re ready to build your LAMP server platform. We’ve chopped this up into lots of little steps so we can explain what’s happening as we go along. There’s nothing hard about this, but we want to document the process so you can repeat it at any time. As we go along, just cut-and-paste each clump of code into your SSH or Putty session and review the results to make sure nothing comes unglued. If something does, the beauty of virtual machines is you can delete them instantly within your management portal and just start over whenever you like. So here we go…

We’ll begin by permanently turning off SELINUX which causes more problems than it solves. The first command turns it off instantly. The second line assures that it’ll stay off whenever you reboot your virtual machine.

setenforce 0
sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config

Now let’s bring CentOS 6.7 up to current specs and add a few important applications:

yum -y update
yum -y install nano wget expect net-tools dialog git xz
yum -y install kernel-headers
yum -y install kernel-devel

Next, we’ll set up your Apache web server and configure it to start whenever you reboot your server:

yum -y install httpd
service httpd start
chkconfig httpd on

Now let’s set up your MySQL server, bring it on line, and make sure it restarts after server reboots. Unless you plan to add Asterisk® and FreePBX® to your server down the road, you’ll want to uncomment the two commands that begin with # by removing the # symbol and replacing new-password with a very secure password for your root user account in MySQL. Be sure to run the last command to secure your server. After logging in, the correct answers are n,Y,Y,Y,Y.

yum -y install mysql mysql-server
service mysqld start
chkconfig mysqld on
#/usr/bin/mysqladmin -u root password 'new-password'
#/usr/bin/mysqladmin -u root -p -h localhost.localdomain password 'new-password'
mysql_secure_installation

Next, we’ll set up PHP and configure it to work with MySQL:

yum -y install php
yum -y install php-mysql
service httpd restart

Finally let’s get SendMail installed and configured. Insert your actual email address in the last line and send yourself a test message to be sure it’s working. Be sure to check your spam folder since the message will show a sender address of localhost which many email systems including Gmail automatically identify as spam.

yum -y install sendmail
rpm -e postfix
service sendmail restart
yum -y install mailx
echo "test" | mail -s testmessage youracctname@yourmailserver.com

Installing Supplemental Repositories for CentOS 6.7

One of the beauties of Linux is not being totally dependent upon CentOS for all of your packaged applications. Let’s add a few other repositories that can be used when you need to add a special package that is not in the CentOS repository. Let’s start with EPEL. We’ll disable it by default and only use it when we need it.

yum -y install http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm
sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/epel.repo

We actually need the EPEL repo to install Fail2Ban for monitoring of attacks on certain Linux services such as SSH:

yum --enablerepo=epel install fail2ban -y
cd /etc
wget http://incrediblepbx.com/fail2ban-lamp.tar.gz
tar zxvf fail2ban-lamp.tar.gz

We also need the EPEL repo to install ipset, a terrific addition to the IPtables Linux firewall that lets you quickly block entire countries from accessing your server:

yum --enablerepo=epel install ipset -y

Next, we’ll add a sample script that documents how the country blocking mechanism works with ipset.1 For a complete list of countries that can be blocked, go here. If you need a decoder badge to match abbreviations against country names, you’ll find it here. To add other countries, simply edit the shell script and clone lines 4-7 using the names of the countries and country zone files that you wish to add. Be sure to insert the new lines before the commands to restart iptables and fail2ban. This script will need to be run each time your server reboots and before IPtables is brought on line. We’ll handle that a little later.

echo "#\!/bin/bash" > /etc/block-china.sh
echo " " >> /etc/block-china.sh
echo "cd /etc" >> /etc/block-china.sh
echo "ipset -N china hash:net" >> /etc/block-china.sh
echo "rm cn.zone" >> /etc/block-china.sh
echo "wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone" >> /etc/block-china.sh
echo "for i in $(cat /etc/cn.zone ); do ipset -A china $i; done" >> /etc/block-china.sh
echo "service iptables restart" >> /etc/block-china.sh
echo "service fail2ban restart" >> /etc/block-china.sh
sed -i 's|\||' /etc/block-china.sh
chmod +x /etc/block-china.sh

Another important repository is REMI. It is especially helpful if you decide to upgrade PHP from the default version 5.3 to one of the newer releases: 5.5 or 5.6. In this case, you’ll want to activate the specific repository to support the release you choose in /etc/yum.repos.d/remi-safe.repo.

yum -y install http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/remi-safe.repo

One final repository to have on hand is RPMForge, now renamed RepoForge. We’ll use it in a bit to install a dynamic DNS update utility which you actually won’t need at CloudAtCost since your server is assigned a static IP address. But it’s handy to have in the event you wish to assign a free FQDN to your server anyway.

yum -y install http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
sed -i 's|enabled = 1|enabled = 0|' /etc/yum.repos.d/rpmforge.repo

Adding a Few Utilities to Round Out Your LAMP Server Deployment

If you’re like us, you’ll want to test the speed of your Internet connection from time to time. Let’s install a free script that you can run at any time by logging into your server as root and issuing the command: /root/speedtest-cli

cd /root
wget -O speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest_cli.py
chmod +x speedtest-cli

Next, let’s put in place a simple status display which will quickly tell you what’s running and what’s not. We’ve borrowed some GPL code from Incredible PBX to help you out. Run status-lamp at any time for a snapshot of your server.

cd /usr/local/sbin
wget http://incrediblepbx.com/status-lamp.tar.gz
tar zxvf status-lamp.tar.gz
rm -f status-lamp.tar.gz

Now we’ll put the Linux Swiss Army Knife in place. It’s called WebMin, and it provides a GUI to configure almost everything in Linux. Pick up a good WebMin book from your public library to get started. Once installed, you access WebMin from your browser at the IP address of your server on the default port of 10000: https://serverIPaddress:10000. It’s probably a good idea to change this port number and the commented out line shows how to do it with the new port being 9001 in the example. The way in which we typically configure the Linux firewall will block all access to WebMin except from an IP address which you have whitelisted, e.g. your home computer’s public IP address.

cd /root
yum -y install perl perl-Net-SSLeay openssl perl-IO-Tty
yum -y install http://prdownloads.sourceforge.net/webadmin/webmin-1.780-1.noarch.rpm
#sed -i 's|10000|9001|g' /etc/webmin/miniserv.conf
service webmin restart
chkconfig webmin on

Tweaking Your CloudAtCost Setup Improves Performance and Improves Security

Finally, let’s address a couple of CloudAtCost quirks that may cause problems down the road. CloudAtCost has a nasty habit of not cleaning up after itself with fresh installs. The net result is your root password gets reset every time you reboot.

killall plymouthd
echo killall plymouthd >> /etc/rc.local
rm -f /etc/rc3.d/S97*

With the exception of firewall configuration, which is so important that we’re covering it separately below, you now have completed the LAMP server installation. After completing the firewall steps in the next section, simply reboot your server and you’re ready to go.

The Most Important Step: Configuring the Linux IPtables Firewall

RULE #1: DON’T BUILD SERVERS EXPOSED TO THE INTERNET WITHOUT ROCK-SOLID SECURITY!

As installed by CloudAtCost, your server provides ping and SSH access from a remote computer and nothing else. The good news: it’s pretty safe. The bad news: it can’t do anything useful for anybody because all web access to the server is blocked. We want to fix that, tighten up SSH access to restrict it to your IP address, and deploy country blocking to show you how.

As we implement the firewall changes, you need to be extremely careful in your typing so that you don’t accidentally lock yourself out of your own server. A typo in an IP address is all it takes. The good news is that, if you do lock yourself out, you still can gain access via the CloudAtCost Management Portal by clicking the Console button of your virtual machine. Because the console is on the physical machine and the lo interface is whitelisted, you can log in and disable the firewall temporarily: service iptables stop. Then fix the typo and restart the firewall: service iptables start.

First, let’s download the new IPtables config file into your root folder and take a look at it.

cd /root
wget http://incrediblepbx.com/iptables-lamp.tar.gz
tar zxvf iptables-lamp.tar.gz

Now edit the /root/iptables-lamp file by issuing the command: nano -w /root/iptables-lamp

You can scroll up and down through the file with Ctl-V and Ctl-Y. Cursor keys work as well. Once you make changes, save your work: Ctl-X, Y, ENTER. You’re now an expert with the nano text editor, an absolutely essential Linux tool.

Here’s what that file actually looks like:

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp ! --syn -m state --state NEW -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN              -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST              -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST              -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,FIN FIN                  -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG                  -j DROP
-A INPUT -p tcp -m set --match-set china src                    -j DROP
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 123 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#-A INPUT -s 12.34.56.78 -j ACCEPT
#-A INPUT -s yourFQDN.dyndns.org -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Reminder: If you add another country to your block-china script, don’t forget to add a corresponding new country entry to your iptables file. See line 17 above that includes the word “china” for the syntax. There’s nothing much else to tweak except the two commented out (brown) lines that begin with #. First, remove the # symbol by moving the cursor to the right of the first one and hitting the backspace/delete key on your keyboard. Replace 12.34.56.78 with the public IP address of the computer from which you will be accessing your virtual machine. If you need multiple entries for multiple computers at different addresses, clone the line by pressing Ctrl-K and then Ctrl-U twice. Yes, we know. Some folks IP addresses change from time to time. In the next section, we’ll show you how to set up a Dynamic DNS entry with a utility that will keep track of your current IP address. In this case, uncomment the second commented line and replace yourFQDN.dyndns.org with your dynamic DNS address. Be very careful to assure that your FQDN is always on line. If the firewall cannot verify your DNS entry when it starts, the IPtables firewall will not start which means your server will be left unprotected. HINT: IP addresses are much safer because they are never verified.

Once you have your addresses configured, save the file: Ctl-X, Y, ENTER. Then issue the following commands to copy everything into place and restart the firewall.

mv /etc/sysconfig/iptables /etc/sysconfig/iptables.orig
cp -p /root/iptables-lamp /etc/sysconfig/iptables
echo "/etc/block-china.sh" >> /etc/rc.local
/etc/block-china.sh

Always, always, always check to be sure your firewall is functioning: iptables -nL. If you don’t see your desktop computer’s public IP address near the end of the listing, then the firewall is dead. status-lamp should also show IPtables down. Check for an error message which will tell you the problematic line so you can correct it.

Implementing Dynamic DNS Service on Your Virtual Machine

There are a number of free and paid Dynamic DNS providers. The way this works is you choose a fully-qualified domain name (FQDN) to identify your computer. Then you run a dynamic DNS update utility periodically from that computer. It reports back the current public IP address of your computer and your provider updates the IP address assigned to your FQDN if it has changed. In addition to supporting sites with ever changing IP addresses, it also allows you to permanently assign an FQDN to your computer or server so that it can be accessed without using a cryptic IP address.

If that computer happens to be an Incredible PBX server or a LAMP server that you’ve set up using this tutorial, then the following will get the DNS client update utility loaded using the RPM Forge repository that we previously installed:

yum --enablerepo=rpmforge install ddclient -y

Similar DNS update clients are available for Windows, Mac OS X, and many residential routers. Then it’s just a matter of plugging in the credentials for your dynamic DNS provider and your FQDN. In the case of the CentOS client, the config file is /etc/ddclient/ddclient.conf. Now reboot your server and pick up a good book on Linux to begin your adventure.

Now For Some Fun…

First, let’s check things out and make sure everything is working as it should. With your favorite web browser, visit the IP address of your new server. You should see the default Apache page:

Next, let’s be sure that PHP is working as it should. While still logged into your server as root using SSH or Putty, issue the following commands and make up some file name to replace test4567 in both lines. Be sure to keep the .php file name extension. Note to gurus: Yes, we know the second line below is unnecessary if you remove the space after the less than symbol in the first line. Unfortunately, WordPress forces the space into the display which left us no alternative.

echo "< ?php phpinfo(); ?>" > /var/www/html/test4567.php
sed -i 's|< |<|' /var/www/html/test4567.php

Now jump back to your web browser and access the new page you just created using the IP address of your server and the file name you made up: http://12.34.56.78/test4567.php

The PHPinfo listing will tell you everything you ever wanted to know about your web server setup including all of the PHP functions that have been enabled. That’s why you want an obscure file name for the page. You obviously don’t want to share that information with every bad guy on the planet. Remember. This is a public-facing web site that anyone on the Internet can access if they know or guess your IP address.

When you’re ready to set up your own web site, just name it index.php and store the file in the /var/www/html directory of your server. In the meantime, issuing the following command will assure that anyone accessing your site gets a blank page until you’re ready to begin your adventure:

echo " " > /var/www/html/index.php

Ready to learn PHP programming? There’s no shortage of books to get you started.

Adding WordPress to Your LAMP Server

Where to begin with WordPress? What used to be a simple platform for bloggers has morphed into an all-purpose tool that makes building virtually any type of web site child’s play. If you want to see what’s possible, take a look at the templates and sample sites shown on WPZOOM. Unless you’re an art major and savvy web designer, this will be the best $70 you ever spent. One of these templates will have your site up and running in minutes once we put the WordPress pieces in place. For the big spenders, $149 will give you access to over 50 gorgeous templates which you can download and use to your heart’s content on multiple sites. And, no, your sites don’t blow up after a year. You just can’t download any additional templates or updates unless you renew your subscription. The other alternative is choose from thousands of templates that are provided across the Internet as well as in the WordPress application itself.

WordPress templates run the gamut from blogs to newsletters to photographer sites to e-commerce to business portfolios to video to travel to magazines to newspapers to education to food to recipes to restaurants and more. Whew! There literally is nothing you can’t put together in minutes using a WordPress template. But, before you can begin, we need to get WordPress installed on your server. This is optional, of course. And, if you follow along and add WordPress, we’ve set it up in such a way that WordPress becomes the primary application for your site. Stated differently, when people use a browser to access your site, your WordPress template will immediately display. When we finish the basic WordPress setup and once you upload an image or two, you’ll have a site that looks something like this:

Before you begin, we strongly recommend that you acquire a domain for your site if you plan to use it for anything but experimentation. The reason is because it can be complicated to migrate a WordPress site from one location to another.2 Once you’ve acquired your domain, point the domain to the IP address of your new server. With a dirt cheap registrar such as Omnis.com, it’s easy:

Now let’s get started. To begin, we need to load the WordPress application onto your server:

cd /root
mkdir wordpress
cd wordpress
wget http://wordpress.org/latest.tar.gz
tar -xvzf latest.tar.gz -C /var/www/html

Next, we’ll configure MySQL to support WordPress. We’re assuming that you have NOT already created root passwords for MySQL. If you have, you’ll need to add -pYourPassword to the various commands below immediately after root. There is no space between -p and your root password. Also edit the first line and make up a new password (replacing XYZ below) for the wordpress user account that will manage WordPress on your server before you cut and paste the code:

mysql -u root -e 'CREATE USER wordpress@localhost IDENTIFIED BY "XYZ";'
mysql -u root -e 'CREATE DATABASE wordpress;'
mysql -u root -e 'GRANT ALL ON wordpress.* TO wordpress@localhost;'
mysql -u root -e 'FLUSH PRIVILEGES;'

Next, we need to configure WordPress with your new MySQL credentials. Before you cut and paste, replace XYZ in the fourth line with the password you assigned in the preceding MySQL step:

cp /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php
sed -i 's|database_name_here|wordpress|' /var/www/html/wordpress/wp-config.php
sed -i 's|username_here|wordpress|' /var/www/html/wordpress/wp-config.php
sed -i 's|password_here|XYZ|' /var/www/html/wordpress/wp-config.php
chown -R apache:apache /var/www/html/wordpress

Before you forget, take a moment and create a very secure password for your MySQL root user accounts. Here are the commands. Just replace new-password with your new password before you cut and paste. Note that you also will be prompted for this password when you execute the second command because you will now have a root user password in place from executing the first command.

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -p -h localhost.localdomain password 'new-password'

Finally, we need to modify your Apache web server to support WordPress as the primary application. Be sure to enter your actual email address in the third line before you cut and paste the code below:

echo " " >> /etc/httpd/conf/httpd.conf
echo "<virtualhost *:80>" >> /etc/httpd/conf/httpd.conf
echo 'ServerAdmin somebody@somedomain.com' >> /etc/httpd/conf/httpd.conf
echo "DocumentRoot /var/www/html/wordpress" >> /etc/httpd/conf/httpd.conf
echo "ServerName wordpress" >> /etc/httpd/conf/httpd.conf
echo "ErrorLog /var/log/httpd/wordpress-error-log" >> /etc/httpd/conf/httpd.conf
echo "CustomLog /var/log/httpd/wordpress-acces-log common" >> /etc/httpd/conf/httpd.conf
echo "</virtualhost>" >> /etc/httpd/conf/httpd.conf
echo " " >> /etc/httpd/conf/httpd.conf
service httpd restart

That should do it. Open a browser and navigate to the IP address of your server. You should be greeted with the following form. Fill in the blanks as desired. The account you’re setting up will be the credentials you use to add and modify content on your WordPress site when you click Log In (as shown above). Make the username obscure and the password even more so. Remember, it’s a public web site accessible worldwide! When you click Install WordPress, you’ll be off to the races.

After your server whirs away for a minute or two, you will be greeted with the WordPress login prompt. With the username and password you entered above, you’ll be ready to start configuring your WordPress site.

Once you’re logged in, navigate to Appearance -> Themes and click Add New Theme. There’s you will find literally hundreds of free WordPress templates that can be installed in a matter of seconds if WPZOOM is too rich for your blood. For a terrific all-purpose (free) theme, try Atahualpa. We’ll leave our actual demo site running for a bit in case you want to explore and check out its performance. Installing and configuring the new theme took less than a minute:

A Final Word to the Wise. WordPress is relatively secure but new vulnerabilities are discovered regularly. Keep your templates, plug-ins, AND the WordPress application up to date at all times! The WordFence plug-in is a must-have. And we strongly recommend adding the following lines to your WordPress config file which then will let WordPress update everything automatically. Microsoft has given automatic updates a bad name, but in the case of WordPress, they work well.

echo "define('WP_AUTO_UPDATE_CORE', true);" >> /var/www/html/wordpress/wp-config.php
echo "add_filter( 'auto_update_plugin', '__return_true' );" >> /var/www/html/wordpress/wp-config.php
echo "add_filter( 'auto_update_theme', '__return_true' );" >> /var/www/html/wordpress/wp-config.php

Special Thanks: Our special tip of the hat goes to a few web sites that we found helpful in putting this article together especially Unixmen and Matt Wilcox & friends and Programming-Review.

Wondering What to Build Next with your new $10.50 Server in the Sky? Check out the latest Nerd Vittles tutorial. Turn it into a VoIP server FOR LIFE with free calling to/from the U.S. and Canada. Call for free demo:


Originally published: Monday, January 25, 2016





Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


Some Recent Nerd Vittles Articles of Interest…

  1. It doesn’t take long for the probing to begin. So watch your logs, look up the IP addresses to identify the countries, and block them unless you happen to be expecting visitors from that part of the world:
    [Sun Jan 24 00:36:12 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/w00tw00t.at.blackhats.romanian.anti-sec:)
    [Sun Jan 24 00:36:12 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/phpMyAdmin
    [Sun Jan 24 00:36:13 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/phpmyadmin
    [Sun Jan 24 00:36:13 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/pma
    [Sun Jan 24 00:36:13 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/myadmin
    [Sun Jan 24 00:36:14 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/MyAdmin
    [Mon Jan 25 00:29:29 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/w00tw00t.at.blackhats.romanian.anti-sec:)
    [Mon Jan 25 00:29:29 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/phpMyAdmin
    [Mon Jan 25 00:29:29 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/phpmyadmin
    [Mon Jan 25 00:29:30 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/pma
    [Mon Jan 25 00:29:30 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/myadmin
    [Mon Jan 25 00:29:30 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/MyAdmin
    []
  2. Should you ever have to migrate your WordPress site from one domain to another, here are two helpful tools to consider: the Automatic Domain Name Changer Plugin and the one we use, WordPress-Domain-Changer. []

Gotcha-Free PBX: GIT-R-Done with Incredible PBX for Asterisk-GUI (CentOS)

For the die-hard developers out there, we are pleased to introduce a new version of Incredible PBX™ for Asterisk-GUI that uses GIT repos to build both Asterisk® and Asterisk-GUI with the same feature set of applications as our previous releases. You still get a Gotcha-Free PBX with pure and honest open source GPL code. No patent, trademark, or copyright minefields to trip you up. But this time around you’ll have an Asterisk platform that can be updated in seconds by running a simple upgrade script: upgrade-asterisk-to-current. Special thanks to Matt Jordan & Co. for the new GIT implementation. And our extra special thanks to Denver sports cartoonist, Drew Litton, for letting us share his GIT-R-DONE creation as well.

This time around you’ll need a 64-bit CentOS 6.5/6.6 base platform. When you complete the 30-minute install procedure, you’ll have the very latest version of Asterisk 11 and Asterisk-GUI. Both are compiled from source on your hardware platform to maximize performance. The end result is the VoIP Trifecta… better, cheaper, and faster.

Since the early Windows® days, we haven’t been big fans of GUI-only interfaces. Let’s face it. Some things can be configured more efficiently with less chance for error using other tools. Incredible PBX takes advantage of this hybrid technology by offering the best of all worlds. Administrators can use a GUI where it makes sense and use a text editor or simple web form where it doesn’t. There’s no MySQL middleware to obfuscate your Asterisk settings. So you can configure 8 VoIP trunks from 8 great providers in under 5 minutes. And there’s so much more…

Target Audience: Home or SOHO/SBO in need of a turnkey, Gotcha-Free PBX Development Platform

Default Configuration: Asterisk 11 with enhanced Asterisk-GUI, Kennonsoft GUI, and NANPA dialplan

Platform: 64-bit CentOS 6.5/6.6 running on Dedicated Server, Cloud-Based Server, or Virtual Machine

Minimum Memory: 512MB

Recommended Disk: 20GB+

Default Trunks: Google Voice, CallCentric, DIDlogic, Future-Nine, IPcomms, Les.net, Vitelity, VoIP.ms1

Feature Set: Fax, SMS messaging, VPN, Reminders, ConfBridge Conferencing, AsteriDex, Voicemail, Email, IVR, News, Weather, Voice Dialer, Wolfram Alpha, Today in History, TM3 Firewall WhiteList, Speed Dialer, iNUM and SIP URI (free) worldwide calling, OpenCNAM CallerID lookups, DISA, Call Forwarding, CSV CDRs

Administrator Utilities: Incredible Backup/Restore, Automatic Updater, Asterisk Upgrader, phpMyAdmin, Timezone Config, Plug-and-Play Trunk Configurator, WebMin, External IP Setup, Firewall WhiteList Tools

Getting Started with Incredible PBX for Asterisk-GUI (GIT Edition)

Here’s a quick overview of the installation and setup process for Incredible PBX for Asterisk-GUI:

  1. Choose a Hardware Platform – Dedicated PC, Cloud, or Virtual Machine
  2. Install Linux – 64-bit CentOS 6.5 or Scientific Linux Minimal ISO
  3. Download and Install Incredible PBX for Asterisk-GUI
  4. Install Incredible Fax for Asterisk-GUI (optional)
  5. Set Up Passwords for Incredible PBX for Asterisk-GUI
  6. Configure Trunks with Incredible PBX for Asterisk-GUI
  7. Connect a Softphone to Incredible PBX for Asterisk-GUI

1. Choose a Platform for Incredible PBX for Asterisk-GUI

Incredible PBX for Asterisk-GUI works equally well on dedicated hardware or a virtual machine. Just be sure you’ve met the minimum requirements outlined above and that you have a sufficiently robust Internet connection to support 100Kb of download and upload bandwidth for each simultaneous call you wish to handle with your new PBX.

For Dedicated Hardware, we recommend an Atom-based PC of recent vintage with at least a 30GB drive and 4GB of RAM. That will take care of an office with 10-20 extensions and a half dozen or more simultaneous calls if you have the Internet bandwidth to support it.

For Cloud-Based Implementations, this time around we recommend Digital Ocean because the GIT edition is designed to be a development platform with bleeding edge Asterisk 11 code.

For Virtual Machine Installs, we recommend Oracle’s VirtualBox platform which runs atop almost any operating system including Windows, Macs, Linux, and Solaris. Here’s a link to our original VirtualBox tutorial to get you started. We suggest allocating 1GB of RAM and at least a 20GB disk image to your virtual machine for best performance.

2. Install a Linux Flavor for Incredible PBX for Asterisk-GUI

To be clear, we plan to support many Linux flavors other than RedHat. But Rome wasn’t built in a day so hang in there. We’re flippin’ burgers as fast as we can. For today, you’ll need a 64-bit version of CentOS or Scientific Linux 6.5/6.6. On some platforms, you install 6.5. After the initial update and upgrade steps, you’ll end up with 6.6. There are many flavors of CentOS and Scientific Linux. For Incredible PBX, a minimal install is all you need.

With dedicated hardware, begin by downloading the 64-bit CentOS 6.6 minimal ISO. Boot your server with the ISO, and begin the install. Here are the simplest installation steps:

Choose Language and Click Continue
Click: Install Destination (do not change anything!)
Click: Done
Click: Network & Hostname
Click: ON
Click: Done
Click: Begin Installation
Click: Root Password: password, password, Click Done twice
Wait for Minimal Software Install and Setup to finish
Click: Reboot

With most cloud-based providers, you simply choose the CentOS 6.5 platform in creating your initial image. 512MB of RAM is plenty so long as you have a swap file. Within a minute or two, you’re ready to boot up the server.

For VirtualBox, download the Scientific Linux 6.6 minimal install .ova image from SourceForge. Then double-click on the image to load it into VirtualBox. Enable Audio and configure Network with Bridge Adapter in Settings. Then start the virtual machine. Default password for root is password.

With VirtualBox, you can skip this step. For everyone else, log into your server as root and issue the following commands to put the basic pieces in place and to reconfigure your Ethernet port as eth0. On some platforms, some of the commands may generate errors. Don’t worry about it! Just make a note of your IP address so you can log back in with SSH from a desktop computer to begin the Incredible PBX install.

For CentOS/Scientific Linux 6.5 minimal install:

setenforce 0
yum -y upgrade
yum -y install net-tools nano wget
ifconfig
sed -i 's|quiet|quiet net.ifnames=0 biosdevdame=0|' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
wget http://incrediblepbx.com/update-kernel-devel
chmod +x update-kernel-devel
./update-kernel-devel
reboot

For CentOS/Scientific Linux 6.6 minimal install:

setenforce 0
yum -y upgrade
yum -y install net-tools nano wget
ifconfig
reboot

3. Install GIT-R-Done Edition of Incredible PBX for Asterisk-GUI

cd /root
yum -y install wget
wget http://incrediblepbx.com/incrediblepbx11gui-git.tar.gz
tar zxvf incrediblepbx11gui-git.tar.gz
#./create-swapfile-DO  #add this step for Digital Ocean droplets
rm -f incrediblepbx11gui-git.tar.gz
./IncrediblePBX11-GUI-git.sh
./IncrediblePBX11-GUI-git.sh

4. Install Incredible Fax for Asterisk-GUI (optional)

Administrators have been trying to stomp out faxing for at least two decades. Here’s a hint. It ain’t gonna happen. So go with the flow and add Gotcha-Free Faxing to your server. It’ll be there when you need it. And sooner or later, you’ll need it. This install script is simple enough for any monkey to complete. Run the script and enter the email address for delivery of your faxes. Then, if you’re in the U.S. or Canada, press the Enter key to accept every default entry during the HylaFax and AvantFax installation steps. For other countries, read the prompts and answer accordingly. When the installation finishes, reboot your server to bring faxing on line. Be sure to change your AvantFax admin password. By default, it is password. You can use the script included in the /root folder: avantfax-pw-change. REMINDER: Don’t forget to reboot your server!

cd /root
./incrediblefax11-GUI.sh
./avantfax-pw-change
reboot

Troubleshooting: If your IAXmodems don’t display with a green IDLE notation in the AvantFax GUI, you may need to restart them once more. After a second reboot, all should be well. The restart command is /root/iaxmodem-restart.

5. Initial Configuration of Incredible PBX for Asterisk-GUI

Incredible PBX is installed with the preconfigured IPtables Linux firewall already in place. It implements WhiteList Security to limit server access to connected LANs, your server’s IP address, your desktop computer’s IP address, and a few of our favorite SIP providers. You can add additional entries to this WhiteList whenever you like using the add-ip and add-fqdn tools in /root. There’s also an Apache security layer for our web applications. And, of course, Asterisk-GUI has its own security methodology using Asterisk’s manager.conf. Finally, we randomize extension and DISA passwords as part of the initial install process. Out of the starting gate, you won’t find a more secure VoIP server implementation anywhere. After all, it’s your phone bill.

Even with all of these layers of security, here are 10 Quick Steps to better safeguard your server. You only do this once, but failing to do it may lead to security issues you don’t want to have to deal with down the road. So DO IT NOW!

First, log into your server as root with your root password and do the following:

Make your root password very secure: passwd
Set your correct time zone: ./timezone-setup
Create admin password for web apps: htpasswd -b /etc/pbx/wwwpasswd admin newpassword
Make a copy of your other passwords: cat passwords.FAQ
Make a copy of your Knock codes: cat knock.FAQ
Decipher IP address and other info about your server: status

Second, log into your server as admin using a web browser pointed to your server’s IP address:

Click USERS tab in Incredible PBX GUI
Click Asterisk-GUI Administration
Log in as user: admin with password: password
Immediately change your admin password and login again

Log in to Asterisk-GUI again with your new password. Expand the options available in the GUI:

Options -> Advanced Options -> Show Advanced Options

Last but not least, Incredible PBX includes an automatic update utility which downloads important updates whenever you log into your server as root. We recommend you log in once a week to keep your server current. Now would be a good time to log out and back into your server at the Linux command line to bring your server up to current specs.

6. Configure Trunks with Incredible PBX for Asterisk-GUI

Now for the fun part. If this is your first VoIP adventure, be advised that this ain’t your grandma’s phone system. You need not and should not put all your eggs in one basket when it comes to telephone providers. In order to connect to Plain Old Telephones, you still need at least one provider. But there is nothing wrong with having several. And a provider that handles an outbound call (termination) need not be the same one that handles an incoming call (origination) and provides your phone number (DID). We cannot recommend Vitelity highly enough, and it’s not just because they have financially supported our projects for almost a decade. They’re as good as VoIP providers get, and we use lots of them. If you’re lucky enough to live in the U.S., you’d be crazy not to set up a Google Voice account. It’s free as are all phone calls to anywhere in the U.S. and Canada. The remaining preconfigured providers included in Incredible PBX for Asterisk-GUI are equally good, and we’ve used and continue to use almost all of them. So pick a few and sign up. You only pay for the calls you make with each provider so you have little to lose by choosing several. The PIAF Forum includes dozens of recommendations on VoIP providers if you want additional information.

With the preconfigured trunks in Incredible PBX for Asterisk-GUI, all you need are your credentials for each provider and the FQDN of their server. Log into Asterisk-GUI Administration as admin using a browser. From the System Status screen, click Incredible PBX Apps. Click on each provider you have chosen and fill in the blanks with your credentials. When you’ve saved all of your settings, log into your server as root via SSH and type: service asterisk restart or asterisk-restart. You can also issue the command in the Asterisk-GUI by choosing the Asterisk CLI tab2 in the left column. Doesn’t get any simpler!

Update: It should be noted that Incredible PBX for Asterisk-GUI also supports Anveo Direct trunks; however, they are configured differently because of the way Anveo handles the calls. You’ll need the PIN provided by Anveo to set up your trunk, and Anveo supports CallerID spoofing so you can enter any CallerID number for the trunk that you are authorized to use. You’ll find the Anveo Direct setup link in the Incredible PBX Apps tab. To route an outgoing call through Anveo trunk, dial 2 + any desired 10-digit number.

Here is the complete list of dialing prefixes and the trunks to which they are associated:

  • 1 – Google Voice
  • 2 – Anveo Direct
  • 3 – Future Nine
  • 4 – CallCentric
  • 5 – DIDlogic
  • 6 – IPcomms
  • 7 – Les.net
  • 8 – Vitelity
  • 9 – VoIP.ms

For free iNUM calling worldwide, the following dialing prefixes are supported in conjunction with the last seven digits of any destination iNUM DID. Free iNUM DIDs for your own PBX are available from both of these providers as well.

  • 0XXXXXXX – CallCentric
  • 90XXXXXXX – VoIP.ms

Finally, in addition to the native Asterisk motif implementation of Google Voice (covered below) which uses insecure authentication with Google Voice, we also support the new Simonics SIP gateway to Google Voice using OAUTH authentication. Just click this link for the installation script and tutorial.

7. Configure a Softphone with Incredible PBX for Asterisk-GUI

We’re in the home stretch now. You can connect virtually any kind of telephone to your new Gotcha-Free PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony.

We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 6002 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 6002 password. Choose Users -> 6002 and write down your SIP/IAX Password. You can also find it in /root/passwords.FAQ. Fill in the blanks using the IP address of your server, 6002 for your account name, and whatever password is assigned to the extension. Click OK to save your entries.

Once you are registered to extension 6002, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

7001 - IVR Demo
123 - Reminders
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
TODAY - Today in History

If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail.

If you have difficulty finding the Google Chat option after setting up a new Google Voice account, follow this tutorial.

Once you’ve created your Gmail and Google Voice accounts, go to Google Voice Settings and click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you’ve adjusted your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to configure your Google Voice account in Incredible PBX. You can do it from within Asterisk-GUI by choosing Google Voice within the Incredible PBX Apps tab. Once you entered your credentials, don’t forget to restart Asterisk, or Google Voice calls will fail. If you still have trouble placing or receiving calls, try these tips.

OK, Smarty Pants: Show Me the Beef!

We know what some of you are thinking. “What does a fast food worker really know about VoIP and Gotcha-Free PBXs?? Before I waste a bunch of time on this, show me the beef!” Fair enough. Sit by your phone and click the Call Me icon below. Type in a fake name and your real phone number. Click the Connect button, answer your phone when it rings, and press 1. You’ll be connected to the Incredible PBX IVR for Asterisk-GUI. Pick an option from the menu of choices and take the Incredible PBX apps for a spin on our dime… actually it’s Google’s dime. Everything you see and hear is part of what you get with Incredible PBX for Asterisk-GUI including the ability to set up your own click-to-dial web interface exactly like this one. The demo just happens to be running on our Mac desktop instead of yours. So… what are you waiting for? Click away and try Incredible PBX for yourself. And, by the way, nobody besides the NSA and Google will be monitoring your call. 😉



Nerd Vittles Demo IVR Options
1 – Call by Name (say “Delta Airlines” or “American Airlines” to try it out)
2 – MeetMe Conference (password is 1234)
3 – Wolfram Alpha (say “What planes are overhead?”)
4 – Lenny (The Telemarketer’s Worst Nightmare)
5 – Today’s News Headlines
6 – Weather Forecast (say the city and state, province, or country)
7 – Today in History
8 – Speak to a Real Person (or maybe just voicemail if we’re out)

Homework Assignment: Mastering the Asterisk-GUI

We’ll have more to say about the Incredible PBX applications next week. In the meantime, you have some homework. You need to learn all about Asterisk-GUI and how to make the best use of its powerful feature set. Here’s one word of warning. We mentioned that Incredible PBX was a hybrid system that combines some customized settings with the standard Asterisk-GUI interface. Before modifying existing settings for the default trunks, extensions, and default routes, take a look at the credentials* files in /etc/asterisk. If you modify any of these trunk entries or the Outgoing or Incoming Call Rules in Asterisk-GUI, you may break the Incredible PBX setup. So steer clear of that minefield until you know what you’re doing. Adding new extensions and additional trunks is perfectly fine and will not break anything.

Rather than reinvent the wheel, we’ll point you to some excellent tutorials that already have been written. Start with Chapter 3 of Digium’s Asterisk Appliance™ Administrator Manual. Next, review Chapter 11 of The Asterisk Book (Second Edition). Finally, take a look at a couple of the tutorials that have been written by other companies that incorporated Asterisk-GUI into their hardware products, e.g. Yeastar’s MyPBX SOHO User Manual and Grandstream’s UCM6100 User Manual. Then check back with us next week for Chapter 2.

In the meantime, if you have questions, join the PBX in a Flash Forums and take advantage of our awesome collection of gurus. There’s an expert available on virtually any topic, and the price is right. As with Incredible PBX, it’s absolutely free.

We also are quickly building a collection of tutorials tailored specifically for Incredible PBX for Asterisk-GUI:

Enjoy your new Gotcha-Free PBX!

Now Available: The Gotcha-Free Incredible PBX Application User’s Guide

Originally published: Monday, April 20, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


Some Recent Nerd Vittles Articles of Interest…

  1. Vitelity and Google provide financial support to Nerd Vittles and the Incredible PBX project. []
  2. If, for some reason, the Asterisk CLI tab does not appear on your server, click Options -> Advanced Options -> Show Advanced Options. []

The Two Amigos Ride Again: Introducing Incredible PBX for Elastix 2.5

We began our Elastix® adventure last week with the Bleeding Edge and our introduction of Incredible PBX for Elastix MT, the promising new multi-tenant edition of Elastix. Unfortunately, for production use, Elastix 3.0 is not quite there yet. So this week we’re introducing Incredible PBX™ for Elastix 2.5, an incredibly stable telephony platform with a loyal following and dozens of add-on components to satisfy almost any requirement. Having not looked at Elastix in more than a year, we were pleasantly surprised to find a very current version of Asterisk® 11 as well as a stable, gotcha-free Elastix fork of FreePBX® 2.11. It’s amazing what can be accomplished with a single command: yum upgrade. If you know how to use FreePBX, then the Elastix GUI will be a walk in the park.

We promised that 2015 would be the year of Gotcha-Free choices for the Asterisk platform, and today we deliver the third VoIP alternative with pure and honest GPL code minus the patent, trademark, and copyright minefields previously covered. Incredible PBX™ for Elastix 2.5 provides virtually the same feature set of applications for Asterisk as our previous releases. Just abide by the clear GPL licensing terms and copy, embellish, and redistribute to your heart’s content.

What Incredible PBX brings to the Elastix 2.5 platform are several dozen (free) applications for Asterisk in addition to a rock-solid firewall with a preconfigured WhiteList of your favorite VoIP providers and private LAN addresses. With the Elastix 2.5 version, you also get a dozen preconfigured trunks and extensions plus a familiar GUI that we’ve all used for the better part of a decade. And it’s all bundled in a graphical user interface that integrates telephony, faxing, instant messaging, email, and calendaring in a single desktop application. We’re glad to be part of the family.

Our deployment strategy remains consistent and straight-forward. Install a 64-bit bit version of Elastix 2.5 on the platform of your choice. Then run the Incredible PBX installer. In 5-10 minutes, you’re ready to roll. The installer first will bring Elastix 2.5 and CentOS up to current specs. Then it will work its magic and add an Incredible PBX tab to the existing Elastix 2.5 UI with all the bells and whistles to which you are accustomed. Text-to-speech applications, speech recognition, DISA, ODBC, SMS messaging, news, weather, conference bridge support, and a voice dialer are enabled out of the box.

A Word of Caution. If you’re new to Incredible PBX, install a clean version of Elastix 2.5 with NO MODIFICATIONS before you begin the Incredible PBX install. All of the existing Elastix 2.5 setup will be modified as part of the Incredible PBX install, and these changes will wipe out any additions you’ve previously made to Elastix. So don’t make any! Once the Incredible PBX install is completed, you can make all the changes you wish in your Elastix configuration. The only major design change we’ve made is to rework the Elastix MySQL database tables into MyISAM format from InnoDB. This facilitates making future backups and restores of your server as well as providing the necessary platform to install current and future Incredible PBX components.

Did We Mention Security? You also get a locked down, preconfigured IPtables Firewall WhiteList with all of the Travelin’ Man 3 tools plus the automatic update service to keep your server up to date and safe. There is a $20 voluntary annual license fee for the update service but, if you’d prefer to buy donuts, be our guest. But understand that voluntary is a two-way street. Running the update service costs us time and money and, when it ceases to be worthy of our time and financial investment, we reserve the right to discontinue the service down the road. The next time you log into your server after installing Incredible PBX, you’ll quickly appreciate why an automatic update service is important. We watch for and fix problems so you don’t have to.

Target Audience: Small or Large Organization in need of a turnkey, Gotcha-Free PBX

Default Configuration: Asterisk 11 with enhanced Elastix 2.5 GUI and Kennonsoft GUI

Platform: CentOS 5.x running on Dedicated Server, Cloud-Based Server, or Virtual Machine

Minimum Memory: 1024 MB

Recommended Disk: 20 GB+

Feature Set: Fax, SMS messaging, NeoRouter/PPTP VPN, Reminders, ConfBridge Conferencing, AsteriDex, Voicemail, Email, IVR, News, Weather, Voice Dialer, Wolfram Alpha, Today in History, TM3 Firewall WhiteList, Speed Dialer, iNUM and SIP URI (free) worldwide calling, DISA, Call Forwarding, Tailorable CDRs

Administrator Utilities: Incredible Backup/Restore, Automatic Updater, phpMyAdmin, Timezone Config, WebMin, Admin Password Configurator, ODBC/MySQL Database Configurator, Firewall WhiteList Tools

Getting Started with Incredible PBX for Elastix 2.5

Here’s a quick overview of the installation and setup process for Incredible PBX for Elastix 2.5:

  1. Choose a Hardware Platform – Dedicated PC, Cloud Provider, or Virtual Machine
  2. Install Elastix 2.5 – 64-bit CentOS 5 platform
  3. Download and Install Incredible PBX for Elastix 2.5
  4. Set Up Passwords for Incredible PBX for Elastix 2.5
  5. Activate Trunks with Incredible PBX for Elastix 2.5
  6. Connect a Softphone to Incredible PBX for Elastix 2.5
  7. Configuring SMTP Mail with Incredible PBX for Elastix 2.5

1. Choose a Platform for Incredible PBX for Elastix 2.5

Incredible PBX for Elastix 2.5 works equally well on dedicated hardware, a cloud-based server, or a virtual machine. Just be sure you’ve met the minimum requirements outlined above and that you have a sufficiently robust Internet connection to support 100Kb of download and upload bandwidth for each simultaneous call you wish to handle with your new PBX.

For Dedicated Hardware, we recommend at least an Atom-based PC of recent vintage with at least a 30GB drive and 4GB of RAM. That will take care of an office with 10-20 extensions and a half dozen or more simultaneous calls if you have the Internet bandwidth to support it.

For Cloud-Based Servers, we recommend RentPBX, one of our financial supporters who also happens to size servers properly and restrict usage solely to VoIP. This avoids performance bottlenecks that cause problems with VoIP calls. Yes, we have a coupon code for you to get the $15/month rate: NOGOTCHAS. The new image to support Incredible PBX for Elastix 2.5 should be available shortly.

For Virtual Machine Installs, we recommend Oracle’s VirtualBox platform which runs atop almost any operating system including Windows, Macs, Linux, and Solaris. Here’s a link to our original VirtualBox tutorial to get you started. We suggest allocating 1GB of RAM and at least a 20GB disk image to your virtual machine for best performance. We actually used VirtualBox to build Incredible PBX for Elastix 2.5.

2. Install 64-bit Elastix 2.5 on Your Platform

Begin by downloading the 64-bit Elastix 2.5 ISO. For dedicated hardware, burn the ISO image to a CD/DVD and boot your server with the Elastix 2.5 ISO to begin the install. Here are the simplest installation steps:

Install or Upgrade in Graphical Mode by pressing ENTER
Choose: Install Language
Choose: Keyboard
Choose: Initialize Drive and Erase ALL DATA
Remove: All partitions on selected drive and YES you’re sure
Modify: Partitioning Layout (No is fine)
Configure: eth0 and disable IPv6 Support (unless required)
Choose: Dynamic IP (DHCP) configuration
Choose: Hostname Configuration Automatic
Choose: Time Zone and Disable System Clock Uses UTC
Set: Root Password (Make it Secure!)
Wait for Reboot to Complete
Set MySQL Password to: passw0rd (MANDATORY: with a zero!)
Choose Elastix admin Password: minimum 10 alphanumeric characters with upper & lowercase

For VirtualBox, create an Elastix 2.5 virtual machine of Linux (RedHat 64-bit) type by clicking New. Click Settings button. In System, enable I/O APIC and disable Hardware Clock in UTC Time. In Audio, enable Audio for your sound card. In Network, enable Bridged Adapter for Adapter 1. In Storage, click on Empty in the Storage Tree. Then click on the Disk icon to the right of CD/DVD Drive attributes. Choose the Elastix 2.5 ISO file that you downloaded. Click OK. Then start the virtual machine to begin the installation process. Follow the setup steps above to install Elastix 2.5 in your virtual machine.

3. Download and Install Incredible PBX for Elastix 2.5

After completing the Elastix 2.5 install, log into your server as root using SSH or Putty from a desktop machine that you will use to manage your server. This is important with the Incredible PBX IPtables Firewall WhiteList so you don’t get locked out of your own server! Then issue the following commands to begin the Incredible PBX install. You’ll actually run the installer twice, once to upgrade CentOS and Elastix and a second time to install Incredible PBX.

cd /root
wget http://incrediblepbx.com/incrediblepbx11elastix25.tar.gz
tar zxvf incrediblepbx11elastix25.tar.gz
rm -f incrediblepbx11elastix25.tar.gz
./IncrediblePBX11-Elastix25.sh
./IncrediblePBX11-Elastix25.sh

4. Initial Configuration of Incredible PBX for Elastix 2.5

Incredible PBX is installed with the preconfigured IPtables Linux firewall already in place. It implements WhiteList Security to limit server access to connected LANs, your server’s IP address, your desktop computer’s IP address, and a few of our favorite SIP providers. You can add additional entries to this WhiteList whenever you like using the add-ip and add-fqdn tools in /root. There’s also an Apache security layer for our web applications. And, of course, Elastix 2.5 has its own security methodology. Finally, we randomize extension and DISA passwords as part of the initial install process. Out of the starting gate, you won’t find a more secure VoIP server implementation anywhere. After all, it’s your phone bill.

Even with all of these layers of security, here are 6 Quick Steps to better safeguard your server. You only do this once, but failing to do it may lead to security issues you don’t want to have to deal with down the road. So DO IT NOW!

First, log out and back into your server as root with your root password to get the latest updates. Then do the following:

Make your root password very secure: passwd
Set your correct time zone: ./timezone-setup
Create admin password for web apps: htpasswd -b /etc/pbx/wwwpasswd admin newpassword
Set MySQL and Elastix admin PW: ./admin-pw-change (MySQL PW MUST be passw0rd with zero)
Make a copy of your other passwords: cat passwords.FAQ
Decipher IP address and other info about your server: status

Last but not least, Incredible PBX includes an automatic update utility which downloads important updates whenever you log into your server as root. We recommend you log in once a week to keep your server current. If you haven’t already done so, NOW would be a good time to log out and back into your server at the Linux command line to bring your server current.

5. Activate Trunks with Incredible PBX for Elastix 2.5

For those migrating from another aggregation including PBX in a Flash, this should be familiar territory for you. Using a browser, log into Elastix 2.5 at the IP address of your server. Before you can actually make or receive calls outside your PBX, you’ll need at least one trunk. In the Elastix 2.5 GUI, click PBX -> Trunks. Once you have your credentials from a provider, choose a provider from the list of preconfigured trunks on the right or create a new one. If you’re using one of the preconfigured options, remember to enable the trunk after adding your desired CallerID and credentials. Then save your settings and reload your Asterisk dialplan. That’s it. You’re ready to go.

6. Configure a Softphone with Incredible PBX for Elastix 2.5

Incredible PBX comes preconfigured with two extensions (701 and 702) that let you connect phones to your PBX. You can connect virtually any kind of telephone to your Elastix 2.5 PBX. Plain Old Phones require an analog telephone adapter (ATA) which can be a separate board in your computer from a company such as Digium. Or it can be a standalone SIP device such as ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP.

We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. You can find them in /root/passwords.FAQ. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password is assigned to the extension. Here’s what your entries should look like. Click OK to save your entries.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Here are a few numbers to get you started:


123 - Reminders
947 - Weather by ZIP Code
951 - Yahoo News
222 - ODBC Lookup (try: 12345)
DEMO - Allison's IVR Demo
TODAY - Today in History

6. Configuring SMTP Mail with Incredible PBX for Elastix 2.5

Outbound email support using Postfix is preconfigured with Elastix 2.5. You can test whether it’s actually working by issuing the following command using your destination email address after logging in as root:

echo "test" | mail -s testmessage yourname@gmail.com

If you don’t receive the email message within a minute or two and you’ve checked your spam folder, chances are your ISP is blocking downstream SMTP servers in an effort to combat spam. Comcast is one of the usual suspects. To enable outbound email service for delivery of voicemail and other email messages with a provider blocking downstream SMTP servers, you first need to obtain the SMTP domain of your ISP, e.g. smtp.comcrap.net. Next, edit /etc/postfix/main.cf and add your SmartHost entry [in brackets] to the line that begins like this: relayhost =. The line should look like this: relayhost = [smtp.comcrap.net]. Save your addition and restart Postfix: service postfix restart. Be sure to try another email test message after completing the SmartHost update. To use Gmail as your mail relay, see this tutorial.

Configuring Google Voice

We have included the Python implementation of gvoice in /root for those that want to experiment by making calls and sending SMS blasts the “old-fashioned” way. While Elastix does not directly support native Asterisk 11 Google Voice functionality, you now can use a SIP gateway to access Google Voice and make free calls in the U.S. and Canada.

If you have difficulty finding the Google Chat option after setting up a new Google Voice account, follow this tutorial.

Homework Assignment: Mastering Incredible PBX for Elastix 2.5

We’ve put together a complete tutorial for the applications included in Incredible PBX for Asterisk-GUI. Most of it is fully applicable to Elastix 2.5 as well. That should be your next stop. Then you’ll be ready to tackle Elastix 2.5. Google is your friend. Do some exploring, and we’ll post links to great articles on this terrific platform as we discover them. Your suggestions are also welcomed!

In the meantime, if you have questions, join the PBX in a Flash Forums and take advantage of our awesome collection of gurus. There’s an expert available on virtually any topic, and the price is right. As with Incredible PBX, it’s absolutely free. The same applies to the Elastix forum.

And if all of that wasn’t enough, feast your eyes on the Elastix Add-Ons that are only a button click away:

Download (PDF, 619KB)

Originally published: Tuesday, March 10, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


Some Recent Nerd Vittles Articles of Interest…

The Gotcha-Free PBX in the Cloud: Introducing Incredible PBX @ RentPBX.com

We continue the Incredible PBX for Asterisk-GUI adventure today with an open source alternative for which many have been clamoring, an affordable Cloud-based Asterisk® platform with a no-strings-attached graphical user interface. As if the $15 a month hosting plan weren’t enough, the icing on the cake is the quick 2-minute setup on your choice of a dozen servers throughout the U.S. as well as Canada and Europe. If you can find the Enter key on a keyboard, then you can handle the complexity of the RentPBX setup. When you’re finished, you’ll have a turnkey PBX featuring some of the finest open source software on the planet. The software is all free, subject only to the terms of the open source licenses.

Target Audience: Home or SOHO/SBO in need of a turnkey, Gotcha-Free PBX in the Cloud

Default Configuration: Asterisk 11 with enhanced Asterisk-GUI, Kennonsoft GUI, and NANPA dialplan

Platform: CentOS 6.6 running on RentPBX Cloud-Based Server platform

Memory: 385 MB with 415 MB swap

Disk Size: 20 GB

Default Trunks: Google Voice, CallCentric, DIDlogic, Future-Nine, IPcomms, Les.net, Vitelity, VoIP.ms1

Feature Set: Fax, SMS messaging, VPN, Reminders, ConfBridge Conferencing, AsteriDex, Voicemail, IVR, Email, News, Weather, Voice Dialer, Wolfram Alpha, Today in History, TM3 Firewall WhiteList, Speed Dialer, iNUM and SIP URI (free) worldwide calling, OpenCNAM CallerID lookups, DISA, Call Forwarding, CSV CDRs

Administrator Utilities: Incredible Backup/Restore, Automatic Updater, Asterisk Upgrader, phpMyAdmin, Timezone Config, Plug-and-Play Trunk Configurator, WebMin, External IP Setup, Firewall WhiteList Tools

Getting Started with Incredible PBX for Asterisk-GUI (Cloud Edition)

Here’s a quick overview of the installation and setup process for Incredible PBX for Asterisk-GUI @ RentPBX.com:

  1. Sign Up for Gotcha-Free PBX in the Cloud – Choose server location and await credentials
  2. Complete the Install of Incredible PBX and Incredible Fax
  3. Set Up Passwords for Incredible PBX for Asterisk-GUI
  4. Configure Trunks with Incredible PBX for Asterisk-GUI
  5. Connect a Softphone to Incredible PBX for Asterisk-GUI

1. Sign Up for Gotcha-Free PBX in the Cloud at RentPBX.com

Visit RentPBX.com and choose the PBX in a Flash builds and complete the following steps:

When you begin the payment and checkout phase, enter your coupon code to take advantage of the $15/month discounted rate: NOGOTCHAS. Wait for the confirmation email with your server credentials and dedicated IP address.

2. Complete the Install of Incredible PBX and Incredible Fax

Nothing tricky here. It’s a 2-minute setup process. Log into your server as root with your default password using SSH or Putty. Once you’re logged in, RentPBX will randomize all of your passwords for Incredible PBX. Next, you’ll be prompted for the email address to use for delivery of your faxes. Once entered, you’ll be prompted for various information to install HylaFax and AvantFax. Just press the Enter key at every prompt. In a couple minutes, your server will reboot to bring Incredible PBX and Incredible Fax on line. Log back into your server as root and let Incredible PBX run its Automatic Update Utility to bring your system current. That’s it. You now have a turnkey Asterisk® PBX that’s ready for configuration.

3. Initial Configuration of Incredible PBX for Asterisk-GUI

Incredible PBX is installed with the preconfigured IPtables Linux firewall already in place. It implements WhiteList Security to limit server access to your server’s IP address, your desktop computer’s IP address, and a few of our favorite SIP providers. You can add additional entries to this WhiteList whenever you like using the add-ip and add-fqdn tools in /root. There’s also an Apache security layer for web applications. And, of course, Asterisk-GUI has its own security methodology using Asterisk’s manager.conf. Finally, RentPBX randomized extension and DISA passwords as part of the initial setup process. Out of the starting gate, you won’t find a more secure VoIP server implementation anywhere. After all, it’s your phone bill.

Even with all of these layers of security, here are 10 Quick Steps to better safeguard your server. You only do this once, but failing to do it may lead to security issues you don’t want to have to deal with down the road. So DO IT NOW!

First, log into your server as root with your root password and do the following:

Make your root password very secure: passwd
Set your correct time zone: ./timezone-setup
Create admin password for web apps: htpasswd -b /etc/pbx/wwwpasswd admin newpassword
Make a copy of your other passwords: cat passwords.FAQ
Make a copy of your Knock codes: cat knock.FAQ
Decipher IP address and other info about your server: status

Second, log into your server as admin using a web browser pointed to your server’s IP address:

Click USERS tab in Incredible PBX GUI
Click Asterisk-GUI Administration
Log in as user: admin with password: password
Immediately change your admin password

Log in to Asterisk-GUI again with your new password. Expand the options available in the GUI (if required):

Options -> Advanced Options -> Show Advanced Options

Last but not least, Incredible PBX includes an automatic update utility which downloads important updates whenever you log into your server as root. We recommend you log in once a week to keep your server current.

4. Configure Trunks with Incredible PBX for Asterisk-GUI

Now for the fun part. If this is your first VoIP adventure, be advised that this ain’t your grandma’s phone system. You need not and should not put all your eggs in one basket when it comes to telephone providers. In order to connect to Plain Old Telephones, you still need at least one provider. But there is nothing wrong with having several. And a provider that handles an outbound call (termination) need not be the same one that handles an incoming call (origination) and provides your phone number (DID). We cannot recommend Vitelity highly enough, and it’s not just because they have financially supported our projects for almost a decade. They’re as good as VoIP providers get, and we use lots of them. If you’re lucky enough to live in the U.S., you’d be crazy not to set up a Google Voice account. It’s free as are all phone calls to anywhere in the U.S. and Canada. The remaining preconfigured providers included in Incredible PBX for Asterisk-GUI are equally good, and we’ve used and continue to use almost all of them. So pick a few and sign up. You only pay for the calls you make with each provider so you have little to lose by choosing several. The PIAF Forum includes dozens of recommendations on VoIP providers if you want additional information.

With the preconfigured trunks in Incredible PBX for Asterisk-GUI, all you need are your credentials for each provider and the FQDN of their server. Log into Asterisk-GUI Administration as admin using a browser. From the System Status screen, click Incredible PBX Apps. Click on each provider you have chosen and fill in the blanks with your credentials. When you’ve saved all of your settings, log into your server as root via SSH and type: service asterisk restart or asterisk-restart. You can also issue the command in the Asterisk-GUI by choosing the Asterisk CLI tab2 in the left column. Doesn’t get any simpler!

Update: It should be noted that Incredible PBX for Asterisk-GUI also supports Anveo Direct trunks; however, they are configured differently because of the way Anveo handles the calls. You’ll need the PIN provided by Anveo to set up your trunk, and Anveo supports CallerID spoofing so you can enter any CallerID number for the trunk that you are authorized to use. You’ll find the Anveo Direct setup link in the Incredible PBX Apps tab. To route an outgoing call through Anveo trunk, dial 2 + any desired 10-digit number.

Here is the complete list of dialing prefixes and the trunks to which they are associated:

  • 1 – Google Voice
  • 2 – Anveo Direct
  • 3 – Future Nine
  • 4 – CallCentric
  • 5 – DIDlogic
  • 6 – IPcomms
  • 7 – Les.net
  • 8 – Vitelity
  • 9 – VoIP.ms

For free iNUM calling worldwide, the following dialing prefixes are supported in conjunction with the last seven digits of any destination iNUM DID. Free iNUM DIDs for your own PBX are available from both of these providers as well.

  • 0XXXXXXX – CallCentric
  • 90XXXXXXX – VoIP.ms

5. Configure a Softphone with Incredible PBX for Asterisk-GUI

We’re in the home stretch now. You can connect virtually any kind of telephone to your new Gotcha-Free PBX. Plain Old Phones require an analog telephone adapter (ATA). Because your server is actually in the RentPBX Cloud, a standalone SIP device is required. Good choices are ObiHai’s OBi100 or OBi110 (if you have a phone line from Ma Bell to hook up as well). SIP phones can be connected directly so long as they have an IP address. These could be hardware devices or software devices such as the YateClient softphone. We’ll start with a free one today so you can begin making calls. You can find dozens of recommendations for hardware-based SIP phones both on Nerd Vittles and the PIAF Forum when you’re ready to get serious about VoIP telephony. Don’t forget to WhiteList the IP address of each SIP phone you wish to connect using /root/add-ip or /root/add-fqdn.

We recommend the YateClient softphone which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 6002 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 6002 password. Choose Users -> 6002 and write down your SIP/IAX Password. You can also find it in /root/passwords.FAQ. Fill in the blanks using the IP address of your server, 6002 for your account name, and whatever password is assigned to the extension. Click OK to save your entries.

Once you are registered to extension 6002, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:

7001 - IVR Demo
123 - Reminders
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
TODAY - Today in History

If you are a Mac user, another great no-frills softphone is Telephone. Just download and install it from the Mac App Store.

Configuring Google Voice

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

IMPORTANT: Do NOT under any circumstances take Google’s bait to switch from Google Chat to Hangouts, or you will forever lose the ability to use Google Chat with Incredible PBX. Also be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. Thus far, Google has apparently had a change of heart on discontinuing Google Chat support so it’s enabled by default in all new Google Voice accounts. Nothing free lasts forever so make some alternative arrangements before disaster strikes!

Once you’ve created a Gmail and Google Voice account, go to Google Voice Settings and click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you’ve adjusted your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Now you’re ready to configure your Google Voice account in Incredible PBX. You can do it from within Asterisk-GUI by choosing Google Voice within the Incredible PBX Apps tab. Once you’ve entered your credentials, don’t forget to restart Asterisk, or Google Voice calls will fail. If you still have trouble placing or receiving calls, follow these tips.

OK, Smarty Pants: Show Me the Beef!

We know what some of you are thinking. “What does a fast food worker really know about VoIP and Gotcha-Free PBXs?? Before I waste a bunch of time on this, show me the beef!” Fair enough. Sit by your phone and click the Call Me icon below. Type in a fake name and your real phone number. Click the Connect button, answer your phone when it rings, and press 1. You’ll be connected to the Incredible PBX IVR for Asterisk-GUI. Pick an option from the menu of choices and take the Incredible PBX apps for a spin on our dime… actually it’s Google’s dime. Everything you see and hear is part of what you get with Incredible PBX for Asterisk-GUI including the ability to set up your own click-to-dial web interface exactly like this one. The demo just happens to be running on our Mac desktop. So… what are you waiting for? Click away and try Incredible PBX for yourself. And, by the way, nobody besides the NSA and Google will be monitoring your call. 😉



Nerd Vittles Demo IVR Options3
1 – Call by Name (say “Delta Airlines” or “American Airlines” to try it out)
2 – MeetMe Conference (password is 1234)
3 – Wolfram Alpha (say “What planes are overhead?”)
4 – Lenny (The Telemarketer’s Worst Nightmare)
5 – Today’s News Headlines
6 – Weather Forecast (say the city and state, province, or country)
7 – Today in History
8 – Speak to a Real Person (or maybe just voicemail if we’re out)

Homework Assignment: Mastering the Incredible Apps and Asterisk-GUI

Just Released: The Gotcha-Free Incredible PBX Application User’s Guide

Your next stop should be a careful reading of the new Incredible PBX Application User’s Guide. It documents the 31 apps for Asterisk that are included with your new PBX. You also need to learn all you can about Asterisk-GUI and how to make the best use of its powerful feature set. Here’s one word of warning. We mentioned that Incredible PBX was a hybrid system that combines some customized settings with the standard Asterisk-GUI interface. Before modifying existing settings for the default trunks, extensions, and default routes, take a look at the credentials* files in /etc/asterisk. If you modify any of these trunk entries or the Outgoing or Incoming Call Rules in Asterisk-GUI, you may break the Incredible PBX setup. So steer clear of that minefield until you know what you’re doing. Adding new extensions and additional trunks is perfectly fine and will not break anything.

Rather than reinvent the wheel, we’ll point you to some excellent tutorials that already have been written. Start with Chapter 3 of Digium’s Asterisk Appliance™ Administrator Manual. Next, review Chapter 11 of The Asterisk Book (Second Edition). Finally, take a look at a couple of the tutorials that have been written by other companies that incorporated Asterisk-GUI into their hardware products, e.g. Yeastar’s MyPBX SOHO User Manual and Grandstream’s UCM6100 User Manual.

In the meantime, if you have questions, join the PBX in a Flash Forums and take advantage of our awesome collection of gurus. There’s an expert available on virtually any topic, and the price is right. As with Incredible PBX, it’s absolutely free.

We also are quickly building a collection of tutorials tailored specifically for Incredible PBX for Asterisk-GUI:

Enjoy your new Gotcha-Free PBX in the Cloud!


Don’t forget to List Yourself in Directory Assistance so everyone can find you by dialing 411. Add your new number to the Do Not Call Registry to block telemarketing calls. Or call 888-382-1222 from your new number.

Originally published: Monday, February 23, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


Some Recent Nerd Vittles Articles of Interest…

  1. Vitelity, Google, and RentPBX provide financial support to Nerd Vittles and the Incredible PBX project. []
  2. If, for some reason, the Asterisk CLI tab does not appear on your server, click Options -> Advanced Options -> Show Advanced Options. []
  3. Allison is available to record custom voice prompts with the same quality as this one. []

Where to Begin: A Comparison of Open Source Features in Asterisk Aggregations

We receive frequent inquiries requesting that we document the feature set in the open source Asterisk® distributions that Nerd Vittles writes about each week. So today we’re pleased to provide a Feature Matrix that we will attempt to keep current as we move forward. Just bookmark this page, and you can check back periodically to get a quick thumbnail sketch of what each of these distributions currently supports.1 A chart, of course, doesn’t tell the whole story. But it’s a good starting point.

Not covered this week are the Asterisk aggregations that are either non-GPL code or are produced by organizations whose primary focus is the sale of commercial hardware and/or software. But don’t despair. Nerd Vittles is weeks away from announcing a commercial solution with some surprises that may encourage non-hobbyists to reevaluate your options and to take a fresh look at commercial alternatives, some of which may soon be free. So… hold on to your checkbook a bit longer!

All of the Asterisk aggregations we’re covering today have several things in common. First, all of the products rely upon industry-standard operating system platforms including CentOS, Scientific Linux, Ubuntu, and Raspbian. Each has an enormous user base and technical support team to assure that your operating system remains stable, secure, and non-proprietary for the life of your PBX. All of today’s products also support open source, non-proprietary, and free fax solutions with installers customized to the various platforms. Unlike other alternatives, all of these aggregations compile Asterisk and the graphical user interface used to manage your PBX as part of the install process. That means your compiled code is tailored to your particular hardware, and the source code is always installed on your server to simplify the task of making changes or enhancements to the default install without spending hours scouring the Internet to track down dependencies and missing source components. Try finding 3-year-old source code of some of the other distributions (as the GPL requires), and you’ll appreciate our SourceForge repository which goes back almost 5 years. Last but not least, all of these aggregations support Google Voice directly with free calling and free faxing throughout the U.S. and Canada in just minutes.

Once you’ve identified the feature set that best meets your needs, the next step is finding a tutorial to get you started. Look no further than Nerd Vittles for step-by-step instructions tailored to your specific platform whether it’s dedicated hardware, a virtual machine, or a Cloud-based platform. You won’t find an equivalent resource anywhere else. And, of course, the most user-friendly forum on the planet stands ready to help should you ever hit a snag.

For the reading-impaired, we’ve developed a handy decision tree below to guide you through the selection process. 😉

Originally published: Tuesday, February 17, 2015



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


Some Recent Nerd Vittles Articles of Interest…

  1. Our special thanks to Captain Anonymous for the terrific code that made an HTML layout of this feature comparison chart possible. []
  2. RentPBX is a Platinum Sponsor of the PBX in a Flash project. Install PIAF in the Cloud for $15/mo. with Coupon Code: PIAF2015 []