Asterisk is an open-source PABX. That's right, it is a fully-featured scalable PABX that supports both VoIP, PSTN, ISDN and voicemail that can be used anywhere from a home office to a multi-site corporation.

And what's more, it is open source. Which essentially means you can choose your level of financial investment. If you are a small business owner, this can be an ideal solution, particularly if you have or are willing to develop the skills to manage it, your costs can be zero beyond your time and hardware costs.

This isn’t about asterisk itself however, so more details can be found here:

This post is about FreePBX (, which is a web-based front end to manage asterisk. Asterisk is amazingly flexible, and the options you have of defining how it behaves when it receives a call are infinite. It is also relatively easy to learn how to develop dial plans for asterisk, but ultimately, building and managing a complex asterisk configuration can be a time-consuming process.

This is where FreePBX comes in. It dramatically simplifies the management of asterisk and has a large number of modules that you can add in to bring in all the functionality you could wish for, providing features for nothing that would only ever be available on the highest-end commercial closed box PABX solutions.

Freepbx needs to interact directly with Asterisk, and modify its configuration files. In terms of compartmentalising access rights, this can be problematic, as FreePBX needs to run its web server as the asterisk user. But if you are already running apache, your webserver will already have a user id that it runs under – probably “apache”, and you don’t want to give either this user access to your asterisk configuration files and nor do you want to run your web services as “asterisk” and have to change the permissions of anything it might need to access.

Apache has some modules in development that will allow a single web site to run under a specific user id. This will be great when it finally is ready to use, particularly in the web hosting arena, where having a common use for all web sites presents problems. However, it isn’t ready.

One solution is to run a separate web server instance for asterisk. As this article is aimed at someone who is sharing the functionality of their server between Asterisk and other tasks, this may seem a resource-heavy solution. However, consider using “Lighttpd”. This is as the name suggests, a lightweight web server. It has a good set of features but isn’t as hungry as apache. You can just run it on a different port – 81 for example, and have it run as the “asterisk” user.

You can also leave it running as the “Lighttpd” group, which will enable the daemon to retain the permissions on the files it needs to access, such as its log files.

This means that all of the FreePBX files can be owned by Asterisk and still be updatable from the web frontend. This is one of the primary reason why the “Warning: Cannot connect to an online repository ( Online modules are not available.” is received when trying to update the FreePBX modules. It is almost always a permissions issue.

I say “almost always”. Recently there has been a drive with PHP installations to have “allow_url_fopen” option set to “off”. What this means is that any functions that are “file” related – such as reading a file from a disk, cannot also be used to open a URL. If a URL needs to be opened, the curl library is the recommended solution. The reason for this is that many recent exploits have taken advantage of insecure code along with having this setting enabled to completely take over a site.

FreePBX at the time of writing (2.4beta2) expects to be able to open URLs as files. To change this setting, edit your php.ini file and change the “allow_url_fopen” option to On. Do not do this unless you understand the implications and risks.

This file can reside in a number of places depending on your distribution. Often it is at /etc/php.ini.

Gentoo has a different php.ini depending on what is happening. For the apache server, the php.ini is at:


For Lighttpd, it uses the CGI version:


Incidentally, the command line option is: /etc/php/cli-php5/php.ini

Wednesday, May 21, 2008

« Back