In this tutorial we assume you have

1) A server with minimum requirements

2) You have a basic understanding of linux commands
3) You know how to work with ssh
4) You have a client with ssh client
5) You have a text editor like vim or nano in your client
6) A server with a public ip address
7) You have a qualified domain and point it to the ip address of server in your
domain registrar website
Definitions:
Server: where we are going to install asterisk and vicidial
Client: your laptop or working station where you work on
Example.com or FQDN: the domain you already bought
Your_server_ip: the public ip address of your server
Ntp: NTP is a TCP/IP protocol for synchronizing time over a network.
Httpd|apache: 2.4 he Apache HTTP Server is a free and open-source cross-platform
web server software
Mariadb: MariaDB is a community-developed, commercially supported fork of the
MySQL relational database management system
Php: PHP is a general-purpose scripting language geared toward web development.
Named or bind9: is the most popular Domain Name System (DNS) server
Asterisk:
Dahdi
Lipbri
Ejabberd|xmpp
Vicidial
Linux kernel
Chapter 1: Server installtion
1.1 download rocky iso from its official website
https://rockylinux.org/download/

1.2 download balena etcher from its official website

https://www.balena.io/etcher/

1.3 burn downloaded iso file into a USB flash using balena etcher

1.4 insert the USB flash into your server and turn it on. Go to BIOS or UEFI and select
boot from USB, once booted, go ahead with the installation

You will pop into installation screen which you need to choose your preferred language

Once you select your language hit continue, then you will get into configuring other
parts of installation
Click on installation source and select the hard disk you want to install the OS on
Here you can choose if you need to go with automatic or custom partitioning, choose
custom
Here select LVM and click on Rocky Linux 9.0* to expand
I would give 8GiB to my Swap, 1.5 GiB to my /boot, 500 MiB to /boot/efi and leave the
rest for root / And configure it as below
Once done, click on “Done”. Here you need to click on Preserve all and Reclaim space
Next set root password and click done

Optionally you can configure network to assign static IP address, by clicking on Network
and hostname, Then click on configure
Note : you can configure this later in the OS
Go to ipv4 Setting tab, change method to manual
Then go to address and and click add and write done your static ip. Netmask and
gateway and DNS server. Once done click on save
You can leave the rest of the configuration, as we will configure them in the next
chapter. Once done you should see something like this
If you see no errors, just click on begin installation, once done, reboot the server and
remove the USB flash.
Chapter 2: Server update and basic configuration
1.1 server update
Use the following command to update the server
# yum update -y

Enable EPEL Repo

Extra Packages for Enterprise Linux (or EPEL) is a Fedora project that creates,
maintains, and manages a high-quality set of additional packages for Enterprise Linux
as well as (RHEL), CentOS, Scientific Linux (SL), Oracle Linux (OL), AlmaLinux (AL)
and Rocky Linux (RL).

# yum config-manager --set-enabled crb

# yum install epel-release yum-utils -y
# yum update -y

Enable REMI Repo

REMI is a third-party repository that provides the latest PHP versions on RHEL-derived
systems. Presently, REMI supports PHP versions 8.0.21 and PHP ver 8.1.8. PHP 7.3
has reached its end of life and is no longer maintained. PHP 7.4 and 8.0 has no security
fixes hence no update for PHP 7.4.30. REMI repository only offers support for PHP and
should therefore be enabled in your system.

# yum install https://rpms.remirepo.net/enterprise/remi-release-9.rpm -y

# yum update -y

Enable or Disable repositories Permanently through the REMI repository.

To enable remi repositories, open the following file
# vim /etc/yum.repos.d/remi.repo

And under [remi] and [remi-test] change enabled=0 to enabled=1 [remi-test] [remi-test]
# Repository: https://rpms.remirepo.net/
# Blog: https://blog.remirepo.net/
# Forum: https://forum.remirepo.net/

[remi]
 name=Remi's RPM repository for Enterprise Linux 9 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/9/remi/$basearch/
#mirrorlist=https://rpms.remirepo.net/enterprise/9/remi/$basearch/httpsmirror
mirrorlist=http://cdn.remirepo.net/enterprise/9/remi/$basearch/mirror
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9

[remi-test]
name=Remi's test RPM repository for Enterprise Linux 9 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/9/test/$basearch/
#mirrorlist=https://rpms.remirepo.net/enterprise/9/test/$basearch/mirror
mirrorlist=http://cdn.remirepo.net/enterprise/9/test/$basearch/mirror
# WARNING: If you enable this repository, you must also enable "remi"
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9

Once done update the by

# yum update -y

To install a package by specific repo you can use the following

# yum install --disablerepo="*" --enablerepo="remi" packge name
# yum install --disablerepo="*" --enablerepo="remi-safe" packge name

1.2. Create SSH key and upload it

Create ssh config by
# vim ~/.ssh/config

And insert the following in that file

Host “host name”
HostName “server ip address”
Port “server ssh port”
User “server username”

Host: can be any name, we will use this name to ssh to the server.
HostName: this is the server public ip address
Now use this command to upload the key to your server
Port: server ssh port which is 22 by default, but we will change it to something other
than 22 later in this tutorial for security reasons.
User: server username

Generate ssh key and config file and upload ssh-key to the server
In order to have easy access to the server. I recommend you to upload ssh-keys into
your server, so you don't have to input your password each time you connect to the
server.
Use the following command on your client (the computer you are using to connect to the
server)
# ssh-keygen

Here you will be asked to answer some question, just hit enter, and the result should be
like this:

Now upload the generated SSH key to the server by:

# ssh-copy-id “hostname”

Note: hostname is the name we specified in the SSH config file earlier
You will be asked to input your password, once you do it, the ssh key will be uploaded to
your server. Upon a successful upload you should see something like this:
1.3. Disable selinux
SELinux stops certain modules within Asterisk from running. This is why you always
need to disable SELinux before you start installing Asterisk
Execute the following command to disable selinux.
# sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

1.4. Set hostname and timezone keymap and locale

To set hostname
# hostnamectl set-hostname --static host.example.com

Note: replace the example.com with your FQDN

To set time zone first

# timedatectl list-timezones

Once you identify which time zone is accurate to your location, run the following
command:
# timedatectl set-timezone America/New_York

To sync the timezone with NTP use

# timedatectl set-ntp on

Run the timedatectl command to verify the changes:

# timedatectl
Set system key map for the keyboard layout and loacle to define user language
# localectl set-keymap us
# localectl set-locale LANG=en_US.UTF-8

1.5 assign static ip address to your machine

https://docs.rockylinux.org/guides/network/basic_network_configuration/
And finally reboot the server to apply changes
# reboot
Chapter 3. install vicidial and asterisk decencies
3.1. install dependencies
Install vicidial and asterisk dependencies by
# yum groupinstall "Development Tools" -y
# yum install initscripts chkconfig make patch gcc gcc-c++ curl curl-devel
ImageMagick libxml2 libxml2-devel libpcap libpcap-devel libnet ncurses ncurses-devel
screen mutt glibc.i686 wget lynx bison psmisc tftp-server httpd make ncurses-devel
sendmail sendmail-cf sox newt-devel libxml2-devel libtiff-devel audiofile-devel
gtk2-devel uuid-devel libtool libuuid-devel git subversion crontabs cronie
cronie-anacron nano unzip texinfo lame python-devel libss7* libopen* openssl
libsrtp libsrtp-devel unixODBC unixODBC-devel libtool-ltdl libtool-ltdl-devel
sqlite-devel python-devel glibc gnutls-devel libedit-devel bzip2 autoconf net-tools npm
svn vim zlib-devel libtool texi2html python-devel telnet htop iftop dmidecode jansson
jansson-devel binutils-devel libedit dahdi-tools initscripts chkconfig -y

3.2. install perl modules

Run these commands to install perl modules
# yum install perl perl-core perl-CPAN perl-YAML perl-libwww-perl perl-DBI
perl-DBD-MySQL perl-Switch perl-Digest-SHA1 perl-Jcode perl-GD perl-Digest-MD5
perl-Term-ReadLine perl-Term-ReadLine-Gnu perl-Net-Server perl-Module-Install
perl-File-HomeDir perl-Module-Install perl-Time-HiRes perl-Mail-Sendmail
perl-Getopt-Long perl-Net-DNS perl-IO-stringy perl-TermReadKey
perl-Term-ANSIColor perl-Time-Local perl-HTML-Tree perl-HTML-Parser -y

# cd /usr/bin/
# curl -LOk http://xrl.us/cpanm
# chmod +x cpanm
# cpanm -f File::Which
# cpanm CPAN::Meta::Requirements
# cpanm -f CPAN
# cpanm MD5
# cpanm Bundle::CPAN
# cpanm Net::Telnet
# cpanm Unicode::Map
# cpanm Spreadsheet::WriteExcel
# cpanm OLE::Storage_Lite
# cpanm Proc::ProcessTable
# cpanm Spreadsheet::ParseExcel
# cpanm Curses
# cpanm Spreadsheet::XLSX
# cpanm Spreadsheet::Read
 # cpanm LWP::UserAgent
# cpanm HTML::Strip
# cpanm HTML::FormatText
# cpanm MIME::Decoder
# cpanm Mail::POP3Client
# cpanm Mail::IMAPClient
# cpanm Mail::Message
# cpanm IO::Socket::SSL
# cpanm MIME::Base64
# cpanm MIME::QuotedPrint
# cpanm Crypt::Eksblowfish::Bcrypt
# cpanm Crypt::RC4
# cpanm Text::CSV
# cpanm Text::CSV_XS

3.3. install asterisk perl module

Install perl module by
# cd /usr/src
# wget http://download.vicidial.com/required-apps/asterisk-perl-0.08.tar.gz
# tar xzf asterisk-perl-0.08.tar.gz
# cd asterisk-perl-0.08
# perl Makefile.PL
# make all
# make install

3.4. instal iksemel

Iksmet is required for XMPP to work with asterisk, install it by
# cd /tmp
# wget
https://src.fedoraproject.org/repo/pkgs/iksemel/iksemel-1.4.tar.gz/532e77181694f87ad
5eb59435d11c1ca/iksemel-1.4.tar.gz
# tar -zvxf iksemel-1.4.tar.gz
# cd iksemel-1.4
# ./configure
# make
# make install
# cp /usr/local/lib/libiksemel.* /usr/lib64/
Chapter 4. apache and php and mysql and securing

4.1. install php and its modules

In order to install php 7.4 , first we need to enable the php 7.4 repository. To enable it,
run this command. Now install php 7.4 and its modules by

# yum module enable php:remi-7.4

# yum install php php-devel php-gd php-mbstring php-mcrypt php-imap php-ldap
php-mysql php-odbc php-pear php-xml php-xmlrpc php-process php-cgi php-common
php-curl php-mysqlnd php-gettext php-bcmath php-zip php-json php-snmp
php-opcache -y

4.2. configuring php

Now we need to customize php settings according to our needs. To do that open php.ini
file by
# vim /etc/php.ini

add/change the following accordingly

error_reporting = E_ALL & ~E_NOTICE
memory_limit = 128M
short_open_tag = On
max_execution_time = 360
max_input_time = 360
post_max_size = 48M
upload_max_filesize = 42M
default_socket_timeout = 360
date.timezone = America/New_York
Note: change timezone according to your needs

4.3. install apache

Now time to install apache, to install it on centos server, run this command
# yum install httpd httpd-devel -y
# rm -f /var/www/html/index.html
Once apache is installed, we need to make some changes, to apply changes open httpd
config file by
# vim /etc/httpd/conf/httpd.conf

And find CustomLog logs/access_log combined replace it with CustomLog /dev/null

common
Don't close this file here as we still need to make some changes. Move to the next step.
So your final con should look like

. Create logs directory

Once apache is installed. Create logs directory by
# mkdir -p /var/www/html/logs
# touch /var/www/html/logs/error.log
# touch /var/www/html/logs/access.log

4.4. disable directory listing in apache

By default asterisk will show all files and folders in the web server, to disable directory
listing we need to change
In the same httpd.conf file, under <Directory "/var/www/html"> look for this line
Options Indexes MultiViews FollowSymLinks
and replace it with
Options -Indexes +MultiViews
So your final conf should look like this

4.5. Enable call recording in apache

To enable the recording, in the same httpd.conf add the following at the end of this file.

Alias /RECORDINGS/ "/var/spool/asterisk/monitorDONE/"

 <Directory "/var/spool/asterisk/monitorDONE">
Options -Indexes +MultiViews
AllowOverride None
Require all granted
Order allow,deny
Allow from yy.yy.yy.yy (comma separated list of allow ips to access asterisk
recordings)
<files *.mp3>
Forcetype application/forcedownload
</files>
</Directory>
Your final conf should look like

Now after all this configuration

Start enable apache by

# systemctl start httpd

# systemctl enable httpd
# systemctl status httpd

Note: replace yy.yy.yy.yy with your public ip address and list of ips which are allowed to
access recordings on this server
4.6. install Mariadb
# yum install mariadb-server mariadb-devel -y

Start and enable mariadb by

# systemctl start mariadb
# systemctl enable mariadb
# systemctl status mariadb
Mariadb should be active and running like this

4.7. securing mariadb

Upon installing MARIADB by default does not have a root password, we need to set a
root password to secure mariaDB by this command:
There is a script provided for hardening MariaDB database server. The script helps you
to:

● Set root password

● Remove anonymous database users
● Disallow remote database login as root user
● Remove test databases

To start the database hardening process run the command below.

 # mariadb-secure-installation

First it asks you to type it your current password, just hit enter as you don't have any
current password and answer questions as follow
Switch to unix_socket authentication [Y/n] y
Change the root password? [Y/n] Y
New password: type in your new root password
Re-enter new password: type in your new root password for the second time
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
And finally you should see this message.

4.8. MariaDB config

Back up mariadb conf file and create a new one by
# touch /var/log/mariadb/mysql-slow-query.log
# chown mysql:mysql /var/log/mariadb/mysql-slow-query.log
# mv /etc/my.cnf /etc/my.cnf.back
# vim /etc/my.cnf

Insert the below entry in this file

[mysqld]
skip_name_resolve=1
sql_mode="NO_ENGINE_SUBSTITUTION"
bind_address = 127.0.0.1
old_passwords = 0
ft_min_word_len = 3
max_connections = 800
max_allowed_packet = 32M
skip_external_locking
query_cache_type = 1
query_cache_size = 32M
long_query_time = 1
query_cache_type = 1
query_cache_limit = 256K
query_cache_min_res_unit = 2k
query_cache_size = 64M
tmp_table_size = 128M
table_cache = 1024
join_buffer_size = 1M
key_buffer_size = 512M
sort_buffer_size = 6M
read_buffer_size = 4M
read_rnd_buffer_size = 16M
myisam_sort_buffer_size = 64M
max_tmp_tables = 64
thread_cache_size = 8
thread_concurrency = 8
innodb_buffer_pool_size = 32M
innodb_flush_log_at_trx_commit = 2
max_allowed_packet = 128M
slow_query-log=1
slow_query_log-file= /var/log/mariadb/mysql-slow-query.log
long_query_time=1

[mysqldump]
quick
max_allowed_packet = 16M
default_character_set = utf8

[mysql]
no_auto_rehash

[isamchk]
key_buffer_size = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M

[myisamchk]
key_buffer_size = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M

[mysqlhotcopy]
interactive_timeout

!includedir /etc/my.cnf.d
Now lets restart mariadb and check the status

# systemctl restart mariadb

# systemctl status mariadb

You should see this

Monitoring mariadb (optional)

Optionally you can install the following package to monitor mariadb performance

# wget https://github.com/major/MySQLTuner-perl/tarball/master
# tar xf master
# cd major-MySQLTuner-perl-993bc18/
# ./mysqltuner.pl
Chapter 5. install asterisk dahdi wanpipe libpri
Before installing, we need to create asterisk directory and cd to it by:

# mkdir /usr/src/asterisk
# cd /usr/src/asterisk

5.1. install dahdi

Now download and compile dahdi
#wget
https://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-comple
te-current.tar.gz
# tar -zvxf dahdi-linux-complete-current.tar.gz
# cd dahdi-linux-complete-3.2.0+3.2.0
# make
# make install
# make install-config
# cp /etc/dahdi/system.conf.sample /etc/dahdi/system.conf
# cp /etc/dahdi/modules.sample /etc/dahdi/modules
# cp /etc/dahdi/assigned-spans.conf.sample /etc/dahdi/assigned-spans.conf

If you get this error:

Now start and enable dahdi by

# systemctl restart dahdi
# systemctl enable dahdi
# systemctl status dahdi

Now to check dahdi has been installed correctyl do

 # dahdi_cfg -vvv

Upon a successful dahdi installation, you should see 0 errors like this

5.2. install libPRI

Install and compile libPRI
# cd ../
# wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-current.tar.gz
# wget https://downloads.asterisk.org/pub/telephony/libpri/libpri-1.6.1.tar.gz
# tar -xvzf libpri-*
# cd /usr/src/asterisk/libpri-*
# sed -i "s|\ -Werror||" Makefile *
# make clean
# make
# make install

5.2.1. install wanpipe (optional)

Wanpipe is a sangoma driver, and install wanpipe if only you are going to use a
sangoma card.
# cd ..
# wget ftp://ftp.sangoma.com/linux/current_wanpipe/wanpipe-current.tgz
# tar xvfz wanpipe-current.tgz
# cd wanpipe-<version>/
# ./Setup install

5.3. install asterisk

Install and compile asterisk by. Note that this is vici version of asterisk
# cd ../
# wget http://download.vicidial.com/beta-apps/asterisk-16.17.0-vici.tar.gz
# wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18-current.tar.gz
# cd /usr/src/asterisk/asterisk*
# sudo contrib/scripts/get_mp3_source.sh
# sudo contrib/scripts/install_prereq install
# ./configure --libdir=/usr/lib --with-gsm=internal --enable-opus --enable-srtp --with-ssl
--enable-asteriskssl --with-pjproject-bundled --with-jansson-bundled
# make menuselect

Once you run make menuselect command, you should see a configuration window, go
ahead and select the following :
Under Add-ons select chan_mobile chan_ooh323 and format_mp3 as shown below
Under application select app_meetme

2. On Core Sound Packages, select the formats of Audio packets like below

3. For Music On Hold, select the following minimal modules

On Extra Sound Packages select as shown below

# make
 # make install
# make samples
# make config
# ldconfig
# make install-logrotate (to enable log rotate script)

5.4. Install (fix) libsrtp library

In order for asterisk to work well, you need to recompile libsrtp library manually. Just
download and build it by

# cd /tmp/
# wget https://github.com/cisco/libsrtp/archive/refs/tags/v2.4.2.zip
# unzip v2.4.2.zip
# cd libsrtp-2.4.2/
# ./configure --prefix=/usr
# make shared_library
# make install

5.5. Asterisk startup

We need to copy the asterisk init script to the init.d directory.
# cp contrib/init.d/rc.redhat.asterisk /etc/init.d/asterisk
cp contrib/init.d/rc.redhat.asterisk /etc/rc.d/init.d/asterisk
# chmod 755 /etc/rc.d/init.d/asterisk
# sudo chmod a+x /etc/init.d/functions

Now look for asterisk bin directory by

# which asterisk

The output should be something like this:

Now open asterisk init script by

# vim /etc/init.d/asterisk
Look for AST_SBIN==__ASTERISK_SBIN_DIR__ and replace it with AST_SBIN=/sbin
where /sbin is your asterisk path
So it should look like this:
# Installation directory
AST_SBIN=/sbin

Now start and enable asterisk

# systemctl daemon-reload
# systemctl restart asterisk
# systemctl enable asterisk
# systemctl status asterisk

You should see asterisk active and running like this:

Fix asterisk radius error

# sed -i 's";\[radius\]"\[radius\]"g' /etc/asterisk/cdr.conf
# sed -i 's";radiuscfg => /usr/local/etc/radiusclient-ng/radiusclient.conf"radiuscfg =>
/etc/radcli/radiusclient.conf"g' /etc/asterisk/cdr.conf
# sed -i 's";radiuscfg => /usr/local/etc/radiusclient-ng/radiusclient.conf"radiuscfg =>
/etc/radcli/radiusclient.conf"g' /etc/asterisk/cel.conf
Chapter 6. install vicidial GUI
6.1. Download VICIdial ASTGUIclient
# mkdir /usr/src/astguiclient
# cd /usr/src/astguiclient
# svn checkout svn://svn.eflo.net:43690/agc_2-X/trunk

6.2. Create mysql database and its user, import vicidial sql
Login to mysql by
# mysql -p

Now put in your mysql password and create vicidial database and username by:
> CREATE DATABASE `asterisk` DEFAULT CHARACTER SET utf8 COLLATE
utf8_unicode_ci;

> CREATE USER 'cron'@'%' IDENTIFIED BY ‘Gq32*T32nRqm’;

> GRANT SELECT,INSERT,UPDATE,DELETE,LOCK TABLES on asterisk.* TO
cron@'%' IDENTIFIED BY ‘Gq32*T32nRqm’;

> GRANT SELECT,INSERT,UPDATE,DELETE,LOCK TABLES on asterisk.* TO

cron@localhost IDENTIFIED BY Gq32*T32nRqm;

> CREATE USER 'custom'@'%' IDENTIFIED BY Gq32*T32nRqm;

> GRANT SELECT,INSERT,UPDATE,DELETE,LOCK TABLES on asterisk.* TO

custom@'%' IDENTIFIED BY Gq32*T32nRqm;

> GRANT SELECT,INSERT,UPDATE,DELETE,LOCK TABLES on asterisk.* TO

custom@localhost IDENTIFIED BY Gq32*T32nRqm;
 > FLUSH PRIVILEGES;

> use asterisk;

> \. /usr/src/astguiclient/trunk/extras/MySQL_AST_CREATE_tables.sql
> \. /usr/src/astguiclient/trunk/extras/first_server_install.sql
> quit

6.3. install vicidial GUI

To install vicidial GUI, create its directory, download the script and run it by:
# cd /usr/src/astguiclient/trunk
# perl install.pl

Running the perl install.pl, you will be asked a couple of questions:

Would you like to use manual configuration and installation(y/n): [y]

STARTING ASTGUICLIENT MANUAL CONFIGURATION PHASE...

astguiclient configuration file or press enter for default: [/etc/astguiclient.conf]

astguiclient home path or press enter for default: [/usr/share/astguiclient]

astguiclient logs path or press enter for default: [/var/log/astguiclient]

asterisk agi-bin path or press enter for default: [/var/lib/asterisk/agi-bin]

server webroot path or press enter for default: [/usr/local/apache2/htdocs]

/var/www/html

asterisk sounds path or press enter for default: [/var/lib/asterisk/sounds]

asterisk monitor path or press enter for default: [/var/spool/asterisk/monitor]

asterisk DONEmonitor path or press enter for default:

[/var/spool/asterisk/monitorDONE]

server IP address or press enter for default: [] 192.168.1.32

DB server address or press enter for default: [localhost]

DB database name or press enter for default: [asterisk]

DB user login or press enter for default: [cron]

DB user password or press enter for default: [1234] UtSr9rjz69AgzeRt

DB custom user login or press enter for default: [custom] d34GU4wWEVR%DWdP

DB custom password login or press enter for default: [custom1234]

DB connection port or press enter for default: [3306]

Numeric list of the astGUIclient processes to be kept running

(value should be listing of characters with no spaces: 123456)
X - NO KEEPALIVE PROCESSES (use only if you want none to be keepalive)
1 - AST_update
2 - AST_send_listen
3 - AST_VDauto_dial
4 - AST_VDremote_agents
5 - AST_VDadapt (If multi-server system, this must only be on one server)
6 - FastAGI_log
7 - AST_VDauto_dial_FILL (only for multi-server, this must only be on one server)
8 - ip_relay (used for blind agent monitoring)
9 - Timeclock auto logout
C - ConfBridge process, (see the ConfBridge documentation for more info)
E - Email processor, (If multi-server system, this must only be on one server)
S - SIP Logger (Patched Asterisk 13 or higher required)
Enter active keepalives or press enter for default: [1234568]

Enter the Asterisk version that you are installing VICIDIAL for
(value should be only one of the options below:)
1.2
1.4
1.8
11.X
13.X
16.X
Enter asterisk version or press enter for default: [13.X] 16.X

Copy sample configuration files to /etc/asterisk/ ? [n] y

Copy web language translation files to webroot ? [] y

FTP host address or press enter for default: [10.0.0.4]

FTP user login or press enter for default: [cron]

FTP user password or press enter for default: [test]

FTP connection port or press enter for default: [21]

FTP directory or press enter for default: [RECORDINGS]

HTTP path for archive or press enter for default: [http://10.0.0.4]

REPORT host address or press enter for default: [10.0.0.4]

REPORT user login or press enter for default: [cron]

REPORT user password or press enter for default: [test]

REPORT connection port or press enter for default: [21]

REPORT directory or press enter for default: [REPORTS]

FastAGI log minimum child servers: [3]

FastAGI log maximum child servers: [16]

FastAGI log minimum spare child servers: [2]

FastAGI log maximum spare child servers: [8]

FastAGI log maximum requests per child server: [1000]

FastAGI log check-for-dead seconds: [30]

FastAGI log check-for-wait seconds: [60]

defined conf file: /etc/astguiclient.conf

defined home path: /usr/share/astguiclient
defined logs path: /var/log/astguiclient
defined agi-bin path: /var/lib/asterisk/agi-bin
defined webroot path: /var/www/html
defined sounds path: /var/lib/asterisk/sounds
defined monitor path: /var/spool/asterisk/monitor
defined DONEmonitor path: /var/spool/asterisk/monitorDONE
defined server_ip: 192.168.1.32
defined DB_server: localhost
defined DB_database: asterisk
defined DB_user: cron
defined DB_pass: UtSr9rjz69AgzeRt
defined DB_custom_user: d34GU4wWEVR%DWdP
defined DB_custom_pass: custom1234
defined DB_port: 3306
defined active_keepalives: 1234568
 defined asterisk_version: 16.X
defined copying conf files: y
defined copying weblang files: y
defined FTP_host: 10.0.0.4
defined FTP_user: cron
defined FTP_pass: test
defined FTP_port: 21
defined FTP_dir: RECORDINGS
defined HTTP_path: http://10.0.0.4
defined REPORT_host: 10.0.0.4
defined REPORT_user: cron
defined REPORT_pass: test
defined REPORT_port: 21
defined REPORT_dir: REPORTS
defined fastagi_log_min_servers: 3
defined fastagi_log_max_servers: 16
defined fastagi_log_min_spare_servers: 2
defined fastagi_log_max_spare_servers: 8
defined fastagi_log_max_requests: 1000
defined fastagi_log_checkfordead: 30
defined fastagi_log_checkforwait: 60

Are these settings correct?(y/n): [y]

Upon a successful installation, you should see

6.4. Vicidial Area Code and some extra settings

# /usr/share/astguiclient/ADMIN_area_code_populate.pl
# chmod -R 755 /usr/src/astguiclient/trunk/bin/VICIDIAL_IN_new_leads_file.pl
# cp /usr/src/astguiclient/trunk/extras/performance_test_leads.txt
/usr/share/astguiclient/LEADS_IN/
# /usr/src/astguiclient/trunk/bin/VICIDIAL_IN_new_leads_file.pl --forcelistid=107
--forcephonecode=1

To change vicidial ip run the following command

 /usr/share/astguiclient/ADMIN_update_server_ip.pl --old-server_ip=10.10.10.15

and answer the questions as below:replacing your_server_ip with public IP of your

server:
Previous astGUIclient configuration file found at: /etc/astguiclient.conf
CLI defined old server IP: 10.10.10.15
Previous astGUIclient configuration file found at: /etc/astguiclient.conf

Would you like to use interactive mode (y/n): [y]

STARTING SERVER IP ADDRESS CHANGE FOR VICIDIAL...

Old server IP address or press enter for default: [10.10.10.15]

server IP address or press enter for default: [] 192.168.1.32

old server_ip: 10.10.10.15

new server_ip: 192.168.1.32

Are these settings correct?(y/n): [y]

Note: don't forget you change your_server_ip with the public IP of your server.
Vicidial installation is done. Now reboot the serve
Chapter 7. - install and configure named
7.1. Assign public ip address
Note: this step is not needed if your server is already on a public network
To assign public ip address to your server in rocky 9, run

# nmtui

You will see this:

Click on Edit a connection and choose your NIC, and you will see this
Choose your NIC and hit enter, you will see this:Move to IPv4 section and click on
Automatic

You will see this: choose manual

Click on show next to it and configure your public ip address as below

Just scroll down and hit OK
Once done, run this command to diable and enable network
# nmcli con down nic_name && nmcli con up nic_name

Or restart network by
# systemctl restart NetworkManager
Once done connect to your server using your public IP

7.2. install bind 9 package

To Install bind run these commands
# yum install bind bind-utils -y

Now create two zones, one for domain and one for hostname
# vim /var/named/example.com.db

In this file insert

 $TTL 600
@ 86400 IN
SOA ns1.confzy.com. bbb.confzy.com. (
2021010407 ; serial, todays date+todays
3600 ; refresh, seconds
7200 ; retry, seconds
1209600 ; expire, seconds
86400 ) ; minimum, seconds
@ 86400 IN NS ns1.confzy.com.
@ 86400 IN NS ns2.confzy.com.
@ IN A 194.9.80.250
localhost.bbb.confzy.com. IN A 127.0.0.1
@ IN MX 0 bbb.confzy.com.
bbb 600 IN CNAME bbb.confzy.com.

Now create another zone for hostname by

# vim /var/named/host.example.com.db

Insert in this file

$TTL 600
@ 86400 IN
SOA ns1.confzy.com. bbb.confzy.com. (
2021010407 ; serial, todays date+todays
3600 ; refresh, seconds
7200 ; retry, seconds
1209600 ; expire, seconds
86400 ) ; minimum, seconds
@ 86400 IN NS ns1.confzy.com.
@ 86400 IN NS ns2.confzy.com.
@ IN A 194.9.80.250
localhost.bbb.confzy.com. IN A 127.0.0.1
@ IN MX 0 bbb.confzy.com.
bbb 600 IN CNAME bbb.confzy.com.

To finish the bind set up, there is more to do. Open this file
# vim /etc/named.conf
And insert these 2 lines
zone "example.com" {type master; file "/var/named/example.com.db";};
zone "host.example.com" {type master; file "/var/named/example.com.db";};

Note: you should replace example.com with your own FQDN and your_server_ip with
your server public ip address.
Now start and enable the bind9 service by

Also change listen-on port 53 { 127.0.0.1; }; to listen-on port 53 { any; };

And allow-query { localhost; }; to allow-query { any; };

So the final file should look like this:

# systemctl start named
# systemctl enable named
# systemctl status named

Upon the last command you should named service is active and running.

Test DNS
To make sure your domain now resolves to your server ip. Run this command
# nslookup example.com

If all goes well, you should see

7.3. install ssl

In order to install ssl, we need to create a virtual host in apache. To add a virtualhost
create a conf file by:
# vim /etc/httpd/conf.d/example.com.conf

And add the following in that file

<VirtualHost *:80>
ServerAdmin webmaster@example.com
ServerName example.com
ServerAlias example.com

DocumentRoot /var/www/html
ErrorLog /var/www/html/logs/error.log
CustomLog /var/www/html/logs/access.log combined
</VirtualHost>

Note: replace example.com with your own domain

Now restart and enable apache to apply changes using these commands:
# systemctl restart httpd
# systemctl status httpd

You should see something like this

Now try to install letsencrypt package by

# yum install certbot python3-certbot-apache mod_ssl -y

After successful installation, try to install ssl on your domain suing this
# certbot --apache --noninteractive --agree-tos -d example.com -m
youremail@example.com

Note: replace example.com with your own domain and youremail@example.com with
your own email address.
Upon a successful ssl certificate creation, you should see something like this:

Chapter 8. Enable startup jobs

8.1. Crontab entry
First we need to add cron entry, open crontab by
https://raw.githubusercontent.com/jaganthoutam/vicidial-install-scripts/main/crontab

## ssl renew
45 3 * * 6 /usr/local/letsencrypt/certbot-auto renew && systemctl reload httpd

### recording mixing/compressing/ftping scripts

0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * *
/usr/share/astguiclient/AST_CRON_audio_1_move_mix.pl
0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * *
/usr/share/astguiclient/AST_CRON_audio_1_move_mix.pl --MIX
#0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * *
/usr/share/astguiclient/AST_CRON_audio_1_move_VDonly.pl
1,4,7,10,13,16,19,22,25,28,31,34,37,40,43,46,49,52,55,58 * * * *
/usr/share/astguiclient/AST_CRON_audio_2_compress.pl --MP3 --HTTPS

### keepalive script for astguiclient processes

* * * * * /usr/share/astguiclient/ADMIN_keepalive_ALL.pl

### kill Hangup script for Asterisk updaters

* * * * * /usr/share/astguiclient/AST_manager_kill_hung_congested.pl

### updater for voicemail

* * * * * /usr/share/astguiclient/AST_vm_update.pl

### updater for conference validator

* * * * * /usr/share/astguiclient/AST_conf_update.pl

### flush queue DB table every hour for entries older than 1 hour
11 * * * * /usr/share/astguiclient/AST_flush_DBqueue.pl -q

### fix the vicidial_agent_log once every hour and the full day run at night
33 * * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl
50 0 * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl --last-24hours
## uncomment below if using QueueMetrics
#*/5 * * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl --only-qm-live-call-check

### updater for VICIDIAL hopper

* * * * * /usr/share/astguiclient/AST_VDhopper.pl -q

### adjust the GMT offset for the leads in the vicidial_list table
1 1,7 * * * /usr/share/astguiclient/ADMIN_adjust_GMTnow_on_leads.pl --debug
--list-settings

### reset several temporary-info tables in the database

2 1 * * * /usr/share/astguiclient/AST_reset_mysql_vars.pl

### optimize the database tables within the asterisk database

3 1 * * * /usr/share/astguiclient/AST_DB_optimize.pl

### VICIDIAL agent time log weekly and daily summary report generation
2 0 * * 0 /usr/share/astguiclient/AST_agent_week.pl
22 0 * * * /usr/share/astguiclient/AST_agent_day.pl
### VICIDIAL campaign export scripts (OPTIONAL)
#32 0 * * * /usr/share/astguiclient/AST_VDsales_export.pl
#42 0 * * * /usr/share/astguiclient/AST_sourceID_summary_export.pl

### remove old recordings more than 7 days old, and delete originals after 1 day
#24 0 * * * /usr/bin/find /var/spool/asterisk/monitorDONE -maxdepth 2 -type f -mtime
+7 -print | xargs rm -f
24 1 * * * /usr/bin/find /var/spool/asterisk/monitorDONE/ORIG -maxdepth 2 -type f
-mtime +1 -print | xargs rm -f

### remove all recordings more than 6 months old

30 0 * * * /usr/bin/find /var/spool/asterisk/monitorDONE/ -maxdepth 2 -type f -mtime
+180 -print | xargs rm -f

### roll logs monthly on high-volume dialing systems

#30 1 1 * * /usr/share/astguiclient/ADMIN_archive_log_tables.pl --months=6

### remove and rotate old asterisk logs

29 0 * * * /usr/bin/find /var/log/asterisk -maxdepth 3 -type f -mtime +30 -print | xargs
rm -f
32 0 * * * /usr/bin/find /var/log/asterisk -maxdepth 1 -type f -mtime +1 -print | grep -v
\.xz | xargs xz >/dev/null 2>&1
30 0 * * * /usr/bin/find / -maxdepth 1 -name "screenlog.0*" -mtime +7 -print | xargs rm
-f
31 0 * * * /usr/bin/find /tmp -maxdepth 1 -type f -mtime +7 -print | xargs rm -f

### daily backup database and web folder and upload to FTP server
1 2 * * * /usr/share/astguiclient/ADMIN_backup.pl --db-without-logs --without-conf
--ftp-transfer 2>/dev/null 1>&2

### remove text to speech file more than 4 days old

#20 0 * * * /usr/bin/find /var/lib/asterisk/sounds/tts/ -maxdepth 2 -type f -mtime +4
-print | xargs rm -f

### Update agent records with the IP of the phone they are logging in on
#*/5 * * * * /usr/share/astguiclient/AST_phone_update.pl --agent-lookup

### Delete voicemail that is older then 60 days

#0 2 * * * /usr/local/bin/vmspool_manager.pl --active --age=60

### inventory report optional

#1 7 * * * /usr/share/astguiclient/AST_dialer_inventory_snapshot.pl -q
--override-24hours

### roll call_log and vicidial_log_extended daily on very high-volume dialing systems
 #20 1 * * * /usr/share/astguiclient/ADMIN_archive_log_tables.pl --daily

## uncomment below if using Vtiger

#1 1 * * * /usr/share/astguiclient/Vtiger_optimize_all_tables.pl --quiet

# cleanup of the scheduled callback records

25 0 * * * /usr/share/astguiclient/AST_DB_dead_cb_purge.pl --purge-non-cb --quiet

### inbound email parser should only be active on a single server

* * * * * /usr/share/astguiclient/AST_inbound_email_parser.pl

### Reboot nightly to manage asterisk issues

#30 6 * * * /sbin/reboot

8.2. rc.local entry

Back up rc.local fine and create a new one

# mv /etc/rc.d/rc.local /etc/rc.d/rc.local.back
# vim /etc/rc.d/rc.local

And add this entry:

#!/bin/bash
### Disable console blanking and powersaving
/usr/bin/setterm blank
/usr/bin/setterm powersave off
/usr/bin/setterm poweown

# OPTIONAL enable ip_relay(for same-machine trunking and blind monitoring)

/usr/share/astguiclient/ip_relay/relay_control start 2>/dev/null 1>&2

### roll the Asterisk logs upon reboot

/usr/share/astguiclient/ADMIN_restart_roll_logs.pl 2>/dev/null 1>&2

### clear the server-related records from the database

/usr/share/astguiclient/AST_reset_mysql_vars.pl 2>/dev/null 1>&2

### start up asterisk

/usr/share/astguiclient/start_asterisk_boot.pl 2>/dev/null 1>&2

touch /var/lock/subsys/local
8.3. Enable rc.local service at startup
In order to enable this, you need to make some changes in rc.local service
# rm -rf /lib/systemd/system/rc-local.service
# vim /lib/systemd/system/rc-local.service

Add below entry

[Unit]
Description=/etc/rc.d/rc.local Compatibility
ConditionFileIsExecutable=/etc/rc.d/rc.local
Requires=network-online.target
After=network-online.target

[Service]
Type=forking
ExecStart=/etc/rc.d/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99

[Install]
WantedBy=multi-user.target

Once done close it and start enable rc-local service by

# chmod +x /etc/rc.d/rc.local
# chmod +x /etc/rc.local
# systemctl daemon-reload
# systemctl start rc-local
# systemctl enable rc-local
# systemctl status rc-local

Now the rc-local service should be active and running

Chapter 9. Server hardening
9.1. install and configure firewalld
To harden the server we need to install and start firewalld service, To install and start
firewalld, run these commands
Firewalld is installed by default on rocky 9, but in case run these commands
# yum install firewalld -y
# systemctl start firewalld
# systemctl enable firewalld

starting firewalld, will close all access to the server, so we need to open ports which are
used by ssh, asterisk, http, named and some other services. Execute this commands to
open needed ports and services.
In firewalld you can open a service by both its port and service name.
# firewall-cmd --zone=public --add-port=”ssh port”/tcp --permanent
# firewall-cmd --zone=public --add-port=10000-20000/udp --permanent
# firewall-cmd --zone=public --add-port=10000-20000/tcp --permanent
# firewall-cmd --zone=public --add-port={5060,53,123}/udp --permanent
# firewall-cmd –zone=public
--add-port={5443,5269,5280,5222,5061,8089,8088,5038,443,80,53}/tcp --permanent

Note: please replace “ssh port” with your own ssh port
Now restart firewalld to apply changes and check its status

# systemctl restart firewalld

# systemctl status firewalld

You should see something like this:

9.2. Securing ssh
One the server remove extra config files, backup original sshd config and create a new
one file by:
# rm -rf /etc/ssh/sshd_config.d/*
# mv /etc/ssh/ssh_config /etc/ssh/sshd_config_back
# vim /etc/ssh/sshd_config

And insert this entry

# SSH port
Port 8627

# Keys
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
AuthorizedKeysFile .ssh/authorized_keys

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no

# Logging
SyslogFacility AUTHPRIV
LogLevel INFO

# Authentication:
PermitRootLogin without-password
MaxAuthTries 2
MaxSessions 2
PermitEmptyPasswords no
PasswordAuthentication no
ChallengeResponseAuthentication no
PermitTunnel no

#Forwarding
X11Forwarding no
 AllowAgentForwarding no
AllowTcpForwarding no

UsePAM yes
PrintMotd no
Include /etc/crypto-policies/back-ends/opensshserver.config

# Accept locale-related environment variables

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE
LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE
LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems

Subsystem sftp /usr/libexec/openssh/sftp-server

Include /etc/ssh/sshd_config.d/*.conf

And finally run to restart sshd service and make sure its up and running
# systemctl restart sshd
# systemctl status sshd

You should see:

9.3. install and configure fail2ban

Fail2ban, creates a jail for different services on your server, and bans ips which failed to
connect to your server for a couple of times.in which we create jails for SSH service and
asterisk. first install fail2ban by
# yum install fail2ban -y

Then create a jail by

# vim /etc/fail2ban/jail.local
And insert this
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1, “list of comma separated IPs you want to whitelist”
bantime = 86400000
findtime = 960
maxretry = 2

[sshd]
enabled = true
port =22, “your_ssh_port”
filter = sshd
logpath = /var/log/auth.log
findtime = 960
maxretry = 4
bantime = 86400

[asterisk]
enabled = true
port = 8089,8088,5060,5061
filter = asterisk
#action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp",
chain="%(chain)s", actname=%(banaction)s-tcp]
# %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp",
chain="%(chain)s", actname=%(banaction)s-udp]
# %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
action = %(action_)s
logpath = /var/log/asterisk/messages
findtime = 10800
maxretry = 3
bantime = 604800

Note: please replace Your_ssh_port with the ssh port you have defined for your ssh
server and in ignoreip= write down list of ips that you never want your server to ban

# touch /var/log/asterisk/messages
# ss
# systemctl enable fail2ban
# systemctl status fail2ban

Now you should see this, to make sure fail2ban is running

9.4. /etc/sysctl.conf Hardening
We are going to enable TCP SYN cookie protection, IP spoofing protection, ignoring
ICMP requests, ignoring broadcast requests, and logging to spoofed packets, source
routed packets and redirect packets. Along with that, we are going to disable IP source
routing and ICMP redirect acceptance.
Also We are going to minimize the amount of swapping we need to do, increase the
size of file handles and inode cache, and restrict core dumps.
Next We are going to change the amount of incoming connections and incoming
connections backlog, increase the maximum amount of memory buffers, and increase
the default and maximum send/receive buffers

Open /etc/sysctl.conf by
# vim /etc/sysctl.conf

And insert this at the end of file, use sysctl -p to apply changes ands
Now user sysctl -p to apply changes
# sysctl -p

Once you run this command you should see

# reboot

Once the server is up. Use screen -ls command and you should see a 9 to 11 sockets.
# screen -ls
Chapter 10. - Vicidial Basic configuration
Before you continue change the vicidial ip to the public ip by
To change vicidial ip run the following command
/usr/share/astguiclient/ADMIN_update_server_ip.pl --old-server_ip=10.10.10.15

10.1 . Login Vicidial Admin/Agent Interface

If you see a minimum of 8 screens, all is good. Open vicidial GUI by visiting
https://example.com/vicidial/admin.php
Note: don't forget to replace example.com with your actual domain.
The default username is: 6666 and the password is: 1234

change admin password

Give permission to admin user
Go to Users > show users > click on user id 6666 and change all fields to 1
10.2. Some server settings
Go to Admin > servers >
Server ID = give any name to your server
Server description = any description
Asterisk version = 16.17.0-vici
Manager secret = cron user password
10.2. Enable audio store
To enable audio store Go to Admin > system setting and
Central Sound Control Active = 1
Sound Web Server = your domain name
Active VoiceMail Server = select public ip address of your server
10.3 adding user group, campaign, list, user, phone
To add a user group on the left menu click on User Groups > ADD NEW USERS
GROUP
Give it a name and a Description and hit submit

To create a campaign, on the left menu, click on campaigns, Add a new campaign
Give it a name, description, choose the user group you just created and select the
campaign time.and hit submit
Chapter 11. - webrtc
11.1. Enable webrtc
Lets change the cron password in manager.conf
# vim /etc/asterisk/manager.conf

Look for secret=1234 in this file and change it the cron user password, you created
earlier
[cron]
secret = your_cron_password
read = system,call,log,verbose,command,agent,user,originate
write = system,call,log,verbose,command,agent,user,originate

[updatecron]
secret = your_cron_password
read = command,reporting
write = command,reporting

eventfilter=Event: CoreShowChannel

[listencron]
secret = your_cron_password
read = system,call,log,verbose,command,agent,user,dtmf
write = command

……
[sendcron]
secret = your_cron_password
read = command
write = system,call,log,verbose,command,agent,user,originate

[sipcron]
secret = your_cron_password
read = call
write = command

To enable asterisk webrtc cd to asterisk directory and Then backup http.conf and create
a new one by
# mv /etc/asterisk/http.conf /etc/asterisk/http.conf.bak
# vim /etc/asterisk/http.conf

And insert in this file

 [general]
servername=Asterisk
tlsbindaddr=0.0.0.0:8089
bindaddr=0.0.0.0
bindport=8088
enabled=yes
tlsenable=yes
tlscertfile=/etc/asterisk/keys/fullchain.pem
tlsprivatekey=/etc/asterisk/keys/privkey.pem

Now copy ssl certificate to asterisk directory

# mkdir /etc/asterisk/keys
# cp /etc/letsencrypt/live/example.com/* /etc/asterisk/keys/
# chmod 600 /etc/asterisk/keys/*
Note: don't forget to replace example.com with your domain name.

Then backup rtp.conf and create a new one by

# mv /etc/asterisk/rtp.conf /etc/asterisk/rtp.conf.bak
# vim /etc/asterisk/rtp.conf

And insert in this file

[general]
rtpstart=10000
rtpend=20000

Then backup ari.conf and create a new one by

# mv /etc/asterisk/ari.conf /etc/asterisk/ari.conf.bak
# vim /etc/asterisk/ari.conf

And insert in this file

[general]
enabled = yes
pretty = yes
allowed_origins = 0.0.0.0:8088,0.0.0.0:8089
tlsenable=yes

Then backup pjsip.conf and create a new one by

 # mv /etc/asterisk/pjsip.conf /etc/asterisk/pjsip.conf.bak
# vim /etc/asterisk/pjsip.conf

And insert in this file

[system]
type=system
timer_t1=500
timer_b=32000
disable_tcp_switch=yes

[global]
type = global
contact_expiration_check_interval = 30
debug = no
default_from_user = Asterisk
default_outbound_endpoint = default_outbound_endpoint
default_realm = Asterisk
default_voicemail_extension = 8500
disable_multi_domain = false
endpoint_identifier_order = ip,username,anonymous
ignore_uri_user_options = false
keep_alive_interval = 90
max_forwards = 70
max_initial_qualify_time =0
mwi_disable_initial_unsolicited = false
mwi_tps_queue_high = 500
mwi_tps_queue_low = -1
norefersub = yes
;regcontext = myregs
send_contact_status_on_update_registration = yes
taskprocessor_overload_trigger = global
unidentified_request_count =5
unidentified_request_period =5
unidentified_request_prune_interval = 30
use_callerid_contact = no
user_agent = Asterisk

[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0:5061
;external_media_address =
;external_signaling_address =
local_net = Your_server_ip
;local_net = 10.0.0.0/255.0.0.0
;local_net = 172.16.0.0/12
;local_net = 169.254.0.0/255.255.0.0
;tos = cs3

[transport-wss]
type = transport
protocol = wss
bind = 0.0.0.0:8089
;external_media_address = Your_server_ip
;external_signaling_address = Your_server_ip
local_net = Your_server_ip
allow_reload = yes

#include pjsip-vicidial.conf
#include pjsip_wizard-vicidial.conf
Note: Don't forget to change your_server_ip with the ip address of your server.

Create webrtc template

Login to your vicidial GUI and head to Admin -> Templates click on Add A New
Template and insert below entity and hit submit.
Template ID: WEBRTC_SIP
Template Name:WEBRTC_SIP
Template Contents:

aor/max_contacts = 1
aor/maximum_expiration = 3600
aor/minimum_expiration = 60
aor/default_expiration = 120
aor/qualify_frequency = 15
endpoint/context=default
endpoint/disallow=all
endpoint/allow=ulaw
endpoint/allow=alaw
endpoint/allow=vp8
endpoint/allow=vp9
endpoint/dtmf_mode = rfc4733
endpoint/trust_id_inbound = no
endpoint/send_rpid = yes
endpoint/inband_progress = no
endpoint/tos_audio = ef
endpoint/language = en
endpoint/rtp_symmetric = yes
endpoint/rewrite_contact = yes
endpoint/rtp_timeout = 60
endpoint/use_ptime = yes
endpoint/moh_suggest = default
endpoint/direct_media = no
endpoint/transport=transport-wss
endpoint/webrtc=yes

Enable both sip and pjsip

Open sip.conf by
# vim /etc/asterisk/sip.conf

In sip.conf look for websocket_enabled=true in sip.com and change it to

websocket_enabled=false
So your final file should look like this
[general]
….
websocket_enabled=false
…
Now login to your vicidial GUI and head to Admin > System Settings , then move to
Allowed SIP Stacks , and change it to SIP_and_PJSIP and hit submit.

Now restart asterisk

# systemctl restart asterisk

11.2. install viciphone on vicidial

To install viciphone or Cybur phone, run these commands
# cd /var/www/html
# git clone https://github.com/carpenox/CyburPhone.git

Now login to your vicidial GUI and head to Admin > System Settings , then move to
Webphone URL , and set it to CyburPhone/cyburphone.php and hit submit.

Now login to your vicidial GUI and head to Admin > Servers, , then move to Web Socket
URL , and set it to wss://example.com:8089/ws and hit submit.

Note: replace example.com with your actual domain.

Now let's change the phone we created to a web phone

Go to phones > the phone you created and change
Set as a webphone Y
Client Protocol to PJSIP
Template ID to Webrtc_PJSIP
11.3 Load and unload some modules
Open asterisk module conf file by
# mv /etc/asterisk/modules.conf /etc/asterisk/modules.conf.back
# vim /etc/asterisk/modules.conf

And add the following entry

[modules]
autoload=yes
load = res_pjsip.so
load = chan_sip.so
noload = chan_alsa.so
noload = chan_console.so
noload = res_hep.so
noload = res_hep_pjsip.so
noload = res_hep_rtcp.so
noload = chan_oss.so
noload = res_config_ldap
noload = res_config_pgsql
noload = cel_pgsql
noload = cdr_pgsql
noload = cel_tds
noload = cel_sqlite3_custom
noload = cdr_sqlite3_custom
noload = cel_radius
noload = cdr_radius
noload = chan_oss.so
noload = res_config_ldap
noload = res_config_pgsql
noload = cel_pgsql
noload = cdr_pgsql
noload = cel_tds
noload = cel_sqlite3_custom
noload = cdr_sqlite3_custom
noload = cdr_tds
noload = res_phoneprov

Disable some asterisk warnings (this is in case you get some warnings in asterisk
status)
Use the following commands to disable asterisk warnings
#s
# sed -i 's";radiuscfg => /usr/local/etc/radiusclient-ng/radiusclient.conf"radiuscfg =>
/etc/radcli/radiusclient.conf"g' /etc/asterisk/cdr.conf
# sed -i 's";radiuscfg => /usr/local/etc/radiusclient-ng/radiusclient.conf"radiuscfg =>
/etc/radcli/radiusclient.conf"g' /etc/asterisk/cel.conf