initial

.env.dist

@@ -0,0 +1,78 @@
+APP_FQDN=127.0.0.1
+MYSQL_ROOT_PASSWORD=secret
+MYSQL_PASSWORD=secret
+FREEPBX_CDRDBPASS=secret
+FREEPBX_AMPMGRPASS=secret
+
+SENDMAIL_TG=false
+TG_BOT_APIKEY=secret
+TG_BOT_CHATID=secret
+
+PERSISTENT_STORAGE_PATH=./data
+HTTPD_HTTPS_ENABLED=true
+HTTPD_REDIRECT_HTTP_TO_HTTPS=true
+LETSENCRYPT_ENABLED=false
+
+SMTP_MAIL_FROM=pbx@pbx.example.com
+ROOT_MAILTO=admin@example.com
+FAIL2BAN_DEFAULT_DESTEMAIL=security@example.com
+FAIL2BAN_DEFAULT_SENDER=fail2ban@example.com
+
+APP_DATA=/data
+APP_PORT_HTTP=80
+APP_PORT_HTTPS=443
+APP_PORT_IAX=4569
+APP_PORT_MYSQL=3306
+APP_PORT_PJSIP=5160
+APP_PORT_RTP_END=20000
+APP_PORT_RTP_START=10000
+APP_PORT_SIP=5060
+APP_API_PORT=8000
+
+CRON_ENABLED=true
+FAIL2BAN_ENABLED=true
+HTTPD_ENABLED=true
+POSTFIX_ENABLED=true
+RRTPBX_ENABLED=true
+
+FAIL2BAN_ASTERISK_ENABLED=true
+FAIL2BAN_DEFAULT_BANTIME=300
+FAIL2BAN_DEFAULT_FINDTIME=3600
+FAIL2BAN_DEFAULT_IGNOREIP=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
+FAIL2BAN_DEFAULT_MAXRETRY=10
+FAIL2BAN_RECIDIVE_BANTIME=1814400
+FAIL2BAN_RECIDIVE_ENABLED=true
+FAIL2BAN_RECIDIVE_FINDTIME=15552000
+FAIL2BAN_RECIDIVE_MAXRETRY=10
+
+FREEPBX_AMPEXTENSIONS=deviceanduser
+FREEPBX_AS_DISPLAY_READONLY_SETTINGS=1
+FREEPBX_AS_OVERRIDE_READONLY=1
+FREEPBX_ASTSIPDRIVER=chan_pjsip
+#FREEPBX_BRAND_FREEPBX_ALT_FOOT=FreePBX®
+#FREEPBX_BRAND_FREEPBX_ALT_LEFT=FreePBX
+#FREEPBX_BRAND_IMAGE_FREEPBX_FOOT=images/freepbx_small.png
+#FREEPBX_BRAND_IMAGE_FREEPBX_LINK_FOOT=http://www.freepbx.org
+#FREEPBX_BRAND_IMAGE_FREEPBX_LINK_LEFT=http://www.freepbx.org
+#FREEPBX_BRAND_IMAGE_SPONSOR_FOOT=images/sangoma-horizontal_thumb.png
+#FREEPBX_BRAND_IMAGE_SPONSOR_LINK_FOOT=http://www.sangoma.com
+#FREEPBX_BRAND_IMAGE_TANGO_LEFT=images/tango.png
+#FREEPBX_BRAND_SPONSOR_ALT_FOOT=www.sangoma.com
+FREEPBX_CDRDBHOST=127.0.0.1
+FREEPBX_CDRDBNAME=asteriskcdrdb
+FREEPBX_CDRDBTABLENAME=cdr
+FREEPBX_CDRDBTYPE=mysql
+FREEPBX_CDRDBUSER=asterisk
+FREEPBX_DYNAMICHINTS=1
+FREEPBX_ENABLECW=0
+FREEPBX_FREEPBX_SYSTEM_IDENT=PBX
+#FREEPBX_MODULES_EXTRA=soundlang callrecording cdr conferences customappsreg featurecodeadmin infoservices logfiles music manager arimanager filestore recordings announcement asteriskinfo backup callforward callwaiting daynight calendar certman cidlookup contactmanager donotdisturb fax findmefollow iaxsettings miscapps miscdests ivr parking phonebook presencestate printextensions queues cel timeconditions pm2
+FREEPBX_PHPTIMEZONE=Europe/Moscow
+FREEPBX_SIGNATURECHECK=0
+FREEPBX_TONEZONE=ru
+FREEPBX_USEGOOGLEDNSFORENUM=1
+#HTTPD_ALLOW_FROM=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
+
+MYSQL_DATABASE=asterisk
+MYSQL_SERVER=127.0.0.1
+MYSQL_USER=asterisk

.gitignore

@@ -0,0 +1,2 @@
+.env
+__pycache__

README.md

@@ -0,0 +1,89 @@
+# Quick Start:
+```sh
+git clone https://gogs.halsbox.ru/hal/iczr-pbx.git pbx
+cd pbx
+cp .env.dist .env
+cp app.env.dist app.env
+```
+
+Edit `.env` and `app.env` with your preffered editor.
+Adjust environment variables for your needs.
+The most important variables to set are:
+
+| Variable | Description |
+| -------- | ----------- |
+| PERSISTENT_STORAGE_PATH | Host path for persistent data storage |
+| APP_FQDN | Domain name of the app |
+| APP_AMI_HOST | IP address of host (by default Asterisk runs in host network mode) |
+| APP_AMI_USERNAME | AMI username for the app |
+| APP_AMI_SECRET | AMI password for the app |
+| APP_AUTH_HEADER | HTTP header to use for the app auth |
+| APP_AUTH_SECRET | Secret string to authorize access to the app |
+| MYSQL_ROOT_PASSWORD | Set this to some secure password |
+| MYSQL_PASSWORD | Set this to some secure password |
+| FREEPBX_AMPMGRPASS | Password for Freepbx builtin AMI admin user, set it to some secure password |
+| FREEPBX_CDRDBPASS | Set it to same value as MYSQL_PASSWORD |
+| SENDMAIL_TG | Change to "true" if your want all mail from PBX to be forwarded to Telegram |
+| TG_BOT_APIKEY | Create Telegram bot using BotFather and put your new bot API key here |
+| TG_BOT_CHATID | Set destination Telegram User Id or Chat Id |
+| HTTPD_HTTPS_ENABLED | Set to "true" to enable HTTPS for Freepbx |
+| HTTPD_REDIRECT_HTTP_TO_HTTPS | Set to "true" to redirect HTTP requests to HTTPS |
+| LETSENCRYPT_ENABLED | Set to "true" to automatically request and maintain LetsEncrypt cert for HTTPS |
+| SMTP_MAIL_FROM | Change following to desired value. Not required if SENDMAIL_TG=true. |
+| ROOT_MAILTO | Change following to desired value. Not required if SENDMAIL_TG=true. |
+| FAIL2BAN_DEFAULT_DESTEMAIL | Change following to desired value. Not required if SENDMAIL_TG=true. |
+| FAIL2BAN_DEFAULT_SENDER | Change following to desired value. Not required if SENDMAIL_TG=true. |
+
+Run:
+
+```sh
+docker-compose build
+```
+Wait paitently until you see:
+`Successfully tagged halsbox/docker-freepbx:latest`
+If running for first time it can take long to build everything.
+
+Run:
+
+```
+docker-compose up -d
+```
+
+Run:
+
+```
+docker-compose logs -f pbx
+```
+
+Watch pbx container initialization for errors and wait for:
+` fail2ban entered RUNNING state, process has stayed up for > than 5 seconds`
+Close container log output with `Ctrl+C` keys.
+
+Restart container one extra time with `docker-compose restart pbx` if you set `LETSENCRYPT_ENABLED` to `true`.
+
+# Upgrading:
+```sh
+git pull
+docker-compose build
+docker-compose up -d
+```
+
+# Start from scratch:
+```sh
+docker-compose stop
+docker compose rm
+```
+
+remove the `PERSISTENT_STORAGE_PATH` directory, e.g.:
+
+```sh
+rm -rf ./data
+```
+
+Repeat steps from Quick Start:
+
+```
+git pull
+docker-compose build
+docker-compose up -d
+```

docker-compose.yml

@@ -0,0 +1,37 @@
+version: '3'
+
+services:
+  pbx:
+    container_name: pbx
+    hostname: ${APP_FQDN}
+    build: https://gogs.halsbox.ru/hal/docker-freepbx-latest.git
+    image: halsbox/docker-freepbx:latest
+    restart: always
+    depends_on:
+    - db
+    env_file:
+    - .env
+    volumes:
+    - /etc/localtime:/etc/localtime:ro
+    - ${PERSISTENT_STORAGE_PATH}/pbx:/data
+    cap_add:
+    - NET_ADMIN
+    privileged: true
+    network_mode: host
+  db:
+    container_name: db
+    image: mariadb:10.5.8
+    command: --sql-mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
+    restart: always
+    env_file:
+    - .env
+    ports:
+    - ${APP_PORT_MYSQL}:3306
+    volumes:
+    - /etc/localtime:/etc/localtime:ro
+    - ${PERSISTENT_STORAGE_PATH}/db:/var/lib/mysql
+    environment:
+    - MYSQL_ROOT_PASSWORD
+    - MYSQL_DATABASE
+    - MYSQL_USER
+    - MYSQL_PASSWORD

ipt.sh

@@ -0,0 +1 @@
+iptables -t nat -A PREROUTING -i ens18 -p udp --dport 5060 -j REDIRECT --to-ports 5160