Posts tagged: virtualization

It’s Back: $10.50 Buys an Incredible PBX in the Cloud For Life… If You Hurry

In January, we began our new series on Cloud Computing by documenting how to build an awesome LAMP server in the Cloud using Linux. Today we’re again going to show you how to use the same Cloud platform and take advantage of the $10.50 coupon code TAKE70 to build an Incredible PBX in the Cloud FOR LIFE. When you’re finished, you’ll have a state-of-the-art Incredible PBX 13 server with hundreds of PBX features including free calling to the U.S. and Canada using any (free) Google Voice account. Keep in mind this isn’t $10.50 a month for your cloud server. It’s $10.50, period! The whole project takes less than an hour. Before we begin, let’s revisit our cautionary note for those that missed it in the previous article. It’s important.

There’s lots to hate at Cloud At Cost, a Canadian provider that offers virtual machines in the cloud for a one-time fee with no recurring charges. For $35 $10.50, you get a virtual machine with 512MB of RAM, 10GB of storage, and a gigabit Internet connection FOR LIFE. We haven’t seen a week go by when Cloud at Cost didn’t offer some sort of discount. Today it’s 70% which brings the total cost down to $10.50. That’s less than a burger at Five Guys. That’s the good news. But, if security, 99.999% reliability, performance, and excellent customer support are your must-haves, then look elsewhere. So why would anyone in their right mind sign up for a cloud solution that didn’t offer those four things? Did we mention it’s $10.50 for a lifetime cloud server?

If you take our recommendation and plunk down your $10.50, you’ll need to go into this with the right attitude. It’s not going to be flawless perfection computing. It’s a sandbox on which to experiment with [VoIP] and Cloud Computing. Will your virtual machine disintegrate at some juncture? Probably. Our experience is that the first couple days are critical. If you start seeing sluggish performance which degenerates to zero, don’t waste your time. Take good notes as you go along, delete the virtual machine, and rebuild a new one. It won’t cost you a dime, and it’ll save you hours of frustration. We suspect that bad folks get onto some of the servers and delight in bringing the machines to their knees. So the quicker you cut your losses, the better off you will be. Is CloudAtCost a good solution for production use? Absolutely Probably not so don’t try to fit a square peg in the round hole. It’s not gonna work, and you WILL be disappointed.

Today’s experiment will give you a platform on which to learn before you decide upon a more permanent deployment solution. And it will give you a terrific home for a backup server once you do move to a long-term solution so your $10.50 won’t be wasted.


The objective today is to show you how to build a rock-solid, secure VoIP server in the Cloud with all the bells and whistles you’d typically find on a PBX costing tens of thousands of dollars. Incredible PBX is pure GPL, open source code with one major difference. It’s FREE! And it’s supported by thousands of users on the PIAF Forum that started just like you.

Some of you are probably wondering why you would want a PBX at all. Hearing is believing as they say. Spend a couple minutes and call our CloudAtCost demo server. We preconfigured it using everything provided in today’s tutorial. It’ll let you play with some of the features that a PBX offers such a voice dialing from a directory, news and weather forecasts, and much more. And, in case you’re wondering, it’s been running 24/7 for two full months without a single hiccup. To try it for yourself, just dial:

Nerd Vittles Demo IVR Options
1 – Call by Name (say “Delta Airlines” or “American Airlines” to try it out)
2 – MeetMe Conference (password is 1234)
3 – Wolfram Alpha (say “What planes are flying overhead now?”)
4 – Lenny (The Telemarketer’s Worst Nightmare)
5 – Today’s News Headlines
6 – Weather Forecast (Just enter your ZIP Code!)
7 – Today in History
8 – Speak to a Real Person (or maybe just voicemail if we’re out)

For long time readers of Nerd Vittles, you already know that the component we continually stress is security. Without that, the rest really doesn’t matter. You’ll be building a platform for someone else to hijack and use for nefarious purposes. When we’re finished today, you’ll have a cloud-based VoIP server that is totally invisible to the rest of the world except a short list of VoIP providers that have been thoroughly vetted by Nerd Vittles staff. You can whitelist additional locations and phones to meet your individual needs without worrying about your server being compromised.

Creating Your Virtual Machine Platform in the Cloud

To get started, you’ve got to cough up your $10.50 at Cloud at Cost using coupon code TAKE70. Once you’ve signed up, CloudAtCost will send you credentials to log into the Cloud at Cost Management Portal. Change your portal password IMMEDIATELY after logging in. Just go to SETTINGS and follow your nose. HINT: DC2 is the preferred data center!

To create your virtual machine, click on the CLOUDPRO button and click Add New Server. If you’ve only purchased the $10.50 CloudPRO 1 platform, then you’ll need all of the available resources shown in the pick list. Leave CentOS 6.7 64bit selected as the OS Type and click Complete. Depending upon the type of special pricing that Cloud at Cost is offering when you sign up, the time to build your virtual machine can take anywhere from a minute to the better part of a day. Things have settled down since the 90% off week so new servers typically are ready in a few minutes. However, we’ve learned to build new virtual machines at night where possible. Then they’re usually available for use by the next morning. Luckily, this slow performance does not impact existing virtual machines that already are running in the CloudAtCost hosting facilities.

Initial Configuration of Your CentOS 6.7 Virtual Machine

With a little luck, your virtual machine soon will appear in your Cloud at Cost Management Portal and look something like what’s shown above. The red arrow points to the i button you’ll need to click to decipher the password for your new virtual machine. You’ll need both your IP address and the password for the new virtual machine in order to log into the server which is now up and running with a barebones CentOS 6.7 operating system. Note the yellow caution flag. That’s telling you that Cloud at Cost will automatically shut down your server in a week to save (them) computing resources. You can change the setting to keep your server running 24/7. Click Modify, Change Run Mode, and select Normal – Leave Powered On. Click Continue and OK to save your new settings.

Finally, you’ll want to change the Host Name for your server to something more descriptive than c7…cloudpro.92… Click the Modify button again and click Rename Server to change it. IncrediblePBX13 has a nice ring to it, but to each his own.

Logging into Your New CentOS 6.7 Virtual Machine

In order to configure and manage your new CentOS 6.7 virtual machine, you’ll need to log into the new server using either SSH or, for Windows users, Putty. After installing Putty, run it and log in to the IP address of your VM with username root and the password you deciphered above. On a Mac, open a Terminal session and issue a command like this using the actual IP address of your new virtual machine:

ssh root@12.34.56.78

Before you do anything else, reset your Virtual Machine’s root password to something very secure: passwd

Next, let’s address a couple of CloudAtCost quirks that may cause problems down the road. CloudAtCost has a nasty habit of not cleaning up after itself with fresh installs. The net result is your root password may get reset every time you reboot even though you changed it.

sed -i '/exit 0/d' /etc/rc.local
killall plymouthd
echo killall plymouthd >> /etc/rc.local
rm -f /etc/rc3.d/S97*
echo "exit 0" >> /etc/rc.local

Installing Incredible PBX 13 with CentOS 6.7

Now we’re ready to build your VoIP server platform. There aren’t many steps so just cut-and-paste the code into your SSH or Putty session and review the results to make sure nothing comes unglued. If something does, the beauty of virtual machines is you can delete them instantly within your management portal and just start over whenever you like. So here we go…

We’ll begin by permanently turning off SELINUX which causes more problems than it solves. The first command turns it off instantly. The second line assures that it’ll stay off whenever you reboot your virtual machine.

setenforce 0
sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config

Now let’s bring CentOS 6.7 up to current specs and add a few important applications:

yum -y update
yum -y install net-tools nano wget tar
reboot

Once your server reboots, we’re ready to kick off the Incredible PBX 13 install:

cd /root
wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz
tar zxvf incrediblepbx*
./IncrediblePBX*

When the install begins, read the license agreement and press ENTER to agree to the terms and get things rolling. Now would be a great time to go have breakfast or lunch. Come back in about an hour and your server should be ready to go.

Implementing Dynamic DNS Service on Your Client Machines

Unlike some other PBX offerings that leave your server exposed to the Internet, Incredible PBX is different. Unless the IP address from which you are accessing the server has been whitelisted, nobody on the Internet can see your server. The only exception is the preferred providers list and those on the same local area network (which is nobody in the case of CloudAtCost). As part of the Incredible PBX install, the IP address of the computer you used to perform the install was whitelisted automatically. But there may be other computers from which you wish to allow access to the PBX in order to deploy telephones at remote sites. Some of these sites may have dynamic IP addresses that change from time to time. Or you may have traveling salesman that land in a new hotel almost every night with a new IP address. Fortunately, there are a number of free and paid Dynamic DNS providers. For sites with dynamic IP addresses, simply choose a fully-qualified domain name (FQDN) to identify each location where you need computer access or need to deploy a phone. Then run a dynamic DNS update utility periodically from a computer or router at that site. It reports back the current public IP address of the site and your DNS provider updates the IP address assigned to that FQDN whenever there are changes.

DNS update clients are available for Windows, Mac OS X, and many residential routers. They’re also available for Android devices. Then it’s just a matter of plugging in the remote users’ FQDNs so Incredible PBX knows to give them server access via the whitelist. You implement this in seconds using the add-ip and add-fqdn utilities in the /root directory.

There are other ways to gain access as well using the PortKnocker utility or Travelin’ Man 4 from a telephone. Both of these are covered in the Incredible PBX 13 tutorial so we won’t repeat it here.

Incredible PBX Preliminary Setup Steps

First, let’s check things out and make sure everything is working as it should. With your favorite web browser, visit the IP address of your new server. You should see the default Incredible PBX page, the Kennonsoft Menu. It’s divided into two parts, a Users tab (shown below) and an Admin tab with additional options that we’ll cover shortly.

Now we need to jump back to SSH or Putty and log back into your server as root. You’ll note that the Incredible PBX Automatic Update Utility is run each time you log in. This is how important security updates are pushed to your server so do it regularly. And, no, you don’t need to contribute to our open source projects unless you want to. You’ll still get the updates as they are released.

After the Automatic Update Utility runs, the login script will execute status which tells you everything you need to know about the health of your server. After the initial install, it will look something like this with your server’s IP address obviously. We’ll cover the RED items down the road a bit.

For now, we need to complete a few preliminary setup steps for Incredible PBX to make sure you can log into the various components which have been installed on your computer. There are several different credentials you will need. Most of these are configured using scripts in the /root folder of your server. First, you need your root password for the server itself, and you should have already set that up with a very secure password using passwd. These same credentials are used to login to WebMin.

Next you’ll need an admin password for the Incredible PBX GUI. This is the management utility and Asterisk® code generator which consists of FreePBX® GPL modules that are open source and free to use. The admin password is set by running admin-pw-change in the /root directory.

There are also a number of web-based applications such as Telephone Reminders, AsteriDex, phpMyAdmin, and VoiceMail & Recordings (User Control Panel). You obviously don’t want everyone with a telephone using all of these applications so they are protected using a couple different Apache web server credentials. First, you set up an admin password for the administrator-level applications using the htpasswd utility. Then you set up an end-user account and password for access to AsteriDex, Reminders, and the User Control Panel. With the User Control Panel, end users also will need a username and password for their particular phone extension and this is configured with the Incredible PBX GUI using Admin -> User Management -> Add New User. If this sounds convoluted, it’s really not. Apache credentials can be entered once in an administrator’s or end user’s browser and they’re stored permanently.

Here is a checklist of the preliminary steps to complete before using your server:

Make your root password very secure: passwd
Create admin password for Incredible PBX GUI access: /root/admin-pw-change
Create admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin
Create joeuser password for web apps: htpasswd /etc/pbx/wwwpasswd joeuser
Set up UCP accounts for Voicemail & Recordings access using Incredible PBX GUI
Make a copy of your Knock codes: cat /root/knock.FAQ
Decipher IP address and other info about your server: status
Set your correct time zone: /root/timezone-setup

Activating Incredible Fax on Your Server

Incredible PBX also includes an optional (and free) faxing component that lets you send and receive faxes that are delivered to your email address. To activate Incredible Fax, run the following script and plug in your email address for delivery of incoming faxes: /root/incrediblefax11.sh. After entering your email address, you’ll be prompted for all sorts of additional information. Unless you have unusual requirements, pressing the ENTER key at every prompt is the appropriate response. You’ll need to reboot your server again when the fax installation is complete. Once you log back into your server as root, the bottom line of the status display should now be green UP entries.

Managing Your Server with the Incredible PBX GUI

About 99% of your time managing your server will be spent in the Incredible PBX GUI. To access it, fire up your browser and point to the IP address of your server. At the Kennonsoft menu, click on the Users tab which will change to Admin and bring up the Admin menu shown here:

From the Administrator menu in the Kennonsoft GUI, click on Incredible PBX Administration. This will bring up the following menu:

Click on the first icon to access the Incredible PBX GUI. You’ll be prompted for your credentials. For the username, enter admin. For the password, enter the password you set up using admin-pw-change above. You should then be greeted by the main status display in the Incredible GUI:

If you’re new to Asterisk and FreePBX, here’s the one paragraph primer on what needs to happen before you can make free calls with Google Voice. You’ll obviously need a free Google Voice account. This gets you a phone number for people to call you and a vehicle to place calls to plain old telephones throughout the U.S. and Canada at no cost. You’ll also need a softphone or SIP phone (NOT a regular POTS telephone) to actually place and receive calls. YATE makes a free softphone for PCs, Macs, and Linux machines so download your favorite and install it on your desktop. Phones connect to extensions to work with Incredible PBX. Extensions talk to trunks (like Google Voice) to make and receive calls. We use outbound routes to direct outgoing calls from extensions to trunks, and we use inbound routes to route incoming calls from trunks to extensions to make your phones ring. In a nutshell, that’s how a PBX works. There are lots of bells and whistles that you can explore down the road.

As configured after installation, you have everything you’ll need except a Google Voice trunk, and we’ll cover that next. Then we’ll add a softphone with your extension 701 credentials, and you’ll be ready to make and receive calls. Before we move on, let’s decipher your extension 701 password so that you’ll have it for later. Choose Applications -> Extensions -> 701 and scroll down the screen to the Secret field and write down your password. You can also change it if you like and click Submit and then the Red button to update your settings. While you’re here, write down your extension 701 Voicemail Password.

Deploying Google Voice on Your Server

That leaves one RED entry on your status display, GV OAUTH. Whether to use plain text passwords or OAUTH 2 credentials with Google Voice accounts presently is a matter of choice although Google regularly threatens to discontinue access to Google Voice without OAUTH authentication. We suggest you play with Google Voice using plain text passwords just to get your feet wet because OAUTH implementation gets complicated. When you get ready to deploy a permanent Incredible PBX server, that would be the appropriate time to switch to OAUTH. This tutorial (beginning at step 1b) will guide you through the process.

If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!

We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Once you have your Google Voice account properly configured with Google, here is the proper sequence to get a Google Voice account working with Incredible PBX. First, using a browser, login to your Google Voice account. Second, make sure that Google Chat is activated in your Phone -> Settings. Third, in a separate browser tab, enable Less Secure Apps for your Google account. Fourth, in another separate browser tab, activate the Google Voice reset procedure. Fifth, in the Incredible PBX GUI, choose Connectivity -> Google Voice (Motif) and enter your Google Voice credentials:

Sixth, save your settings by clicking Submit and the Red Button to reload the GUI. Finally, using SSH or Putty, log into your server as root and restart Asterisk: amportal restart.

Setting Up a Soft Phone to Use with Incredible PBX

Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and your extension 701 password. Click OK.

Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:


DEMO - Allison's IVR Demo
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
*68 - Wakeup Call
TODAY - Today in History

Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to use the free Google Voice account we set up above. Unlike traditional telephone service where you were 100% dependent upon MaBell, there is no such limitation with VoIP. The smarter long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started. Here are a few of our favorites:

Originally published: Friday, January 29, 2016   Republished: Monday, March 14, 2016





Need help with Asterisk? Visit the PBX in a Flash Forum.


 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    The Ultimate Linux Sandbox in the Cloud for Less Than a $35 Raspberry Pi 2

    Every few years we like to drop back and take a fresh look at the best way to get started with Linux. For those coming from the Windows World, it can be a painful process. Learning with a Cloud-based server can be especially dangerous because of the security risks. And then there’s the cost factor. Not everyone has several hundred dollars to buy hardware and, frankly, learning about Linux on a $35 Raspberry Pi can drive most newbies to drink. So today we’ll show you another way. It’s not necessarily a better way. But it’s different, and it’s loads of fun for not much money. Today’s project only takes 30 minutes.

    There’s lots to hate at Cloud At Cost, a Canadian provider that offers virtual machines in the cloud for a one-time fee with no recurring charges. For $35 or less, you get a virtual machine with 512MB of RAM, 10GB of storage, and a gigabit Internet connection FOR LIFE. We haven’t seen a week go by when Cloud at Cost didn’t offer some sort of discount. Today it’s 70% off with coupon code TAKE70 which brings the total cost down to $10.50. That’s less than a burger at Five Guys. That’s the good news. But, if security, 99.999% reliability, performance, and excellent customer support are your must-haves, then look elsewhere. So why would anyone in their right mind sign up for a cloud solution that didn’t offer those four things? Did we mention it’s $10.50 for a lifetime cloud server?

    If you take our recommendation and plunk down your Alexander Hamilton, you’ll need to go into this with the right attitude. It’s not going to be flawless perfection computing. It’s a sandbox on which to experiment with Linux and Cloud Computing. Will your virtual machine disintegrate at some juncture? Probably. Our experience is that the first couple days are critical. If you start seeing sluggish performance which degenerates to zero, don’t waste your time. Take good notes as you go along, delete the virtual machine, and rebuild a new one. It won’t cost you a dime, and it’ll save you hours of frustration. We suspect that bad folks get onto some of the servers and delight in bringing the machines to their knees. So the quicker you cut your losses, the better off you will be. Is CloudAtCost a good solution for production use? Absolutely not so don’t try to fit a square peg in the round hole. It’s not gonna work, and you WILL be disappointed. You’ve been warned. Let’s get started. ENJOY THE RIDE!

    Our objective today is to show you how to build a rock-solid, secure Linux server in the Cloud with all the bells and whistles that make Linux the server platform of choice for almost every organization in the world. We’ll finish up by showing you how to embellish the platform with WordPress to do something that’s special for you whether it’s your own blog like Nerd Vittles, or a school newspaper, or an on-line shopping site to sell comic books. The basic foundation for most Linux platforms is called a LAMP server which stands for Linux, Apache, MySQL, and PHP. Linux is an open source operating system that includes contributions from thousands of developers around the world. Apache is the web server platform on which most commercial businesses stake their reputation. MySQL is the open source database management system now owned by Oracle. If it’s good enough for Facebook, it’s good enough for you. And PHP is THE web-based programming language that will let you build almost any application using Linux, Apache, and MySQL.

    So what’s the big deal? There are thousands of online tutorials that will show you how to build a LAMP server. For long time readers of Nerd Vittles, you already know that the component we continually stress is security. Without that, the rest really doesn’t matter. You’ll be building a platform for someone else to hijack and use for nefarious purposes. When we’re finished today, you’ll have a cloud-based server that is totally invisible to the rest of the world with the exception of its web interface. And we’ll show you a simple way to reduce the exposure of your web interface to some of its most likely attackers. Will it be 100% secure? Nope. If you have a web server on the public Internet, it’s never going to be 100% secure because there’s always the chance of a software bug that nobody has yet discovered and corrected. THAT’S WHAT BACKUPS ARE FOR!

    Creating Your Virtual Machine Platform in the Cloud

    To get started, you’ve got to plunk down your $10.50 at Cloud at Cost using coupon code TAKE70. Once you’ve paid the piper, they will send you credentials to log into the Cloud at Cost Management Portal. Change your password IMMEDIATELY after logging in. Just go to SETTINGS and follow your nose.

    To create your virtual machine, click on the CLOUDPRO button and click Add New Server. If you’ve only purchased the $10.50 CloudPRO 1 platform, then you’ll need all of the available resources shown in the pick list. Leave CentOS 6.7 64bit selected as the OS Type and click Complete. Depending upon the type of special pricing that Cloud at Cost is offering when you sign up, the time to build your virtual machine can take anywhere from a minute to the better part of a day. We’ve learned to build new virtual machines at night, and they’re usually available for use by the next morning. Luckily, this slow performance does not impact existing virtual machines that already are running in their hosting facility.

    Initial Configuration of Your CentOS 6.7 Virtual Machine

    With a little luck, your virtual machine soon will appear in your Cloud at Cost Management Portal and look something like what’s shown above. The red arrow points to the i button you’ll need to click to decipher the password for your new virtual machine. You’ll need both the IP address and the password for your new virtual machine in order to log into the server which is now up and running with a barebones CentOS 6.7 operating system. Note the yellow caution flag. That’s telling you that Cloud at Cost will automatically shut down your server in a week to save (them) computing resources. You can change the setting to keep your server running 24/7. Click Modify, Change Run Mode, and select Normal – Leave Powered On. Click Continue and OK to save your new settings.

    Finally, you’ll want to change the Host Name for your server to something more descriptive than c7…cloudpro.92… Click the Modify button again and click Rename Server to make the change. Your management portal then will show the new server name as shown above.

    Logging into Your CentOS 6.7 Virtual Machine

    In order to configure and manage your new CentOS 6.7 virtual machine, you’ll need to log into the new server using either SSH or, for Windows users, Putty. After installing Putty, run it and log in to the IP address of your VM with username root and the password you deciphered above. On a Mac, open a Terminal session and issue a command like this using the actual IP address of your new virtual machine:

    ssh root@12.34.56.78
    

    Before you do anything else, reset your root password to something very secure: passwd

    Installing the LAMP Server Basics with CentOS 6.7

    Now we’re ready to build your LAMP server platform. We’ve chopped this up into lots of little steps so we can explain what’s happening as we go along. There’s nothing hard about this, but we want to document the process so you can repeat it at any time. As we go along, just cut-and-paste each clump of code into your SSH or Putty session and review the results to make sure nothing comes unglued. If something does, the beauty of virtual machines is you can delete them instantly within your management portal and just start over whenever you like. So here we go…

    We’ll begin by permanently turning off SELINUX which causes more problems than it solves. The first command turns it off instantly. The second line assures that it’ll stay off whenever you reboot your virtual machine.

    setenforce 0
    sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
    

    Now let’s bring CentOS 6.7 up to current specs and add a few important applications:

    yum -y update
    yum -y install nano wget expect net-tools dialog git xz
    yum -y install kernel-headers
    yum -y install kernel-devel
    

    Next, we’ll set up your Apache web server and configure it to start whenever you reboot your server:

    yum -y install httpd
    service httpd start
    chkconfig httpd on
    

    Now let’s set up your MySQL server, bring it on line, and make sure it restarts after server reboots. Unless you plan to add Asterisk® and FreePBX® to your server down the road, you’ll want to uncomment the two commands that begin with # by removing the # symbol and replacing new-password with a very secure password for your root user account in MySQL. Be sure to run the last command to secure your server. After logging in, the correct answers are n,Y,Y,Y,Y.

    yum -y install mysql mysql-server
    service mysqld start
    chkconfig mysqld on
    #/usr/bin/mysqladmin -u root password 'new-password'
    #/usr/bin/mysqladmin -u root -p -h localhost.localdomain password 'new-password'
    mysql_secure_installation
    

    Next, we’ll set up PHP and configure it to work with MySQL:

    yum -y install php
    yum -y install php-mysql
    service httpd restart
    

    Finally let’s get SendMail installed and configured. Insert your actual email address in the last line and send yourself a test message to be sure it’s working. Be sure to check your spam folder since the message will show a sender address of localhost which many email systems including Gmail automatically identify as spam.

    yum -y install sendmail
    rpm -e postfix
    service sendmail restart
    yum -y install mailx
    echo "test" | mail -s testmessage youracctname@yourmailserver.com
    

    Installing Supplemental Repositories for CentOS 6.7

    One of the beauties of Linux is not being totally dependent upon CentOS for all of your packaged applications. Let’s add a few other repositories that can be used when you need to add a special package that is not in the CentOS repository. Let’s start with EPEL. We’ll disable it by default and only use it when we need it.

    yum -y install http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm
    sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/epel.repo
    

    We actually need the EPEL repo to install Fail2Ban for monitoring of attacks on certain Linux services such as SSH:

    yum --enablerepo=epel install fail2ban -y
    cd /etc
    wget http://incrediblepbx.com/fail2ban-lamp.tar.gz
    tar zxvf fail2ban-lamp.tar.gz
    

    We also need the EPEL repo to install ipset, a terrific addition to the IPtables Linux firewall that lets you quickly block entire countries from accessing your server:

    yum --enablerepo=epel install ipset -y
    

    Next, we’ll add a sample script that documents how the country blocking mechanism works with ipset.1 For a complete list of countries that can be blocked, go here. If you need a decoder badge to match abbreviations against country names, you’ll find it here. To add other countries, simply edit the shell script and clone lines 4-7 using the names of the countries and country zone files that you wish to add. Be sure to insert the new lines before the commands to restart iptables and fail2ban. This script will need to be run each time your server reboots and before IPtables is brought on line. We’ll handle that a little later.

    echo "#\!/bin/bash" > /etc/block-china.sh
    echo " " >> /etc/block-china.sh
    echo "cd /etc" >> /etc/block-china.sh
    echo "ipset -N china hash:net" >> /etc/block-china.sh
    echo "rm cn.zone" >> /etc/block-china.sh
    echo "wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone" >> /etc/block-china.sh
    echo "for i in $(cat /etc/cn.zone ); do ipset -A china $i; done" >> /etc/block-china.sh
    echo "service iptables restart" >> /etc/block-china.sh
    echo "service fail2ban restart" >> /etc/block-china.sh
    sed -i 's|\\||' /etc/block-china.sh
    chmod +x /etc/block-china.sh
    

    Another important repository is REMI. It is especially helpful if you decide to upgrade PHP from the default version 5.3 to one of the newer releases: 5.5 or 5.6. In this case, you’ll want to activate the specific repository to support the release you choose in /etc/yum.repos.d/remi-safe.repo.

    yum -y install http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
    sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/remi-safe.repo
    

    One final repository to have on hand is RPMForge, now renamed RepoForge. We’ll use it in a bit to install a dynamic DNS update utility which you actually won’t need at CloudAtCost since your server is assigned a static IP address. But it’s handy to have in the event you wish to assign a free FQDN to your server anyway.

    yum -y install http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
    sed -i 's|enabled = 1|enabled = 0|' /etc/yum.repos.d/rpmforge.repo
    

    Adding a Few Utilities to Round Out Your LAMP Server Deployment

    If you’re like us, you’ll want to test the speed of your Internet connection from time to time. Let’s install a free script that you can run at any time by logging into your server as root and issuing the command: /root/speedtest-cli

    cd /root
    wget -O speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest_cli.py
    chmod +x speedtest-cli
    

    Next, let’s put in place a simple status display which will quickly tell you what’s running and what’s not. We’ve borrowed some GPL code from Incredible PBX to help you out. Run status-lamp at any time for a snapshot of your server.

    cd /usr/local/sbin
    wget http://incrediblepbx.com/status-lamp.tar.gz
    tar zxvf status-lamp.tar.gz
    rm -f status-lamp.tar.gz
    

    Now we’ll put the Linux Swiss Army Knife in place. It’s called WebMin, and it provides a GUI to configure almost everything in Linux. Pick up a good WebMin book from your public library to get started. Once installed, you access WebMin from your browser at the IP address of your server on the default port of 10000: https://serverIPaddress:10000. It’s probably a good idea to change this port number and the commented out line shows how to do it with the new port being 9001 in the example. The way in which we typically configure the Linux firewall will block all access to WebMin except from an IP address which you have whitelisted, e.g. your home computer’s public IP address.

    cd /root
    yum -y install perl perl-Net-SSLeay openssl perl-IO-Tty
    yum -y install http://prdownloads.sourceforge.net/webadmin/webmin-1.780-1.noarch.rpm
    #sed -i 's|10000|9001|g' /etc/webmin/miniserv.conf
    service webmin restart
    chkconfig webmin on
    

    Tweaking Your CloudAtCost Setup Improves Performance and Improves Security

    Finally, let’s address a couple of CloudAtCost quirks that may cause problems down the road. CloudAtCost has a nasty habit of not cleaning up after itself with fresh installs. The net result is your root password gets reset every time you reboot.

    killall plymouthd
    echo killall plymouthd >> /etc/rc.local
    rm -f /etc/rc3.d/S97*
    

    With the exception of firewall configuration, which is so important that we’re covering it separately below, you now have completed the LAMP server installation. After completing the firewall steps in the next section, simply reboot your server and you’re ready to go.

    The Most Important Step: Configuring the Linux IPtables Firewall

    RULE #1: DON’T BUILD SERVERS EXPOSED TO THE INTERNET WITHOUT ROCK-SOLID SECURITY!

    As installed by CloudAtCost, your server provides ping and SSH access from a remote computer and nothing else. The good news: it’s pretty safe. The bad news: it can’t do anything useful for anybody because all web access to the server is blocked. We want to fix that, tighten up SSH access to restrict it to your IP address, and deploy country blocking to show you how.

    As we implement the firewall changes, you need to be extremely careful in your typing so that you don’t accidentally lock yourself out of your own server. A typo in an IP address is all it takes. The good news is that, if you do lock yourself out, you still can gain access via the CloudAtCost Management Portal by clicking the Console button of your virtual machine. Because the console is on the physical machine and the lo interface is whitelisted, you can log in and disable the firewall temporarily: service iptables stop. Then fix the typo and restart the firewall: service iptables start.

    First, let’s download the new IPtables config file into your root folder and take a look at it.

    cd /root
    wget http://incrediblepbx.com/iptables-lamp.tar.gz
    tar zxvf iptables-lamp.tar.gz
    

    Now edit the /root/iptables-lamp file by issuing the command: nano -w /root/iptables-lamp

    You can scroll up and down through the file with Ctl-V and Ctl-Y. Cursor keys work as well. Once you make changes, save your work: Ctl-X, Y, ENTER. You’re now an expert with the nano text editor, an absolutely essential Linux tool.

    Here’s what that file actually looks like:

    *filter
    :INPUT DROP [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -p icmp -j DROP
    -A INPUT -i lo -j ACCEPT
    -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
    -A INPUT -m state --state INVALID -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN              -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST              -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST              -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags ACK,FIN FIN                  -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG                  -j DROP
    -A INPUT -p tcp -m set --match-set china src                    -j DROP
    -A INPUT -p udp -m udp --dport 53 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
    -A INPUT -p udp -m udp --dport 123 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 123 -j ACCEPT
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    #-A INPUT -s 12.34.56.78 -j ACCEPT
    #-A INPUT -s yourFQDN.dyndns.org -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A FORWARD -j REJECT --reject-with icmp-host-prohibited
    COMMIT
    

    Reminder: If you add another country to your block-china script, don’t forget to add a corresponding new country entry to your iptables file. See line 17 above that includes the word “china” for the syntax. There’s nothing much else to tweak except the two commented out (brown) lines that begin with #. First, remove the # symbol by moving the cursor to the right of the first one and hitting the backspace/delete key on your keyboard. Replace 12.34.56.78 with the public IP address of the computer from which you will be accessing your virtual machine. If you need multiple entries for multiple computers at different addresses, clone the line by pressing Ctrl-K and then Ctrl-U twice. Yes, we know. Some folks IP addresses change from time to time. In the next section, we’ll show you how to set up a Dynamic DNS entry with a utility that will keep track of your current IP address. In this case, uncomment the second commented line and replace yourFQDN.dyndns.org with your dynamic DNS address. Be very careful to assure that your FQDN is always on line. If the firewall cannot verify your DNS entry when it starts, the IPtables firewall will not start which means your server will be left unprotected. HINT: IP addresses are much safer because they are never verified.

    Once you have your addresses configured, save the file: Ctl-X, Y, ENTER. Then issue the following commands to copy everything into place and restart the firewall.

    mv /etc/sysconfig/iptables /etc/sysconfig/iptables.orig
    cp -p /root/iptables-lamp /etc/sysconfig/iptables
    echo "/etc/block-china.sh" >> /etc/rc.local
    /etc/block-china.sh
    

    Always, always, always check to be sure your firewall is functioning: iptables -nL. If you don’t see your desktop computer’s public IP address near the end of the listing, then the firewall is dead. status-lamp should also show IPtables down. Check for an error message which will tell you the problematic line so you can correct it.

    Implementing Dynamic DNS Service on Your Virtual Machine

    There are a number of free and paid Dynamic DNS providers. The way this works is you choose a fully-qualified domain name (FQDN) to identify your computer. Then you run a dynamic DNS update utility periodically from that computer. It reports back the current public IP address of your computer and your provider updates the IP address assigned to your FQDN if it has changed. In addition to supporting sites with ever changing IP addresses, it also allows you to permanently assign an FQDN to your computer or server so that it can be accessed without using a cryptic IP address.

    If that computer happens to be an Incredible PBX server or a LAMP server that you’ve set up using this tutorial, then the following will get the DNS client update utility loaded using the RPM Forge repository that we previously installed:

    yum --enablerepo=rpmforge install ddclient -y
    

    Similar DNS update clients are available for Windows, Mac OS X, and many residential routers. Then it’s just a matter of plugging in the credentials for your dynamic DNS provider and your FQDN. In the case of the CentOS client, the config file is /etc/ddclient/ddclient.conf. Now reboot your server and pick up a good book on Linux to begin your adventure.

    Now For Some Fun…

    First, let’s check things out and make sure everything is working as it should. With your favorite web browser, visit the IP address of your new server. You should see the default Apache page:

    Next, let’s be sure that PHP is working as it should. While still logged into your server as root using SSH or Putty, issue the following commands and make up some file name to replace test4567 in both lines. Be sure to keep the .php file name extension. Note to gurus: Yes, we know the second line below is unnecessary if you remove the space after the less than symbol in the first line. Unfortunately, WordPress forces the space into the display which left us no alternative.

    echo "< ?php phpinfo(); ?>" > /var/www/html/test4567.php
    sed -i 's|< |<|' /var/www/html/test4567.php
    

    Now jump back to your web browser and access the new page you just created using the IP address of your server and the file name you made up: http://12.34.56.78/test4567.php

    The PHPinfo listing will tell you everything you ever wanted to know about your web server setup including all of the PHP functions that have been enabled. That’s why you want an obscure file name for the page. You obviously don’t want to share that information with every bad guy on the planet. Remember. This is a public-facing web site that anyone on the Internet can access if they know or guess your IP address.

    When you’re ready to set up your own web site, just name it index.php and store the file in the /var/www/html directory of your server. In the meantime, issuing the following command will assure that anyone accessing your site gets a blank page until you’re ready to begin your adventure:

    echo " " > /var/www/html/index.php
    

    Ready to learn PHP programming? There’s no shortage of books to get you started.

    Adding WordPress to Your LAMP Server

    Where to begin with WordPress? What used to be a simple platform for bloggers has morphed into an all-purpose tool that makes building virtually any type of web site child’s play. If you want to see what’s possible, take a look at the templates and sample sites shown on WPZOOM. Unless you’re an art major and savvy web designer, this will be the best $70 you ever spent. One of these templates will have your site up and running in minutes once we put the WordPress pieces in place. For the big spenders, $149 will give you access to over 50 gorgeous templates which you can download and use to your heart’s content on multiple sites. And, no, your sites don’t blow up after a year. You just can’t download any additional templates or updates unless you renew your subscription. The other alternative is choose from thousands of templates that are provided across the Internet as well as in the WordPress application itself.

    WordPress templates run the gamut from blogs to newsletters to photographer sites to e-commerce to business portfolios to video to travel to magazines to newspapers to education to food to recipes to restaurants and more. Whew! There literally is nothing you can’t put together in minutes using a WordPress template. But, before you can begin, we need to get WordPress installed on your server. This is optional, of course. And, if you follow along and add WordPress, we’ve set it up in such a way that WordPress becomes the primary application for your site. Stated differently, when people use a browser to access your site, your WordPress template will immediately display. When we finish the basic WordPress setup and once you upload an image or two, you’ll have a site that looks something like this:

    Before you begin, we strongly recommend that you acquire a domain for your site if you plan to use it for anything but experimentation. The reason is because it can be complicated to migrate a WordPress site from one location to another.2 Once you’ve acquired your domain, point the domain to the IP address of your new server. With a dirt cheap registrar such as Omnis.com, it’s easy:

    Now let’s get started. To begin, we need to load the WordPress application onto your server:

    cd /root
    mkdir wordpress
    cd wordpress
    wget http://wordpress.org/latest.tar.gz
    tar -xvzf latest.tar.gz -C /var/www/html
    

    Next, we’ll configure MySQL to support WordPress. We’re assuming that you have NOT already created root passwords for MySQL. If you have, you’ll need to add -pYourPassword to the various commands below immediately after root. There is no space between -p and your root password. Also edit the first line and make up a new password (replacing XYZ below) for the wordpress user account that will manage WordPress on your server before you cut and paste the code:

    mysql -u root -e 'CREATE USER wordpress@localhost IDENTIFIED BY "XYZ";'
    mysql -u root -e 'CREATE DATABASE wordpress;'
    mysql -u root -e 'GRANT ALL ON wordpress.* TO wordpress@localhost;'
    mysql -u root -e 'FLUSH PRIVILEGES;'
    

    Next, we need to configure WordPress with your new MySQL credentials. Before you cut and paste, replace XYZ in the fourth line with the password you assigned in the preceding MySQL step:

    cp /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php
    sed -i 's|database_name_here|wordpress|' /var/www/html/wordpress/wp-config.php
    sed -i 's|username_here|wordpress|' /var/www/html/wordpress/wp-config.php
    sed -i 's|password_here|XYZ|' /var/www/html/wordpress/wp-config.php
    chown -R apache:apache /var/www/html/wordpress
    

    Before you forget, take a moment and create a very secure password for your MySQL root user accounts. Here are the commands. Just replace new-password with your new password before you cut and paste. Note that you also will be prompted for this password when you execute the second command because you will now have a root user password in place from executing the first command.

    /usr/bin/mysqladmin -u root password 'new-password'
    /usr/bin/mysqladmin -u root -p -h localhost.localdomain password 'new-password'
    

    Finally, we need to modify your Apache web server to support WordPress as the primary application. Be sure to enter your actual email address in the third line before you cut and paste the code below:

    echo " " >> /etc/httpd/conf/httpd.conf
    echo "<virtualhost *:80>" >> /etc/httpd/conf/httpd.conf
    echo 'ServerAdmin somebody@somedomain.com' >> /etc/httpd/conf/httpd.conf
    echo "DocumentRoot /var/www/html/wordpress" >> /etc/httpd/conf/httpd.conf
    echo "ServerName wordpress" >> /etc/httpd/conf/httpd.conf
    echo "ErrorLog /var/log/httpd/wordpress-error-log" >> /etc/httpd/conf/httpd.conf
    echo "CustomLog /var/log/httpd/wordpress-acces-log common" >> /etc/httpd/conf/httpd.conf
    echo "</virtualhost>" >> /etc/httpd/conf/httpd.conf
    echo " " >> /etc/httpd/conf/httpd.conf
    service httpd restart
    

    That should do it. Open a browser and navigate to the IP address of your server. You should be greeted with the following form. Fill in the blanks as desired. The account you’re setting up will be the credentials you use to add and modify content on your WordPress site when you click Log In (as shown above). Make the username obscure and the password even more so. Remember, it’s a public web site accessible worldwide! When you click Install WordPress, you’ll be off to the races.

    After your server whirs away for a minute or two, you will be greeted with the WordPress login prompt. With the username and password you entered above, you’ll be ready to start configuring your WordPress site.

    Once you’re logged in, navigate to Appearance -> Themes and click Add New Theme. There’s you will find literally hundreds of free WordPress templates that can be installed in a matter of seconds if WPZOOM is too rich for your blood. For a terrific all-purpose (free) theme, try Atahualpa. We’ll leave our actual demo site running for a bit in case you want to explore and check out its performance. Installing and configuring the new theme took less than a minute:

    A Final Word to the Wise. WordPress is relatively secure but new vulnerabilities are discovered regularly. Keep your templates, plug-ins, AND the WordPress application up to date at all times! The WordFence plug-in is a must-have. And we strongly recommend adding the following lines to your WordPress config file which then will let WordPress update everything automatically. Microsoft has given automatic updates a bad name, but in the case of WordPress, they work well.

    echo "define('WP_AUTO_UPDATE_CORE', true);" >> /var/www/html/wordpress/wp-config.php
    echo "add_filter( 'auto_update_plugin', '__return_true' );" >> /var/www/html/wordpress/wp-config.php
    echo "add_filter( 'auto_update_theme', '__return_true' );" >> /var/www/html/wordpress/wp-config.php
    

    Special Thanks: Our special tip of the hat goes to a few web sites that we found helpful in putting this article together especially Unixmen and Matt Wilcox & friends and Programming-Review.

    Wondering What to Build Next with your new $10.50 Server in the Sky? Check out the latest Nerd Vittles tutorial. Turn it into a VoIP server FOR LIFE with free calling to/from the U.S. and Canada. Call for free demo:


    Originally published: Monday, January 25, 2016





    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. It doesn’t take long for the probing to begin. So watch your logs, look up the IP addresses to identify the countries, and block them unless you happen to be expecting visitors from that part of the world:
      [Sun Jan 24 00:36:12 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/w00tw00t.at.blackhats.romanian.anti-sec:)
      [Sun Jan 24 00:36:12 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/phpMyAdmin
      [Sun Jan 24 00:36:13 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/phpmyadmin
      [Sun Jan 24 00:36:13 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/pma
      [Sun Jan 24 00:36:13 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/myadmin
      [Sun Jan 24 00:36:14 2016] [error] [client 40.114.202.60] File does not exist: /var/www/html/wordpress/MyAdmin
      [Mon Jan 25 00:29:29 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/w00tw00t.at.blackhats.romanian.anti-sec:)
      [Mon Jan 25 00:29:29 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/phpMyAdmin
      [Mon Jan 25 00:29:29 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/phpmyadmin
      [Mon Jan 25 00:29:30 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/pma
      [Mon Jan 25 00:29:30 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/myadmin
      [Mon Jan 25 00:29:30 2016] [error] [client 137.116.220.182] File does not exist: /var/www/html/wordpress/MyAdmin
      []
    2. Should you ever have to migrate your WordPress site from one domain to another, here are two helpful tools to consider: the Automatic Domain Name Changer Plugin and the one we use, WordPress-Domain-Changer. []

    The 5-Minute PBX: A Fresh Look at Oracle’s VirtualBox with Incredible PBX

    Today we’re paying another visit to our favorite virtual machine platform and introducing four new VoIP images that let you compare features and performance of Asterisk® 11 running atop Ubuntu® 14 or Scientific Linux™ 6.5 with FreePBX® 2.11 or the just-released version 12 release candidate. Think of Incredible PBX™ as the VoIP glue stick that assembles all the necessary VoIP components and holds them together seamlessly. As with all Incredible PBX builds, you also get the full complement of goodies including dozens of text-to-speech apps, voice dialing, SMS messaging, fax support, reminders and wakeup calls, and SECURITY! The difference with the VirtualBox® platform is you get a turnkey install of everything on any desktop computer in less than 5 minutes! That includes Windows PCs, Macs, Linux desktops, and even Solaris machines.

    Is VirtualBox merely a sandbox for experimentation? Absolutely not. With any of the beefier desktop computers available today, running Incredible PBX as a 24/7 VirtualBox image is every bit as feature rich with stellar performance that’s equivalent to using dedicated hardware. And there are some added advantages. Obviously, deploying a turnkey VoIP platform in under 5 minutes is a major plus. But, unlike using a dedicated Linux platform, you also get the ability to take snapshots of your system and do full backups in minutes instead of the hours required to bring down dedicated hardware, load a different backup application using a different operating system, perform a backup, and then reboot your VoIP server. And your backups won’t just run on the one server on which the backup was performed. You can restore the backup to any other computer that can run VirtualBox. For any of you that came from a network management background, you know what a big deal that really is. And there’s one more bonus. With Incredible Backup and Restore, you can move your image to dedicated hardware running the same operating system with Asterisk 11 and the same version of FreePBX in minutes.

    Need to deploy VoIP servers at dozens of sites around the globe? Not a problem with VirtualBox. Just send a preconfigured VirtualBox image to each site and install VirtualBox on a local desktop computer. In 5 minutes, you have a functional VoIP server including interconnectivity to all of your other VoIP servers with a virtual private network already in place to provide secure VoIP connectivity between all of your sites.

    Are there security compromises using the VirtualBox platform? Not at all. Incredible PBX still comes preconfigured with the Linux IPtables firewall that is locked down to a whitelist of local area networks, preferred providers, and your own IP addresses. You can expand the whitelist using the add-ip and add-fqdn scripts or use PortKnocker and Travelin’ Man 4 tools to let remote users gain instant access.

    Why four different Incredible PBX images? Glad you asked. Ubuntu and Scientific Linux are a bit like French and Spanish. They’re both languages for communicating, but many of the words are different. Some prefer one or the other so now you have a choice. As for the FreePBX options, let us put in a plug for the FreePBX 12 release candidate. The FreePBX Dev Team has invested thousands of hours in this new software. It shows! Please take it for a spin and give the developers some feedback. To move to Asterisk 12 and 13, you’re going to need FreePBX 12 so you might as well start getting used to it. While there are many similarities in the user interface, the under-the-covers work that the FreePBX team has invested in this new product is nothing short of amazing. There’s very little of the FreePBX 2.11 code that hasn’t been either cleaned up or completely rewritten. We think you’ll like it so give it a try. Those that need a production environment probably should stick with FreePBX 2.11 for the time being. The new Virtual Box images also give you an opportunity to compare performance between the two operating systems and the two FreePBX versions. This isn’t 1999. Take advantage of the opportunity. It only takes a few minutes to spin up a new virtual machine and go for a test drive.

    Getting Started. For today, we’ll provide a refresher course on loading VirtualBox and one of the Incredible PBX virtual images. Then we want to spend a little time explaining the secret sauce that goes into building these images so that you can do it yourself either to migrate to a different network or to deploy at multiple sites. When we’re finished, you’ll know everything we’ve learned about deploying VirtualBox machines and, unlike Grandma, we won’t leave an important ingredient out of the recipe just to be sure you never forget how good Grandma’s cookies really were. So let’s get started.

    Installing Oracle VM VirtualBox

    Oracle’s virtual machine platform inherited from Sun is amazing. It’s not only free, but it’s pure GPL2 code. VirtualBox gives you a virtual machine platform that runs on top of any desktop operating system. In terms of limitations, we haven’t found any. We even tested this on an Atom-based Windows 7 machine with 2GB of RAM, and it worked without a hiccup. So step #1 today is to download one or more of the VirtualBox installers from VirtualBox.org or Oracle.com. Our recommendation is to put all of the 100MB installers on a 4GB thumb drive.1 Then you’ll have everything in one place whenever and wherever you happen to need it. Once you’ve downloaded the software, simply install it onto your favorite desktop machine. Accept all of the default settings, and you’ll be good to go. For more details, here’s a link to the Oracle VM VirtualBox User Manual.

    Downloading the Incredible PBX Virtual Machines

    A word of warning on the front end. Incredible PBX images featuring Asterisk 11 for VirtualBox are huge! The two Ubuntu images for FreePBX 2.11 and 12 are 1.5GB. The two Scientific Linux 6.5 images for FreePBX 2.11 and 12 are 2.3GB. We’ve added SourceForge hotlinks. So simply click on the desired images and download them to your desktop. Then go to lunch.

    Importing & Configuring Incredible PBX Virtual Machines in VirtualBox

    You only perform the import step one time. Once imported into VirtualBox, Incredible PBX is ready to use. There’s no further installation required, just like an OpenVZ template… only better. Double-click on the .ova file you downloaded to begin the procedure and load it into VirtualBox. When prompted, be sure to check the Reinitialize the Mac address of all network cards box and then click the Import button. Once the import is finished, you’ll see a new Incredible PBX virtual machine in your VM List on the VirtualBox Manager Window. We need to make a couple of one-time adjustments to the Incredible PBX VM configuration to account for differences in sound and network cards on different host machines.

    Click on the Incredible PBX Virtual Machine in the VM List. Then click Settings -> Audio and check the Enable Audio option and choose your sound card. Save your setup by clicking the OK button. Next click Settings -> Network. For Adapter 1, check the Enable Network Adapter option. From the Attached to pull-down menu, choose Bridged Adapter. Then select your network card from the Name list. Then click OK. Finally, click Settings -> System, uncheck Hardware clock in UTC time, and click OK. That’s all the configuration that is necessary for your Incredible PBX Virtual Machine. The rest is automagic.

    Running Incredible PBX Virtual Machines in VirtualBox

    Once you’ve imported and configured the Incredible PBX Virtual Machine, you’re ready to go. Highlight IncrediblePBX Virtual Machine in the VM List on the VirtualBox Manager Window and click the Start button. The boot procedure with your chosen operating system will begin just as if you had installed Incredible PBX on a standalone machine. You’ll see a couple of dialogue boxes pop up that explain the keystrokes to move back and forth between your host operating system desktop and your virtual machine. Remember, you still have full access to your desktop computer. Incredible PBX is merely running as a task in a VirtualBox window. Always gracefully halt Incredible PBX just as you would on a dedicated computer.

    Here’s what you need to know. To work in the Incredible PBX Virtual Machine, just left-click your mouse while it is positioned inside the VM window. To return to your host operating system desktop, press the right Option key on Windows machines or the left Command key on any Mac. For other operating systems, read the dialogue boxes for instructions on moving around. To access the Linux CLI, login as root with the default password: password. To access FreePBX with a browser, point to the IP address of your virtual machine and login as admin with admin password set below. For the security of your server, we recommend that you log in to the Linux CLI at least once a week so that Incredible PBX updates get applied to your server regularly. This is critically important if you care about your phone bill.

    When logging in for the first time, Incredible PBX will go through some setup steps and then reboot. Login again to complete the setup. status will always provide a snapshot of your system. To shut down Incredible PBX gracefully, click in the VM window with your mouse, log in as root, and type: halt. Be sure to complete the following setup steps from the Linux CLI:

    • Change your root password: passwd
    • Set your FreePBX admin password: /root/admin-pw-change
    • Set your correct time zone: /root/timezone-setup
    • Add WhiteList entries to firewall if needed: /root/add-ip or /root/add-fqdn
    • Store PortKnocker credentials in a safe place: cat /root/knock.FAQ
    • Enable SAMBA if desired: /root/samba-enable.sh
    • Enable Incredible Fax support if desired: (script in /root)
    • Login to your NeoRouter VPN server if desired: /root/nrclientcmd

    Preparing Incredible PBX Virtual Machines for Migration

    As the Linux operating systems have become more turnkey, one of the shortcuts that has been implemented on both the RedHat and Debian/Ubuntu platforms is storage of your network setup so that the server reboots more quickly. While that’s fine for rebooting on the same server, it’s a real problem if you attempt to move your setup to different hardware or a new network because eth0 will not load. That means no IP address! Here are two ways to assure that things will actually work after the move. Both assume that you will have a DHCP server at the new location just as you did at your existing site.

    The Easy Way. If you have console access after the VM image is restored on the new platform (which means you don’t need a network IP address for the server in order to log in as root), then the easy way to prepare any of the Incredible PBX machines for relocation is to issue the following commands before you halt the system and make a VirtualBox backup:

    touch /etc/update_hostconfig
    touch /etc/update_serverconfig
    

    Once you have halted the server, edit both the sound card and network card settings and disable both of them in VirtualBox Manager. Then choose File -> Export Appliance from the VirtualBox title bar and create a .ova backup image on your desktop. You now have an image that is similar to the Incredible PBX image that you originally downloaded, except it has all of your data and settings. All you have to do is repeat the install drill above at the new location using the .ova image you created and log in with whatever your current root password happens to be. You’ll get a two-pass automatic setup just as you did when you began today’s adventure.

    The only drawback to this procedure is the fact that the extension 701 and default DISA passwords will be initialized when you first boot from your .ova image at the other location. Aside from that, you’ll have a clean platform with new SSH and DUNDI credentials as well as mostly sanitized log files.

    The Hard Way. The other alternative is to manually prepare your existing system for migration before you shut it down. The primary reason for doing this would be to assure that you can log in with an SSH client at the other end as soon as the server is booted. The steps differ a bit depending upon whether you’re on the Ubuntu or Scientific Linux platform. But on both platforms you need to enter the IP address from which you will log in at the new site unless it is on one of the private LAN subnets that already is whitelisted in IPtables. Just issue the command /root/add-ip and choose 0 option to enable all services for the new IP address. Then…

    On the Ubuntu platform, issue the following commands:

    touch /etc/update_hostconfig
    touch /etc/update_serverconfig
    rm -f /var/lib/dhcp/*
    rm -f /etc/udev/rules.d/70*
    halt
    

    On the Scientific Linux platform, issue the following commands:

    touch /etc/update_hostconfig
    touch /etc/update_serverconfig
    rm -f /var/lib/dhcpd/*
    rm -f /var/lib/dhclient/*
    rm -f /etc/udev/rules.d/70*
    halt
    

    Once you have halted the server, edit both the sound card and network card settings and disable both of them in VirtualBox Manager. Then choose File -> Export Appliance from the VirtualBox title bar and create a .ova backup image on your desktop. Now you’re an expert. Enjoy!

    Originally published: Monday, September 22, 2014


    Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Our forum is extremely friendly and is supported by literally hundreds of Asterisk gurus.



    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. []

    The 5-Minute PBX: PIAF-Green Virtual Machine for Windows, Mac, or Linux

    In our never-ending trek to build the Perfect PBX™, we have a sneak peek for you today of the soon-to-be-released PBX in a Flash™ 2.0.6.4.5 featuring CentOS® 6.4 LAMP stack (32-bit), Asterisk® 11.5.1, and FreePBX® 2.11.0.11. The 2.0.6.4.5 release also has a number of new security patches including a new Linux kernel that’s been patched to eliminate the reported zero-day vulnerability. Once you download today’s appliance, you can have a turnkey PBX running under VirtualBox® on almost any desktop computer in less than 5 minutes. We’re not talking about a crippled telephony platform with limited functionality. What you’ll have is the same platform that hundreds of thousands of organizations use to run their corporate phone systems. And, if you want the Incredible PBX™ feature set with literally dozens of open source telephony applications including news, weather, stocks, tide reports, SMS messaging, free faxing with Incredible Fax™, telephone reminders, wakeup calls, and more then just add a couple minutes to run two one-click installers. Welcome to the world of open source!

    The real beauty of PBX in a Flash has not been that someone with sufficient expertise couldn’t assemble something just as good or even better. Watch some of the AstriCon presentations if you have any doubts. The beauty of PIAF is it puts this technology down where the goats can get it. It provides a toolset that encourages further development by simplifying the learning curve for a broad cross-section of the VoIP community while not compromising functionality or flexibility. The source code for the major components is included in the build so you can customize and recompile Asterisk or load a new version of Asterisk or any additional Linux app in minutes without losing your existing setup.

    If Voice Over IP technology is Greek to you, here’s a new 60-minute video tutorial that will tell you everything you need to know about this exciting, new technology before you begin the actual installation process:


    As many of you know, we have literally hundreds of gurus on the PIAF Forum. That doesn’t mean any particular person or group knows everything. It’s merely a designation that a particular individual is an expert at something. The collective wisdom of the group is what makes PBX in a Flash as a project better because we’ve put in place a platform that experts from many different disciplines can build upon without needing to learn everything about everything. Simply stated, you can be a terrific chef without knowing how to build a stove!

    Turning to Asterisk® 11 and FreePBX® 2.11, these releases are a remarkable step forward both in terms of toolset and in the amazing stability of the platform. For our part, we want to get our latest release of PBX in a Flash with CentOS 6.4, Asterisk 11.5.1 and FreePBX 2.11 release into as many hands as possible with a near zero investment in hardware and setup time.

    The Ultimate VoIP Appliance: PIAF Virtual Machine for VirtualBox

    Today brings us to a new plateau in the virtual machine development era. Thanks to the masterful work of Tom King on PBX in a Flash 2.0.6.4.5, we’re pleased to introduce a new product that can be installed in under 5 minutes and will run on any Windows PC, Mac, or Linux machine as well as Solaris. And, unlike the dedicated machine platforms and OpenVZ compromises of years past, today’s PIAF-Green Virtual Machine is state-of-the-art giving you everything a bare metal install from source code would have provided. Most importantly, the components are truly portable. They can be copied to a 4GB flash drive1 for the price of a good hamburger and installed from there onto any type of machine that happens to be in front of you. Five minutes later, you have a fully functional Asterisk server with FreePBX and exactly the same feature set and source code that you would have had doing a bare metal PIAF install to a dedicated server. And we’ve built this 32-bit production-ready PIAF-Green Virtual Machine with Asterisk 11.5.1 and FreePBX 2.11. No Internet access required to perform the install. Sound too good to be true? Keep reading or, better yet, try the PIAF appliance for yourself. The install process is simple:

    1. Download and install VirtualBox onto a Desktop Machine of your choice
    2. Download and double-click on the PIAF-Green Virtual Machine to import it into VirtualBox
    3. Select the PIAF-Green Virtual Machine in VirtualBox Manager Window and click the Start button

    Introducing Oracle VM VirtualBox

    We’re late to the party, but Virtual Box®, Oracle’s virtual machine platform inherited from Sun, is really something. It’s not only free, but it’s pure GPL2 code. VirtualBox gives you a virtual machine platform that runs on top of any desktop operating system. In terms of limitations, we haven’t found any. We even tested this on an Atom-based Windows 7 machine with 2GB of RAM, and it worked without a hiccup. So step #1 is to download one or more of the VirtualBox installers from VirtualBox.org or Oracle.com. As mentioned, our recommendation is to put all of the 100MB installers on a 4GB thumb drive. Then you’ll have everything in one place whenever and wherever you happen to need it. Once you’ve downloaded the software, simply install it onto your favorite desktop machine. Accept all of the default settings, and you’ll be good to go. For more details, here’s a link to the Oracle VM VirtualBox User Manual.

    Installing the PIAF Virtual Machine

    Step #1 is to download the PIAF-Green Open Virtualization Appliance (.ova) from SourceForge.

    Step #2: Verify the checksums for the 32-bit .ova appliance to be sure everything got downloaded properly. To check the MD5/SHA1 checksums in Windows, download and run Microsoft’s File Checksum Integrity Verifier.

    For Mac or Linux desktops, open a Terminal window, change to the directory in which you downloaded the .ova file of your choice, and type the following commands:

    md5 PIAF-Green-32.ova (use md5sum for Linux)
    openssl sha1 PIAF-Green-32.ova

    The correct MD5 checksum for PIAF-Green-32.ova is 7691127afd065412e40429cee49a4738. The correct SHA1 checksum for PIAF-Green-32 is 9b3828649dc9644d046ef83cb227aea4c1473c65.

    Step #3: Double-click on the downloaded .ova file which will begin the import process into VirtualBox. It only takes a couple minutes, and you only do it once. IMPORTANT: Be sure to check the Reinitialize the Mac address of all network cards box before clicking the Import button.

    Once the import is finished, you’ll see a new PIAF virtual machine in the VM List of your VirtualBox Manager Window. You’ll need to make a couple of one-time adjustments to the PIAF-Green Virtual Machine configuration to account for differences in sound and network cards on different host machines.

    Click on the PIAF-Green Virtual Machine in the VM List. Then click Settings -> Audio and check the Enable Audio option and choose your sound card. Save your setup by clicking the OK button. Next click Settings -> Network. For Adapter 1, check the Enable Network Adapter option. From the Attached to pull-down menu, choose Bridged Adapter. Then select your network card from the Name list. Then click OK. That’s all the configuration that is ever necessary for your PIAF-Green Virtual Machine. The rest is automagic.

    Running the PIAF Virtual Machine in VirtualBox

    Once you’ve imported and configured the PIAF Virtual Machine, you’re ready to go. Highlight PIAF Virtual Machine in the VM List on the VirtualBox Manager Window and click the Start button. The PIAF boot procedure with CentOS 6.4 will begin just as if you had installed PBX in a Flash on a standalone machine. You’ll see a couple of dialogue boxes pop up that explain the keystrokes to move back and forth between your host operating system desktop and your PIAF VM.

    Here’s what you need to know. To work in the PIAF Virtual Machine, just left-click your mouse while it is positioned inside the VM window. To return to your host operating system desktop, press the right Option key on Windows machines or the left Command key on any Mac. For other operating systems, read the dialogue boxes for instructions on moving around. Always shut down PIAF gracefully! Click in the VM window with your mouse, log in as root, and type: shutdown -h now.

    Run the PIAF Virtual Machine behind a hardware-based firewall with no Internet port exposure!

    To begin, position your mouse over the VM window and left-click. Once the PIAF VM has booted, log in as root with password as the password. Change your root password immediately by typing passwd at the command prompt. Now set up a secure maint password for FreePBX as well. Type passwd-master. If you’re not in the Eastern U.S. time zone, then you’ll want to adjust your timezone setting so that reminders and other time-sensitive events happen at the correct time. While logged into your server as root, issue this command:

    /root/timezone-setup

    Next, use a browser to log into your PIAF server by pointing to the IP address of the PIAF VM that’s displayed in the status window of the CLI. Click on the User button to display the Admin choices in the main PIAF Menu. Click on the FreePBX option to load the FreePBX GUI. You will be prompted for an Apache username and password. For the username, use maint. For the password, use whatever password you set up with passwd-master.

    Now read the latest PIAF Quick Start Guide and begin your VoIP adventure. Then you’ll want to do some reading on VirtualBox. We’ve barely scratched the surface. Setting up Headless VMs that run in the background on any server is a breeze. From the command line, here’s an article to get you started. But you also can start Headless VMs from within the GUI by highlighting the VM and clicking Shift->Start. Always shut down VMs gracefully: Close->ACPI Shutdown. You’ll find more great tips at virtualbox.org and GitHub.

    One of the real beauties of VirtualBox is you don’t have to use a GUI at all. The entire process can be driven from the command line. Other than on a Mac, here is the procedure to import, configure, and run the PIAF-Green-32 Virtual Machine:
     
    VBoxManage import PIAF-Purple.ova
    VBoxManage modifyvm "PIAF-Green-32" --nic1 nat
    VBoxManage modifyvm "PIAF-Green-32" --acpi on --nic1 bridged
    VBoxHeadless --startvm "PIAF-Green-32" &
    # Wait 1 minute for PIAF-Green to load. Then decipher IP address like this:
    VBoxManage guestproperty get "PIAF-Green-32" /VirtualBox/GuestInfo/Net/0/V4/IP
    # Now you can use SSH to login to PIAF-Green at the displayed IP address
    # Shutdown the PIAF-Green Virtual Machine with the following command:
    VBoxManage controlvm "PIAF-Green-32" acpipowerbutton

    On a Mac, everything works the same way except for deciphering the IP address. Download our findip script for that.

    Adding Incredible PBX 11 and Incredible Fax

    You can read all about the Incredible PBX 11 and Incredible Fax feature set in our recent Nerd Vittles article. If you decide you’d like to add one or both to your PIAF-Green Virtual Machine, just log into your server as root and issue the following commands. NOTE: You must install Incredible Fax after installing Incredible PBX, or you will lose the ability to install Incredible PBX at a later time. With Incredible Fax, there are a number of prompts during the install. With the exception of the prompt asking for your local area code, just press Enter at every other prompt.

    cd /root
    wget http://incrediblepbx.com/incrediblepbx11.gz
    gunzip incrediblepbx11.gz
    chmod +x incrediblepbx11
    ./incrediblepbx11
    ./incrediblefax11.sh

    The Incredible PBX 11 Inventory. For those that have never heard of The Incredible PBX, here’s the current 11.0 feature set in addition to the base install of PBX in a Flash with the CentOS 6.4, Asterisk 11, FreePBX 2.11, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. Incredible Fax, NeoRouter and PPTP VPNs, and all sorts of backup solutions are still just one command away and may be installed using the scripts included with Incredible PBX 11 and PBX in a Flash. Type help-pbx and browse /root for dozens of one-click install scripts.

    Originally published: Tuesday, October 22, 2013




    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. []

    The 5-Minute PBX: Introducing PIAF-Green Virtual Machine for VMware ESXi

    In our never-ending trek to build the Perfect PBX™, we have another installment for you today featuring VMware’s just released vSphere Hypervisor 5.5 (ESXi). And, yes, there’s still a free ESXi version with a free license available here. But, unlike VirtualBox, you’ll need a dedicated (beefy) server on which to install ESXi. Be sure to register on the site and obtain then install the unrestricted license, or you’re SOL after the short eval period. We’ve built an ESXi appliance which installs in under 5 minutes featuring the latest, greatest PIAF-Green with a CentOS® 6.4 LAMP stack (32-bit), Asterisk® 11.5.1, and FreePBX® 2.11. This 2.0.6.4.4 release also has a number of new security patches including a new Linux kernel that’s been patched to eliminate the reported zero-day vulnerability. If this is your first experience with our virtual machine builds, we’re not talking about a crippled telephony platform with limited functionality. What you’ll have is the same platform that hundreds of thousands of organizations use to run their corporate phone systems. And, if you want the Incredible PBX™ feature set with literally dozens of open source telephony applications including news, weather, stocks, tide reports, SMS messaging, free faxing with Incredible Fax™, telephone reminders, wakeup calls, and more then just add a couple minutes to run two one-click installers. Welcome to the world of open source!

    The real beauty of PBX in a Flash has not been that someone with sufficient expertise couldn’t assemble something just as good or even better. Watch the AstriCon presentations from last year if you have any doubts. And, just a reminder that’s it’s almost AstriCon time again. Come join us to celebrate the 10th Anniversary. You’ll find a registration discount coupon at the end of this article. The beauty of PBX in a Flash is it puts this technology down where the goats can get it. PIAF provides a toolset that encourages further development by simplifying the learning curve for a broad cross-section of the VoIP community while not compromising functionality or flexibility. The source code for the major components is included in the build so you can customize and recompile Asterisk or load a new version of Asterisk or any additional Linux app in minutes without losing your existing setup.

    When it comes to support, we have literally hundreds of gurus on the PIAF Forum. That doesn’t mean any particular person or group knows everything. It’s merely a designation that a particular individual is an expert at something. The collective wisdom of the group is what makes PBX in a Flash as a project better because we’ve put in place a platform that experts from many different disciplines can build upon without needing to learn everything about everything. Simply stated, you can be a terrific chef without knowing how to build a stove!

    The latest Asterisk® 11 and FreePBX® 2.11 releases are a remarkable step forward both in terms of toolset and in the new mindset of the development community. They are as close to bug-free as any software product ever can be, and that’s obviously a good thing. For our part, we want to get our latest release of PBX in a Flash with CentOS 6.4, Asterisk 11 and FreePBX 2.11 release into as many hands as possible. Many of our readers have existing VMware platforms in their businesses so today’s installment makes PIAF deployment a breeze whether you just want to kick the tires or deploy it in a production environment.

    The Ultimate VoIP Appliance: PIAF-Green Virtual Machine for ESXi

    Today brings us to yet another plateau in the virtual machine development era. Because most major companies already have a VMware platform in place, we’ll begin by walking you through the 5-minute exercise to install the PIAF-Green appliance. If you’re new to VMware and want to deploy an EXSi server on which to run PIAF-Green, then skip over the PIAF-Green install procedure for the time being. Jump down to the section where we walk you through bringing up your own ESXi server, and then return here once your ESXi server is humming along. Let us hasten to add that we make no claims with regard to VMware expertise. If you need help with VMware, head over to the PIAF Forum and chat with our VMware gurus. We’re not one of them.

    To install the PIAF-Green Virtual Machine for ESXi, there are six simple steps:

    1. Download the ESXi PIAF-Green .ova template from SourceForge
    2. Verify checksums for downloaded ESXi PIAF-Green .ova template
    3. Deploy the PIAF-Green Template on ESXi using vSphere Client
    4. Start PIAF-Green appliance
    5. Login using Virtual Machine Console
    6. Complete the PIAF-Green Setup Checklist

    Installing the PIAF-Green Virtual Machine for ESXi

    1. Download the PIAF-Green Open Virtualization Appliance (.ova) for ESXi from SourceForge. Do not confuse it with our OVA appliance for VirtualBox. They’re not the same!

    2. Verify the checksums for the 32-bit .ova appliance to be sure everything got downloaded properly. To check the MD5/SHA1 checksums in Windows, download and run Microsoft’s File Checksum Integrity Verifier.

    For Mac or Linux desktops, open a Terminal window, change to the directory in which you downloaded the .ova file of your choice, and type the following commands:

    md5 PIAF-Green-32.ova (use md5sum for Linux)
    openssl sha1 PIAF-Green-32.ova

    The correct MD5 checksum for PIAF-Green-32.ova is 2ba3a84d3be3167274308342f73a7a1f. The correct SHA1 checksum for PIAF-Green-32 is b79f2a96b65465337ddda5426e4a8d63982651ad. The bold portion isn’t actually shown in the i file display on SourceForge. Don’t worry about it.

    3. To deploy the template on your ESXi server, open vSphere Client on your Windows desktop. Click File -> Deploy OVF Template as shown below. Browse to the location of your downloaded template and select it. Give the virtual machine a unique name (you can have multiple VMs using the same template). Accept the Disk Format defaults and click Finish to begin the import.

    Once the import is finished, you’ll see a new PIAF-Green virtual machine in the Inventory under the IP address of your ESXi server.

    4. Start up the new virtual machine by highlighting it and clicking Power on Virtual Machine in the right pane of vSphere Client. You can see it at the bottom of the screenshot below.

    5. Open the Virtual Machine Console by clicking on the icon as shown below. Use your mouse to click inside the console window once it opens. Then log in as root with the default password: password.

    HINT: To exit from the VM Console window, press Ctrl-Alt simultaneously.

    PIAF-Green Virtual Machine Setup Checklist for ESXi

    Once you’ve logged into PIAF-Green, you’ll see the status window telling you what’s running and what’s not. It should look something like what’s shown below. It includes the IP address of your virtual machine. This can be used with SSH to log in from any computer on your LAN. It also is required information to log in to the PIAF and FreePBX GUIs using a browser.

    Here’s what you need to know. To work in the PIAF Virtual Machine from the vSphere Console, just left-click your mouse while it is positioned inside the VM Console window. To return to your host operating system desktop, press Ctrl-Alt. Remember to always shut down PIAF gracefully! Click in the VM Console window with your mouse, log in as root, and type: shutdown -h now.

    Run ESXi and Virtual Machines behind a hardware-based firewall with no Internet port exposure!

    Here’s the quick PIAF Setup Checklist:

    1. Change your root password immediately by typing passwd
    2. Set up a secure maint password for FreePBX: passwd-master
    3. Adjust your timezone setting: /root/timezone-setup
    4. Decipher your PIAF-Green VM’s IP address: status
    5. Browser log into PIAF: Point to IP address of PIAF-Green VM
    6. Click on User button to display the PIAF Admin menu
    7. Click on the FreePBX icon to load FreePBX GUI
    8. When prompted for Apache username and password: Username=maint
    9. Password is whatever password you set up with passwd-master

    Now read the latest PIAF Quick Start Guide and begin your VoIP adventure.

    You can read all about the Incredible PBX 11 and Incredible Fax feature set in our recent Nerd Vittles article. If you decide you’d like to add one or both to your PIAF-Green Virtual Machine, just log into your server as root and issue the following commands. NOTE: You must install Incredible Fax after installing Incredible PBX, or you will lose the ability to install Incredible PBX at a later time. With Incredible Fax, there are a number of prompts during the install. With the exception of the prompt asking for your local area code, just press Enter at every other prompt.

    cd /root
    wget http://incrediblepbx.com/incrediblepbx11.gz
    gunzip incrediblepbx11.gz
    chmod +x incrediblepbx11
    ./incrediblepbx11
    ./incrediblefax11.sh

    The Incredible PBX 11 Inventory. For those that have never heard of The Incredible PBX, here’s the current 11.0 feature set in addition to the base install of PBX in a Flash with the CentOS 6.4, Asterisk 11, FreePBX 2.11, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. Incredible Fax, NeoRouter and PPTP VPNs, and all sorts of backup solutions are still just one command away and may be installed using the scripts included with Incredible PBX 11 and PBX in a Flash. Type help-pbx and browse /root for dozens of one-click install scripts.

    Unlike the dedicated machine platforms and OpenVZ compromises of years past, today’s PIAF-Green Virtual Machine is state-of-the-art giving you everything a bare metal install from source code would have provided. Most importantly, the components are truly portable. They can be exported and copied to an external USB drive or flash drive for instant portability for use on any ESXi server.

    Installing VMware Tools (optional). If you wish to install VMware Tools in your Virtual Machine, here’s the two-step procedure. First, enable the tools in vSphere Client: VM -> Guest -> Install VMware Tools. See image below. Then log in to your virtual machine in the console and issue the following commands:

    cd /mnt
    mkdir cdrom
    mount /dev/cdrom /mnt/cdrom
    cd /tmp
    tar zxvf /mnt/cdrom/VMware*
    cd vmware-tools-distrib
    ./vmware-install.pl

    Introducing vSphere Hypervisor 5.5 (ESXi)

    We’re late to the party (again), but VMware’s latest ESXi platform is quite impressive. Because there’s a free version, we wanted to walk through the installation scenario just in case you have a spare (beefy) server sitting around gathering dust. Security is always our primary concern, and you are well-advised to install ESXi behind a secure, hardware-based firewall with no Internet port exposure to your ESXi server or its virtual machines!

    There are dozens of VMware products and add-ons for the ESXi platform. Almost all of them cost money, lots of it. If your company is considering a move to VMware, then the free ESXi platform is a good way to get your feet wet. Before you make purchasing decisions, you really need to hire a VMware consultant. It could save you tens of thousands of dollars.

    For today, our focus is getting a free ESXi platform in place to run PBX in a Flash virtual machines. Here’s what you’ll need: a server, the vSphere Hypervisor 5.5 ESXi ISO, a free license for ESXi, and the vSphere Client for Windows. All are free, but you do have to register for an account on the VMware web site. A web client is also available for dedicated Mac and Linux users. See the VMware site for details.

    ESXi comes with a short-term license to let you try the application. Once you register for an account on the VMware web site, you also can obtain a full license here at no cost. Don’t put it off. Once your short-term eval license expires, you’re dead in the water unless you previously have installed the free, unrestricted license.

    Installing ESXi. Here are the steps to get yourself in the (free) ESXi business:

    1. Download the ESXi ISO and burn it to a CD/DVD
    2. Obtain permanent license key from VMware
    3. Boot your server from the CD and answer the (easy) prompts
    4. When install finishes, remove CD and reboot
    5. Start up ESXi and log in as root with your new password
    6. Write down the IP address of your server
    7. Your temporary license key (only) is now active
    8. Using a browser, access your ESXi server by its IP address
    9. Click on the provided link to download and install the vSphere Client
    10. Open vSphere Client on Windows Desktop and login as root with same password

    Registering Your ESXi License Key. Once the vSphere Client is open on your desktop…

    1. Select Configuration tab
    2. Click Software and choose Licensed Features
    3. Click Edit link in the top right hand corner as shown below
    4. Choose: Assign a new license key to this host
    5. Enter the license key you obtained from VMware
    6. Click OK to save your changes
    7. Make sure your key was accepted and is displayed

    Getting Support. If you need help or have tips with regard to this tutorial, please visit this thread on the PIAF Forum and post your comments. Enjoy!

    Deals of the Week. There are a couple of amazing deals still on the street, but you’d better hurry. First, for new customers, Sangoma is offering a board of your choice from a very impressive list at 75% off. For details, see this thread on the PIAF Forum. Second, a new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage, too, which will help avoid another PIAF Forum disaster.

    Originally published: Tuesday, September 24, 2013




    Need help with Asterisk? Visit the PBX in a Flash Forum.


     

    We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. And, if you hurry, you also can take advantage of the early bird registration discount. Here’s the Nerd Vittles Discount Code: AC13NERD.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    The Next Plateau: VoIP Communications with Asterisk in Amazon’s EC2 Cloud


    We’ve spent considerable effort exploring and enhancing the VoIP cloud offerings for our followers, and today we’re delighted to introduce another terrific service: Amazon’s Elastic Compute Cloud (EC2). This is one of several Amazon Web Service (AWS) offerings that provides resizable compute capacity in the cloud and is designed to make web-scale computing easier for developers. That’s the Amazon pitch for their service. Ours is a bit different. For anyone with mission-critical operations or that has ever given a moment’s thought to business continuity planning (THINK: hurricanes, tornados, earthquakes, blizzards, fires, floods, bombs), you need an EC2 backup plan for VoIP communications. It really doesn’t matter whether your organization uses a proprietary phone system, or Asterisk®, or good ol’ black telephones, the point is simply this. When your lights go out and you still need a communications system for your employees and your customers, what’s your plan? Staying home in bed isn’t a choice for most folks. So our focus is not to persuade anybody to move their primary communications platform to Amazon EC2 although it’s certainly worth considering. For today, let’s tackle emergency planning and Disaster Recovery 101 for that dreadful day when you really don’t have a choice. And D-Day is a really bad day to start thinking about communications alternatives. You’ll have plenty of other things to do.

    We’re going to make this fun today and provide all the tools you’ll need to set up shop in Amazon’s EC2 Cloud. The good news is that EC2 is almost free for your first year so getting started isn’t going to be a financial burden. Once you have everything built, you can turn it off and hope you never have to use it. On the other hand, it’s dirt cheap for an entire year so enjoy yourself and learn why VoIP communications can revolutionize your business at a fraction of the cost of a proprietary communications system. For our Asterisk aficionados that have already discovered the beauty of free VoIP communications, we’ve got some additional goodies today, Incredible Backup and Incredible Restore, that will let you quickly move your communications platform back and forth between EC2 and a local server or virtual machine effortlessly.

    For those just getting started, the real beauty of VoIP communications is that, once your server platform is operational, you can bring up communications services for your employees without any hardware investment. A notebook computer and a free SIP softphone will let you make and receive calls through your EC2 communications system. By adding trunks from Google Voice or any SIP service provider, you complete the communications circle to connect to any phone in the world. We do this for a living so, if your business needs some hand-holding to get started, drop us a note. We like to travel.

    The Choice is Yours: PIAF-Purple with Asterisk 1.8 or PIAF-Green with Asterisk 11

    Getting Started. For your communications platform, we’ve built two new versions of PBX in a Flash™ for Amazon EC2: PIAF-Purple and PIAF-Green. You can’t beat the price. Both are free! These two builds are based upon the two long-term support (LTS) releases of Asterisk: 1.8 and 11. In our testing, both are rock solid and production-ready. If tried and true is your cup of tea, then PIAF-Purple with Asterisk 1.8 and FreePBX 2.10 is your baby. If you want to get a jump on the future, then PIAF-Green with Asterisk 11 and FreePBX 2.11 is worth a careful look. But, to use either one, you first need to get set up with an Amazon EC2 account. So head over to Amazon and click on Sign Up Now. A word to the wise here. You don’t want the bad guys breaking into your account unless you have an unlimited budget. There are lots of non-free Amazon EC2 services that could max out your credit card quickly. So, in addition to signing up for your Amazon account, also activate Multi-Factor Authentication. It’s your bank account!

    Once your account is activated, sign in to the Amazon Management Console. After entering both your passwords, the AWS Management Console will appear. Click on EC2 to bring up the EC2 Dashboard (shown above). This is home base in EC2. The Launch Instance button is used to start a new virtual machine. We’ll walk you through that process in a minute. In the left margin are the functions you’ll be using most often. Instances displays your existing virtual machines, both running and stopped. Volumes are the virtual hard disks associated with your virtual machines or instances in Amazon-speak. A volume gets created as part of the VM launching process. When you delete instances, it’s important to also delete the associated volume, or you get billed for it separately. Elastic IPs lets you assign an IP address to an Instance using Amazon’s DHCP servers. You access your virtual machines using SSH and, without an IP address, you can’t gain access. For SSH security, EC2 uses Key Pairs. As part of launching a new virtual machine, we’ll walk you through creating one. Amazon EC2 also has its own firewalls called Security Groups. Basically, all services are blocked until you open them up. We’ll also walk you through that process as well. Once you’ve created your Key Pair and Security Group, you can use them with multiple instances. Now you’re an expert so let’s Launch a New Instance.

    Creating a New Virtual Machine. Click on the blue Launch Instance button in the EC2 Dashboard to begin. Choose Classic Wizard. You build a new instance by starting with one that someone else has already built. Be careful here. There are literally thousands to choose from and, unless you know the creator, use Name Brand, trusted instances only. Anybody can hide anything in an instance that they’ve made publicly available. Think of your worst Trojan Horse horror story, and there’s probably a public Amazon instance to match it. For our purposes, the magic number you need to know is 399149154715. That’s our Amazon EC2 account number, and it means any instances prefixed with that number or our mugshot were created by us. So click on the Cloud Market and search for PIAF. In about a minute, both PIAF2 AMIs will appear. Pick your favorite but be sure the file name displays our smiling face. Then click Select. For the Instance Type, make sure T1 Micro is chosen. That’s the only free option during your first year. Leave the Availability Zone at No Preference and Number of Instances set to 1. Click Continue. In Advanced Instance Options, accept all of the defaults and click Continue. For Storage Device Configuration, accept the defaults by clicking Continue. Next, you’ll be prompted to add Tags to your Instance. This is a short-hand description to help you distinguish one instance from another. For the Name Value, enter something like PIAF-Purple-64 or PIAF-Green-64 and click Continue. Next, you’ll be prompted to create a Key Pair to use with the instance. If you don’t already have one, click Create New Key Pair and Continue. Once the key pair is created, the .pem file will be downloaded to your desktop computer. Change the permissions on the .pem file to what SSH requires: chmod 700 mykey.pem. You’ll need this key file to log into your instance with SSH so move it to a safe place. Next, you’ll create or use an existing Security Group. This sets up the firewall rules to use with your instance. For PBX in a Flash, you’ll need at least the following Inbound Rules in your Security Group: TCP 22 (SSH), TCP 80 (Web), TCP 1723 (for PPTP VPN only), and TCP 9001 (for WebMin access). For VoIP services, you’ll need UDP 5060 (SIP), UDP 10000-20000 (RTP), UDP 4569 (IAX), and UDP 69 (TFTP, if desired). EC2 lets you lock down Security Group entries to individual IP addresses. We strongly recommend this for SSH, Web, SIP, IAX, and TFTP services. If you need access from multiple IP addresses, just add additional Security Group rules for each address and service. Finally, you’ll be shown a summary of all your selections. If everything looks OK, click Launch to start the instance. While it’s starting up, click Elastic IPs from the left column of the EC2 Dashboard. Choose Allocate New Address and then Associate Address to connect it with the instance that just launched. Write down the IP address. You’ll need it for SSH access. Finally, click Instances and wait for your virtual machine to come on line with a green check mark.

    Your First Login. Now you can log into your EC2 instance via SSH using your key file and the IP address associated with the instance: ssh -i mykey.pem -v ec2-user@54.235.12.34. If you’re using a Windows machine with Putty, use PuttyGen.exe to convert your .pem key into something Putty can understand before attempting to log in. Once you’re logged in, you need to immediately change all the default passwords:

    • sudo passwd (to change your ec2-user password)
    • sudo passwd root (to change your root password)
    • su root (to switch to the root account with your new password)
    • passwd-master (to change your FreePBX and web passwords)
    • cd /root (to switch to the /root directory)

    Keep in mind that PBX in a Flash is a little different than a standard Linux install. It has been designed for use as the root user only. So, whenever you log into a PIAF instance in EC2, always execute the following command: su root && cd /root. Most Linux and PBX in a Flash utilities will not work properly if you attempt to execute them as the ec2-user! For web access and management of your server, point your browser to the IP address of your EC2 instance. If you’re new to PBX in a Flash, stop here and read the PBX in a Flash 2.0.6.3 Quick Start Guide. It’ll tell you everything you need to know to get started with PBX in a Flash.

    Installing Incredible PBX. We’ve got a few more surprises for you today. First, there are new, GPL2-licensed releases of Incredible PBX: version 10 for FreePBX 2.10 and version 11 for FreePBX 2.11. If you’re new to all of this, Incredible PBX provides some additional layers of security for your server while also giving you dozens of turnkey Asterisk applications including text-to-speech, speech-to-text, SMS messaging, news, weather, stocks, and tide reports, and much more. You can read the Incredible PBX tutorial here. To install Incredible PBX while logged into your EC2 instance as root, issue the following commands and plug in your passwd-master password when prompted. If you’re using the PIAF-Green AMI, replace incrediblepbx10 with incrediblepbx11 below.

    cd /root
    wget http://incrediblepbx.com/incrediblepbx10.gz
    gunzip incrediblepbx10.gz
    chmod +x incrediblepbx10
    ./incrediblepbx10

    Installing Incredible Fax. Yes, there’s more. Incredible Fax also works just fine on the EC2 platform. If you want the added convenience of having your Incredible PBX double as a free fax machine, run install-incredfax2 after the Incredible PBX 10 install completes. For Incredible PBX 11, run /root/incrediblefax11.sh. Plug in your email address for delivery of incoming faxes and enter your home area code when prompted. For every other prompt, just press the Enter key. If you’d like to also add the optional OCR utility, just choose it when prompted. For complete documentation, see this Nerd Vittles article. Don’t forget that a REBOOT OF YOUR SERVER is required when the install is finished, or faxing won’t work! Then log in to AvantFax through the PBX in a Flash GUI using maint:password. Be sure to change your password!

    Also be sure to set up a second, dedicated Google Voice number if you want support for inbound faxing. Once the Google Voice credentials are configured in FreePBX for the additional Google Voice line, simply add an Inbound Route for this DID to point to the fax destination. Just plug in your 10-digit Google Voice number and other entries shown in the form below. Save your setup and reload FreePBX. Done!

    Introducing Incredible Backup and Restore. Last, but not least, we have new GPL2-licensed backup and restore utilities to simplify the task of moving PBX in a Flash setups between Amazon EC2 and other standalone or virtual machine platforms. To complement these new utilities, we’ve also released a new 64-bit PIAF-Purple Virtual Machine image for VirtualBox. PIAF-Purple-64.ova is a free download from SourceForge and will run under VirtualBox on any Windows, Mac, Linux, or Solaris desktop computer. Our VirtualBox tutorial is available here. You also have the option of downloading the current 64-bit PIAF-20631 ISO from SourceForge and building your own server or virtual machine. All three platforms (Amazon EC2 AMI, VirtualBox OVA, or PIAF 64-bit ISO) are 100% compatible with Incredible PBX, Incredible Fax, and the new Incredible Backup. Once you have matching platforms, you can backup your PIAF or Incredible PBX setup on one platform and then restore it to a different platform by simply copying the backup image to the new platform and running Incredible Restore. The entire procedure takes only a couple of minutes.

    To install the backup and restore utilities on either of the platforms, simply issue the following commands:

    cd /usr/local/sbin
    wget http://incrediblepbx.com/incrediblebackup10.tar.gz
    tar zxvf incrediblebackup10.tar.gz
    rm incrediblebackup10.tar.gz

    Because Incredible Backup shuts down Asterisk, MySQL, and Apache, do NOT run this when folks are using your PBX! To make a backup, log into your server as root and type: incrediblebackup.

    The restore procedure essentially erases ALL of your existing FreePBX, Asterisk, TFTP, and web data. To restore a backup, copy the backup file to be restored to /tmp on the new server. Make sure the new server has Asterisk, FreePBX, and Incredible PBX versions that match what’s shown in the backup filename. There is NO error checking presently. To restore, log into your server as root, write down the filename of the backup file, and type: incrediblerestore /tmp/filename.tar.gz. If this is a new server and you’re still using your old one as well, then remove the DUNDI secret and secretexpiry entries from the Asterisk DB and restart Asterisk once the restore is completed:

    asterisk -rx "database del dundi secret"
    asterisk -rx "database del dundi secretexpiry"
    amportal restart

    For additional usage instructions and tips, see this thread on the PIAF Forum. Enjoy!

    Originally published: Monday, February 11, 2013  Updated: Thursday, February 14, 2013


    Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you.


    Need help with Asterisk? Visit the PBX in a Flash Forum.


    whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…