Debian 9 or 10 for new installs

[Davesworld]

OK now add me to the list of successful FusionPBX on Buster success stories. I discovered one disadvantage of importing the database on a new install being the outdated TLS version that I had been saving in my database.

I guess the version of TLS is dictated more by the actual server and openssl version than anything. Doing an openssl query against port 5061 shows v1.3 as being supported whereas nginx using port 443 showed v1.2 until I added it to the config and restarted nginx. I dropped V1 and 1.1 from it while at it. V1.2 is about as low as you should go now. Querying freeswitch at port 5061 showed V1.3 capability but the config that is used to allow connections via sip were stuck at V1 from a few years ago which I'm sure freeswitch deprecated thus confusing many a sip phone.

 

[Davesworld]

Hi, same problem here:

Debian 10 - FS 1.10 -- No TLS working
Debian 9 - FS 1.10 -- TLS working for T19P E2, T46S -- TLS not working for W60B

In fs_cli with debug and SIP trace I found:
tls_early_post_process_client_hello:version too low

I'm curious if your W60B didn't like the old version 1 of TLS? Try it with the 1.2 setting and report here.

 

[Alfa]

I'm curious if your W60B didn't like the old version 1 of TLS? Try it with the 1.2 setting and report here.

Hi, thanks Davesworld, I have manage on Debian 9 with cert, and now it work propely on Debian 10 with the tlsv1.2 variable !
Many thanks

 

[Davesworld]

Hi, thanks Davesworld, I have manage on Debian 9 with cert, and now it work propely on Debian 10 with the tlsv1.2 variable !
Many thanks

Actually it was your reported error that caused me to look into it so it pays to see something say something as far as this goes. Does the W60B work now?

 

[Davesworld]

As far as DigitalDaz,s idea of fail2ban, I bet most of the time that is why people can't get in or register so that should be one of the first places to look. I had to put ignore on my two home IP addresses because Fail2ban didn't like me doing a bazillion things at once with Nginx. At least we know Fail2ban works, works really well, even on me until I tell it to ignore my IPs.

The TLS issue was because importing the database worked so well it carried over everything I think unless it is still the default without importing. I don't know if FusionPBX's PHP fills that out or if it imports the Freeswitch default. Obviously Freeswitch no longer allows TLS V1. Mine is a database that started out in March of 2018 when I did do a full configure by hand and updated the schema through the months.

 

[Adrian Fretwell]

In case this is of any interest, I just tried my first Debian 10 install on a test box (Debian 10.1). The install script threw the following errors:

E: Unable to locate package php7.3-mcrypt
E: Couldn't find any package by glob 'php7.3-mcrypt'
E: Couldn't find any package by regex 'php7.3-mcrypt'
version 7.3
resources/php.sh: 4: cd: can't cd to resources

E: Unable to locate package freeswitch-mod-skypopen
E: Unable to locate package freeswitch-mod-skypopen-dbg

E: Unable to locate package libyuv-dev
mv: cannot stat '/usr/share/freeswitch/sounds/music/default/*000': No such file or directory

Update:
An install on Debian9.9 throws these errors:

E: Unable to locate package freeswitch-mod-skypopen
E: Unable to locate package freeswitch-mod-skypopen-dbg

E: Unable to locate package libyuv-dev
mv: cannot stat '/usr/share/freeswitch/sounds/music/default/*000': No such file or directory

I believe that libyuv-dev is now called libyuv1-dev

 

[Alfa]

Actually it was your reported error that caused me to look into it so it pays to see something say something as far as this goes. Does the W60B work now?

Yes it works. Only having issue with DE410IP Pro

 

[Davesworld]

In case this is of any interest, I just tried my first Debian 10 install on a test box (Debian 10.1). The install script threw the following errors:

E: Unable to locate package php7.3-mcrypt
E: Couldn't find any package by glob 'php7.3-mcrypt'
E: Couldn't find any package by regex 'php7.3-mcrypt'
version 7.3
resources/php.sh: 4: cd: can't cd to resources

E: Unable to locate package freeswitch-mod-skypopen
E: Unable to locate package freeswitch-mod-skypopen-dbg

E: Unable to locate package libyuv-dev
mv: cannot stat '/usr/share/freeswitch/sounds/music/default/*000': No such file or directory

Update:
An install on Debian9.9 throws these errors:

E: Unable to locate package freeswitch-mod-skypopen
E: Unable to locate package freeswitch-mod-skypopen-dbg

E: Unable to locate package libyuv-dev
mv: cannot stat '/usr/share/freeswitch/sounds/music/default/*000': No such file or directory

I believe that libyuv-dev is now called libyuv1-dev

Ok the way I did it with Buster was first of all, update and upgrade by issuing # apt -t buster-backports update followed by # apt -t buster-backports upgrade. I did not do the quick install because of the mislocated php link. I downloaded the install to /usr/src then edited the respective scripts. The install missed the skypopen package. After correcting the ion script to look in the right place and installing the missing mod manually and correcting my TLS version from 1 to 1.2 in variables due to my imported databases, it runs perfectly fine. It's just a few zits in the install script which hopefully will not continue. I'm convinced that there is no reason to revert back to Debian 9. I've never had a good reason to go back to older versions of anything unless it was the only supported distro.

 

[KitchM]

Just installed on Raspberry Pi Model 3 B+, revision 1.3, using Raspbian 10 Lite and Xfce. Install's two scripts seem to work correctly and finish, but for one line that I noticed:
"Warning: The home directory of /var/lib/snmp does not belong to the user you are currently creating."

The address given at the end is the address of the server itself; https://192.168.1.21. If it put it in the browser line, it returns an error that it is unable to connect. If I just use the address, it comes up with a page that states "Welcome to Nginx!". Same on another computer on the LAN. But there is no login screen.

What is wrong?

 

[markjcrane]

• The php module php7.3-mcrypt is not a requirement for FusionPBX so I just removed it from the install script.
• SNMP not critical for raspberry pi unless you are planning to use it.
• Not sure what is going on with your Raspberry Pi my last several installs where 'Raspbian Buster with Desktop'
  • I will work on doing some more test installs to test it again.

 

[DigitalDaz]

I have just installed onto a Pi 3 to check for problems. I didn't watch it through but can confirm everything appears to be working as expected.

This was with Raspbian Buster Lite, latest image from 24/09.

 

[KitchM]

In my case there appears to be a confusion about the difference between installing as root, as the instructions suggest, or installing as sudo su. Or maybe su -? What is the consensus here?

 

[DigitalDaz]

If installed on Raspbian do a: sudo -i

That will put you to root.

On normal Debian I use: su -

That puts me to root.

 

[KitchM]

Okay, I'll start all over again. But I do wish that the person who documented the instructions had made that clear. This will be like the sixth attempt. I think I see a light at the end of the tunnel; I just hope its not an oncoming train.

 

[DigitalDaz]

If you have followed the instructions here then you would be OK https://www.fusionpbx.com/download

I see nothing ambiguous there. 99% of people have no problem getting FusionPBX installed from these instructions.

 

[KitchM]

sudo -i wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/debian/pre-install.sh | sh;
[sudo] password for xxxxx:
--2019-10-16 17:25:46-- https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/debian/pre-install.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.192.133, 151.101.0.133, 151.101.64.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.192.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 299 [text/plain]
Saving to: ‘STDOUT’

- 100%[==================================>] 299 --.-KB/s in 0s

2019-10-16 17:25:46 (19.8 MB/s) - written to stdout [299/299]

Reading package lists... Done
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
E: Unable to lock directory /var/lib/apt/lists/
E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)
E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?
fatal: could not create work tree dir 'fusionpbx-install.sh': Permission denied
sh: 13: cd: can't cd to /usr/src/fusionpbx-install.sh/debian


Maybe here you all can see what I was referring to; "are you root?". It just doesn't work.

 

[DigitalDaz]

That's because the sudo -i should be followed by pressing the enter key, that will make you root for all other commands.

 

[KitchM]

Big thanks to DigitalDaz. Your tip solved the problem. Installed perfectly.

sudo -i Enter

I hope someone adds that missing but important step to the instruction page. It would have saved so much trouble. Incomplete instructions are worse than no instructions.

Thanks again.

 

[DigitalDaz]

Unfortunately, achieving root is a Linux 101 thing and has nothing to do whatsover with the PBX

 

[KitchM]

It evidently has a great deal to do with it, as a matter of fact. If one uses su, it will not work. If one uses sudo su, it will not work. These are Linux 101 ways of achieving root. Sudo -i is not. That is an advanced concept, but is absolutely required by the instructions for correct installation of FusionPBX. Just so you know.