Skip to content

Deployment Overview of FreePBX on Server

Prerequisites and Basic Requirements

Before deploying FreePBX on the server, ensure the following requirements are met:

  • Operating System: Debian 12.

  • Privileges: Root access or a user with sudo privileges is required.

  • Network: The server must have outbound internet access to download the installation script, packages, and SSL certificates.

  • Ports:

    • Port 443 (HTTPS) is required for external access to the web interface.

    • Port 3000 is used internally by the application.

FQDN of the Final Panel

The Fully Qualified Domain Name (FQDN) for accessing the FreePBX panel follows the format:

freepbx<Server ID>.hostkey.in

The default access port is 443 (HTTPS). The hostname is automatically set to match this FQDN during the deployment process.

File and Directory Structure

The application and its configurations are stored in the following locations:

  • Asterisk Configuration: /etc/asterisk/

  • SSL Certificates: /etc/asterisk/keys/ (Let's Encrypt certificates are stored here with the naming convention <fqdn>.crt and <fqdn>.key).

  • Apache Configuration: /etc/apache2/sites-available/default-ssl.conf

  • Nginx Configuration: /data/nginx/user_conf.d/freepbx<Server ID>.hostkey.in.conf

  • Docker Compose File: /root/nginx/compose.yml

  • Nginx Environment Variables: /data/nginx/nginx-certbot.env

  • Installation Logs: /root/freepbx-install.log

Application Installation Process

FreePBX is installed using a dedicated installer script for Debian 12. The deployment process involves the following steps:

  1. The system updates the APT mirror to deb.debian.org and refreshes the package cache.

  2. Required utilities (wget and curl) are installed.

  3. The system hostname is updated to the target FQDN (freepbx<Server ID>.hostkey.in).

  4. The FQDN is added to the /etc/hosts file.

  5. The FreePBX 17 Debian 12 installation script is downloaded from https://github.com/FreePBX/sng_freepbx_debian_install/raw/master/sng_freepbx_debian_install.sh.

  6. The script is executed. Upon successful completion, the server reboots automatically.

  7. After the reboot, file ownership is corrected using the fwconsole chown command.

Access Rights and Security

Security configurations include the following components:

  • SSL/TLS: Let's Encrypt is enabled to provide HTTPS encryption. Certificates are generated for the specific FQDN with the following details:

  • Firewall: The installation script configures necessary firewall rules for Asterisk and web traffic.

  • Certificate Management: The Let's Encrypt certificate is set as the default for the system, and all integrations are updated to use the new certificate via fwconsole cert.

Docker Containers and Their Deployment

A reverse proxy with SSL termination is deployed using Docker containers managed by docker compose.

  • Image: jonasal/nginx-certbot:latest

  • Directory: The container is managed from the /root/nginx directory.

  • Network Mode: host

  • Volumes:

    • nginx_secrets: Mounted to /etc/letsencrypt for certificate storage.

    • /data/nginx/user_conf.d: Mounted to /etc/nginx/user_conf.d for user-specific configurations.

  • Environment: The container utilizes an environment file located at /data/nginx/nginx-certbot.env.

  • Restart Policy: unless-stopped

The docker compose file is generated and located at /root/nginx/compose.yml.

Proxy Servers

Nginx is configured as a reverse proxy to handle incoming HTTPS traffic and forward it to the FreePBX application.

  • Proxy Configuration: The Nginx configuration file is located at /data/nginx/user_conf.d/freepbx<Server ID>.hostkey.in.conf.

  • Routing: Traffic to the root path / is proxied to http://127.0.0.1:3000.

  • SSL Termination: The proxy handles SSL termination using the certificates generated by the Nginx-Certbot container.

  • Certbot: The jonasal/nginx-certbot container handles the generation and renewal of Let's Encrypt certificates.

Permission Settings

File and directory permissions are managed as follows:

  • Asterisk Directory: The directory /var/run/asterisk is created with ownership set to asterisk:asterisk and mode 0755.

  • File Ownership: After installation, the fwconsole chown command is executed to ensure correct ownership for FreePBX files.

  • Nginx Directories:

    • /root/nginx: Owner root, group root, mode 0755.

    • /data/nginx: Used for storing configuration files and environment variables.

Location of Configuration Files and Data

Key configuration files and data paths are:

Component Path
FreePBX Web Interface freepbx<Server ID>.hostkey.in
Nginx Proxy Config /data/nginx/user_conf.d/freepbx<Server ID>.hostkey.in.conf
Docker Compose /root/nginx/compose.yml
SSL Certificates (Nginx) Managed by nginx_secrets volume mapping to /etc/letsencrypt
SSL Certificates (FreePBX) /etc/asterisk/keys/<fqdn>.crt and /etc/asterisk/keys/<fqdn>.key
Apache SSL Config /etc/apache2/sites-available/default-ssl.conf

Available Ports for Connection

The following ports are utilized for the application:

Port Protocol Usage
443 TCP External HTTPS access to the FreePBX web interface.
3000 TCP Internal connection between Nginx proxy and the FreePBX application.

Starting, Stopping, and Updating

Service management for FreePBX is handled through the fwconsole utility.

  • Restarting FreePBX Services: 

    fwconsole restart

  • Reloading FreePBX Configuration: 

    fwconsole reload

  • Updating Certificates: 

    fwconsole cert --updateall

  • Managing Docker Proxy: To manage the Nginx proxy container, navigate to the configuration directory and use docker compose: 

    cd /root/nginx
docker compose up -d
docker compose down

The system is configured to use apache2 for serving the web interface, which can be reloaded via: 

systemctl reload apache2

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×