From 5988b7ed7d9270bf48c82dc7bf382bc2a30177be Mon Sep 17 00:00:00 2001 From: markjcrane Date: Fri, 29 Apr 2016 13:24:22 -0600 Subject: [PATCH] Add a shell install script. --- debian/install.sh | 43 +++++ debian/resources/fail2ban.sh | 26 +++ debian/resources/fail2ban/freeswitch-dos.conf | 21 ++ debian/resources/fail2ban/freeswitch.conf | 18 ++ debian/resources/fail2ban/fusionpbx.conf | 25 +++ debian/resources/fail2ban/jail.package | 46 +++++ debian/resources/fail2ban/jail.source | 46 +++++ debian/resources/fusionpbx.sh | 12 ++ debian/resources/iptables.sh | 26 +++ debian/resources/nginx.sh | 18 ++ debian/resources/nginx/fusionpbx | 180 ++++++++++++++++++ debian/resources/postgres.sh | 39 ++++ debian/resources/switch/package-master.sh | 8 + debian/resources/switch/package-release.sh | 27 +++ debian/resources/switch/source-release.sh | 37 ++++ 15 files changed, 572 insertions(+) create mode 100644 debian/install.sh create mode 100644 debian/resources/fail2ban.sh create mode 100644 debian/resources/fail2ban/freeswitch-dos.conf create mode 100644 debian/resources/fail2ban/freeswitch.conf create mode 100644 debian/resources/fail2ban/fusionpbx.conf create mode 100644 debian/resources/fail2ban/jail.package create mode 100644 debian/resources/fail2ban/jail.source create mode 100644 debian/resources/fusionpbx.sh create mode 100644 debian/resources/iptables.sh create mode 100644 debian/resources/nginx.sh create mode 100644 debian/resources/nginx/fusionpbx create mode 100644 debian/resources/postgres.sh create mode 100644 debian/resources/switch/package-master.sh create mode 100644 debian/resources/switch/package-release.sh create mode 100644 debian/resources/switch/source-release.sh diff --git a/debian/install.sh b/debian/install.sh new file mode 100644 index 0000000..f9a0871 --- /dev/null +++ b/debian/install.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +#Update Debian +echo "Update Debian" +apt-get upgrade && apt-get update -y --force-yes + +#IPTables +resources/./iptables.sh + +#FusionPBX +resources/./fusionpbx.sh + +#NGINX web server +resources/./nginx.sh + +#Fail2ban +resources/./fail2ban.sh + +#FreeSWITCH +resources/switch/./package-release.sh +#resources/switch/./package-master.sh +#resources/switch/./source-release.sh + +#Postgres +resources/./postgres.sh + +#set the ip address +server_address=$(hostname -I) + +#restart services +/bin/systemctl daemon-reload +/bin/systemctl restart nginx +/bin/systemctl restart fail2ban +#/usr/sbin/service nginx restart +#/usr/sbin/service fail2ban restart + +#Show database password +echo "Complete the install by going to:" +echo " https://$server_address" +echo "" +echo "" + + diff --git a/debian/resources/fail2ban.sh b/debian/resources/fail2ban.sh new file mode 100644 index 0000000..bab0619 --- /dev/null +++ b/debian/resources/fail2ban.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +#send a message +echo "Install Fail2ban" + +#add the dependencies +apt-get install -y --force-yes fail2ban + +#move the filters +cp resources/fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf +cp resources/fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf +cp resources/fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf + +#move the template +cp resources/fail2ban/jail.package /etc/fail2ban/jail.package +cp resources/fail2ban/jail.source /etc/fail2ban/jail.source + +#active the filters +cp resources/fail2ban/jail.package /etc/fail2ban/jail.local + +#restart fail2ban +#systemd +/bin/systemctl restart fail2ban + +#init.d +#/usr/sbin/service fail2ban restart diff --git a/debian/resources/fail2ban/freeswitch-dos.conf b/debian/resources/fail2ban/freeswitch-dos.conf new file mode 100644 index 0000000..3407183 --- /dev/null +++ b/debian/resources/fail2ban/freeswitch-dos.conf @@ -0,0 +1,21 @@ +# Fail2Ban configuration file +# +# Author: soapee01 +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/debian/resources/fail2ban/freeswitch.conf b/debian/resources/fail2ban/freeswitch.conf new file mode 100644 index 0000000..b187b49 --- /dev/null +++ b/debian/resources/fail2ban/freeswitch.conf @@ -0,0 +1,18 @@ +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip + \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = + diff --git a/debian/resources/fail2ban/fusionpbx.conf b/debian/resources/fail2ban/fusionpbx.conf new file mode 100644 index 0000000..ff1b5c9 --- /dev/null +++ b/debian/resources/fail2ban/fusionpbx.conf @@ -0,0 +1,25 @@ +# Fail2Ban configuration file +# +# Author: soapee01 +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#failregex = [hostname] FusionPBX: \[\] authentication failed +#[hostname] variable doesn't seem to work in every case. Do this instead: +failregex = .* FusionPBX: \[\] authentication failed for + = .* FusionPBX: \[\] provision attempt bad password for + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = + diff --git a/debian/resources/fail2ban/jail.package b/debian/resources/fail2ban/jail.package new file mode 100644 index 0000000..9aff403 --- /dev/null +++ b/debian/resources/fail2ban/jail.package @@ -0,0 +1,46 @@ +[freeswitch-tcp] +enabled = true +port = 5060,5061,5080,5081,5070 +protocol = tcp +filter = freeswitch +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-allports[name=freeswitch-tcp, protocol=all] +maxretry = 5 +findtime = 600 +bantime = 600 +# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed + +[freeswitch-udp] +enabled = true +port = 5060,5061,5080,5081,5070 +protocol = udp +filter = freeswitch +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-allports[name=freeswitch-udp, protocol=all] +maxretry = 5 +findtime = 600 +bantime = 600 +# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed + +[freeswitch-dos] +enabled = true +port = 5060,5061,5080,5081,5070 +protocol = udp +filter = freeswitch-dos +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-allports[name=freeswitch-dos, protocol=all] +maxretry = 50 +findtime = 30 +bantime = 6000 + +[fusionpbx] +enabled = true +port = 80,443 +protocol = tcp +filter = fusionpbx +logpath = /var/log/auth.log +action = iptables-allports[name=fusionpbx, protocol=all] +# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed +maxretry = 5 +findtime = 600 +bantime = 600 diff --git a/debian/resources/fail2ban/jail.source b/debian/resources/fail2ban/jail.source new file mode 100644 index 0000000..ed70408 --- /dev/null +++ b/debian/resources/fail2ban/jail.source @@ -0,0 +1,46 @@ +[freeswitch-tcp] +enabled = true +port = 5060,5061,5080,5081,5070 +protocol = tcp +filter = freeswitch +logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=freeswitch-tcp, protocol=all] +maxretry = 5 +findtime = 600 +bantime = 600 +# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed + +[freeswitch-udp] +enabled = true +port = 5060,5061,5080,5081,5070 +protocol = udp +filter = freeswitch +logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=freeswitch-udp, protocol=all] +maxretry = 5 +findtime = 600 +bantime = 600 +# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed + +[freeswitch-dos] +enabled = true +port = 5060,5061,5080,5081,5070 +protocol = udp +filter = freeswitch-dos +logpath = /usr/local/freeswitch/log/freeswitch.log +action = iptables-allports[name=freeswitch-dos, protocol=all] +maxretry = 50 +findtime = 30 +bantime = 6000 + +[fusionpbx] +enabled = true +port = 80,443 +protocol = tcp +filter = fusionpbx +logpath = /var/log/auth.log +action = iptables-allports[name=fusionpbx, protocol=all] +# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed +maxretry = 5 +findtime = 600 +bantime = 600 diff --git a/debian/resources/fusionpbx.sh b/debian/resources/fusionpbx.sh new file mode 100644 index 0000000..5df1d44 --- /dev/null +++ b/debian/resources/fusionpbx.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +#send a message +echo "Install FusionPBX" + +#install dependencies +apt-get install -y --force-yes vim git dbus haveged +apt-get install -y --force-yes ghostscript libtiff5-dev libtiff-tools + +#get the source code +git clone https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx +chown -R www-data:www-data /var/www/fusionpbx diff --git a/debian/resources/iptables.sh b/debian/resources/iptables.sh new file mode 100644 index 0000000..9f70728 --- /dev/null +++ b/debian/resources/iptables.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +#send a message +echo "Configure IPTables" + +#run iptables commands +iptables -A INPUT -i lo -j ACCEPT +iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +iptables -A INPUT -p tcp --dport 22 -j ACCEPT +iptables -A INPUT -p tcp --dport 80 -j ACCEPT +iptables -A INPUT -p tcp --dport 443 -j ACCEPT +iptables -A INPUT -p tcp --dport 5060 -j ACCEPT +iptables -A INPUT -p udp --dport 5060 -j ACCEPT +iptables -A INPUT -p tcp --dport 5080 -j ACCEPT +iptables -A INPUT -p udp --dport 5080 -j ACCEPT +iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT +iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT +iptables -A INPUT -p udp --dport 1194 -j ACCEPT +iptables -P INPUT DROP +iptables -P FORWARD DROP +iptables -P OUTPUT ACCEPT + +#answer the questions for iptables persistent +echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections +echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections +apt-get install -y --force-yes iptables-persistent \ No newline at end of file diff --git a/debian/resources/nginx.sh b/debian/resources/nginx.sh new file mode 100644 index 0000000..2f9e670 --- /dev/null +++ b/debian/resources/nginx.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +#send a message +echo "Install the web server\n" + +#install dependencies +apt-get install -y --force-yes nginx php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-mcrypt + +#enable fusionpbx nginx config +cp resources/nginx/fusionpbx /etc/nginx/sites-available/fusionpbx +ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx + +#self signed certificate +ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key +ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt + +#remove the default site +rm /etc/nginx/sites-enabled/default \ No newline at end of file diff --git a/debian/resources/nginx/fusionpbx b/debian/resources/nginx/fusionpbx new file mode 100644 index 0000000..869c05b --- /dev/null +++ b/debian/resources/nginx/fusionpbx @@ -0,0 +1,180 @@ + +server{ + listen 127.0.0.1:80; + server_name 127.0.0.1; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 10M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Disable viewing .htaccess & .htpassword & .db + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } +} + +server { + listen 80; + server_name fusionpbx; + if ($uri !~* ^.*provision.*$) { + rewrite ^(.*) https://$host$1 permanent; + break; + } + + #REST api + if ($uri ~* ^.*/api/.*$) { + rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last; + break; + } + + #mitel + rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last; + rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last; + + #grandstream + rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1; + + #aastra + #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last; + + #yealink common + rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1; + + #yealink mac + rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last; + + #polycom + rewrite "^.*/provision/000000000000.cfg$" "/app/provison/?mac=$1&file={%24mac}.cfg"; + #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2; + rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg"; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml"; + + #cisco + rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 10M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Disable viewing .htaccess & .htpassword & .db + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } +} + +server { + listen 443; + server_name fusionpbx; + ssl on; + ssl_certificate /etc/ssl/certs/nginx.crt; + ssl_certificate_key /etc/ssl/private/nginx.key; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!ADH:!MD5; + + #REST api + if ($uri ~* ^.*/api/.*$) { + rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last; + break; + } + + #mitel + rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last; + rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last; + + #grandstriam + rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1; + + #aastra + #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last; + + #yealink common + rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1; + + #yealink mac + rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last; + + #polycom + rewrite "^.*/provision/000000000000.cfg$" "/app/provison/?mac=$1&file={%24mac}.cfg"; + #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2; + rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg"; + + #cisco + rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 10M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Disable viewing .htaccess & .htpassword & .db + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } +} \ No newline at end of file diff --git a/debian/resources/postgres.sh b/debian/resources/postgres.sh new file mode 100644 index 0000000..46ea9c9 --- /dev/null +++ b/debian/resources/postgres.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +#send a message +echo "Install PostgreSQL" + +#generate a random password +password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64) + +#Postgres +echo "Install PostgreSQL and create the database and users\n" +apt-get install -y --force-yes sudo postgresql + +#systemd +/bin/systemctl restart postgresql + +#init.d +#/usr/sbin/service postgresql restart + +#add the databases, users and grant permissions to them +sudo -u postgres psql -c "CREATE DATABASE fusionpbx"; +sudo -u postgres psql -c "CREATE DATABASE freeswitch"; +sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';" +sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;" +#ALTER USER fusionpbx WITH PASSWORD 'newpassword'; + +#set the ip address +server_address=$(hostname -I) + +#Show database password +echo "" +echo "" +echo "PostgreSQL" +echo " Database name: fusionpbx" +echo " Database username: fusionpbx" +echo " Database password: $password" +echo "" \ No newline at end of file diff --git a/debian/resources/switch/package-master.sh b/debian/resources/switch/package-master.sh new file mode 100644 index 0000000..74cae9f --- /dev/null +++ b/debian/resources/switch/package-master.sh @@ -0,0 +1,8 @@ +#!/bin/sh +apt-get update && apt-get install -y --force-yes curl memcached haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list +apt-get update && apt-get install -y --force-yes freeswitch-all freeswitch-all-dbg gdb +#apt-get remove freeswitch-all freeswitch-all-dbg +#rm /etc/apt/sources.list.d/freeswitch.list diff --git a/debian/resources/switch/package-release.sh b/debian/resources/switch/package-release.sh new file mode 100644 index 0000000..b7c0cba --- /dev/null +++ b/debian/resources/switch/package-release.sh @@ -0,0 +1,27 @@ +#!/bin/sh +apt-get update && apt-get install -y --force-yes curl memcached haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +apt-get update && apt-get install -y --force-yes freeswitch-all freeswitch-all-dbg gdb +#apt-get remove freeswitch-all freeswitch-all-dbg +#rm /etc/apt/sources.list.d/freeswitch.list + +#set the file permissions +#chown -R freeswitch:freeswitch /var/lib/freeswitch +chmod -R g+s /var/lib/freeswitch +setfacl -R -m u:www-data:rwx,g:www-data:rwx /var/lib/freeswitch + +#chown -R freeswitch:freeswitch /usr/share/freeswitch +chmod -R g+s /usr/share/freeswitch +setfacl -R -m u:www-data:rwx,g:www-data:rwx /usr/share/freeswitch + +#chown -R freeswitch:freeswitch /etc/freeswitch +chmod -R g+s /etc/freeswitch +setfacl -R -m u:www-data:rwx,g:www-data:rwx /etc/freeswitch + +#chown -R freeswitch:freeswitch /etc/freeswitch +setfacl -R -m u:www-data:rwx,g:www-data:rwx /var/log/freeswitch + +#chown -R freeswitch:freeswitch /usr/share/freeswitch/sounds +chmod -R g+s /usr/share/freeswitch/sounds +setfacl -R -m u:www-data:rwx,g:www-data:rwx /usr/share/freeswitch/sounds diff --git a/debian/resources/switch/source-release.sh b/debian/resources/switch/source-release.sh new file mode 100644 index 0000000..92db7da --- /dev/null +++ b/debian/resources/switch/source-release.sh @@ -0,0 +1,37 @@ +#!/bin/sh +echo "Installing the FreeSWITCH source" +DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y --force-yes ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev +apt-get install -y --force-yes unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev + +apt-get update && apt-get install -y --force-yes curl haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +apt-get update && apt-get upgrade +apt-get install -y --force-yes freeswitch-video-deps-most + +#git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch +#git clone -b v1.6 https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch +cd /usr/src && wget http://files.freeswitch.org/freeswitch-releases/freeswitch-1.6.7.zip +unzip freeswitch-1.6.7.zip +rm -R freeswitch +cp -R freeswitch-1.6.7 freeswitch +cd freeswitch + +#./bootstrap.sh -j +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:' +#./configure --help +#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs +./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs +#make mod_shout-install +make +rm -rf /usr/local/freeswitch/{lib,mod,bin}/* +make install +make sounds-install moh-install +make hd-sounds-install hd-moh-install +make cd-sounds-install cd-moh-install +chown -R www-data:www-data /usr/local/freeswitch