1
script
Luca Matteo Spoljarevic edited this page 2026-02-24 17:41:29 +01:00
Table of Contents
- The sng_freepbx_debian_install.sh script
- Because of the lenght of th script, I decided to use AI for keyword based explanation
- Purpose
- Safety & Execution Control
- CLI Flags (Feature Toggles)
- System Validation
- Repository Setup
- Core Package Installation
- Service Configuration
- Kernel Protection System
- Security Hardening
- Package Management Logic
- FreePBX Validation Functions
- DAHDI / Telephony Handling
- Installation Flow (High-Level)
- What This Script Really Is
The sng_freepbx_debian_install.sh script
Because of the lenght of th script, I decided to use AI for keyword based explanation
Purpose
- Automated installer for FreePBX 17
- Target OS: Debian (Bookworm)
- Installs Asterisk 22, PHP 8.2, dependencies
- Optional: DAHDI, dev packages, testing repo
- Production-ready provisioning script
Safety & Execution Control
set -e→ abort on error- Root check (
EUID) - PID file → prevents parallel execution
- Error trap → detailed failure logging
- Timestamped log file (
/var/log/pbx/...) - Version self-check against GitHub (checksum + SCRIPTVER)
CLI Flags (Feature Toggles)
--dev→ install dev dependencies--testing→ use dev repo instead of prod--nofreepbx→ skip FreePBX install--noasterisk→ skip Asterisk install--dahdi→ install DAHDI telephony drivers--dahdi-only→ DAHDI only--noaac→ skip AAC codec--skipversion→ skip script version check--nochrony→ skip NTP service- Custom Debian / NPM mirrors supported
System Validation
- Architecture check → amd64 only
- FQDN required
- Detect container environment → skip Chrony
- Kernel compatibility check (DAHDI-aware)
- Prevent unsupported kernel upgrades (hold/unhold logic)
Repository Setup
- Adds FreePBX 17 repo (prod/dev)
- Imports GPG keys
- Sets APT pin priority
- Optional non-free Debian repo
- Creates post-APT hooks:
- Auto-check DAHDI kernel modules
- Auto kernel hold logic
- Post-install cleanup actions
Core Package Installation
System Stack
- Apache2
- MariaDB
- Redis
- NodeJS / npm
- Postfix
- Fail2Ban
- iptables / ipset
- OpenVPN
- TFTP
- Chrony (optional)
PHP Stack (Strict 8.2)
- php8.2 core
- mysql, curl, zip, gd, mbstring, intl, xml, ldap, soap, etc.
- Apache PHP module validation
Telephony Stack
- Asterisk 22
- Asterisk modules (voicemail, codecs, ODBC, SNMP, etc.)
- Sounds packages
- Optional DAHDI + Wanpipe drivers
Service Configuration
Postfix
- Internet Site mode
- Binds to
127.0.0.1 - Security warning injected
TFTP
- Custom directory
/tftpboot - IPv4 fallback support
OpenSSL
- TLS ≥ 1.2 enforced
- SECLEVEL lowered for compatibility
IPv4 Preference
/etc/gai.confprecedence adjustment
Kernel Protection System
- Detects latest supported DAHDI kernel
- Blocks unsupported kernel upgrades
- Auto-holds newer kernels
- Unholds supported ones
- Integrated into APT update hooks
Security Hardening
- Ensures:
- fail2ban active
- iptables active
- Checks Apache port binding
- Verifies FreePBX modules enabled
- Verifies PM2 processes online
- Validates Digium module version
Package Management Logic
pkg_install()wrapper- Install-if-missing logic
- Logging per package
- Auto autoremove cleanup
- Holds critical PBX packages (apt-mark hold)
FreePBX Validation Functions
- Module enablement check
- Network port inspection (UCP, REST, ACP, etc.)
- Background job listing
- Process state validation
DAHDI / Telephony Handling
- Kernel version detection
- Matching kmod packages
- Firmware + libpri install
- Kernel-module post-upgrade auto-fix
Installation Flow (High-Level)
- Sanity checks
- Version validation
- Repo configuration
- Kernel compatibility validation
- Dependency installation
- Telephony stack install
- Service configuration
- Security checks
- Cleanup + timing output
What This Script Really Is
- Full Debian PBX bootstrapper
- Kernel-aware telephony deployment engine
- Repo + service orchestrator
- Production installer with safety nets
- Basically: turns Debian into a Sangoma-ready FreePBX appliance