Experiment: FreePBX on NGINX

2025-02-12 19:22:24 +00:00 · 2021-08-06 19:54:26 -04:00 · 2021-08-06 19:54:26 -04:00 · f9ff6be820
commit f9ff6be820
parent 3058ecc4ba
6 changed files with 127 additions and 75 deletions
--- a/roles/pbx/tasks/asterisk.yml
+++ b/roles/pbx/tasks/asterisk.yml
@ -33,12 +33,12 @@
    path: "{{ asterisk_src_dir }}"    # /opt/iiab/asterisk
    state: directory

- name: Asterisk - Extract to source dir (root:root)
+- name: Asterisk - Extract to source dir (root:root by default)
  unarchive:
    src: "{{ downloads_dir }}/{{ asterisk_src_file }}"
    dest: "{{ asterisk_src_dir }}"
-    owner: root
-    group: root
+    # owner: root
+    # group: root
    extra_opts: [--strip-components=1]
    creates: "{{ asterisk_src_dir }}/Makefile"

@ -63,8 +63,8 @@
    chdir: "{{ asterisk_src_dir }}"
    creates: addons/mp3/mpg123.h

- name: Asterisk - Run './configure --with-jansson-bundled'
-  command: ./configure --with-jansson-bundled
+- name: Asterisk - Run './configure --with-pjproject-bundled --with-jansson-bundled'
+  command: ./configure --with-pjproject-bundled --with-jansson-bundled
  args:
    chdir: "{{ asterisk_src_dir }}"

@ -75,11 +75,13 @@
    creates: menuselect.makeopts

 - name: Asterisk - Do a bit of menuselect configuration
-  command: >
-    menuselect/menuselect --enable app_macro --enable format_mp3
-    --enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722
-    --enable EXTRA-SOUNDS-EN-WAV --enable EXTRA-SOUNDS-EN-G722 --enable EXTRA-SOUNDS-EN-GSM
-    --disable-category MENUSELECT_MOH
+  command: menuselect/menuselect --enable app_macro --enable format_mp3 menuselect.makeopts
+  # 2021-08-06: Let's standardize (ABOVE) if 5 extras (BELOW) aren't needed?
+  # command: >
+  #   menuselect/menuselect --enable app_macro --enable format_mp3
+  #   --enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722
+  #   --enable EXTRA-SOUNDS-EN-WAV --enable EXTRA-SOUNDS-EN-G722 --enable EXTRA-SOUNDS-EN-GSM
+  #   --disable-category MENUSELECT_MOH
  args:
    chdir: "{{ asterisk_src_dir }}"

@ -100,38 +102,51 @@
  args:
    chdir: "{{ asterisk_src_dir }}"

- name: Asterisk - Run 'make samples'
-  command: make samples
-  args:
-    chdir: "{{ asterisk_src_dir }}"
+# - name: Asterisk - Run 'make samples'
+#   command: make samples
+#   args:
+#     chdir: "{{ asterisk_src_dir }}"

 - name: Asterisk - Run 'ldconfig'
  command: ldconfig
  args:
    chdir: "{{ asterisk_src_dir }}"

+# 2021-08-06: Most install recipes do 'update-rc.d -f asterisk remove' here.
+# Can't hurt but we do that a bit later in freepbx.yml

- name: Asterisk - Ensure group 'asterisk' exists
-  group:
-    name: asterisk
-    state: present

- name: Asterisk - Ensure system user 'asterisk' has primary group 'asterisk', groups 'audio,dialout', home '/var/lib/asterisk'
+# 2021-08-06: Taken care of just below
+# - name: Asterisk - Ensure group 'asterisk' exists
+#   group:
+#     name: asterisk
+#     state: present
+
+#- name: Asterisk - Ensure system user 'asterisk' has primary group 'asterisk', groups 'audio,dialout', home '/var/lib/asterisk'
+- name: Asterisk - Create Linux user 'asterisk'
  user:
    name: asterisk
-    group: asterisk
-    groups: audio,dialout
-    home: /var/lib/asterisk
-    system: yes
+    # group: asterisk            # 2021-08-06: Implicit
+    # groups: audio,dialout      # 2021-08-06: No longer mainline
+    # home: /var/lib/asterisk    # 2021-08-06: No longer mainline
+    # system: yes                # 2021-08-06: No longer mainline (and does nothing to pre-existing users)
+    # append: yes                # 2021-08-06: Only relevant if adding groups later
+
+- name: Asterisk - Add user 'www-data' to group 'asterisk'
+  user:
+    name: www-data
+    groups: asterisk
+    # system: yes                # 2021-08-06: Does nothing to pre-existing users
    append: yes

- name: Asterisk - Set ownership for 5 directories (asterisk:asterisk, recurse)
+- name: Asterisk - Set ownership for 6 directories (asterisk:asterisk, recurse)
  file:
    dest: "{{ item }}"
    owner: asterisk
    group: asterisk
    recurse: yes
  with_items:
+    - /var/run/asterisk
    - /etc/asterisk
    - /var/lib/asterisk
    - /var/log/asterisk
--- a/roles/pbx/tasks/enable-or-disable.yml
+++ b/roles/pbx/tasks/enable-or-disable.yml
@ -15,33 +15,33 @@
  when: not pbx_enabled


- name: Enable http://box:{{ pbx_http_port }}/freepbx via Apache, if pbx_enabled    # http://box:83/freepbx
-  command: a2ensite freepbx.conf
-  when: pbx_enabled
-
- name: Disable http://box:{{ pbx_http_port }}/freepbx via Apache, if not pbx_enabled
-  command: a2dissite freepbx.conf
-  when: not pbx_enabled
-
- name: Restart Apache service ({{ apache_service }})
-  systemd:
-    name: "{{ apache_service }}"    # apache2
-    state: restarted
-
-
-# - name: Enable http://box/freepbx via NGINX, by installing {{ nginx_conf_dir }}/freepbx-nginx.conf from template
-#   template:
-#     src: freepbx-nginx.conf.j2
-#     dest: "{{ nginx_conf_dir }}/freepbx-nginx.conf"    # /etc/nginx/conf.d
+# - name: Enable http://box:{{ pbx_http_port }}/freepbx via Apache, if pbx_enabled    # http://box:83/freepbx
+#   command: a2ensite freepbx.conf
 #   when: pbx_enabled

-# - name: Disable http://box/freepbx via NGINX, by removing {{ nginx_conf_dir }}/freepbx-nginx.conf
-#   file:
-#     path: "{{ nginx_conf_dir }}/freepbx-nginx.conf"
-#     state: absent
+# - name: Disable http://box:{{ pbx_http_port }}/freepbx via Apache, if not pbx_enabled
+#   command: a2dissite freepbx.conf
 #   when: not pbx_enabled

-# - name: Restart 'nginx' systemd service
+# - name: Restart Apache service ({{ apache_service }})
 #   systemd:
-#     name: nginx
+#     name: "{{ apache_service }}"    # apache2
 #     state: restarted
+
+
+- name: Enable http://box/freepbx via NGINX, by installing {{ nginx_conf_dir }}/freepbx-nginx.conf from template
+  template:
+    src: freepbx-nginx.conf.j2
+    dest: "{{ nginx_conf_dir }}/freepbx-nginx.conf"    # /etc/nginx/conf.d
+  when: pbx_enabled
+
+- name: Disable http://box/freepbx via NGINX, by removing {{ nginx_conf_dir }}/freepbx-nginx.conf
+  file:
+    path: "{{ nginx_conf_dir }}/freepbx-nginx.conf"
+    state: absent
+  when: not pbx_enabled
+
+- name: Restart 'nginx' systemd service
+  systemd:
+    name: nginx
+    state: restarted
--- a/roles/pbx/tasks/freepbx.yml
+++ b/roles/pbx/tasks/freepbx.yml
@ -137,6 +137,12 @@
    # - killall -9 safe_asterisk    # 2021-08-05: These 2 lines from PR #2912 attempted a brute force (not enough!) workaround for the #2908 annoyance on 1st
    # - killall -9 asterisk         # install, of 'systemctl status freepbx' showing "Unable to run Pre-Asterisk hooks, because Asterisk is already running"
    # - /usr/sbin/asterisk -rx "core stop gracefully"
+    - fwconsole stop                # 2021-08-06: #2915 EXPERIMENT
+    # - fwconsole ma disablerepo commercial
+    # - fwconsole ma installall
+    # - fwconsole ma delete firewall
+    # - fwconsole reload
+    # - fwconsole restart

 # - name: 'FreePBX - fix file permissions for NGINX: /etc/freepbx.conf (0644), /var/log/asterisk/freepbx.log (0666)'
 #   file:
@ -170,23 +176,23 @@
 # 2021-08-06: This stanza might be removed in future, if Asterix/FreePBX fix
 # the install glitch in a future release.  FYI #2908, #2912, #2913 attempts
 # didn't work.   This one did: https://github.com/iiab/iiab/pull/2915
- name: FreePBX - Run 'systemctl restart freepbx' TWICE (THIS IS 1 OF 2) to get past 'systemctl status freepbx' glitch "Unable to run Pre-Asterisk hooks, because Asterisk is already running"
-  systemd:
-    daemon_reload: yes
-    name: freepbx
-    enabled: yes
-    state: restarted
+# - name: FreePBX - Run 'systemctl restart freepbx' TWICE (THIS IS 1 OF 2) to get past 'systemctl status freepbx' glitch "Unable to run Pre-Asterisk hooks, because Asterisk is already running"
+#   systemd:
+#     daemon_reload: yes
+#     name: freepbx
+#     enabled: yes
+#     state: restarted


- name: FreePBX - Install /etc/apache2/sites-available/freepbx.conf from template ({{ apache_user }}:{{ apache_user }}, 0644 by default)
-  template:
-    src: freepbx.conf.j2
-    dest: /etc/apache2/sites-available/freepbx.conf
-    owner: "{{ apache_user }}"    # www-data
-    group: "{{ apache_user }}"
+# - name: FreePBX - Install /etc/apache2/sites-available/freepbx.conf from template ({{ apache_user }}:{{ apache_user }}, 0644 by default)
+#   template:
+#     src: freepbx.conf.j2
+#     dest: /etc/apache2/sites-available/freepbx.conf
+#     owner: "{{ apache_user }}"    # www-data
+#     group: "{{ apache_user }}"

- name: FreePBX - Add directive "Listen {{ pbx_http_port }}" to /etc/apache2/ports.conf
-  lineinfile:
-    path: /etc/apache2/ports.conf
-    line: "Listen {{ pbx_http_port }}"
-    # insertafter: Listen 80
+# - name: FreePBX - Add directive "Listen {{ pbx_http_port }}" to /etc/apache2/ports.conf
+#   lineinfile:
+#     path: /etc/apache2/ports.conf
+#     line: "Listen {{ pbx_http_port }}"
+#     # insertafter: Listen 80
--- a/roles/pbx/tasks/freepbx_dependencies.yml
+++ b/roles/pbx/tasks/freepbx_dependencies.yml
@ -24,9 +24,9 @@
      - php{{ php_version }}-snmp
      - php{{ php_version }}-xml         # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
      - php{{ php_version }}-zip         # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
-      - libapache2-mod-php
-      #- python-mysqldb       # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
-      - libapache2-mpm-itk    # To serve FreePBX through a VirtualHost as asterisk user
+      #- libapache2-mod-php
+      #- python-mysqldb        # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
+      #- libapache2-mpm-itk    # To serve FreePBX through a VirtualHost as asterisk user
    state: latest

 # For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
--- a/roles/pbx/tasks/install.yml
+++ b/roles/pbx/tasks/install.yml
@ -22,14 +22,14 @@
 #  when: nodejs_version != "12.x"


- name: "Set 'apache_install: True' and 'apache_enabled: True'"
-  set_fact:
-    apache_install: True
-    apache_enabled: True
+# - name: "Set 'apache_install: True' and 'apache_enabled: True'"
+#   set_fact:
+#     apache_install: True
+#     apache_enabled: True

- name: APACHE - run 'httpd' role
-  include_role:
-    name: httpd
+# - name: APACHE - run 'httpd' role
+#   include_role:
+#     name: httpd


 - name: Install Asterisk
--- a/roles/pbx/templates/freepbx-nginx.conf.j2
+++ b/roles/pbx/templates/freepbx-nginx.conf.j2
@ -0,0 +1,31 @@
+location ~ ^/freepbx(|/.*)$ {    # '~' -> '~*' for case-insensitive regex
+
+    root /var/www/html;
+    # root {{ freepbx_install_dir }};    # /var/www/html/freepbx
+    # root {{ doc_root }};               # /library/www/html
+
+    # location ~ ^/freepbx {
+    #   root  {{ doc_root }};
+    # }
+
+    location ~ ^/freepbx(.*)\.php(.*)$ {
+        alias {{ freepbx_install_dir }}$1.php$2;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        fastcgi_pass php;
+
+        include fastcgi_params;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
+        #fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
+        fastcgi_param HTACCESS on;    # disables FreePBX htaccess warning
+    }
+
+    # disallows the things that the FreePBX .htaccess files disallow
+    location ~ /freepbx(/\.ht|/\.git|\.ini$|/libraries|/helpers|/i18n|/node|/views/.+php$) {
+        deny all;
+    }
+
+    # from the api module .htaccess file
+    rewrite ^/freepbx/admin/api/([^/]*)/([^/]*)/?(.*)?$ /freepbx/admin/api/api.php?module=$1&command=$2&route=$3 last;
+}