Home » Incredible PBX » CentOS/SL Platform (Page 22)
Category Archives: CentOS/SL Platform
Twofer Tuesday: 2 Cloud Servers for the Price of a RasPi
It’s been more than a year since we last chatted about Cloud At Cost. Because they’re in the midst of yet another 50% off Fire Sale and to close out February with a bang, it seemed like a good time to take a fresh look at a terrific way to get started with Linux. For today’s $35 cloud project, we’re going to build a free WordPress server and a free commercial PBX compliments of 3CX. For what it’s worth, we’ve been running a PIAF5 server at CloudAtCost for more than four months without a single hiccup. It provides flawless Google Voice calling from either a connected SIP phone or from the 3CX Client running on a SIM-free Android phone or iPhone. See our recent article for tips on setting up a SIM-free mobile phone.
For those coming from the Windows World, Linux can be a little intimidating. Learning with a Cloud-based server presents its own challenges because of the security issues when your server sits on the public Internet. And then there’s the cost factor. Not everyone has several hundred dollars to buy hardware and, frankly, learning about Linux on a $35 Raspberry Pi can drive most folks to drink. So today we’ll show you another way. It’s not necessarily a better way. But it’s different, and it’s loads of fun for not much money. Today’s project takes about an hour, and you’ll have two terrific Linux applications to play with for life when we’re finished.
There’s lots to hate at Cloud At Cost, a Canadian provider that offers virtual machines in the cloud for a one-time fee with no recurring charges. For $35, you currently get two virtual machine platforms, and each has 512MB of RAM, 10GB of storage, and a gigabit Internet connection FOR LIFE. We haven’t seen a week go by when Cloud at Cost didn’t offer some sort of discount. Today it’s 50% off which brings the per server cost down to $17.50 each. That’s less than most lunches these days. If you don’t like half off and would prefer to wait for a better discount, check their Twitter feed every few days. So that’s the good news. But, if 99.999% reliability, performance, and excellent customer support are your must-haves, then look elsewhere. So why would anyone in their right mind sign up for a cloud solution that didn’t offer those things? Did we mention it’s $17.50 for a lifetime cloud server!
If you take our recommendation, you’ll need to go into this with the right attitude. It’s not going to be flawless perfection computing. It’s a sandbox on which to experiment with Linux, and VoIP, and Cloud Computing. Will your virtual machine disintegrate at some juncture? Maybe so. We’ve had about a third of ours fail at some point. But you can rebuild them easily, especially if you keep a backup. Our experience is that the first couple days are critical. If you start seeing sluggish performance which degenerates to zero, don’t waste your time. Take good notes as you go along, delete the virtual machine, and rebuild a new one. It won’t cost you a dime, and it’ll save you hours of frustration. We suspect that bad folks get onto some of the servers and delight in bringing the machines to their knees. So the quicker you cut your losses, the better off you will be. Is CloudAtCost a good solution for production use? Don’t risk it unless waterboarding is your favorite sport. It’s probably not gonna work, and you WILL be disappointed. Repeat after me: IT’S A SANDBOX!
Building a LAMP Server in the Cloud
Our first objective today is to show you how to build a rock-solid, secure Linux server in the Cloud with all the bells and whistles that make Linux the server platform of choice for almost every organization in the world. We’ll continue by showing you how to embellish the platform with WordPress to do something that’s special for you whether it’s your own blog like Nerd Vittles, or a school newspaper, or an on-line shopping site to sell comic books. The basic foundation for most Linux platforms is called a LAMP server which stands for Linux, Apache, MySQL, and PHP. Linux is an open source operating system that includes contributions from thousands of developers around the world. Apache is the web server platform on which most commercial businesses stake their reputation. MySQL is the open source database management system now owned by Oracle. If it’s good enough for Facebook, it’s good enough for you. And PHP is THE web-based programming language that will let you build almost any application using Linux, Apache, and MySQL.
So what’s the big deal? There are thousands of online tutorials that will show you how to build a LAMP server. For long time readers of Nerd Vittles, you already know that the component we continually stress is security. Without that, the rest really doesn’t matter. You’ll be building a platform for someone else to hijack and use for nefarious purposes. When we’re finished with today’s Project #1, you’ll have a cloud-based LAMP server that is totally invisible to the rest of the world with the exception of its web interface. And we’ll show you a simple way to reduce the exposure of that web interface to some of its most likely attackers. Will it be 100% secure? Nope. If you have a web server on the public Internet, it’s never going to be 100% secure because there’s always the chance of a software bug that nobody has yet discovered and corrected. THAT’S WHAT BACKUPS ARE FOR!
Creating a CentOS Machine in the Cloud
To get started, you’ve got to plunk down your $35 at Cloud at Cost. This buys you two server platforms while they’re cheap! Once you’ve paid the piper, they will send you credentials to log into the Cloud at Cost Management Portal. Change your password IMMEDIATELY after logging in. Just go to SETTINGS and follow your nose.
To create your first virtual machine, click on the CLOUDPRO button and click Add New Server. If you’ve only purchased the $17.50 CloudPRO 1 platform, then you’ll need all of the available resources shown in the pick list. Otherwise, choose 1 CPU, 512MB RAM, and 10GB storage for your first server. Leave CentOS 6.7 64bit selected as the OS Type and click Complete. Depending upon the type of special pricing that Cloud at Cost is offering when you sign up, the time to build your virtual machine can take anywhere from a minute to the better part of a day. We’ve learned to build new virtual machines at night, and they’re usually available for use by the next morning. Luckily, this slow performance does not impact existing virtual machines that already are running in their hosting facility.
Initial Configuration of Your CentOS 6 VM
With a little luck, your virtual machine soon will appear in your Cloud at Cost Management Portal and look something like what’s shown above. The red arrow points to the i button you’ll need to click to decipher the password for your new virtual machine. You’ll need both the IP address and the password for your new virtual machine in order to log into the server which is now up and running with a barebones CentOS 6.7 operating system. Note the yellow caution flag. That’s telling you that Cloud at Cost will automatically shut down your server in a week to save (them) computing resources. You can change the setting to keep your server running 24/7. Click Modify, Change Run Mode, and select Normal – Leave Powered On. Click Continue and OK to save your new settings.
Finally, you’ll want to change the Host Name for your server to something more descriptive than c7…cloudpro.92… Click the Modify button again and click Rename Server to make the change. Your management portal then will show the new server name as shown above.
Logging into Your CentOS 6 VM
In order to configure and manage your new CentOS 6 virtual machine, you’ll need to log into the new server using either SSH or, for Windows users, Putty. After installing Putty, run it and log in to the IP address of your VM with username root and the password you deciphered above. On a Mac, open a Terminal session and issue a command like this using the actual IP address of your new virtual machine:
ssh root@12.34.56.78
Before you do anything else, reset your root password to something very secure: passwd
Installing the LAMP Server Basics
Now we’re ready to build your LAMP server platform. We’ve chopped this up into lots of little steps so we can explain what’s happening as we go along. There’s nothing hard about this, but we want to document the process so you can repeat it at any time. As we go along, just cut-and-paste each clump of code into your SSH or Putty session and review the results to make sure nothing comes unglued. If something does, the beauty of virtual machines is you can delete them instantly within your management portal and just start over whenever you like. So here we go…
We’ll begin by permanently turning off SELINUX which causes more problems than it solves. The first command turns it off instantly. The second line assures that it’ll stay off whenever you reboot your virtual machine.
setenforce 0 sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
First, let’s address a couple of CloudAtCost quirks that may cause problems down the road. CloudAtCost has a nasty habit of not cleaning up after itself with fresh installs. The net result is your root password gets reset every time you reboot.
killall plymouthd echo killall plymouthd >> /etc/rc.local rm -f /etc/rc3.d/S97*
Now let’s bring CentOS 6.7 up to current CentOS 6.8 specs and add a few important applications:
yum -y update yum -y install nano wget expect net-tools dialog git xz yum -y install kernel-headers yum -y install kernel-devel reboot
After reboot, log back in as root. Now we’ll set up your Apache web server and configure it to start whenever you reboot your server:
yum -y install httpd service httpd start chkconfig httpd on
Next, let’s set up your MySQL server, bring it on line, and make sure it restarts after server reboots. Unless you plan to add Asterisk® and FreePBX® to your server down the road, you’ll want to uncomment the two commands that begin with # by removing the # symbol and replacing new-password with a very secure password for your root user account in MySQL. Be sure to run the last command to secure your server. After logging in, the correct answers are n,Y,Y,Y,Y.
yum -y install mysql mysql-server service mysqld start chkconfig mysqld on #/usr/bin/mysqladmin -u root password 'new-password' #/usr/bin/mysqladmin -u root -p -h localhost.localdomain password 'new-password' mysql_secure_installation
Next, we’ll set up PHP and configure it to work with MySQL:
yum -y install php yum -y install php-mysql service httpd restart
Finally let’s get SendMail installed and configured. Insert your actual email address in the last line and send yourself a test message to be sure it’s working. Be sure to check your spam folder since the message will show a sender address of localhost which many email systems including Gmail automatically identify as spam.
yum -y install sendmail rpm -e postfix service sendmail restart yum -y install mailx echo "test" | mail -s testmessage youracctname@yourmailserver.com
Installing Supplemental Repositories
One of the beauties of Linux is not being totally dependent upon CentOS for all of your packaged applications. Let’s add a few other repositories that can be used when you need to add a special package that is not in the CentOS repository. Let’s start with EPEL. We’ll disable it by default and only use it when we need it.
yum -y install http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/epel.repo
We actually need the EPEL repo to install Fail2Ban for monitoring of attacks on certain Linux services such as SSH:
yum --enablerepo=epel install fail2ban -y cd /etc wget http://incrediblepbx.com/fail2ban-lamp.tar.gz tar zxvf fail2ban-lamp.tar.gz
Another important repository is REMI. It is especially helpful if you decide to upgrade PHP from the default version 5.3 to one of the newer releases: 5.5 or 5.6. In this case, you’ll want to activate the specific repository to support the release you choose in /etc/yum.repos.d/remi-safe.repo.
yum -y install http://rpms.famillecollet.com/enterprise/remi-release-6.rpm sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/remi-safe.repo
One final repository to have on hand is RPMForge, now renamed RepoForge. We’ll use it in a bit to install a dynamic DNS update utility which you actually won’t need at CloudAtCost since your server is assigned a static IP address. But it’s handy to have in the event you wish to assign a free FQDN to your server anyway.
yum -y install http://incrediblepbx.com/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm sed -i 's|enabled = 1|enabled = 0|' /etc/yum.repos.d/rpmforge.repo
Country Blocking with IPSET
We’ll use the EPEL repo to install ipset, a terrific addition to the IPtables Linux firewall that lets you quickly block entire countries from accessing your server:
yum --enablerepo=epel install ipset -y
Next, we’ll add a sample script that documents how the country blocking mechanism works with ipset. For a complete list of countries that can be blocked, go here. If you need a decoder badge to match abbreviations against country names, you’ll find it here. To add other countries, simply edit the shell script and clone lines 4-7 using the names of the countries and country zone files that you wish to add. Be sure to insert the new lines before the commands to restart iptables and fail2ban. This script will need to be run each time your server reboots and before IPtables is brought on line. We’ll handle that a little later.
echo "#\\!/bin/bash" > /etc/block-china.sh echo " " >> /etc/block-china.sh echo "cd /etc" >> /etc/block-china.sh echo "ipset -N china hash:net" >> /etc/block-china.sh echo "rm cn.zone" >> /etc/block-china.sh echo "wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone" >> /etc/block-china.sh echo "for i in $(cat /etc/cn.zone ); do ipset -A china $i; done" >> /etc/block-china.sh echo "service iptables restart" >> /etc/block-china.sh echo "service fail2ban restart" >> /etc/block-china.sh sed -i 's|\\\\||' /etc/block-china.sh chmod +x /etc/block-china.sh
Adding a Few Handy Utilities
If you’re like us, you’ll want to test the speed of your Internet connection from time to time. Let’s install a free script that you can run at any time by logging into your server as root and issuing the command: /root/speedtest.py. Here were our results from last year. Running speedtest on a new server we built today showed a vast improvement in performance. Downloads were over ten times as fast, and upload speeds more than tripled. In fact, we now are using two CloudAtCost servers to host the old PIAF3 repositories.
cd /root wget https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py chmod +x speedtest.py
Next, let’s put in place a simple status display which will quickly tell you what’s running and what’s not. We’ve borrowed some GPL code from Incredible PBX to help you out. Run status-lamp at any time for a snapshot of your server.
cd /usr/local/sbin wget http://incrediblepbx.com/status-lamp.tar.gz tar zxvf status-lamp.tar.gz rm -f status-lamp.tar.gz sed -i 's|myip.pbxinaflash.com|myip.incrediblepbx.com|' /usr/local/sbin/status-lamp
Now we’ll put the Linux Swiss Army Knife in place. It’s called WebMin, and it provides a GUI to configure almost everything in Linux. Pick up a good WebMin book from your public library to get started. Once installed, you access WebMin from your browser at the IP address of your server on the default port of 10000: https://serverIPaddress:10000. It’s probably a good idea to change this port number and the commented out line shows how to do it with the new port being 9001 in the example. The way in which we typically configure the Linux firewall will block all access to WebMin except from an IP address which you have whitelisted, e.g. your home computer’s public IP address.
cd /root yum -y install perl perl-Net-SSLeay openssl perl-IO-Tty yum -y install http://prdownloads.sourceforge.net/webadmin/webmin-1.831-1.noarch.rpm #sed -i 's|10000|9001|g' /etc/webmin/miniserv.conf service webmin restart chkconfig webmin on
Configuring the Linux IPtables Firewall
RULE #1: DON’T BUILD SERVERS EXPOSED TO THE INTERNET WITHOUT SECURITY!
As installed by CloudAtCost, your server provides ping and SSH access from a remote computer and nothing else. The good news: it’s pretty safe. The bad news: it can’t do anything useful for anybody because all web access to the server is blocked. We want to fix that, tighten up SSH access to restrict it to your IP address, and deploy country blocking to show you how.
As we implement the firewall changes, you need to be extremely careful in your typing so that you don’t accidentally lock yourself out of your own server. A typo in an IP address is all it takes. The good news is that, if you do lock yourself out, you still can gain access via the CloudAtCost Management Portal by clicking the Console button of your virtual machine. Because the console is on the physical machine and the lo interface is whitelisted, you can log in and disable the firewall temporarily: service iptables stop
. Then fix the typo and restart the firewall: service iptables start
.
First, let’s download the new IPtables config file into your root folder and take a look at it.
cd /root wget http://incrediblepbx.com/iptables-lamp.tar.gz tar zxvf iptables-lamp.tar.gz
Now edit the /root/iptables-lamp file by issuing the command: nano -w /root/iptables-lamp
You can scroll up and down through the file with Ctl-V and Ctl-Y. Cursor keys work as well. Once you make changes, save your work: Ctl-X, Y, ENTER
. You’re now an expert with the nano text editor, an absolutely essential Linux tool.
Here’s what that file actually looks like:
*filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j DROP -A INPUT -i lo -j ACCEPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP -A INPUT -m state --state INVALID -j DROP -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP -A INPUT -p tcp -m tcp --tcp-flags ACK,FIN FIN -j DROP -A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP -A INPUT -p tcp -m set --match-set china src -j DROP -A INPUT -p udp -m udp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT -A INPUT -p udp -m udp --dport 123 -j ACCEPT -A INPUT -p tcp -m tcp --dport 123 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT #-A INPUT -s 12.34.56.78 -j ACCEPT #-A INPUT -s yourFQDN.dyndns.org -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
Reminder: If you add another country to your block-china script, don’t forget to add a corresponding new country entry to your iptables file. See line 17 above that includes the word "china" for the syntax. There’s nothing much else to tweak except the two commented out (brown) lines that begin with #. First, remove the # symbol by moving the cursor to the right of the first one and hitting the backspace/delete key on your keyboard. Replace 12.34.56.78
with the public IP address of the computer from which you will be accessing your virtual machine. If you need multiple entries for multiple computers at different addresses, clone the line by pressing Ctrl-K and then Ctrl-U twice. Yes, we know. Some folks IP addresses change from time to time. In the next section, we’ll show you how to set up a Dynamic DNS entry with a utility that will keep track of your current IP address. In this case, uncomment the second commented line and replace yourFQDN.dyndns.org
with your dynamic DNS address. Be very careful to assure that your FQDN is always on line. If the firewall cannot verify your DNS entry when it starts, the IPtables firewall will not start which means your server will be left unprotected. HINT: IP addresses are much safer because they are never verified.
Once you have your whitelisted addresses configured, comment out the port 22 line to keep the bad guys from trying to break into your server with SSH. Then save the file: Ctl-X, Y, ENTER
. Next, issue the following commands to copy everything into place and restart the firewall.
mv /etc/sysconfig/iptables /etc/sysconfig/iptables.orig cp -p /root/iptables-lamp /etc/sysconfig/iptables echo "/etc/block-china.sh" >> /etc/rc.local /etc/block-china.sh
Always, always, always check to be sure your firewall is functioning: iptables -nL
. If you don’t see your desktop computer’s public IP address near the end of the listing, then the firewall is dead. status-lamp should also show IPtables down. Check for an error message which will tell you the problematic line so you can correct it.
Implementing Dynamic DNS Service
There are a number of free and paid Dynamic DNS providers. The way this works is you choose a fully-qualified domain name (FQDN) to identify your computer. Then you run a dynamic DNS update utility periodically from that computer. It reports back the current public IP address of your computer and your provider updates the IP address assigned to your FQDN if it has changed. In addition to supporting sites with ever changing IP addresses, it also allows you to permanently assign an FQDN to your computer or server so that it can be accessed without using a cryptic IP address.
If that computer happens to be an Incredible PBX server or a LAMP server that you’ve set up using this tutorial, then the following will get the DNS client update utility loaded using the RPM Forge repository that we previously installed:
yum --enablerepo=rpmforge install ddclient -y
Similar DNS update clients are available for Windows, Mac OS X, and many residential routers. Then it’s just a matter of plugging in the credentials for your dynamic DNS provider and your FQDN. In the case of the CentOS client, the config file is /etc/ddclient/ddclient.conf
. Now reboot your server and pick up a good book on Linux to begin your adventure.
Now For Some Fun…
First, let’s check things out and make sure everything is working as it should. With your favorite web browser, visit the IP address of your new server. You should see the default Apache page:
Next, let’s be sure that PHP is working as it should. While still logged into your server as root using SSH or Putty, issue the following commands and make up some file name to replace test4567 in both lines. Be sure to keep the .php file name extension. Note to gurus: Yes, we know the second line below is unnecessary if you remove the space after the less than symbol in the first line. Unfortunately, WordPress forces the space into the display which left us no alternative.
echo "< ?php phpinfo(); ?>" > /var/www/html/test4567.php sed -i 's|< |<|' /var/www/html/test4567.php
Now jump back to your web browser and access the new page you just created using the IP address of your server and the file name you made up: http://12.34.56.78/test4567.php
The PHPinfo listing will tell you everything you ever wanted to know about your web server setup including all of the PHP functions that have been enabled. That's why you want an obscure file name for the page. You obviously don't want to share that information with every bad guy on the planet. Remember. This is a public-facing web site that anyone on the Internet can access if they know or guess your IP address.
When you're ready to set up your own web site, just name it index.php and store the file in the /var/www/html directory of your server. In the meantime, issuing the following command will assure that anyone accessing your site gets a blank page until you're ready to begin your adventure:
echo " " > /var/www/html/index.php
Ready to learn PHP programming? There's no shortage of books to get you started.
Adding WordPress to Your LAMP Server
Where to begin with WordPress? What used to be a simple platform for bloggers has morphed into an all-purpose tool that makes building virtually any type of web site child's play. If you want to see what's possible, take a look at the templates and sample sites shown on WPZOOM. Unless you're an art major and savvy web designer, this will be the best $70 you ever spent. One of these templates will have your site up and running in minutes once we put the WordPress pieces in place. For the big spenders, $149 will give you access to over 50 gorgeous templates which you can download and use to your heart's content on multiple sites. And, no, your sites don't blow up after a year. You just can't download any additional templates or updates unless you renew your subscription. The other alternative is choose from thousands of templates that are provided across the Internet as well as in the WordPress application itself.
WordPress templates run the gamut from blogs to newsletters to photographer sites to e-commerce to business portfolios to video to travel to magazines to newspapers to education to food to recipes to restaurants and more. Whew! There literally is nothing you can't put together in minutes using a WordPress template. But, before you can begin, we need to get WordPress installed on your server. This is optional, of course. And, if you follow along and add WordPress, we've set it up in such a way that WordPress becomes the primary application for your site. Stated differently, when people use a browser to access your site, your WordPress template will immediately display. When we finish the basic WordPress setup and once you upload an image or two, you'll have a site that looks something like this:
Before you begin, we strongly recommend that you acquire a domain for your site if you plan to use it for anything but experimentation. The reason is because it can be complicated to migrate a WordPress site from one location to another.1 Once you've acquired your domain, point the domain to the IP address of your new server. With a dirt cheap registrar such as Omnis.com, it's easy:
Now let's get started. To begin, we need to load the WordPress application onto your server:
cd /root mkdir wordpress cd wordpress wget http://wordpress.org/latest.tar.gz tar -xvzf latest.tar.gz -C /var/www/html
Next, we'll configure MySQL to support WordPress. We're assuming that you have NOT already created root passwords for MySQL. If you have, you'll need to add -pYourPassword to the various commands below immediately after root. There is no space between -p and your root password. Also edit the first line and make up a new password (replacing XYZ below) for the wordpress user account that will manage WordPress on your server before you cut and paste the code:
mysql -u root -e 'CREATE USER wordpress@localhost IDENTIFIED BY "XYZ";' mysql -u root -e 'CREATE DATABASE wordpress;' mysql -u root -e 'GRANT ALL ON wordpress.* TO wordpress@localhost;' mysql -u root -e 'FLUSH PRIVILEGES;'
Next, we need to configure WordPress with your new MySQL credentials. Before you cut and paste, replace XYZ in the fourth line with the password you assigned in the preceding MySQL step:
cp /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php sed -i 's|database_name_here|wordpress|' /var/www/html/wordpress/wp-config.php sed -i 's|username_here|wordpress|' /var/www/html/wordpress/wp-config.php sed -i 's|password_here|XYZ|' /var/www/html/wordpress/wp-config.php chown -R apache:apache /var/www/html/wordpress
Before you forget, take a moment and create a very secure password for your MySQL root user accounts. Here are the commands. Just replace new-password with your new password before you cut and paste. Note that you also will be prompted for this password when you execute the second command because you will now have a root user password in place from executing the first command.
/usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root -p -h localhost.localdomain password 'new-password'
Finally, we need to modify your Apache web server to support WordPress as the primary application. Be sure to enter your actual email address in the third line before you cut and paste the code below:
echo " " >> /etc/httpd/conf/httpd.conf echo "" >> /etc/httpd/conf/httpd.conf echo 'ServerAdmin somebody@somedomain.com' >> /etc/httpd/conf/httpd.conf echo "DocumentRoot /var/www/html/wordpress" >> /etc/httpd/conf/httpd.conf echo "ServerName wordpress" >> /etc/httpd/conf/httpd.conf echo "ErrorLog /var/log/httpd/wordpress-error-log" >> /etc/httpd/conf/httpd.conf echo "CustomLog /var/log/httpd/wordpress-acces-log common" >> /etc/httpd/conf/httpd.conf echo " " >> /etc/httpd/conf/httpd.conf echo " " >> /etc/httpd/conf/httpd.conf service httpd restart
That should do it. Open a browser and navigate to the IP address of your server. You should be greeted with the following form. Fill in the blanks as desired. The account you're setting up will be the credentials you use to add and modify content on your WordPress site when you click Log In (as shown above). Make the username obscure and the password even more so. Remember, it's a public web site accessible worldwide! When you click Install WordPress, you'll be off to the races.
After your server whirs away for a minute or two, you will be greeted with the WordPress login prompt. With the username and password you entered above, you'll be ready to start configuring your WordPress site.
Once you're logged in, navigate to Appearance -> Themes and click Add New Theme. There's you will find literally hundreds of free WordPress templates that can be installed in a matter of seconds if WPZOOM is too rich for your blood. For a terrific all-purpose (free) theme, try Atahualpa. We'll leave our actual demo site running for a bit in case you want to explore and check out its performance. Installing and configuring the new theme took less than a minute:
A Final Word to the Wise. WordPress is relatively secure but new vulnerabilities are discovered regularly. Keep your templates, plug-ins, AND the WordPress application up to date at all times! The WordFence plug-in is a must-have. And we strongly recommend adding the following lines to your WordPress config file which then will let WordPress update everything automatically. Microsoft has given automatic updates a bad name, but in the case of WordPress, they work well.
echo "define('WP_AUTO_UPDATE_CORE', true);" >> /var/www/html/wordpress/wp-config.php echo "add_filter( 'auto_update_plugin', '__return_true' );" >> /var/www/html/wordpress/wp-config.php echo "add_filter( 'auto_update_theme', '__return_true' );" >> /var/www/html/wordpress/wp-config.php
Building a 3CX Server in the Cloud
Now we're ready for our second cloud project. In less than 10 minutes, we're going to build a free 3CX commercial PBX using the remaining Cloud resources from our $35 purchase. To create your second virtual machine, click on the CLOUDPRO button in the CloudAtCost control panel and then click Add New Server. Choose 1 CPU, 512MB RAM, and 10GB storage for your second server. Choose Debian 8 64bit as the OS Type and click Complete.
Obtain a free license key for 3CX. Next, log in to your new Debian server as root using SSH or Putty and issue these commands. We'll begin by changing your root password.
NOTE: What appears as the fourth line below needs to be added to line #3!
passwd wget -O- http://downloads.3cx.com/downloads/3cxpbx/public.key | apt-key add - echo "deb http://downloads.3cx.com/downloads/3cxpbx/ /" | tee /etc/apt/sources.list.d/3cxpbx.list apt-get update rm -f /zang-debian.sh apt-get -y install 3cxpbx apt-get -y install sendmail sendmail-bin
When the initial setup finishes, choose the Web Interface Wizard and complete the install using your favorite web browser. Enter your 3CX license key when prompted. Make up a very secure Username and Password to access your 3CX portal. Specify that your IP address is Dynamic when prompted (even though it isn't). This tells 3CX to generate an FQDN for your server. Accept the default ports for HTTP (5000) and HTTPS (5001) access to your server. We recommend choosing 4-digit extensions numbers so you'll be ready for next week's project interconnecting your 3CX server to a Raspberry Pi for the best of both worlds. While logged into the 3CX management portal, adjust Settings → Email to Mail Server → 127.0.0.1 and Reply to → noreply@YourActual3CX-FQDN. Leave the other settings blank and click TEST then OK. Set up a SIP trunk with inbound and outbound call routes. Now download your favorite 3CX smartphone client, send yourself the Welcome Email for your default extension, and start calling. It really doesn't get much easier in the VoIP World. Come join the PIAF Forum if you need a helping hand!
Free Calling in the U.S. and Canada with PIAF5. We know our more frugal U.S. residents are wondering if there's a way to make free calls even with 3CX. You didn't really think there would be a release of PBX in a Flash without Google Voice support, did you? It's easy using the Simonics SIP to Google Voice gateway service. Setup time is about a minute, and the one-time cost is $4.99 using this Nerd Vittles link. Setup instructions for the 3CX side are straight-forward as well, and we've documented the procedure on the PIAF Forum.
Free Calling Worldwide with SIP URIs. There's another free calling option as well. PIAF5 and 3CX support worldwide SIP URI calling at no cost. As part of the PIAF5 install procedure, 3CX registers an FQDN for you with one of the 3CX domains if you indicate that your server has a dynamic IP address. Unless you really know what you're doing with DNS, it's a good idea to tell 3CX you have a dynamic IP address whether you do or not. Here's why. Once you have an assigned FQDN in the 3CX universe, one very slick feature is the ease with which you can publish a SIP URI address for any or all of your 3CX extensions thereby allowing PIAF5 users to receive calls from any SIP client worldwide at no cost. Setup takes less than a minute. It's as easy as 1-2-3. Here's how:
1. Login to the 3CX GUI and go to Settings → Network → FQDN. Tick "Allow calls from/to external SIP URIs" and make note of your FQDN, e.g. mypiaf5server.3cx.us. Click OK.
2. For an extension to enable (e.g. 001), go to Extensions → Edit 001 → Options → SIP ID and create any desired SIP URI alias for this extension, e.g. billybob. Click OK.
3. Anyone with a SIP client anywhere worldwide can now call extension 001 using SIP URI: billybob@mypiaf5server.3cx.us.
Special Thanks: Our special tip of the hat goes to a few web sites that we found helpful in putting this article together especially Unixmen and Matt Wilcox & friends and Programming-Review.
Originally published: Tuesday, February 28, 2017
9 Countries Have Never Visited Nerd Vittles. Got a Friend in Any of Them https://t.co/wMfmlhiQ9y #asterisk #freepbx pic.twitter.com/TPFGZbqWB6
— Ward Mundy (@NerdUno) April 22, 2016
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest...
- Should you ever have to migrate your WordPress site from one domain to another, here are two helpful tools to consider: the Automatic Domain Name Changer Plugin and our favorite: WordPress-Domain-Changer. [↩]
VoIPtopia 2017: Choosing the Best, Free VoIP Platform
[iframe-popup id="6″]
Once a year we like to step back and survey the latest and greatest VoIP developments for the coming year. And 2016 was certainly filled with surprises including the release of free versions of 3CX sporting the PIAF5 and Elastix 5.0 monikers. That, in turn, produced a wave of FUD from our friends at Sangoma® urging users to return to their open source roots. But guess what? Sangoma was pitching their FreePBX Distro®, another closed source product just like 3CX. Sure, the Sangoma distro has open source components… just like 3CX and your car for that matter. But it’s disingenuous to diss other products because they’re closed source platforms when yours is too. So today we want to cut through the sales pitches and compare apples to apples while offering our Elastix friends this New Year’s Day Resolution:
Ignore the Hype! Look Before You Leap and Avoid Jumping from the Kettle into the Fire.
Funny: Sangoma Reinforces Commitment to Open Source by Offering Migration Tool to its Closed Source Distro https://t.co/8QK22cWyi9 #asterisk
— Ward Mundy (@NerdUno) December 29, 2016
NEWS FLASH: For PIAF3 and Incredible PBX users who have registered on the PIAF Forum, you’ll be getting an invitation to upgrade to the 8-simultaneous-call 3CX commercial platform at no cost. In addition to unlimited extensions, this one-year license adds unlimited SIP trunks and gateways, 10-participant conferencing, G.729 support, custom FQDNs, BLF support, Call Parking, Call Queueing, Call Pickup, Call Recordings and Management, Call Reporting, Intercom/Paging, remote 3CX bridging support, as well as an integrated fax server and Office 365 and Microsoft Outlook integration. If you haven’t already joined the PIAF Forum, there’s still time. But you’d better hurry.
Choosing a VoIP platform is partially a subjective decision, but there also are some glaring red flags to consider. We suggest you begin by deciding whether your preferences include any must-have’s. Do your requirements mandate an open source solution? Do you need text-to-speech and voice recognition? Does the platform have to include Asterisk®, or are you open to alternatives? Does the operating system have to be Linux-based and, if so, must it be CentOS, Debian, or Ubuntu? If you’ll be using SIP phones, must the platform include phone provisioning software for your phones, or is the ability to purchase it as an add-on sufficient? Is paid support important in making your platform decision and how much are you prepared to pay? Are automatic or pain-free software updates critical in making your selection? Is migration from an existing platform a factor? Does a preconfigured, secure firewall matter, or are you prepared to do it yourself or take your chances? Before choosing to ignore security, read last month’s RIPS analysis of FreePBX®. Here’s a snippet from the article. Read it carefully. It’s your phone bill.
Since FreePBX is written completely in PHP, we decided to throw it into our code analysis tool RIPS. The results were more than surprising…
The total amount of detected vulnerabilities is very high. Luckily, the majority of the detected vulnerabilities are inside the administration control panel, such that attackers either need to steal a valid account or they have to trick an administrator into visiting a malicious website that triggers one of the critical vulnerabilities. For example, a remote command execution vulnerability could be triggered by a less critical cross-site scripting vulnerability. By chaining both vulnerabilities, the severity is increased drastically and can lead to full server compromise.
In choosing which platforms to include today, we eliminated platforms which we considered too complicated for the average new user to configure. We also eliminated any platform that did not offer at least a free tier of service with a reasonably complete feature set as part of their offering. If we’ve inadvertently missed one of your favorites, please feel free to leave a comment, and we will consider including it as well. Happy Hunting!
VoIP Platform Feature Summary
Aggregation: FreePBX Distro a.k.a. AsteriskNOW
License: Closed Source
VoIP Platform: Asterisk 13/14
GUI: FreePBX GPL and Commercial modules
O/S: CentOS-clone
Phone Provisioning: Open Source (minimal) or Commercial
Text-to-Speech/Voice Recognition: Optional/No
Software Updates: Manual
Migration Tools: Yes
Security: Fail2Ban + User-Configured Firewall
Security Rating (as delivered): see above
Comments: Extensive commercial NagWare preinstalled
Aggregation: Incredible PBX for Wazo
License: GPL3 Open Source
VoIP Platform: Asterisk 14 RealTime
GUI: Wazo GPL3 modules
O/S: Debian 8
Phone Provisioning: Extensive Open Source
Text-to-Speech/Voice Recognition: Yes/Yes
Software Updates: Automatic or 2-minute Manual
Migration Tools: No
Security: Fail2Ban + Preconfigured Firewall
Security Rating (as delivered): Secure WhiteList
Comments: High Availability & Call Center GPL3 Modules
Aggregation: Ombutel
License: Closed Source
VoIP Platform: Asterisk 13
GUI: Ombutel with external module support
O/S: Debian 8
Phone Provisioning: Closed Source
Text-to-Speech/Voice Recognition: No/No
Software Updates: Manual
Migration Tools: No
Security: FaiL2Ban + Do-It-Yourself Firewall
Security Rating (as delivered): Insecure
Aggregation: PIAF5 powered by 3CX
License: Closed Source
VoIP Platform: 3CX
GUI: 3CX
O/S: Debian 8
Phone Provisioning: Extensive Closed Source
Text-to-Speech/Voice Recognition: No/No
Software Updates: Semi-Automatic
Migration Tools: Yes
Security: Fail2Ban + Preconfigured Firewall
Security Rating (as delivered): Secure
Comments: Free upgrade provides unlimited SIP trunks with 8 simultaneous calls
Aggregation: Elastix 5.0 powered by 3CX
License: Closed Source
VoIP Platform: 3CX
GUI: 3CX
O/S: Debian 8
Phone Provisioning: Extensive Closed Source
Software Updates: Semi-Automatic
Migration Tools: Yes
Security: Fail2Ban + Preconfigured Firewall
Security Rating (as delivered): Secure
Comments: Free version limited to one SIP trunk & 8 simultaneous calls
Aggregation: Incredible PBX 3
License: GPL2 Open Source
VoIP Platform: Asterisk 13
GUI: FreePBX GPL modules only
O/S: CentOS 6/7, Ubuntu 14, or Raspbian 8
Phone Provisioning: Open Source (minimal)
Text-to-Speech/Voice Recognition: Yes/Yes
Software Updates: Automatic
Migration Tools: Yes
Security: Fail2Ban + Preconfigured Firewall
Security Rating (as delivered): Secure WhiteList
Comments: FreePBX GPL modules only; module signature verification disabled1
Aggregation: Elastix 4.0
License: Open Source GPL
Platform: Asterisk 13
O/S: CentOS 7
Phone Provisioning: Open Source
Text-to-Speech/Voice Recognition: No/No
Software Updates: Semi-Automatic
Migration Tools: No
Security: Fail2Ban + Unconfigured Firewall
Security Rating (as delivered): Insecure
Comments: Currently unavailable but fork announced
Aggregation: PIAF3
License: Open Source GPL with Closed Source Installer
Platform: Asterisk 11/13
O/S: CentOS 6
Phone Provisioning: Open Source (minimal)
Text-to-Speech/Voice Recognition: No/No
Software Updates: Manual
Migration Tools: No
Security: Fail2Ban + Unconfigured Firewall
Security Rating (as delivered): Insecure
Comments: No longer maintained
Published: Sunday, January 1, 2017
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
- See RIPStech article explaining why FreePBX module signature verification is a very dangerous methodology. [↩]
Incredible PBX for CentOS 7: A Free Cloud Server for 4 Months
[iframe-popup id="4″]
We don’t want anyone to think Incredible PBX is a one-trick pony. 2016 is all about choices and Gotcha-Free VoIP alternatives. We spent last week in the mountains taking a careful look at Ubuntu 16.04 and CentOS 7. Despite the promises that LTS releases of Ubuntu wouldn’t break things that used to work, Ubuntu 16.04 breaks things. Specifically, ODBC as we know it is non-existent. And MySQL is a very different beast with InnoDB now a mandatory component. Those were deal-breakers for us because we no longer could load Incredible PBX database snapshots and because current ODBC code won’t work at all. We had much better luck with CentOS 7, and today we’re pleased to introduce Incredible PBX for CentOS 7.
Some still consider CentOS 7 to be an experimental platform, and we want to take the guesswork out of the equation. So we’re offering up a free cloud platform until December to let you kick the tires. It won’t impact your production servers while letting you explore the possibilities offered by another state-of-the-art Asterisk 13 platform. No, your server won’t blow up when you add a new module. No, Asterisk won’t refuse to start because you chose to upgrade an existing component. No, you won’t be Nickle and Dimed into buying critical platform enhancements. And, no, you won’t be charged hundreds of dollars for "support" only to be told that you need to switch to a more proprietary platform. XiVO remains our platform of choice, but to each his own. You can’t teach some old dogs new tricks so today’s Incredible PBX release is for you. 🙂
There’s more good news. VULTR is a relatively new cloud provider that now hosts virtual machines in over a dozen cities around the world. For new subscribers, they are offering a $20 credit when you sign up using our referral link. And, yes, your registration provides a few shekels to Nerd Vittles to keep the lights on. The great news is that $20 buys you a full four months of Incredible PBX cloud hosting service. You won’t find a better do-it-yourself platform at any price, let alone free.
Building the CentOS 7 Platform at Vultr for Incredible PBX
The first step in your CentOS 7 adventure is to sign up for a Vultr account with your $20 credit using the Nerd Vittles referral link. Once you’ve done that, it’s time to build your CentOS 7 virtual machine to host Incredible PBX in the Cloud. (1) Choose your favorite city to host your server, (2) pick the CentOS 7 64-bit platform (only!), and (3) choose the $5/month server size. Feel free to leave the Server Hostname & Label blank.
Once your virtual machine is up and running, log in with SSH or Putty using the IP address and root password provided. Do NOT install Incredible PBX from the console, or you will lock yourself out of your own server! Change your root password immediately: passwd.
Installing Incredible PBX for CentOS 7 in the Vultr Cloud
While still logged into your server as root using SSH/Putty, issue the following commands to get started. This will set up a swap file and then kick off the Incredible PBX installer:
cd /root wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz tar zxvf incrediblepbx* ./create-swapfile-DO ./IncrediblePBX*
The initial setup brings your CentOS 7 server up to current specs, and then the virtual machine will reboot at about the 10 minute mark. After rebooting, log into your server again as root with your new root password. Issue the following command to complete the Incredible PBX installation:
./IncrediblePBX*
Along the way, you may be prompted once or twice to enter information. Just press the ENTER key to accept the defaults. When the installation finishes in about 20 minutes, press the ENTER key to reboot your server and activate the Travelin’ Man 3 firewall. Then log back in as root. Perform the following steps to finish things up and set your passwords:
Make your root password very secure: passwd
Create admin password for GUI access: /root/admin-pw-change
Set your correct time zone: /root/timezone-setup
Create admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin
Make a copy of your Knock codes: cat /root/knock.FAQ
Decipher IP address and other info about your server: status
Now you’re ready to switch to a web browser to finish the setup. Complete the steps using our brief tutorial. Enjoy!
Originally published: Tuesday, August 2, 2016
9 Countries Have Never Visited Nerd Vittles. Got a Friend in Any of Them https://t.co/wMfmlhiQ9y #asterisk #freepbx pic.twitter.com/TPFGZbqWB6
— Ward Mundy (@NerdUno) April 22, 2016
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
It’s All About Choices: Incredible PBX ISO Now Available in the Vultr VPS Cloud
[iframe-popup id="5″]
We’ve heard you. Many prefer the ease of installation offered by the Incredible PBX ISO. Unfortunately, until now, it wasn’t available if you wanted a do-it-yourself Cloud Solution other than, of course, using a turnkey Incredible PBX server at RentPBX. Well, now you have a choice. A great new VPS provider, Vultr, now gives you the option of using your own ISO when you deploy Cloud servers on their worldwide platforms. It’s not 100% intuitive just yet, but Vultr will get there. In the meantime, we’ll walk you through the procedure if you’d like to try it yourself. The good news is Incredible PBX can run on a $5/month Vultr server with 768MB of RAM plus a 768MB cache and a 15GB SSD plus 1TB of monthly bandwidth. And you can build your server in less than 30 minutes.
Getting Started with VULTR
Before you can set up virtual machines at VULTR, you’ll obviously need an account. Help Nerd Vittles keep the lights on by using our referral link. It doesn’t cost you a nickel extra. In fact,for a limited time, you get a $20 credit to try out the service when you sign up using our link above.
Once you’ve set up your account and logged in, the first step is to upload the Incredible PBX ISO so that you can use it to build cloud-based servers:
(1) Click on the Servers link in the left column.
(2) Click the ISO tab.
(3) Click the Add ISO button and use the following Incredible PBX ISO link to upload the ISO to VULTR:
http://sourceforge.net/projects/pbxinaflash/files/IncrediblePBX13.2.iso
(4) Once the ISO has been uploaded, it will display in your ISO uploads listing as shown above.
Building an Incredible PBX Server at VULTR
Now you have two ways to build Incredible PBX servers at VULTR. You can do it the traditional way by starting with a 64-bit CentOS 6.7 image and running the installer. Or you can use your new Incredible PBX ISO which we’ve preloaded into your VULTR account. Let’s do it the new way just to document the procedure.
Start by clicking on the Servers link in the left column. Then click + Deploy New Server button.
(1) Choose a Server Location from the list of choices shown above. For PBXs it’s always good to choose a location that’s near to both your VoIP hosting provider(s) and your actual phones where possible.
(2) For Server Type, click on the Custom ISO tab as shown above and select IncrediblePBX13.2.iso.
(3) For Server Size, choose the platform that meets your needs. You can always start small, take a snapshot of your server, and rebuild with a larger platform down the road if your requirements change.
(4) Choose any Additional Features and HostName desired. Then click the Deploy Now button.
(5) Click the Servers link to monitor the progress in building your virtual machine.
Installing Incredible PBX at VULTR from the ISO
Once your virtual machine Status changes from Installing to Running, (1) write down the IP address of your new server and click Restart button. (2) Click Manage. (3) Click View Console. Choose the type of Incredible PBX install you prefer and follow the prompts to enter your root password and time zone. When the operating system phase of the install finishes, your virtual machine will reboot. While this phase is underway, you’ll need to get prepared to disable the ISO during the reboot. You don’t want to inadvertently start the install all over again!
While the Phase I install is underway, click Server Details in your browser. Then choose (1) Settings, (2) Custom ISO, and (3) click Remove ISO. WAIT at the Are You Sure prompt until the reboot begins in the Console Window. Then click YES in your browser and also close the Console window.
Now use SSH or Putty to login to your new server as root at the IP address you wrote down above. Once logged in, run the Incredible PBX installer to begin Phase 2 of the install: ./IncrediblePBX13-12R.sh. Choose the type passwords you wish to use for Google Voice, and the install will begin. In order to bring your server up to current specs, it will reboot once more after a few minutes. Then you’ll need to kick off the install once again: ./IncrediblePBX13-12R.sh. Choose the type passwords you wish to use for Google Voice, and the install will finish without further interruption. When the install finishes, the server will reboot to bring Asterisk and your firewall on line.
Login to your server as root one more time to get the latest Incredible PBX updates and set up your passwords and verify your time zone. Then you’ll be ready to handle future server admin using your browser:
Make your root password very secure: passwd Create admin password for GUI access: /root/admin-pw-change Create admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin Set your correct time zone: /root/timezone-setup Make a copy of your Knock codes: cat /root/knock.FAQ Review current info about your server: status
If you want to add fax support to your PBX, we’ve got one more installer to run, and you’ll be all set. Just run the following command and press the ENTER key each time you are prompted for input (about 21 times):
cd /root ./incrediblefax11.sh
Success!
It’s a GUI, GUI World Out There
Most management of Incredible PBX will be handled using your favorite browser and one of two GUIs: the Kennonsoft menu which appears when you access the IP address of your server using a browser AND the Incredible GUI which is available on the Admin page of the Kennonsoft menu.
Choose Incredible GUI Administration from the Admin menu of the Kennonsoft GUI (shown above) by clicking on User to switch. The default username is admin and the password is what you set in the preceding step. Now edit extension 701 so you can decipher or change the randomized passwords that was assigned to the 701 extension and its voicemail account: Applications -> Extensions -> 701.
Setting Up a Soft Phone to Use with Incredible PBX
Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension
701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password you created for the extension. Click OK.
Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:
DEMO - Allison's IVR Demo
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
*68 - Wakeup Call
TODAY - Today in History
Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to set up a free Google Voice account. Google has threatened to shut this down but as this is written, it still works. An update supporting Google Voice OAUTH 2 authentication is available here with a complete tutorial. Just start at step #1b. A better long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started. You’ll also find an incredible deal from our platinum sponsor, Vitelity, at the end of this article.
Configuring Google Voice
If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!
We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.
You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…
IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.
While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:
- Call Screening – OFF
- Call Presentation – OFF
- Caller ID (In) – Display Caller’s Number
- Caller ID (Out) – Don’t Change Anything
- Do Not Disturb – OFF
- Call Options (Enable Recording) – OFF
- Global Spam Filtering – ON
Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.
One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!
Now you’re ready to set up your Google Voice trunk in the GUI. After logging in with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!
IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.
If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.
Troubleshooting Audio and DTMF Problems
You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in the GUI: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.
A Few Words about the Incredible PBX Security Model for CentOS
Incredible PBX for CentOS joins our previous Ubuntu build as our most secure turnkey PBX implementation. As configured, it is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. The latest release also includes Port Knocker for simple, secure access from any remote computer or smartphone. You can get up to speed on how the technology works by reading the Nerd Vittles tutorial. Your Port Knocker credentials are stored in /root/knock.FAQ together with activation instructions for your server and mobile devices. The NeoRouter VPN client also is included for rock-solid, secure connectivity to remote users. Read our previous tutorial for setup instructions. As configured, nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. You can whitelist additional IP addresses by running the command-line utility /root/add-ip. You can remove whitelisted IP addresses by running /root/del-acct. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking. We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. And it’s your phone bill. 😉
The IPtables firewall is a complex piece of software. If you need assistance with configuring it, visit the PIAF Forum for some friendly assistance.
Incredible Backup and Restore
We’re also pleased to offer our latest backup and restore utilities for Incredible PBX. Running /root/incrediblebackup will create a backup image of your server in /tmp. This backup image then can be copied to any other medium desired for storage. To restore it to another Incredible PBX server, simply copy the image to a server running Asterisk 13 and the same version of the Incredible PBX GUI. Then run /root/incrediblerestore. Doesn’t get much simpler than that.
Incredible PBX Automatic Update Utility
Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along.
In the meantime, we encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie.
Incredible PBX Application User’s Guide
And now would be a great time to learn about the dozens of Incredible PBX applications. Enjoy!
Originally published: Tuesday, July 12, 2016
9 Countries Have Never Visited Nerd Vittles. Got a Friend in Any of Them https://t.co/wMfmlhiQ9y #asterisk #freepbx pic.twitter.com/TPFGZbqWB6
— Ward Mundy (@NerdUno) April 22, 2016
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Taking a Fresh Look at the Asterisk, FreePBX, and Incredible PBX Security Models
About once a year, we try to shine the spotlight on Asterisk® security in hopes of saving lots of organizations and individuals a little bit (or a lot) of money. In light of last week’s major security lapse in the Asterisk® dialplan of those using FreePBX® since the Asterisk@Home days, now seemed like a good time for a review. As we’ve noted before, the problem with open source phone systems is they’re open source phone systems. So the bad guys can figure out how they work just like the good guys. Unfortunately, some of the bad guys are paying particular attention to Asterisk and FreePBX so it behooves all of us to remain vigilant and patch vulnerabilities quickly. The FreePBX Devs have done an admirable job in responding quickly to this issue.
Last week’s vulnerability involves the call transfer methodology that has been incorporated into FreePBX-based Asterisk servers for at least a decade. In a nutshell, it allows an internal or outside caller or called party to transfer a call using touchtones instead of a dedicated transfer button or hook flash. ## performs a blind transfer while *2 sets up an attended transfer where the person transferring the call can actually talk to the transfer recipient before executing the call transfer. Some of our foreign friends used this *2 methodology to initiate calls to Asterisk servers and then to transfer those calls to expensive destinations while the other party to the call listened to music on hold. Worse yet, it could be performed within an answering IVR on some servers so the administrator never knew the call transfer took place other than reviewing the call detail records. As with some previous vulnerabilities, this one had lain dormant since the inception of call transfer technology in Asterisk. The default settings in FreePBX permitted outside calling or called parties to initiate transfers using these feature codes. We’re reminded of a similar vulnerability that used to exist in many Asterisk voicemail systems that allowed callers to dialout to another number from within the voicemail system.
We hope to persuade you today that allowing transfer of calls using touch tones is a very bad idea to begin with. Even when you don’t get a surprise phone bill, it often results in unanticipated consequences such as depicted in this video shared on DSL Reports:
https://youtu.be/bnMVebywX6Y
Here’s how you can protect any server that uses all or some of the FreePBX GUI. First, be aware that the FreePBX developers are working on a rewrite of the Core component in versions 13 and 12. The fix would limit use of this technology to those on the internal side of a PBX. In other words, remote callers would be blocked from calling into an Asterisk server and transferring themselves to a phone on a cruise ship sailing in the Indian Ocean. In the meantime, issuing the following commands will patch things up:
mysql -uroot -ppassw0rd asterisk -e "update freepbx_settings set value = 'tr' where keyword = 'DIAL_OPTIONS' limit 1" mysql -uroot -ppassw0rd asterisk -e "update freepbx_settings set value = '' where keyword = 'TRUNK_OPTIONS' limit 1" amportal a r
For those using Incredible PBX™, the Automatic Update Utility will patch your server the next time you log in as root.
Olle Johansson has been one of the primary shakers and movers when it comes to educating folks on Asterisk security and inspiring developers to do a better job designing these systems. If you didn’t attend AstriCon 2013 and haven’t watched the Security Master Class, put these videos on your Bucket List. They’re all free and well worth your time.
When we began building out Incredible PBX on other platforms several years ago, we decided it was an opportune time to revisit our Asterisk security model and make it as bullet-proof as possible given the number of people now deploying Asterisk servers in the cloud. As a practical matter, there are no hardware-based firewalls to protect you with many of the cloud-based systems. So you literally live or die based upon the strength of your own software-based security model.
As in the past, security is all about layers of protection. A bundle of sticks is harder to break than a single stick. There now are Incredible PBX builds for CentOS, Scientific Linux, Ubuntu 14, and the latest Raspbian 8 for the Raspberry Pi 2 and 3. All of these releases include the new Incredible PBX security model. Here’s how it works…
The 7 Security Layers include the following, and we will go into the details below:
- Preconfigured IPtables Linux Firewall
- Preconfigured Travelin’ Man 3 WhiteLists
- Randomized Port Knocker for Remote Access
- TM4 WhiteListing by Telephone (optional)
- Fail2Ban
- Randomized Ultra-Secure Passwords
- Automatic Security Updates & Bug Fixes
1. IPtables Linux Firewall. Yes, we’ve had IPtables in place with PBX in a Flash for many years. And, yes, it was partially locked down in previous Incredible PBX releases if you chose to deploy Travelin’ Man 3. Now it’s automatically installed AND locked down, period. As installed, the new Incredible PBX limits login access to your server to those on your private LAN (if any) and anyone logging in from the server’s public or private IP address and the public IP address of the desktop machine used to install the Incredible PBX software. If you or your users need access from other computers or phones, those addresses can be added quickly using either the Travelin’ Man 3 tools (add-ip and add-fqdn) or using the Port Knocker application running on your desktop or smartphone. All you need is your randomized 3 codes for the knock. You can also enable a remote IP address by telephone. Keep reading!
2. Travelin’ Man 3 WhiteLists. As in the past, many of the major SIP providers have been whitelisted in the default setup so that you can quickly add new service without worrying about firewall access. These are providers that we’ve used over the years. The preconfigured providers include Vitelity (outbound1.vitelity.net and inbound1.vitelity.net), Google Voice (talk.google.com), VoIP.ms (city.voip.ms), DIDforsale (209.216.2.211), CallCentric (callcentric.com), and also VoIPStreet.com (chi-out.voipstreet.com plus chi-in.voipstreet.com), Les.net (did.voip.les.net), Future-Nine, AxVoice (magnum.axvoice.com), SIP2SIP (proxy.sipthor.net), VoIPMyWay (sip.voipwelcome.com), Obivoice/Vestalink (sms.intelafone.com), Teliax, and IPkall. You are, of course, free to add other providers or users using the whitelist tools being provided. add-ip lets you add an IP address to your whitelist. add-fqdn lets you add a fully-qualified domain name to your whitelist. del-acct lets you remove an entry from your whitelist. Because FQDNs cause problems with IPtables if the FQDN happens to be invalid or non-functional, we’ve provided a customized iptables-restart tool which will filter out bad FQDNs and start up IPtables without the problematic entries.
Be advised that whitelist entries created with PortKnocker are stored in RAM, not in your IPtables file. These RAM entries will get blown out of the water whenever your system is restarted OR if IPtables is restarted. Stated another way, PortKnocker should be used as a stopgap tool to get new IP addresses qualified quickly. If these addresses need access for more than a few hours, then the Travelin’ Man 3 tools should be used to add them to your IPtables whitelist. If your whitelist setup includes dynamic IP addresses, be aware that using ipchecker in a cron job to test for changing dynamic IP addresses will remove PortKnocker whitelist RAM entries whenever an IP address change triggers an iptables-restart.
For more detail on Travelin’ Man 3, review our original tutorial.
3. PortKnocker WhiteListing. We’ve previously written about PortKnocker so we won’t repeat the article here. Simply stated, it lets you knock on three ports on a host machine in the proper order to gain access. If you get the timing and sequence right, the IP address from which you knocked gets whitelisted for access to the server… with appropriate admin or root passwords, of course. The knocking can be accomplished with either a command line tool or an iOS or Android app using your smartphone or tablet. As noted above, it’s a terrific stopgap tool to let you or your users gain quick access to your server. For the reasons we’ve documented, don’t forget that it’s a stopgap tool. Don’t use it as a replacement for Travelin’ Man 3 whitelists unless you don’t plan to deploy dynamic IP address automatic updating. Just to repeat, PortKnocker whitelists get destroyed whenever IPtables is restarted or your server is rebooted. You’ve been warned.
4. TM4 WhiteListing by Telephone. Newer releases of Incredible PBX are preconfigured with ODBC support for telephony applications. One worth mentioning is our new Travelin’ Man 4 utility which lets a remote user dial into a dedicated DID and register an IP address to be whitelisted on the server. Within a couple minutes, the user will be sent an email confirming that the IP address has been whitelisted and remote access is now enabled. For phone systems and administrators supporting hundreds of remote users, this new feature will be a welcome addition. It can be configured in a couple minutes by following the Installation instructions in the Travelin’ Man 4 tutorial. Unlike PortKnocker, whitelisted IP addresses added with TM4 are permanent until modified by the remote user or deleted by the administrator.
5. Fail2Ban. We’ve never been a big fan of Fail2Ban which scans your logs and blacklists IP addresses after several failed attempts to log in or register with SSH or Apache or Asterisk. The reason is because of documented cases where attacks from powerful servers (think: Amazon) completely overpower a machine and delay execution of Fail2Ban log scanning until tens of thousands of registration attempts have been launched. The FreePBX folks are working on a methodology to move failed login attempts to a separate (smaller) log which would go a long way toward eliminating the log scanning bottleneck. In the the meantime, Fail2Ban is included, and it works when it works. But don’t count on it as your only security layer.
6. Randomized Passwords. With the new security model described above, we’ve dispensed with Apache security to protect FreePBX® access. These new Incredible PBX releases rely upon the FreePBX security model which uses encrypted passwords stored in MySQL or MariaDB. As part of the installation process, Incredible PBX randomizes ALL FreePBX passwords including those for the default 701 extension as well as the admin password. When your new Incredible PBX install completes, the most important things to remember are your (randomized) FreePBX admin password AND the (randomized) 3 ports required for Port Knocker access. Put them in a safe place. Sooner or later, you’ll need them. You can review your PortKnocker settings in /root/knock.FAQ. We’ve also included admin-pw-change in the /root folder for those that are too lazy to heed our advice. With the new security model, there is no way to look up your admin password. All you can do is change it… assuming you haven’t also forgotten your root password. 😉
7. Automatic Update Service. All new Incredible PBX builds include an automatic update service to provide security patches and bug fixes whenever you log into your server as root. It saved you just last week! If you don’t want the updates for some reason, you can delete the /root/update* file from your server. If the cost of maintaining this service becomes prohibitive, we may implement a pay-for-service fee, but it presently is supported by voluntary contributions from our users. It has worked extremely well and provided a vehicle for pushing out updates that affect the reliability and security of your server.
A Word About IPv6. Sooner or later Internet Protocol version 6 will be upon us because of the exhaustion of IPv4 IP addresses. Incredible PBX is IPv6-aware and IPtables has been configured to support it as well. As deployed, outbound IPv6 is not restricted. Inbound access is limited to localhost. You, of course, are free to modify it in any way desired. Be advised that disabling IPv6 localhost inbound access will block access to the FreePBX GUI. Don’t ask us how we know. 🙂
Originally published: Monday, April 18, 2016
9 Countries Have Never Visited Nerd Vittles. Got a Friend in Any of Them https://t.co/wMfmlhiQ9y #asterisk #freepbx pic.twitter.com/TPFGZbqWB6
— Ward Mundy (@NerdUno) April 22, 2016
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
Chasing the Asterisk Rainbow: An Incredible PBX for Everyman… and Woman
The one thing we’ve learned over the past decade is that everyone’s telecommunications needs are different. We began the Incredible PBX™ project by offering a script for PBX in a Flash™ that enhanced its functionality by adding three dozen applications for Asterisk® plus a rock-solid, preconfigured firewall. We expanded on that initial design by offering installers to support both Elastix® 4.0 and even the FreePBX® Distro and AsteriskNOW. But many asked for something more. Some wanted a turnkey install on inexpensive hardware so we now have a Raspberry Pi® 3 image that configures itself in under a minute. Others wanted and we provided an ISO image that could be loaded onto a USB thumb drive and used to install Incredible PBX on virtually any standalone hardware platform including the $200 Intel NUC. Then there were the enthusiasts that insisted upon virtual machines for virtually everything. So we built Incredible PBX images for Proxmox, and VirtualBox, and VMware. All of these builds could be set up about as quick as you can snap your fingers. Still others believed that all computing should be handled with Cloud-based servers. So we created a $10.50 solution for lifetime Cloud computing with CloudAtCost, a $5/month solution with Digital Ocean, and a $15/month rock-solid reliable PBX with RentPBX. Finally, there were operating system purists. Some preferred RedHat/CentOS/Scientific Linux while others swore by Debian or Ubuntu or Raspbian 8. So we added Incredible PBX builds for every conceivable operating system.
What remained consistent through all of these Incredible PBX iterations was our absolute commitment to providing a secure computing environment out of the box with a feature set unmatched in both the open source and commercial PBX communities. But, of course, there is always someone that doesn’t want features and prefers a secure platform on which to build their own servers. We’ve even accommodated that request with the Lean, Mean Edition of Incredible PBX.
So, today while we work on taxes, you can take a leisurely stroll through all of the available Incredible PBX links above and choose a platform that best meets your needs. Our other uncompromising feature is price. Incredible PBX is and always will be free with NoGotchas. If you’re still confused about choosing a favorite build, try our Decision Tree below. It’ll give you suggestions in less than a minute. Come join the party!
Originally published: Monday, April 11, 2016
9 Countries Have Never Visited Nerd Vittles. Got a Friend in Any of Them https://t.co/wMfmlhiQ9y #asterisk #freepbx pic.twitter.com/TPFGZbqWB6
— Ward Mundy (@NerdUno) April 22, 2016
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
The Best of Both Worlds: Taking Incredible PBX from the Cloud to the Ocean
We’ve spent a good bit of time documenting a dirt cheap way to learn about VoIP in the Cloud with our Incredible PBX offering using a $10.50 virtual machine at CloudAtCost. Is it production ready? Probably not. But we’re reminded of the old saying that pizza is a lot like sex: "When it’s good, it’s really good. And, when it’s bad, it’s still pretty good." That pretty much sums up CloudAtCost. And it’s not like a one-time investment for the cost of a pizza lunch is going to break the bank.
Today we turn our attention to a more reliable, long term Cloud solution with a fresh look at Incredible PBX with Digital Ocean. This setup runs about $5 a month after a free $10 trial using our referral link. If you continue to use the service, it also generates a little revenue for Nerd Vittles to keep the lights on.
It’s been about two years since we first introduced the Digital Ocean platform. Back then, it was the experimental platform. But a lot has changed, and it’s all for the better. First, you get a Cloud Server on which you can create virtually any Linux platform you like including CentOS, Fedora, Debian, Ubuntu, and more. Second, you get your choice of seven datacenters all around the world: New York, San Francisco, Toronto, London, Frankfurt, Amsterdam, and Singapore. Third, you get enormous scalability. You can start with the $5/month flavor with 512MB of RAM and a single CPU, 20GB of SSD storage, and 1TB of bandwidth. As your requirements grow and with a couple clicks, you can scale up through 8 multiples of capacity to a whopping 64GB of RAM with 20 CPUs, 640GB of storage, and 9TB of bandwidth for less than a dollar an hour. Just make a Snapshot of any off-line Droplet, and then use that Snapshot as the image for your new server in lieu of a Linux Distribution.
For our purposes today and for home and SOHO business users, the $5/month Digital Ocean platform is a perfect fit for both the CentOS 6.7 and Ubuntu 14.04 flavors of Incredible PBX. Once you’ve created your Digital Ocean Droplet with your choice of operating system, the Incredible PBX install procedure takes about 25 minutes. This includes the time necessary to compile and install the latest release of Asterisk® 13 from source code. When you’re finished, you’ll have a rock-solid PBX that is fully secured using the Linux firewall. For out-of-the-gate security, no other PBX comes close… at any price. Incredible PBX is and always will be pure open source GPL code and, of course, it’s FREE!
Creating Your First Digital Ocean Droplet
CentOS 6.7 remains our Gold Standard of Linux operating systems. We’ll start there and walk you through the Incredible PBX install procedure. Begin by signing up for a Digital Ocean account and creating a 512MB $5 droplet in your choice of data centers. Choose the CentOS 6.7 x32 platform just to keep things simple, and pick a hostname such as centos.incrediblepbx.com. It doesn’t matter if it is not resolvable, but it does need to be in FQDN format.
By the way, you only pay for the time your droplet actually exists so build several and play for a couple hours. Your total cost will be about 5¢. And, as we noted, your first $10 of server charges are actually free. So you have nothing to lose by experimenting. If you make a mistake, delete your droplet and start over. No big deal. Once your droplet has been created, Digital Ocean will send you an email with your root user credentials and the IP address of your new server. Login with SSH or Putty, and you’ll be prompted to immediately change your root password. Make it secure… as if your bank account depended upon it. 😉
Installing Incredible PBX 13 for CentOS 6.7
Now we’re ready to begin the Incredible PBX install. It’s a two-step procedure. First, we’ll get CentOS up to date and reboot. Then we’ll kick off the actual install. Just cut-and-paste the following commands while logged into your droplet as root:
setenforce 0 yum -y upgrade --skip-broken yum -y install net-tools nano wget tar reboot
Once your server reboots, login again as root and cut-and-paste the following commands. Take a 30-minute break while the installer does its thing. If you’re one that likes to watch, don’t worry if you see some error messages. They all get sorted out before the installation finishes.
cd /root wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz tar zxvf incrediblepbx* ./create-swapfile-DO ./IncrediblePBX* reboot
Let’s login to your server one more time to get the latest Incredible PBX updates and set up your passwords and time zone. Then you’ll be ready to handle future server admin using your browser:
Make your root password very secure: passwd Create admin password for GUI access: /root/admin-pw-change Create admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin Set your correct time zone: /root/timezone-setup Make a copy of your Knock codes: cat /root/knock.FAQ Review current info about your server: status OR pbxstatus (depends on release)
If you want to add fax support to your PBX, we’ve got one more installer to run, and you’ll be all set. Just run the following command and press the ENTER key each time you are prompted for input (about 21 times):
cd /root ./incrediblefax11.sh
Success!
It’s a GUI, GUI World Out There
Most management of Incredible PBX will be handled using your favorite browser and one of two GUIs: the Kennonsoft menu which appears when you access the IP address of your server using a browser AND the Incredible GUI which is available on the Admin page of the Kennonsoft menu.
Choose Incredible GUI Administration from the Admin menu of the Kennonsoft GUI (shown above) by clicking on User to switch. The default username is admin and the password is what you set in the preceding step. Now edit extension 701 so you can decipher or change the randomized passwords that was assigned to the 701 extension and its voicemail account: Applications -> Extensions -> 701.
Setting Up a Soft Phone to Use with Incredible PBX
Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension
701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and whatever password you created for the extension. Click OK.
Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:
DEMO - Allison's IVR Demo
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
*68 - Wakeup Call
TODAY - Today in History
Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to set up a free Google Voice account. Google has threatened to shut this down but as this is written, it still works. An update supporting Google Voice OAUTH 2 authentication is available here with a complete tutorial. Just start at step #1b. A better long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started. You’ll also find an incredible deal from our platinum sponsor, Vitelity, at the end of this article.
Configuring Google Voice
If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!
We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.
You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…
IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.
While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:
- Call Screening – OFF
- Call Presentation – OFF
- Caller ID (In) – Display Caller’s Number
- Caller ID (Out) – Don’t Change Anything
- Do Not Disturb – OFF
- Call Options (Enable Recording) – OFF
- Global Spam Filtering – ON
Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.
One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!
Now you’re ready to set up your Google Voice trunk in the GUI. After logging in with your browser, click the Connectivity tab and choose Google Voice/Motif. To Add a new Google Voice account, just fill out the form. Do NOT check the third box or incoming calls will never ring!
IMPORTANT LAST STEP: Google Voice will not work unless you restart Asterisk from the Linux command line at this juncture. Using SSH, log into your server as root and issue the following command: amportal restart.
If you have trouble getting Google Voice to work (especially if you have previously used your Google Voice account from a different IP address), try this Google Voice Reset Procedure. It usually fixes connectivity problems. If it still doesn’t work, enable Less Secure Apps using this Google tool.
Troubleshooting Audio and DTMF Problems
You can avoid one-way audio on calls and touchtones that don’t work with these simple settings in the GUI: Settings -> Asterisk SIP Settings. Just plug in your public IP address and your private IP subnet. Then set ULAW as the only Audio Codec.
A Few Words about the Incredible PBX Security Model for CentOS
Incredible PBX for CentOS joins our previous Ubuntu build as our most secure turnkey PBX implementation. As configured, it is protected by both Fail2Ban and a hardened configuration of the IPtables Linux firewall. The latest release also includes Port Knocker for simple, secure access from any remote computer or smartphone. You can get up to speed on how the technology works by reading the Nerd Vittles tutorial. Your Port Knocker credentials are stored in /root/knock.FAQ together with activation instructions for your server and mobile devices. The NeoRouter VPN client also is included for rock-solid, secure connectivity to remote users. Read our previous tutorial for setup instructions. As configured, nobody can access your PBX without your credentials AND an IP address that is either on your private network or that matches the IP address of your server or the PC from which you installed Incredible PBX. You can whitelist additional IP addresses by running the command-line utility /root/add-ip. You can remove whitelisted IP addresses by running /root/del-acct. Incredible PBX is preconfigured to let you connect to many of the leading SIP hosting providers without additional firewall tweaking. We always recommend you also add an extra layer of protection by running your server behind a hardware-based firewall with no Internet port exposure, but that’s your call. And it’s your phone bill. 😉
The IPtables firewall is a complex piece of software. If you need assistance with configuring it, visit the PIAF Forum for some friendly assistance.
Incredible Backup and Restore
We’re also pleased to offer our latest backup and restore utilities for Incredible PBX. Running /root/incrediblebackup will create a backup image of your server in /tmp. This backup image then can be copied to any other medium desired for storage. To restore it to another Incredible PBX server, simply copy the image to a server running Asterisk 13 and the same version of the Incredible PBX GUI. Then run /root/incrediblerestore. Doesn’t get much simpler than that.
Incredible PBX Automatic Update Utility
Every time you log into your server as root, Incredible PBX will ping the IncrediblePBX.com web site to determine whether one or more updates are available to bring your server up to current specs. We recommend you log in at least once a week just in case some new security vulnerability should come along.
In the meantime, we encourage you to sign up for an account on the PIAF Forum and join the discussion. In addition to providing first-class, free support, we think you’ll enjoy the camaraderie.
Originally published: Thursday, March 17, 2016
Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…
It’s Back: $10.50 Buys an Incredible PBX in the Cloud For Life… If You Hurry
In January, we began our new series on Cloud Computing by documenting how to build an awesome LAMP server in the Cloud using Linux. Today we’re again going to show you how to use the same Cloud platform and take advantage of the $10.50 coupon code TAKE70 to build an Incredible PBX in the Cloud FOR LIFE. When you’re finished, you’ll have a state-of-the-art Incredible PBX 13 server with hundreds of PBX features including free calling to the U.S. and Canada using any (free) Google Voice account. Keep in mind this isn’t $10.50 a month for your cloud server. It’s $10.50, period! The whole project takes less than an hour. Before we begin, let’s revisit our cautionary note for those that missed it in the previous article. It’s important.
There’s lots to hate at Cloud At Cost, a Canadian provider that offers virtual machines in the cloud for a one-time fee with no recurring charges. For
$35$10.50, you get a virtual machine with 512MB of RAM, 10GB of storage, and a gigabit Internet connection FOR LIFE. We haven’t seen a week go by when Cloud at Cost didn’t offer some sort of discount. Today it’s 70% which brings the total cost down to $10.50. That’s less than a burger at Five Guys. That’s the good news. But, if security, 99.999% reliability, performance, and excellent customer support are your must-haves, then look elsewhere. So why would anyone in their right mind sign up for a cloud solution that didn’t offer those four things? Did we mention it’s $10.50 for a lifetime cloud server?If you take our recommendation and plunk down your $10.50, you’ll need to go into this with the right attitude. It’s not going to be flawless perfection computing. It’s a sandbox on which to experiment with [VoIP] and Cloud Computing. Will your virtual machine disintegrate at some juncture? Probably. Our experience is that the first couple days are critical. If you start seeing sluggish performance which degenerates to zero, don’t waste your time. Take good notes as you go along, delete the virtual machine, and rebuild a new one. It won’t cost you a dime, and it’ll save you hours of frustration. We suspect that bad folks get onto some of the servers and delight in bringing the machines to their knees. So the quicker you cut your losses, the better off you will be. Is CloudAtCost a good solution for production use?
AbsolutelyProbably not so don’t try to fit a square peg in the round hole. It’s not gonna work, and you WILL be disappointed.
Today’s experiment will give you a platform on which to learn before you decide upon a more permanent deployment solution. And it will give you a terrific home for a backup server once you do move to a long-term solution so your $10.50 won’t be wasted.
TAKE70: Build a VoIP Server in the Cloud FOR LIFE w/ Free US/CAN calling https://t.co/l9It2xq14S #asterisk #freepbx pic.twitter.com/UYuCMcfEn8
— Ward Mundy (@NerdUno) January 31, 2016
The objective today is to show you how to build a rock-solid, secure VoIP server in the Cloud with all the bells and whistles you’d typically find on a PBX costing tens of thousands of dollars. Incredible PBX is pure GPL, open source code with one major difference. It’s FREE! And it’s supported by thousands of users on the PIAF Forum that started just like you.
Some of you are probably wondering why you would want a PBX at all. Hearing is believing as they say. Spend a couple minutes and call our CloudAtCost demo server. We preconfigured it using everything provided in today’s tutorial. It’ll let you play with some of the features that a PBX offers such a voice dialing from a directory, news and weather forecasts, and much more. And, in case you’re wondering, it’s been running 24/7 for two full months without a single hiccup. To try it for yourself, just dial:
Nerd Vittles Demo IVR Options
1 – Call by Name (say “Delta Airlines” or “American Airlines” to try it out)
2 – MeetMe Conference (password is 1234)
3 – Wolfram Alpha (say “What planes are flying overhead now?”)
4 – Lenny (The Telemarketer’s Worst Nightmare)
5 – Today’s News Headlines
6 – Weather Forecast (Just enter your ZIP Code!)
7 – Today in History
8 – Speak to a Real Person (or maybe just voicemail if we’re out)
For long time readers of Nerd Vittles, you already know that the component we continually stress is security. Without that, the rest really doesn’t matter. You’ll be building a platform for someone else to hijack and use for nefarious purposes. When we’re finished today, you’ll have a cloud-based VoIP server that is totally invisible to the rest of the world except a short list of VoIP providers that have been thoroughly vetted by Nerd Vittles staff. You can whitelist additional locations and phones to meet your individual needs without worrying about your server being compromised.
Creating Your Virtual Machine Platform in the Cloud
To get started, you’ve got to cough up your $10.50 at Cloud at Cost using coupon code TAKE70. Once you’ve signed up, CloudAtCost will send you credentials to log into the Cloud at Cost Management Portal. Change your portal password IMMEDIATELY after logging in. Just go to SETTINGS and follow your nose. HINT: DC2 is the preferred data center!
To create your virtual machine, click on the CLOUDPRO button and click Add New Server. If you’ve only purchased the $10.50 CloudPRO 1 platform, then you’ll need all of the available resources shown in the pick list. Leave CentOS 6.7 64bit selected as the OS Type and click Complete. Depending upon the type of special pricing that Cloud at Cost is offering when you sign up, the time to build your virtual machine can take anywhere from a minute to the better part of a day. Things have settled down since the 90% off week so new servers typically are ready in a few minutes. However, we’ve learned to build new virtual machines at night where possible. Then they’re usually available for use by the next morning. Luckily, this slow performance does not impact existing virtual machines that already are running in the CloudAtCost hosting facilities.
Initial Configuration of Your CentOS 6.7 Virtual Machine
With a little luck, your virtual machine soon will appear in your Cloud at Cost Management Portal and look something like what’s shown above. The red arrow points to the i button you’ll need to click to decipher the password for your new virtual machine. You’ll need both your IP address and the password for the new virtual machine in order to log into the server which is now up and running with a barebones CentOS 6.7 operating system. Note the yellow caution flag. That’s telling you that Cloud at Cost will automatically shut down your server in a week to save (them) computing resources. You can change the setting to keep your server running 24/7. Click Modify, Change Run Mode, and select Normal – Leave Powered On. Click Continue and OK to save your new settings.
Finally, you’ll want to change the Host Name for your server to something more descriptive than c7…cloudpro.92… Click the Modify button again and click Rename Server to change it. IncrediblePBX13 has a nice ring to it, but to each his own.
Logging into Your New CentOS 6.7 Virtual Machine
In order to configure and manage your new CentOS 6.7 virtual machine, you’ll need to log into the new server using either SSH or, for Windows users, Putty. After installing Putty, run it and log in to the IP address of your VM with username root and the password you deciphered above. On a Mac, open a Terminal session and issue a command like this using the actual IP address of your new virtual machine:
ssh root@12.34.56.78
Before you do anything else, reset your Virtual Machine’s root password to something very secure: passwd
Next, let’s address a couple of CloudAtCost quirks that may cause problems down the road. CloudAtCost has a nasty habit of not cleaning up after itself with fresh installs. The net result is your root password may get reset every time you reboot even though you changed it.
sed -i '/exit 0/d' /etc/rc.local killall plymouthd echo killall plymouthd >> /etc/rc.local rm -f /etc/rc3.d/S97* echo "exit 0" >> /etc/rc.local
Installing Incredible PBX 13 with CentOS 6.7
Now we’re ready to build your VoIP server platform. There aren’t many steps so just cut-and-paste the code into your SSH or Putty session and review the results to make sure nothing comes unglued. If something does, the beauty of virtual machines is you can delete them instantly within your management portal and just start over whenever you like. So here we go…
We’ll begin by permanently turning off SELINUX which causes more problems than it solves. The first command turns it off instantly. The second line assures that it’ll stay off whenever you reboot your virtual machine.
setenforce 0 sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
Now let’s bring CentOS 6.7 up to current specs and add a few important applications:
yum -y update yum -y install net-tools nano wget tar reboot
Once your server reboots, we’re ready to kick off the Incredible PBX 13 install:
cd /root wget http://incrediblepbx.com/incrediblepbx13-12.2-centos.tar.gz tar zxvf incrediblepbx* ./IncrediblePBX*
When the install begins, read the license agreement and press ENTER to agree to the terms and get things rolling. Now would be a great time to go have breakfast or lunch. Come back in about an hour and your server should be ready to go.
Implementing Dynamic DNS Service on Your Client Machines
Unlike some other PBX offerings that leave your server exposed to the Internet, Incredible PBX is different. Unless the IP address from which you are accessing the server has been whitelisted, nobody on the Internet can see your server. The only exception is the preferred providers list and those on the same local area network (which is nobody in the case of CloudAtCost). As part of the Incredible PBX install, the IP address of the computer you used to perform the install was whitelisted automatically. But there may be other computers from which you wish to allow access to the PBX in order to deploy telephones at remote sites. Some of these sites may have dynamic IP addresses that change from time to time. Or you may have traveling salesman that land in a new hotel almost every night with a new IP address. Fortunately, there are a number of free and paid Dynamic DNS providers. For sites with dynamic IP addresses, simply choose a fully-qualified domain name (FQDN) to identify each location where you need computer access or need to deploy a phone. Then run a dynamic DNS update utility periodically from a computer or router at that site. It reports back the current public IP address of the site and your DNS provider updates the IP address assigned to that FQDN whenever there are changes.
DNS update clients are available for Windows, Mac OS X, and many residential routers. They’re also available for Android devices. Then it’s just a matter of plugging in the remote users’ FQDNs so Incredible PBX knows to give them server access via the whitelist. You implement this in seconds using the add-ip and add-fqdn utilities in the /root directory.
There are other ways to gain access as well using the PortKnocker utility or Travelin’ Man 4 from a telephone. Both of these are covered in the Incredible PBX 13 tutorial so we won’t repeat it here.
Incredible PBX Preliminary Setup Steps
First, let’s check things out and make sure everything is working as it should. With your favorite web browser, visit the IP address of your new server. You should see the default Incredible PBX page, the Kennonsoft Menu. It’s divided into two parts, a Users tab (shown below) and an Admin tab with additional options that we’ll cover shortly.
Now we need to jump back to SSH or Putty and log back into your server as root. You’ll note that the Incredible PBX Automatic Update Utility is run each time you log in. This is how important security updates are pushed to your server so do it regularly. And, no, you don’t need to contribute to our open source projects unless you want to. You’ll still get the updates as they are released.
After the Automatic Update Utility runs, the login script will execute status which tells you everything you need to know about the health of your server. After the initial install, it will look something like this with your server’s IP address obviously. We’ll cover the RED items down the road a bit.
For now, we need to complete a few preliminary setup steps for Incredible PBX to make sure you can log into the various components which have been installed on your computer. There are several different credentials you will need. Most of these are configured using scripts in the /root folder of your server. First, you need your root password for the server itself, and you should have already set that up with a very secure password using passwd. These same credentials are used to login to WebMin.
Next you’ll need an admin password for the Incredible PBX GUI. This is the management utility and Asterisk® code generator which consists of FreePBX® GPL modules that are open source and free to use. The admin password is set by running admin-pw-change in the /root directory.
There are also a number of web-based applications such as Telephone Reminders, AsteriDex, phpMyAdmin, and VoiceMail & Recordings (User Control Panel). You obviously don’t want everyone with a telephone using all of these applications so they are protected using a couple different Apache web server credentials. First, you set up an admin password for the administrator-level applications using the htpasswd utility. Then you set up an end-user account and password for access to AsteriDex, Reminders, and the User Control Panel. With the User Control Panel, end users also will need a username and password for their particular phone extension and this is configured with the Incredible PBX GUI using Admin -> User Management -> Add New User. If this sounds convoluted, it’s really not. Apache credentials can be entered once in an administrator’s or end user’s browser and they’re stored permanently.
Here is a checklist of the preliminary steps to complete before using your server:
Make your root password very secure: passwd
Create admin password for Incredible PBX GUI access: /root/admin-pw-change
Create admin password for web apps: htpasswd /etc/pbx/wwwpasswd admin
Create joeuser password for web apps: htpasswd /etc/pbx/wwwpasswd joeuser
Set up UCP accounts for Voicemail & Recordings access using Incredible PBX GUI
Make a copy of your Knock codes: cat /root/knock.FAQ
Decipher IP address and other info about your server: status
Set your correct time zone: /root/timezone-setup
Activating Incredible Fax on Your Server
Incredible PBX also includes an optional (and free) faxing component that lets you send and receive faxes that are delivered to your email address. To activate Incredible Fax, run the following script and plug in your email address for delivery of incoming faxes: /root/incrediblefax11.sh. After entering your email address, you’ll be prompted for all sorts of additional information. Unless you have unusual requirements, pressing the ENTER key at every prompt is the appropriate response. You’ll need to reboot your server again when the fax installation is complete. Once you log back into your server as root, the bottom line of the status display should now be green UP entries.
Managing Your Server with the Incredible PBX GUI
About 99% of your time managing your server will be spent in the Incredible PBX GUI. To access it, fire up your browser and point to the IP address of your server. At the Kennonsoft menu, click on the Users tab which will change to Admin and bring up the Admin menu shown here:
From the Administrator menu in the Kennonsoft GUI, click on Incredible PBX Administration. This will bring up the following menu:
Click on the first icon to access the Incredible PBX GUI. You’ll be prompted for your credentials. For the username, enter admin. For the password, enter the password you set up using admin-pw-change above. You should then be greeted by the main status display in the Incredible GUI:
If you’re new to Asterisk and FreePBX, here’s the one paragraph primer on what needs to happen before you can make free calls with Google Voice. You’ll obviously need a free Google Voice account. This gets you a phone number for people to call you and a vehicle to place calls to plain old telephones throughout the U.S. and Canada at no cost. You’ll also need a softphone or SIP phone (NOT a regular POTS telephone) to actually place and receive calls. YATE makes a free softphone for PCs, Macs, and Linux machines so download your favorite and install it on your desktop. Phones connect to extensions to work with Incredible PBX. Extensions talk to trunks (like Google Voice) to make and receive calls. We use outbound routes to direct outgoing calls from extensions to trunks, and we use inbound routes to route incoming calls from trunks to extensions to make your phones ring. In a nutshell, that’s how a PBX works. There are lots of bells and whistles that you can explore down the road.
As configured after installation, you have everything you’ll need except a Google Voice trunk, and we’ll cover that next. Then we’ll add a softphone with your extension 701 credentials, and you’ll be ready to make and receive calls. Before we move on, let’s decipher your extension 701 password so that you’ll have it for later. Choose Applications -> Extensions -> 701 and scroll down the screen to the Secret field and write down your password. You can also change it if you like and click Submit and then the Red button to update your settings. While you’re here, write down your extension 701 Voicemail Password.
Deploying Google Voice on Your Server
That leaves one RED entry on your status display, GV OAUTH. Whether to use plain text passwords or OAUTH 2 credentials with Google Voice accounts presently is a matter of choice although Google regularly threatens to discontinue access to Google Voice without OAUTH authentication. We suggest you play with Google Voice using plain text passwords just to get your feet wet because OAUTH implementation gets complicated. When you get ready to deploy a permanent Incredible PBX server, that would be the appropriate time to switch to OAUTH. This tutorial (beginning at step 1b) will guide you through the process.
If you want to use Google Voice, you’ll need a dedicated Google Voice account to support Incredible PBX. If you want to use the inbound fax capabilities of Incredible Fax, then you’ll need an additional Google Voice line that can be routed to the FAX custom destination using the GUI. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So keep this account a secret!
We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with Incredible PBX. It’s free at least through 2013. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register.
You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…
IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.
While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:
- Call Screening – OFF
- Call Presentation – OFF
- Caller ID (In) – Display Caller’s Number
- Caller ID (Out) – Don’t Change Anything
- Do Not Disturb – OFF
- Call Options (Enable Recording) – OFF
- Global Spam Filtering – ON
Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.
One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!
Once you have your Google Voice account properly configured with Google, here is the proper sequence to get a Google Voice account working with Incredible PBX. First, using a browser, login to your Google Voice account. Second, make sure that Google Chat is activated in your Phone -> Settings. Third, in a separate browser tab, enable Less Secure Apps for your Google account. Fourth, in another separate browser tab, activate the Google Voice reset procedure. Fifth, in the Incredible PBX GUI, choose Connectivity -> Google Voice (Motif) and enter your Google Voice credentials:
Sixth, save your settings by clicking Submit and the Red Button to reload the GUI. Finally, using SSH or Putty, log into your server as root and restart Asterisk: amportal restart.
Setting Up a Soft Phone to Use with Incredible PBX
Now you’re ready to set up a telephone so that you can play with Incredible PBX. We recommend YateClient which is free. Download it from here. Run YateClient once you’ve installed it and enter the credentials for the 701 extension on Incredible PBX. You’ll need the IP address of your server plus your extension 701 password. Choose Settings -> Accounts and click the New button. Fill in the blanks using the IP address of your server, 701 for your account name, and your extension 701 password. Click OK.
Once you are registered to extension 701, close the Account window. Then click on YATE’s Telephony Tab and place some test calls to the numerous apps that are preconfigured on Incredible PBX. Dial a few of these to get started:
DEMO - Allison's IVR Demo
947 - Weather by ZIP Code
951 - Yahoo News
*61 - Time of Day
*68 - Wakeup Call
TODAY - Today in History
Now you’re ready to connect to the telephones in the rest of the world. If you live in the U.S., the easiest way (at least for now) is to use the free Google Voice account we set up above. Unlike traditional telephone service where you were 100% dependent upon MaBell, there is no such limitation with VoIP. The smarter long-term solution is to choose several SIP providers and set up redundant trunks for your incoming and outbound calls. The PIAF Forum includes dozens of recommendations to get you started. Here are a few of our favorites:
Originally published: Friday, January 29, 2016 Republished: Monday, March 14, 2016
9 Countries Have Never Visited Nerd Vittles. Got a Friend in Any of Them https://t.co/wMfmlhiQ9y #asterisk #freepbx pic.twitter.com/TPFGZbqWB6
— Ward Mundy (@NerdUno) April 22, 2016
Need help with Asterisk? Visit the PBX in a Flash Forum.
Special Thanks to Our Generous Sponsors
FULL DISCLOSURE: ClearlyIP, Skyetel, Vitelity, DigitalOcean, Vultr, VoIP.ms, 3CX, Sangoma, TelecomsXchange and VitalPBX have provided financial support to Nerd Vittles and our open source projects through advertising, referral revenue, and/or merchandise. As an Amazon Associate and Best Buy Affiliate, we also earn from qualifying purchases. We’ve chosen these providers not the other way around. Our decisions are based upon their corporate reputation and the quality of their offerings and pricing. Our recommendations regarding technology are reached without regard to financial compensation except in situations in which comparable products at comparable pricing are available from multiple sources. In this limited case, we support our sponsors because our sponsors support us.
BOGO Bonaza: Enjoy state-of-the-art VoIP service with a $10 credit and half-price SIP service on up to $500 of Skyetel trunking with free number porting when you fund your Skyetel account. No limits on number of simultaneous calls. Quadruple data center redundancy. $25 monthly minimum spend required. Tutorial and sign up details are here.
The lynchpin of Incredible PBX 2020 and beyond is ClearlyIP components which bring management of FreePBX modules and SIP phone integration to a level never before available with any other Asterisk distribution. And now you can configure and reconfigure your new Incredible PBX phones from the convenience of the Incredible PBX GUI.
VitalPBX is perhaps the fastest-growing PBX offering based upon Asterisk with an installed presence in more than 100 countries worldwide. VitalPBX has generously provided a customized White Label version of Incredible PBX tailored for use with all Incredible PBX and VitalPBX custom applications. Follow this link for a free test drive!
Special Thanks to Vitelity. Vitelity is now Voyant Communications and has halted new registrations for the time being. Our special thanks to Vitelity for their unwavering financial support over many years and to the many Nerd Vittles readers who continue to enjoy the benefits of their service offerings. We will keep everyone posted on further developments.
Some Recent Nerd Vittles Articles of Interest…