How to Install Asterisk on CentOS 7
Asterisk is an open source framework used for building communication applications.
Asterisk is an open source framework used for building communication applications. You can use it to turn a local computer or server to communication server. It is used to power IP PBX systems, VoIP gateways, conference servers and other solutions. It’s used by all kind of organizations worldwide and finally, but not last it is free and open source.
In this tutorial, we are going to show you how to install Asterisk on CentOS 7 (instructions also works on RHEL 7), but before we start, we will need to make some preparations so Asterisk can run smoothly after the installation.
Asterisk is compatible and works well with Alibaba Cloud Elastic Compute Service (ECS) servers. As a developer, I prefer the services of Alibaba Cloud to Install Asterisk on CentOS 7. Alibaba Elastic Compute (ECS) is highly flexible and you can upgrade the hardware resources anytime when you get more traffic.
Let us now proceed to how you can get it working on your CentOS 7 system by following these steps below:
Prerequisites
- You must have Alibaba Cloud Elastic Compute Service(ECS) activated. If you are a new user, you can get Free Credits in your Alibaba Cloud account. If you don’t know about how to setup your ECS instance, you can refer to this tutorial or check quick-start guide.
- You should setup your server’s hostname.
- Access to VNC console in your Alibaba Cloud or SSH client installed in your PC.
Logging to your Console
After completing the prerequisites, login as root user with your root username & password via SSH client (e.g. Putty – You can get Putty from https://www.putty.org ) or VNC console available in your Alibaba Cloud account dashboard.
Also Read: How to Use Python Decouple in Django on Ubuntu 16.04
To complete this tutorial, you will need:
- make sure you are logged in as a user with sudo privileges.
- Update your CentOS system and install the development tools that are required to compile Asterisk source code:
sudo yum update sudo yum groupinstall core base “Development Tools”
Disable Selinux
If SELinux is set to enforcing mode, Asterisk will not function correctly.
To disable SELinux security features, open the /etc/selinux/config file and set SELINUX=disabled
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
Save the file and reboot your CentOS system with:
sudo shutown –r now
Once the machine boots up, make sure that the getenforce command returns Disabled:
getenfoce
Output Disabled
Configuring iptables
iptables will be used to secure the CentOS against unwanted traffic. The Server should not have any firewall rules configured.
Check for current firewall rules:
sudo iptables - L
It should show an empty rule table:
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Create /etc/iptables.firewall.rules using your preferred text editor. This file will be used to activate the firewall with the desired rules every time the server boots.
/etc/iptables.firewall.rules *filter # Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 -j REJECT # Accept all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow all outbound traffic - you can modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allow SSH connections # # The -dport number should be the same port number you set in sshd_config, ie 8050 # -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # SIP on UDP port 5060, 5061 for secure signaling. Used for signals such as "hang up" -A INPUT -p udp -m udp --dport 5060 -j ACCEPT -A INPUT -p udp -m udp --dport 5061 -j ACCEPT # IAX2- the IAX protocol - comment out if you don't plan to use IAX # -A INPUT -p udp -m udp --dport 4569 -j ACCEPT # IAX - old IAX protocol, uncomment if needed for legacy systems. # -A INPUT -p udp -m udp --dport 5036 -j ACCEPT # RTP - the media stream - you can change this in /etc/asterisk/rtp.conf -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT # MGCP - if you use media gateway control protocol in your configuration -A INPUT -p udp -m udp --dport 2727 -j ACCEPT # Uncomment these lines if you plan to use FreePBX to manage Asterisk # -A INPUT -p tcp --dport 80 -j ACCEPT # -A INPUT -p tcp --dport 443 -j ACCEPT # Allow ping -A INPUT -p icmp --icmp-type echo-request -j ACCEPT # Log iptables denied calls -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Drop all other inbound - default deny unless explicitly allowed policy -A INPUT -j DROP -A FORWARD -j DROP COMMIT
Start Firewall at Boot
CentOS 7 does not come with the iptables-services pre-installed, it will have to be installed so the firewall can load at boot.
Install iptables-services, then enable and start it:
sudo yum install -y iptables-services sudo systemctl enable iptables sudo systemctl start iptables
Load the firewall rules:
sudo iptables-restore < /etc/iptables.firewall.rules
Recheck the firewall rules:
sudo iptables -L
Your output should now look like this:
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:8050 ACCEPT udp -- anywhere anywhere udp dpt:sip ACCEPT udp -- anywhere anywhere udp dpt:iax ACCEPT udp -- anywhere anywhere udp dpts:ndmp:dnp ACCEPT udp -- anywhere anywhere udp dpt:mgcp-callagent ACCEPT icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: " DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere
Save this ruleset:
/usr/libexec/iptables/iptables.init save
In a new terminal, make sure you can log in:
ssh [email protected]
Installing Dependencies
A number of dependencies will be to be installed prior to installing Asterisk. To install them run:
sudo yum install -y epel-release dmidecode gcc-c++ ncurses-devel libxml2-devel make wget openssl-devel newt-devel kernel-devel sqlite-devel libuuid-devel gtk2-devel jansson-devel binutils-devel
Installing Asterisk
We’re now ready to install Asterisk 13, the current long-term support release of Asterisk.
Installing Asterisk from Source
Switch to the build directory:
cd ~/build
Download the latest version of Asterisk 13:
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
Untar the file:
tar -zxvf asterisk-13-current.tar.gz
Switch to the new Asterisk directory, replacing 13.5.0 if needed:
cd asterisk-13.5.0
Enable MP3 Support
To use MP3 files for Music on Hold, some dependencies will need to be installed.
Install Subversion:
sudo yum install svn
Run:
contrib/scripts/get_mp3_source.sh
Configure and Build Asterisk
Run the configure script to prepare the Asterisk source code for compiling:
./configure --libdir=/usr/lib64
If there are any missing dependencies, install them.
Start the build process:
make menuselect
After a short while, you should get a menu on screen that allows you to configure the features you want to build.
If you want to use the MP3 format with Music on Hold, you should select Add-Ons, then use the right arrow to move to the right-hand list. Navigate to format_mp3 and press enter to select it.
Select addition sound packages and Music on Hold packs on the left menu, and enable the wav format for your desired language. (ie. use the EN package for English.)
Press F12 to save and exit.
Compile Asterisk:
make
Install Asterisk on the system:
sudo make install
Install sample configuration files:
sudo make samples
Configure Asterisk to start itself automatically on boot:
sudo make config
Create Asterisk User
By default Asterisk runs as a root user. For security reasons we will create a new system user and configure Asterisk to run as the newly created user.
To create a new system user named asterisk run the following command:
sudo adduser --system --user-group --home-dir /var/lib/asterisk --no-create-home asterisk
To configure Asterisk to run as asterisk user, open the /etc/sysconfig/asterisk file and uncomment the following two lines:
/etc/sysconfig/asterisk AST_USER="asterisk" AST_GROUP="asterisk"
Add the asterisk user to the dialout and audio groups:
sudo usermod -a -G dialout,audio asterisk
We also need to change the ownership of all asterisk files and directories so the user asterisk can access those files:
sudo chown -R asterisk: /var/{lib,log,run,spool}/asterisk /usr/lib64/asterisk /etc/asterisk sudo chmod -R 750 /var/{lib,log,run,spool}/asterisk /usr/lib64/asterisk /etc/asterisk
Try it Out
Congratulations! You now have a working Asterisk phone server. Let’s fire up Asterisk and make sure it runs.
Start Asterisk:
sudo service asterisk start
Connect to Asterisk:
asterisk -rvv
You should get a prompt with the current version number.
To see a list of possible commands:
core show help
To disconnect type:
exit
Once disconnected, Asterisk continues to run in the background.
Adjust the Firewall Rules
Now that Asterisk is installed and running you need to configure your firewall to allow traffic on Asterisk specific ports.
Note: If you don’t have firewall enabled on your system, you can skip this section.
Open your text editor of choice and create the following Firewalld service:
/etc/firewalld/services/asterisk.xml <?xml version="1.0" encoding="utf-8"?> <service version="1.0"> <short>asterisk</short> <description>Asterisk is a software implementation of a telephone private branch exchange (PBX).</description> <port protocol="udp" port="10000-10100"/> <port protocol="udp" port="4569"/> <port protocol="udp" port="2727"/> <port protocol="udp" port="5060-5061"/> </service>
Save the file and apply the new firewall rules by typing:
sudo firewall-cmd --add-service=asterisk --permanent sudo firewall-cmd --reload
Finally check if the new firewall rules are applied successfully with:
sudo firewall-cmd --list-all
Output public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: ssh dhcpv6-client asterisk ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Feel free to adjust the firewall according to your need.
That’s All. You have now learned how to install Asterisk on CentOS 7.
Conclusion
In this guide we have shown you how to install the latest Asterisk version from source on your CentOS system. Now that you have an Asterisk server running, it’s time to connect some phones, add extensions, and configure the various options that are available with Asterisk. For detailed instructions, check out the Asterisk Project’s guide to Configuring Asterisk.