The content of this blog is archived. No comments may be made, and no further content will be published. Thank you for your ongoing readership! -Ryan
|« The Dehumidifier Always Tweets Twice: Recent dehumidifier news||Keep track of configuration changes using etckeeper »|
Revisited: Asterisk and FreePBX under Ubuntu 9.10 and Lighttpd on a Linode VPS
This document has been superseded by an official article in the Linode Library, written by the most excellent and brave Amanda Folson, for Ubuntu 9.10 and Apache. If you're deploying Asterisk and FreePBX on a dedicated Linode, I highly recommend following that procedure. However, if you're a crazy person and want to use lighttpd on a multi-purpose system, feel free to give my procedure a try.
Looking to use Ubuntu 10.04 LTS? Take a look at VOIP with Linode, Ubuntu, Asterisk and FreePBX by Jake B.
I originally wrote this howto for Ubuntu 9.04 (Jaunty) a few months before Ubuntu 9.10 (Karmic) was released. I happen to have a spare system lying around right now, so I figure I might as well update this for 9.10!
Summary of major changes since the 9.04 document
- Kernel package: It appears
linux-image-serverno longer installs a Xen-aware kernel, so I now use
- Zaptel replaced with DAHDI: Digium replaced Zaptel with DAHDI for Asterisk 1.6, which now ships with Ubuntu. This requires a change in package names, in addition to the usual changes one would expect between 1.4 and 1.6.
- More links to the Linode Library: Since I wrote the original post in August, Linode has really fleshed out their documentation. I've harmonized some of the "opening moves" with their getting-started documentation to reduce confusion.
- Now using upstart for spawning the FastCGI handlers: I figured there was a less cheesy way to do that.
I'm occasionally seeing the boot process locking up for awhile with nasty-looking kernel bug errors:
It eventually seems to pull out of it, but you might not want to do this on your production box until you're sure everything is happy and keen. If anyone knows anything about these errors, let me know. That said, I've been on a conference bridge with myself for the past ten minutes and everything's fine.
Without further adieu, here's the howto!
FreePBX is a popular PHP front end for the Asterisk PBX system. It morphs the complex yet very flexible Asterisk configuration into something easier to use (yet still very extensible). When I worked for a business-class VoIP provider back in the day, we used FreePBX (and its predecessor, AMP) for most of our customer-premise PBX servers.
I prefer configuring and managing my Asterisk system using FreePBX. However, I can't justify an entire server for Asterisk, so I need it to coexist with a number of other applications. What I can justify is a VPS with relatively little memory, so some tuning is required.
Since mod_php runs the PHP interpreter "within" Apache, it is restricted to running PHP code with Apache's permissions. For the purposes of FreePBX, which needs to edit configuration files owned by the "asterisk" user, this means setting Apache to run as "asterisk." Not an ideal configuration from a security standpoint, especially when the server is not dedicated to Asterisk.
The PHP folks strongly recommend that Apache use the prefork MPM with mod_php due to threading concerns. This is not a big deal for a dedicated Asterisk/FreePBX server, but if you're sharing it with a web server that might have popularity and limited memory, this can be a problem under high load. For this reason, I use lighttpd and PHP via FastCGI to service dynamic PHP content. This allows the web server to run threaded while PHP does its own thing, running under more specific uids.
I've also found the availability of software for CentOS lacks a lot of the less-popular software I enjoy, so I've standardized on Ubuntu to avoid straying from the repositories. As of this writing, I'm using Ubuntu 8.04 LTS on servers and Ubuntu 9.10 on desktops, but for this example, I am using 9.10.
So, time to get FreePBX operating properly in an entirely foreign environment!
The base for this installation consists of:
- Server: Linode 360 Xen-based virtual private server
- Distribution: Ubuntu 9.10, 32-bit, normal Linode deployment
I'm starting from the beginning, as I am doing this in a testbed. You can skip some steps if you already have a working system, or if you don't need particular features. Additionally, you might want to browse http://library.linode.com/ for more general advice on deploying, securing, and configuring a general purpose Linode VPS.
Prepare the system
I used Linode's Distribution Wizard to deploy a barebones Ubuntu 9.10 image using the default options. First, I log in and do my normal Linux prep:
(log back in as
(log back in and make sure it uses the key!)
You may also want to change your hostname and set your timezone; see Setting Up a LAMP Server on Ubuntu 9.10 (Karmic) from the Linode Library for more info:
Asterisk can send voicemail notifications via e-mail. Most e-mail providers require that mail be sent from a hostname that exists, so take a moment to add an A record to your domain.
I highly recommend using etckeeper to provide version control for your
/etc directory. You can find more information on how to use this in Keep track of configuration changes using etckeeper, a recent post in my blog.
Configure the system to use Ubuntu's stock kernel
To make Asterisk's MeetMe subsystem happy, one needs the dahdi_dummy kernel module to provide timing. This is somewhat, and can be done with the stock Linode kernels, but you can run your distribution's Xen-aware kernel via PV-GRUB and thus "do what needs doing" without compiling by hand.
Note that the Ubuntu 9.10
asterisk package depends on
dahdi, so you'll need to satisfy that dependency and convince apt that everything is OK somehow.
apt-get install linux-image-ec2 grub will install everything you need to boot an Ubuntuish kernel:
You'll then want to edit
/boot/grub/menu.lst to change the
groot line to
groot=(hd0) (keep it commented out!):
Delete the third line and replace it with this one:
Also, find the
indomU line and set it to disable Xen detection:
When that's all set, run
Once that's done, log into the Linode Dashboard and edit your configuration profile; you'll want to change to the
pv-grub-x86_32 kernel. Save the profile, cross your fingers, and reboot! You can watch what's happening by using lish to access the console. If it doesn't boot properly, don't panic! Simply switch back to the
Latest 2.6 Paravirt kernel and reboot again, then try to figure out what went wrong.
Under Ubuntu 9.04 (Jaunty),
linux-image-server was the right kernel to use for Xen guests. Under Ubuntu 9.10 (Karmic), it appears
linux-image-ec2 is the kernel that works best for me. This may change in future updates or versions; if one way doesn't work, try another.
For the record, it took about 17 tries to get through this section when developing these instructions. This might be a good time to mention that you can easily do this in a small image of 2 to 3GB, should you want to shut down and duplicate the image every once in awhile. It's like saving the game before going to fight The Boss.
Ubuntu 9.10 ships Asterisk 1.6, with a dependency on DAHDI, a kernel module. First, we'll install dahdi, and then we'll install Asterisk.
You can download and install Asterisk from source (especially if you don't want dahdi), but if you're a wimp like me, Ubuntu's packages work... with a little bit of kicking. First, install the build environment and module-assistant, then prepare the system to dahdi's satisfaction:
Note regarding gawk: The dahdi build process requires
gawk, but it's not a dependency on the package. Please see Launchpad bug 493304 for more information.
Once that's set, move on to Asterisk:
Time for a Courtesy Reboot
Alrighty, you've installed Asterisk and DAHDI, it's probably time to do a reboot to make sure everything comes up right.
Go grab a sandwich and come back in five minutes. It's time for a breather. When it comes back, make sure running
/sbin/lsmod still shows
dahdi_dummy and that Asterisk is still running. Is it? Good.
You can bet your bippy I'm saving a copy of the image right now.
Installing lighttpd, PHP, MySQL, and FreePBX
It's time to install our web server, lighttpd, as well as the necessary elements to execute PHP code. As mentioned above, we're using the FastCGI method to handle PHP requests. We'll also grab MySQL, and the necessary libraries to tie it all together. MySQL will want you to set a root password; remember what this is, for you will need it later.
Also, before we get too far down the road, let's save a copy of
/etc/asterisk/modules.conf. There's a bit of a difference in philosophy between Debian/Ubuntu and FreePBX as far as what should be in this file. You'll need to copy this back in later...
If all goes well, you should be able to connect to your server on port 80 using a web browser; you'll get a placeholder page for now. Let's go ahead and get FreePBX working. I'm going to adapt the installation instructions for CentOS here. Grab the URL of the latest version from FreePBX's web site; as of this writing, it's freepbx-2.5.2.tar.gz. Download that into
The following database initialization commands will ask for your MySQL root password you entered when you installed MySQL above. This is to test your memory. ;-) You'll also need to set a password for communication between FreePBX and MySQL... enter this instead of "
secret" in the
GRANT commands below.
Now, let's fire off the FreePBX installer. (Oh boy.)
Wow, that was fast and furious. Wow. Don't bother going to that URL just yet; we'll get there soon enough.
Let's make a couple tweaks to configuration files. First, edit
/etc/amportal.conf. This holds the configuration for FreePBX itself, and we want to change "
AUTHTYPE=none" to "
AUTHTYPE=database" around line 72.
/etc/php5/cgi/php.ini. Around line 270, increase
memory_limit = 16M to
memory_limit = 100M. Near line 462, change
magic_quotes_gpc = On to
magic_quotes_gpc = Off. These adjustments will make FreePBX happy.
Before I forget, let's install a mail transport agent. This will let Asterisk send voicemail notifications via e-mail, and will also let FreePBX remind you when it needs updated!
Making it all work
Right now, FreePBX is installed and in control of Asterisk, Asterisk is installed and should be working, and lighttpd is there. However, we do need to do some more work to get the lighttpd/PHP/FreePBX chain working.
Using the current version of lighttpd in its default configuration, it will spawn its own PHP handlers (see
/etc/lighttpd/conf-available/10-fastcgi.conf to see what I mean). Unfortunately, it can only spawn children as www-data, its own username. This makes privilege separation difficult, and defeats one of the reasons we're going with FastCGI in the first place.
To fix this, we're going to start our own php-cgi handlers with asterisk's username, and tell lighttpd to use them when requests come in for FreePBX. We'll do this by adding an upstart configuration file, and then we'll create a configuration module for lighttpd.
Create a file,
/etc/init/fcgi-freepbx.conf containing the following:
php-cgi to listen on
localhost:4001 with two children spawned. Additionally, and importantly, it is running as user and group "
asterisk". This gives the FreePBX scripts the opportunity to modify the Asterisk configuration. The
pre-start exec sleep 5 helps avoid a race condition I've run into with testing: basically, if the spawned handlers go away too quickly, upstart respawns before the socket is free, creating a trainwreck. Pausing for a few seconds before respawning is a cheap way to fix this.
Let's tell upstart to start this up:
Now, lighttpd needs to be made aware of your fastcgi handler. I do this by creating a file called
Change line three (the
$HTTP["host"] line) to match the hostname or IP address with which you'll be accessing FreePBX.
Now, a couple permissions tweaks...
Then, enable the module and restart lighttpd!
You should then be able to go to
http://yourhostname/freepbx/ and access the FreePBX server by clicking on FreePBX Administration and entering the admin username and password. Hooray! Click on the big "
Apply Configuration Changes" banner and life should be good.
Remember how you copied
/etc/asterisk/modules.conf a little while ago? Let's go ahead and put that back in.
This would be a great time to reboot and make sure everything comes back up!
You can now add extensions, trunks, et cetera as you normally would with FreePBX! Head over to the Getting Started documentation on FreePBX's site and have fun! If anything didn't work right, or if you have questions, feel free to comment below and I'll take a look.
Did this work for you?
If so, please let me know in the comments section below! Your input and feedback are appreciated, and it's good to know if this actually helped someone out. Thanks for reading this!
This page is part of the
Ubuntu and Asterisk on Linode Web Ring!
PREVIOUS PAGE :: NEXT PAGE
You are great!
i went to linode console and it says it cannot find device too boot.
i followed your instructions.
menu.lst had uuid... and root=uuid=....
from the menu i edited (e) to root=/dev/xvda and still gave me error that it cannot find device!!
i didnt know what to do and i went back to linode latest paravirt
i followed these
and still no login at lish.
last message is about star/stop ntpd
(i can ssh though)
any idea how to fix lish?
problem is at Running DKMS auto installation service for kernel 2.6.31-302-ec2 * dahdi (22.214.171.124)...
which takes a lot of time.
Why this should run at every reboot?!
Paul: It's weird... I believe it uses that section as a "template" to create the actual configuration, so it needs to have those options commented out with exactly one hash. My first instinct is to uncomment them.
Mark: If you type "dmesg", do you have a lot of stuff that looks like this?
If so, I suspect you might be running into the same problem I am. Everything seems fine once it gets booted and running, but ugh... I don't like it.
I'm seriously considering trying to find the easiest way to install Asterisk without needing DAHDI, or perhaps finding some way to do it (nicely) with the stock Linode kernel... things took a turn for the worse with 9.10 in some ways.
finally my problem was ntp configuration problem.
Running DKMS auto installation service for kernel
is this necessary in each reboot even without upgrading kernel? can i disable this?
2. https://domain.com/freepbx works and shows
Voicemail & Recordings (ARI)
Flash Operator Panel (FOP)
but if i click one of them it shows 403-forbiden
can you do this also with nginx?
i use nginx as front end to apache.
nginx serves static content and apache dynamic php.
i heard that lightppd has memory leaches.
can u adapt a tutorial for nginx+apache setup for a VPS that uses the above serves also for hosting sites?
we need this to avoid having a 3rd server (lightppd) at small linode
I'm also not too familiar with the internal operations of DKMS... this is my first time dealing with it, and the more I look at it, the more it scares me. :-) http://linux.dell.com/projects.shtml has some more information on it.
chgrp: cannot access `agi-bin': No such file or directory
It does the same with:
/usr/share/asterisk$ sudo chmod -R 770 agi-bin.
Could Someone please help me with this. Where are these files?
/usr/share/asterisk/agi-bin/should have a considerable number of files in there, courtesy of FreePBX:
What all do you have in
Thanks for pointing me here yesterday on IRC, just to let you know the upstart didn't respawn the spawn-fcgi when it died.
However, I found out if you add:
to your /etc/init/ file it works perfectly.
This is because spawn-fcgi forks into the background and upstart presumes it has crashed, then restarts it, and it has a default to stop trying to restart it (and it keep forking) after 10 attempts in 5 seconds.
Using the above "expect fork" it gets the PID and monitors the forked process.
-n" option to spawn-fcgi also accomplishes the same effect: it keeps spawn-fcgi from forking. (This allows it to work on older upstart versions, too... you mentioned the "
daemon" option on IRC but I haven't had a chance to poke at it yet.)
I did, however, notice that the restarts tended to fail... I suspect spawn-fcgi is exiting before everything's done listening on the TCP port, wedging things up. I'm throwing this in there as a bit of cheap insurance:
pre-start exec sleep 5
I sure do like Upstart, though!
particularly the section under:
"Making it all work"
On Nov 15, amachu wrote "different people different continents but same Ubuntu space..".
Group asteriskand ensuring
AllowOverride Allis set should do the job, as long as PHP is otherwise working fine.
In theory, you could use my instructions to set up FreePBX and PHP under FastCGI, then configure Apache to use that -- especially if you don't want to run Apache as the
asteriskuser! But that'd be something to ask the Apache documentation about...
After reinstallation, I got the "frog" on the http://mydomain/freepbx.
However, when I tried to click on any link (admin) I got 403 forbidden.
/var/www/html/freepbx/*? Here's what I have:
(note that this is on my "production" box running Ubuntu 8.04; your
ls -lashould be similar, but they might not be exact)
Also, does anything show up in
/var/log/lighttpd/error.logwhen you get the 403?
Warning: file(/etc/amportal.conf) [function.file]: failed to open stream: Permission denied in /var/www/freepbx/panel/index_amp.php on line 4
Warning: Invalid argument supplied for foreach() in /var/www/freepbx/panel/index_amp.php on line 5
any idea what's wrong?
2010-02-15 06:26:50: (mod_fastcgi.c.2618) FastCGI-stderr: Mon, 15 Feb 2010 06:26:51 +0800 - Failed to login.
I too am just getting 403. ( Initially I got 500 )
I believe it has to do with the syntax of line 3 in:
server.modules += ( "mod_fastcgi", "mod_access" )
Could you give a working example?
Thanks for this excellent step by step.
switch@switch-desktop:/var/www/freepbx$ ls -la
drwxr-xr-x 6 root root 4096 2010-03-03 06:03 .
drwxr-xr-x 3 root root 4096 2010-03-02 15:03 ..
drwxr-xr-x 8 asterisk asterisk 4096 2010-03-03 06:03 admin
drwxr-xr-x 2 asterisk asterisk 4096 2010-03-03 06:02 _asterisk
-rw-r--r-- 1 root root 602 2010-03-03 06:03 index.html
-rw-r--r-- 1 root root 4542 2010-03-03 06:02 mainstyle.css
drwxr-xr-x 2 asterisk asterisk 4096 2010-03-03 06:02 panel
drwxr-xr-x 7 asterisk asterisk 4096 2010-03-03 06:03 recordings
ps auxwww | grep asteriskreturn?
Also, is it asking for a username/password when you try to go to the /freepbx/admin/ page? It should be. Hmm.
my asterisk is built from source is that a problem?
Which version of FreePBX are you using? I wrote these instructions for 2.5.2, and 2.7 is the current version. I wonder if something changed within FreePBX. I just upgraded to 2.7, so we'll see what happens ;-)
Here is what was returned. I am unfamiliar with these.
root@switch:~# ps auxwww | grep asterisk
asterisk 2267 0.0 0.4 27032 2528 ? Ss 10:31 0:00 /usr/bin/php-cgi
asterisk 2269 0.0 0.3 27032 1596 ? S 10:31 0:00 /usr/bin/php-cgi
asterisk 2270 0.0 0.3 27032 1596 ? S 10:31 0:00 /usr/bin/php-cgi
root 15253 0.0 0.1 3044 808 pts/0 S+ 11:15 0:00 grep asterisk
Comments are closed for this post.