GitHub - rajannpatel/ubuntupbx: Install FreePBX 17 with every dependency including Asterisk 20.6 as a deb package, on Ubuntu 24.04 LTS

Install FreePBX 17 on Ubuntu 24.04 LTS

with open-source dependencies (including Asterisk) installed from Ubuntu's official repositories
using this cloud-init.yaml installation template
on machines where Ubuntu is already installed, or on public cloud virtual machines

Install FreePBX and Asterisk on an existing Ubuntu machine

Important

Securely run FreePBX on Ubuntu 24.04 LTS until 2034

Asterisk, NodeJS, and other FreePBX dependencies are maintained on Ubuntu until 2034.

Ubuntu Pro includes security patching for all open source software on Ubuntu for 10 years
Ubuntu Pro is FREE for personal use or commercial evaluation on 5 machines

_NEXT

Get your free or paid Ubuntu Pro token

	3 Steps
STEP 1	Download and edit Jinja variables in the cloud-init file from this repository
STEP 2	Use j2cli to interpret Jinja variables and render YAML output
STEP 3	Install FreePBX using the cloud-init.yaml file

_{PROGRESS ➕ STEP 1 ✖️ STEP 2 ✖️ STEP 3}

STEP 1

Download the cloud-init file from this repository

wget -q https://raw.githubusercontent.com/rajannpatel/ubuntupbx/refs/heads/main/cloud-init.yaml -O cloud-init-jinja.yaml
nano cloud-init-jinja.yaml

Edit cloud-init-jinja.yaml and configure Jinja variables between lines 4 and 64.
^{CLICK TO EXPAND}

# SET OUR VARIABLES
# =================

# Ubuntu Pro token from: https://ubuntu.com/pro/dashboard (not needed for Ubuntu Pro instances on Azure, AWS, or Google Cloud)
{% set TOKEN = '' %}

# SMTP credentials (sendgrid and gmail example configurations)
# sendgrid: https://console.cloud.google.com/marketplace/product/sendgrid-app/sendgrid-email
# {% set SMTP_HOST = 'smtp.sendgrid.net' %}
# {% set SMTP_PORT = '587' %}
# {% set SMTP_USERNAME = 'apikey' %}
# substitute `YOUR-API-KEY-HERE` below, with your API KEY, https://app.sendgrid.com/settings/api_keys
# {% set SMTP_PASSWORD = 'YOUR-API-KEY-HERE' %}

# gmail:
# {% set SMTP_HOST = 'smtp.gmail.com' %}
# {% set SMTP_PORT = '587' %}
# replace `[email protected]` with your email, get `YOUR-APP-PASSWORD` from: https://myaccount.google.com/apppasswords
# {% set SMTP_USERNAME = '[email protected]' %}
# {% set SMTP_PASSWORD = 'YOUR-APP-PASSWORD' %}

{% set SMTP_HOST = '' %}
{% set SMTP_PORT = '' %}
{% set SMTP_USERNAME = '' %}
{% set SMTP_PASSWORD = '' %}

# NOTIFICATION_EMAIL address for daily crontab notifications
{% set NOTIFICATION_EMAIL = '[email protected]' %}

# HOSTNAME and FQDN are used by Postfix, and necessary for Sendgrid
# HOSTNAME: subdomain of FQDN (e.g. `server` for `server.example.com`)
# FQDN (e.g. `example.com` or `server.example.com`)
{% set HOSTNAME = 'voip' %}
{% set FQDN = 'voip.example.com' %}

# OPTIONAL: PRECONFIGURE FREEPBX CORE MODULE (OUTBOUND ROUTES AND TRUNKS)
# ubuntupbx.core.backup.tar.gz was generated with the Backup & Restore FreePBX Module
# this can be replaced with the address of your backup file, if you're copying configurations from another FreePBX installation
{% set RESTORE_BACKUP = 'https://github.com/rajannpatel/ubuntupbx/raw/refs/heads/main/ubuntupbx.core.backup.tar.gz' %}
# ubuntupbx.core.backup.tar.gz Outbound Routes include: N11, North America FoIP, North America VoIP, International VoIP
# ubuntupbx.core.backup.tar.gz SIP Trunks include:
{% set enable_T38Fax = true %}      # https://t38fax.com
{% set enable_Flowroute = false %}  # https://flowroute.com
{% set enable_Telnyx = false %}     # https://telnyx.com
{% set enable_BulkVS = true %}      # https://bulkvs.com

# List of public IPv4 addresses that should never be blocked by fail2ban
# - Use standard dotted decimal notation for each IP address or CIDR (slash) notation IP ranges
# - Separate multiple entries with a space, and do not use commas:
# {% set USER_IPS = '192.178.0.0/15 142.251.47.238' %}
{% set USER_IPS = '' %}

# TIMEZONE: default value is fine
# As represented in /usr/share/zoneinfo. An empty string ('') will result in UTC time being used.
{% set TIMEZONE = 'America/New_York' %}

# TIME TO REBOOT FOR SECURITY AND BUGFIX PATCHES IN XX:XX FORMAT
{% set SECURITY_REBOOT_TIME = "04:30" %}

# =========================
# END OF SETTING VARIABLES

_{PROGRESS ✔️ STEP 1 ➕ STEP 2 ✖️ STEP 3}

STEP 2

Use j2cli to interpret Jinja variables and render YAML output

sudo apt update
sudo apt install j2cli
j2 cloud-init-jinja.yaml > cloud-init.yaml

_{PROGRESS ✔️ STEP 1 ✔️ STEP 2 ➕ STEP 3}

STEP 3

Install FreePBX using the cloud-init.yaml file, and configure firewall automations

Install FreePBX

# comment shows estimated time to completion, for each command
sudo cloud-init single --frequency always --name ubuntu_pro --file cloud-init.yaml # 7m32s 
sudo cloud-init single --frequency always --name timezone --file cloud-init.yaml # 1s 
sudo cloud-init single --frequency always --name set_hostname --file cloud-init.yaml # 1s
sudo cloud-init single --frequency always --name update_hostname --file cloud-init.yaml # 1s
sudo cloud-init single --frequency always --name users_groups --file cloud-init.yaml # 1s
sudo cloud-init single --frequency always --name write_files --file cloud-init.yaml # 1s
sudo cloud-init single --frequency always --name apt_configure --file cloud-init.yaml # 14s
sudo cloud-init single --frequency always --name package-update-upgrade-install --file cloud-init.yaml # 17m
sudo cloud-init single --frequency always --name runcmd --file cloud-init.yaml # 1s
sudo cloud-init single --frequency always --name scripts_user # 20m15s

Forgot to include an IP in the fail2ban ignoreip list? Manually add the IP or IP range

fail2ban safeguard to prevent banning user and provider IPs
- all public IPv4 addresses which should never be banned are listed in the IP variable
- Use standard dotted decimal notation for each IP address or CIDR (slash) notation IP ranges
- Separate multiple entries with a space, and do not use commas.
  _{EXAMPLE
  IP=192.178.0.0/15 142.251.47.238}
```
IP=
sudo sed -i "s/ignoreip = $.*$/ignoreip = \1 $IP/" /etc/fail2ban/jail.local
sudo fail2ban-client reload
```
List all banned IPs in fail2ban jails
```
sudo sh -c "fail2ban-client status | sed -n 's/,//g;s/.*Jail list://p' | xargs -n1 fail2ban-client status"
```

_{PROGRESS ✔️ STEP 1 ✔️ STEP 2 ✔️ STEP 3 🎉 COMPLETED}

Install FreePBX and Asterisk on Ubuntu in Google Cloud

Tip

Run FreePBX on a FREE Ubuntu virtual machine on Google Cloud

$0 cost to launch
$0 recurring expense to run

_NEXT

Install FreePBX and Asterisk on Ubuntu in Google Cloud within the always free limits

	3 Steps
STEP 1	Make a cloud-deployment workspace for Google Cloud Command Line Interface (gcloud CLI)
STEP 2	Install and configure gcloud CLI in the cloud-deployment workspace
STEP 3	Use gcloud CLI to provision a free Ubuntu VM with cloud-init, and configure the firewall

_{PROGRESS ➕ STEP 1 ✖️ STEP 2 ✖️ STEP 3}

STEP 1

Make a cloud-deployment workspace for gcloud CLI

Multipass creates Ubuntu VMs on Windows and macOS
LXD creates Ubuntu containers on Linux
Both Multipass and LXD provide access to an Ubuntu terminal, which is required for Step 2

Set up a cloud-deployment workspace on Windows and macOS
^{CLICK TO EXPAND}

On Windows and macOS, Multipass provides Linux VMs on demand.

Install Multipass

Launch a VM named "cloud-deployment-workspace":

multipass launch --name cloud-deployment-workspace

Enter the Multipass VM as the "ubuntu" user:
```
multipass shell cloud-deployment-workspace
```

Set up a cloud-deployment workspace on Linux
^{CLICK TO EXPAND}

On Linux, LXD is a system container and VM manager. LXD is built on top of LXC (Linux Containers) but provides a more user-friendly and feature-rich experience. Think of LXD as the tool you use to manage LXC containers, making it easier to create, configure, and run them.

Install snapd if your Linux doesn't already have it.

Install LXD

snap list lxd &> /dev/null && sudo snap refresh lxd --channel latest/stable || sudo snap install lxd --channel latest/stable

Initialize LXD with default configurations
```
lxd init --auto
```
Launch a LXD container named "cloud-deployment-workspace" and map your user account on the host machine to the default "ubuntu" user account in the container:
```
lxc launch ubuntu:noble cloud-deployment-workspace -c raw.idmap="both 1000 1000"
```
Mount your home directory into the container as a disk named "host-home", to conveniently access your files from within the container:
```
lxc config device add cloud-deployment-workspace host-home disk source=~/ path=/home/ubuntu
```

Enter the LXD container as the "ubuntu" user:

lxc exec cloud-deployment-workspace -- su -l ubuntu

_{PROGRESS ✔️ STEP 1 ➕ STEP 2 ✖️ STEP 3}

STEP 2

Install and configure gcloud CLI in the cloud-deployment workspace

These steps are performed in your cloud-deployment workspace.

Install gcloud CLI

sudo snap install google-cloud-cli --classic

Authenticate with the gcloud CLI
```
gcloud init
```
1. Enter Y when prompted with Would you like to log in (Y/n)?
2. Visit the authentication link which starts with https://accounts.google.com/
3. Sign in with a Google account
4. Click Allow to grant access to the Google Cloud SDK
5. Click Copy to copy the verification code
6. Paste the verification code into the terminal window where the gcloud init process is running
Successful authentication within gcloud init produces the following output:
```
You are now logged in as [[email protected]].
Your current project is [None].  You can change this setting by running:
$ gcloud config set project PROJECT_ID
```

_{PROGRESS ✔️ STEP 1 ✔️ STEP 2 ➕ STEP 3}

STEP 3

Use gcloud CLI to provision a free Ubuntu VM with cloud-init, and configure the firewall

These steps are performed in your cloud-deployment workspace.

List the projects in the Google Cloud account:

gcloud projects list

Output will appear in this format:

PROJECT_ID        NAME              PROJECT_NUMBER
project-id        project-name      12345678910

Assign the PROJECT_ID environment variable with the Project ID from the gcloud projects list output:
```
PROJECT_ID=project-id
```
Associate gcloud CLI to this PROJECT_ID:
```
gcloud config set project $PROJECT_ID
```
This Project ID will contain the PBX VM.

List the available cloud zones and cloud regions where VMs can be deployed:

gcloud compute zones list

Output will appear in this format:

NAME                       REGION                   STATUS  NEXT_MAINTENANCE  TURNDOWN_DATE
us-east1-b                 us-east1                 UP

Google Cloud's free tier is only in the us-west1, us-central1, and us-east1 regions
- Set the REGION environment variable with one of the 3 free tier regions
- Set any ZONE in that region from the gcloud compute zones list output
The following zone and region can be used:
```
REGION=us-east1
ZONE=us-east1-b
```

Reserve a static IP address and label it "pbx-external-ip":

gcloud compute addresses create pbx-external-ip --region=$REGION

Download the cloud-init YAML.

wget -q https://raw.githubusercontent.com/rajannpatel/ubuntupbx/refs/heads/main/cloud-init.yaml -O cloud-init.yaml
nano cloud-init.yaml

Edit cloud-init.yaml and configure Jinja variables between lines 4 and 64.
^{CLICK TO EXPAND}

Set TOKEN with a free or paid Ubuntu Pro token to enable all security patches, including the Livepatch security patching automation tool to protect the Linux kernel.

# SET OUR VARIABLES
# =================

# Ubuntu Pro token from: https://ubuntu.com/pro/dashboard (not needed for Ubuntu Pro instances on Azure, AWS, or Google Cloud)
{% set TOKEN = '' %}

# SMTP credentials (sendgrid and gmail example configurations)
# sendgrid: https://console.cloud.google.com/marketplace/product/sendgrid-app/sendgrid-email
# {% set SMTP_HOST = 'smtp.sendgrid.net' %}
# {% set SMTP_PORT = '587' %}
# {% set SMTP_USERNAME = 'apikey' %}
# substitute `YOUR-API-KEY-HERE` below, with your API KEY, https://app.sendgrid.com/settings/api_keys
# {% set SMTP_PASSWORD = 'YOUR-API-KEY-HERE' %}

# gmail:
# {% set SMTP_HOST = 'smtp.gmail.com' %}
# {% set SMTP_PORT = '587' %}
# replace `[email protected]` with your email, get `YOUR-APP-PASSWORD` from: https://myaccount.google.com/apppasswords
# {% set SMTP_USERNAME = '[email protected]' %}
# {% set SMTP_PASSWORD = 'YOUR-APP-PASSWORD' %}

{% set SMTP_HOST = '' %}
{% set SMTP_PORT = '' %}
{% set SMTP_USERNAME = '' %}
{% set SMTP_PASSWORD = '' %}

# NOTIFICATION_EMAIL address for daily crontab notifications
{% set NOTIFICATION_EMAIL = '[email protected]' %}

# HOSTNAME and FQDN are used by Postfix, and necessary for Sendgrid
# HOSTNAME: subdomain of FQDN (e.g. `server` for `server.example.com`)
# FQDN (e.g. `example.com` or `server.example.com`)
{% set HOSTNAME = 'voip' %}
{% set FQDN = 'voip.example.com' %}

# OPTIONAL: PRECONFIGURE FREEPBX CORE MODULE (OUTBOUND ROUTES AND TRUNKS)
# ubuntupbx.core.backup.tar.gz was generated with the Backup & Restore FreePBX Module
# this can be replaced with the address of your backup file, if you're copying configurations from another FreePBX installation
{% set RESTORE_BACKUP = 'https://github.com/rajannpatel/ubuntupbx/raw/refs/heads/main/ubuntupbx.core.backup.tar.gz' %}
# ubuntupbx.core.backup.tar.gz Outbound Routes include: N11, North America FoIP, North America VoIP, International VoIP
# ubuntupbx.core.backup.tar.gz SIP Trunks include:
{% set enable_T38Fax = true %}      # https://t38fax.com
{% set enable_Flowroute = false %}  # https://flowroute.com
{% set enable_Telnyx = false %}     # https://telnyx.com
{% set enable_BulkVS = true %}      # https://bulkvs.com

# List of public IPv4 addresses that should never be blocked by fail2ban
# - Use standard dotted decimal notation for each IP address or CIDR (slash) notation IP ranges
# - Separate multiple entries with a space, and do not use commas:
# {% set USER_IPS = '192.178.0.0/15 142.251.47.238' %}
{% set USER_IPS = '' %}

# TIMEZONE: default value is fine
# As represented in /usr/share/zoneinfo. An empty string ('') will result in UTC time being used.
{% set TIMEZONE = 'America/New_York' %}

# TIME TO REBOOT FOR SECURITY AND BUGFIX PATCHES IN XX:XX FORMAT
{% set SECURITY_REBOOT_TIME = "04:30" %}

# =========================
# END OF SETTING VARIABLES

Create a free-tier e2-micro VM named "pbx", other VM types cost money.

gcloud compute instances create pbx \
    --zone=$ZONE \
    --machine-type=e2-micro \
    --address=pbx-external-ip \
    --tags=pbx \
    --boot-disk-size=30 \
    --image-family=ubuntu-2404-lts-amd64 \
    --image-project=ubuntu-os-cloud \
    --metadata-from-file=user-data=cloud-init.yaml

Note

In the steps below, --source-ranges can be any number of globally routable IPv4 addresses written as individual IPs, or groups of IPs in slash notation, separated by commas (but no spaces).
_{EXAMPLE
192.178.0.0/15,142.251.47.238}

$(wget -qO- http://checkip.amazonaws.com) retrieves the globally routable IPv4 address of the machine where the command is run, using an Amazon AWS service. It appears in some commands below, as a convenience, but can be replaced with manually specified IPs.

Tip

Looking up an individual IP from an ISP at arin.net can reveal the entire CIDR block of possible IPs from that ISP, if wide ranges need to be permitted in the firewall. For example, looking up a Charter Spectrum IP 174.108.85.8 reveals a CIDR of 174.96.0.0/12. CIDR blocks for popular ISPs serving dynamic IPs to customers in North America appear in the following table:

ISP	CIDR
Charter Spectrum	`174.96.0.0/12`
Optimum Online's Altice Fiber	`24.184.0.0/14`
Verizon Wireless 5G Home Internet	`75.192.0.0/10`
Google Fiber	`136.32.0.0/11`

Permit ingress HTTP for management and optionally ICMP for ping replies

gcloud compute firewall-rules create allow-management-http-icmp \
    --direction=INGRESS \
    --action=ALLOW \
    --target-tags=pbx \
    --source-ranges="$(wget -qO- http://checkip.amazonaws.com)" \
    --rules="tcp:80,icmp" \
    --description="Access FreePBX via web and ping"

Permit ingress UDP traffic for analog telephone adapters (ATAs) and softphones

gcloud compute firewall-rules create allow-devices-sip-rtp-udptl \
    --direction=INGRESS \
    --action=ALLOW \
    --target-tags=pbx \
    --source-ranges="$(wget -qO- http://checkip.amazonaws.com)" \
    --rules="udp:5060,udp:4000-4999,udp:10000-20000" \
    --description="SIP signaling and RTP & UDPTL media for ATAs and Softphones"

Permit ingress traffic from VoIP and/or FoIP SIP Trunk provider(s)

allow RTP and UDPTL media streams over Asterisk's configured UDP port ranges
allow SIP signaling for inbound calls when using IP authentication

T38Fax Power-T.38 SIP Trunk for FoIP
^{CLICK TO EXPAND}

T38Fax proxies all the RTP and UDPTL packets through their network for observability into the quality of the RTP streams.

RTP and UDPTL ingress rule

gcloud compute firewall-rules create allow-t38fax-rtp-udptl \
    --direction=INGRESS \
    --action=ALLOW \
    --target-tags=pbx \
    --source-ranges="8.20.91.0/24,130.51.64.0/22,8.34.182.0/24" \
    --rules="udp:4000-4999,udp:10000-20000" \
    --description="T38Fax incoming RTP and UDPTL media streams"

SIP signaling ingress rule

gcloud compute firewall-rules create allow-t38fax-sip \
    --direction=INGRESS \
    --action=ALLOW \
    --target-tags=pbx \
    --source-ranges="8.20.91.0/24,130.51.64.0/22,8.34.182.0/24" \
    --rules="udp:5060" \
    --description="T38Fax SIP Signaling"

Flowroute
^{CLICK TO EXPAND}

Flowroute uses direct media delivery to ensure voice data streams traverse the shortest path between the caller and callee, therefore --source-ranges="0.0.0.0/0" allows inbound RTP and UDPTL traffic from anywhere in the world.

RTP and UDPTL ingress rule

gcloud compute firewall-rules create allow-flowroute-rtp-udptl \
    --direction=INGRESS \
    --action=ALLOW \
    --target-tags=pbx \
    --source-ranges="0.0.0.0/0" \
    --rules="udp:4000-4999,udp:10000-20000" \
    --description="Flowroute incoming RTP and UDPTL media streams"

SIP signaling ingress rule

gcloud compute firewall-rules create allow-flowroute-sip \
    --direction=INGRESS \
    --action=ALLOW \
    --target-tags=pbx \
    --source-ranges="34.210.91.112/28,34.226.36.32/28,16.163.86.112/30,3.0.5.12/30,3.8.37.20/30,3.71.103.56/30,18.228.70.48/30" \
    --rules="udp:5060" \
    --description="Flowroute SIP Signaling"

Telnyx
^{CLICK TO EXPAND}

Telnyx proxies all the RTP and UDPTL media streams through their network for observability into the quality of the RTP streams.

RTP and UDPTL ingress rule

gcloud compute firewall-rules create allow-telnyx-rtp-udptl \
    --direction=INGRESS \
    --action=ALLOW \
    --target-tags=pbx \
    --source-ranges="36.255.198.128/25,50.114.136.128/25,50.114.144.0/21,64.16.226.0/24,64.16.227.0/24,64.16.228.0/24,64.16.229.0/24,64.16.230.0/24,64.16.248.0/24,64.16.249.0/24,103.115.244.128/25,185.246.41.128/25" \
    --rules="udp:4000-4999,udp:10000-20000" \
    --description="Telnyx incoming RTP and UDPTL media streams"

SIP signaling ingress rule

gcloud compute firewall-rules create allow-telnyx-sip \
    --direction=INGRESS \
    --action=ALLOW \
    --target-tags=pbx \
    --source-ranges="192.76.120.10,64.16.250.10,185.246.41.140,185.246.41.141,103.115.244.145,103.115.244.146,192.76.120.31,64.16.250.13" \
    --rules="udp:5060" \
    --description="Telnyx SIP Signaling"

BulkVS
^{CLICK TO EXPAND}

BulkVS proxies all the RTP and UDPTL packets through their network for observability into the quality of the RTP streams.

RTP and UDPTL ingress rule

gcloud compute firewall-rules create allow-bulkvs-rtp-udptl \
    --direction=INGRESS \
    --action=ALLOW \
    --target-tags=pbx \
    --source-ranges="162.249.171.198,23.190.16.198,76.8.29.198" \
    --rules="udp:4000-4999,udp:10000-20000" \
    --description="BulkVS incoming RTP and UDPTL media streams"

SIP signaling ingress rule

gcloud compute firewall-rules create allow-bulkvs-sip \
    --direction=INGRESS \
    --action=ALLOW \
    --target-tags=pbx \
    --source-ranges="162.249.171.198,23.190.16.198,76.8.29.198" \
    --rules="udp:5060" \
    --description="BulkVS SIP Signaling"

List all banned IPs in fail2ban jails

gcloud compute ssh pbx --zone $ZONE --command "sudo sh -c \"fail2ban-client status | sed -n 's/,//g;s/.*Jail list://p' | xargs -n1 fail2ban-client status\""

Forgot to include an IP in the fail2ban ignoreip list? Manually add the IP or IP range

fail2ban safeguard to prevent banning user IPs
- all public IPv4 addresses which should never be banned are listed in the IP variable
- Use standard dotted decimal notation for each IP address or CIDR (slash) notation IP ranges
- Separate multiple entries with a space, and do not use commas.
  _{EXAMPLE
  IP=192.178.0.0/15 142.251.47.238}
```
IP=$(wget -qO- http://checkip.amazonaws.com)
gcloud compute ssh pbx --zone $ZONE --command "sudo sed -i 's/ignoreip = $.*$/ignoreip = \1 '"$IP"'/' /etc/fail2ban/jail.local"
gcloud compute ssh pbx --zone $ZONE --command "sudo fail2ban-client reload"
```

Observe the installation progress by tailing /var/log/cloud-init-output.log

gcloud compute ssh pbx --zone $ZONE --command "tail -f /var/log/cloud-init-output.log"

Authorize gcloud CLI to have SSH access to your Ubuntu virtual machine

First time gcloud CLI users will be prompted for a passphrase twice
This password can be left blank, press Enter twice to proceed:

WARNING: The private SSH key file for gcloud does not exist.
WARNING: The public SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

This line indicates security patches were applied, and a reboot is required

2023-08-20 17:30:04,721 - cc_package_update_upgrade_install.py[WARNING]: Rebooting after upgrade or install per /var/run/reboot-required

In the event of a reboot, re-run the tail command to continue observing the progress of the installation; otherwise skip this step:

gcloud compute ssh pbx --zone $ZONE --command "tail -f /var/log/cloud-init-output.log"

When cloud-init prints this finished at line, press CTRL + C to terminate the tail process.

Cloud-init v. 24.1.3-0ubuntu3.3 finished at Thu, 20 Jun 2024 03:53:16 +0000. Datasource DataSourceGCELocal.  Up 666.00 seconds

Access the web portal to set up Trunks and Extensions

These commands will print the web portal links in the terminal
CTRL click the link to open

dig +short -x $(gcloud compute addresses describe pbx-external-ip --region=$REGION --format='get(address)') | sed 's/\.$//; s/^/http:\/\//'

echo "http://$(gcloud compute addresses describe pbx-external-ip --region=$REGION --format='get(address)')"

Connect to the pbx VM via SSH to configure external backup schedules, and connect to the Asterisk CLI.
```
gcloud compute ssh pbx --zone $ZONE
```
Upon logging in via SSH, edit the "root" user's crontab.
```
sudo crontab -e
```
nano (option 1) will be the most intuitive option for most users.
```
Select an editor.  To change later, run 'select-editor'.
1. /bin/nano        <---- easiest
2. /usr/bin/vim.basic
3. /usr/bin/vim.tiny
4. /bin/ed
```
Add the following lines at the bottom of the crontab file. Replace example-bucket-name with the name of your storage bucket on Google Cloud Storage.
```
@daily gcloud storage rsync /var/spool/asterisk/backup gs://example-bucket-name/backup --recursive
@daily gcloud storage rsync /var/spool/asterisk/monitor gs://example-bucket-name/monitor --recursive
```
- FreePBX artifacts such as backups and call recordings (if enabled) will be pruned on a schedule through crontab entries for the "root" user.
- A Google Cloud Storage S3 Bucket is a suitable location for long term external storage of this data.
- Delete stale backups and recordings from the S3 bucket on a schedule with "maximum age" object lifecycle policies.
Connect to the Asterisk CLI, and observe output as you configure and use FreePBX:
```
sudo su -s /bin/bash asterisk -c 'cd ~/ && asterisk -rvvvvv'
```
- The exit command will safely exit the Asterisk CLI.
- Running the exit command again will quit the SSH session.

_{PROGRESS ✔️ STEP 1 ✔️ STEP 2 ✔️ STEP 3 🎉 COMPLETED}

HOW DO I UNDO?

How to delete things in Google Cloud

Warning

The following steps are destructive, and will remove everything created by following the above steps, in Google Cloud.

The following steps remove the "pbx" VM, its static IP address, and its firewall rules.

List all VMs in this project:
```
gcloud compute instances list
```
To delete the "pbx" VM, set ZONE to reflect what was specified in Step 3.5:
```
ZONE=us-east1-b
gcloud compute instances delete pbx --zone $ZONE
```
List all the static addresses:
```
gcloud compute addresses list
```
To delete the address named "pbx-external-ip", set REGION to reflect what was specified in Step 3.5
```
REGION=us-east1
gcloud compute addresses delete pbx-external-ip --region=$REGION
```
List all firewall rules in this project:
```
gcloud compute firewall-rules list
```

To delete the ingress firewall rules created in Step 3.11

gcloud compute firewall-rules delete allow-management-http-icmp
gcloud compute firewall-rules delete allow-devices-sip-rtp-udptl

gcloud compute firewall-rules delete allow-t38fax-rtp-udptl
gcloud compute firewall-rules delete allow-t38fax-sip

gcloud compute firewall-rules delete allow-flowroute-rtp-udptl
gcloud compute firewall-rules delete allow-flowroute-sip

gcloud compute firewall-rules delete allow-telnyx-rtp-udptl
gcloud compute firewall-rules delete allow-telnyx-sip

gcloud compute firewall-rules delete allow-bulkvs-rtp-udptl
gcloud compute firewall-rules delete allow-bulkvs-sip

Name		Name	Last commit message	Last commit date
Latest commit History 454 Commits
images		images
LICENSE		LICENSE
README.md		README.md
cloud-init.yaml		cloud-init.yaml
ubuntupbx.asterisklogs.backup.tar.gz		ubuntupbx.asterisklogs.backup.tar.gz
ubuntupbx.core.backup.tar.gz		ubuntupbx.core.backup.tar.gz

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Install FreePBX and Asterisk on an existing Ubuntu machine

Securely run FreePBX on Ubuntu 24.04 LTS until 2034

STEP 1

STEP 2

STEP 3

fail2ban safeguard to prevent banning user and provider IPs

Install FreePBX and Asterisk on Ubuntu in Google Cloud

Run FreePBX on a FREE Ubuntu virtual machine on Google Cloud

STEP 1

Make a cloud-deployment workspace for gcloud CLI

STEP 2

Install and configure gcloud CLI in the cloud-deployment workspace

STEP 3

Use gcloud CLI to provision a free Ubuntu VM with cloud-init, and configure the firewall

RTP and UDPTL ingress rule

SIP signaling ingress rule

RTP and UDPTL ingress rule

SIP signaling ingress rule

RTP and UDPTL ingress rule

SIP signaling ingress rule

RTP and UDPTL ingress rule

SIP signaling ingress rule

fail2ban safeguard to prevent banning user IPs

HOW DO I UNDO?

How to delete things in Google Cloud

About

Releases

Packages

License

rajannpatel/ubuntupbx

Folders and files

Latest commit

History

Repository files navigation

Install FreePBX and Asterisk on an existing Ubuntu machine

Securely run FreePBX on Ubuntu 24.04 LTS until 2034

STEP 1

STEP 2

STEP 3

fail2ban safeguard to prevent banning user and provider IPs

Install FreePBX and Asterisk on Ubuntu in Google Cloud

Run FreePBX on a FREE Ubuntu virtual machine on Google Cloud

STEP 1

Make a cloud-deployment workspace for gcloud CLI

STEP 2

Install and configure gcloud CLI in the cloud-deployment workspace

STEP 3

Use gcloud CLI to provision a free Ubuntu VM with cloud-init, and configure the firewall

RTP and UDPTL ingress rule

SIP signaling ingress rule

RTP and UDPTL ingress rule

SIP signaling ingress rule

RTP and UDPTL ingress rule

SIP signaling ingress rule

RTP and UDPTL ingress rule

SIP signaling ingress rule

fail2ban safeguard to prevent banning user IPs

HOW DO I UNDO?

How to delete things in Google Cloud

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Packages