Install FreeSwitch for Production with BCG729 Codec and Systemd Service File

Add the repo to install freeswitch repo

apt-get update && apt-get install -yq gnupg2 wget lsb-release
wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add - 
echo "deb http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb-src http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list 
apt-get update

Install dependencies required for the build

apt-get build-dep freeswitch

Now download the Latest Freeswitch release

cd /usr/local/src/
wget https://github.com/signalwire/freeswitch/archive/refs/tags/v1.10.7.tar.gz
tar -xvf v1.10.7.tar.gz

Now try start Compiling

cd freeswitch-1.10.7
./bootstrap.sh -j

Try to add some modules

vim modules.conf
# uncomment
applications/mod_curl
formats/mod_shout
xml_int/mod_xml_curl
# comment
applications/mod_signalwire
./configure --prefix=/opt/SOMME/
make
make install

Confirm Freeswitch Version

/opt/SOMME/bin/freeswitch -version

Install system service file

cd debian
cp freeswitch-systemd.freeswitch.service /etc/systemd/system/freeswitch.service
vim /etc/systemd/system/freeswitch.service
# replace following lines
PIDFile=/opt/SOMME/var/run/freeswitch/freeswitch.pid
PIDFile=/opt/SOMME/var/run/freeswitch/freeswitch.pid
ExecStartPre=/bin/chown -R ${USER}:${GROUP} /opt/SOMME
ExecStart=/opt/SOMME/bin/freeswitch -u ${USER} -g ${GROUP} -ncwait ${DAEMON_OPTS}
# change user to root
User = root
Group = root
chmod +x /etc/systemd/system/freeswitch.service

Start Freeswitch

systemctl daemon-reload
systemctl start freeswitch

Make a Soft link for fs_cli

ln -s /opt/SOMME/bin/fs_cli /usr/bin/fs_cli
fs_cli

No Install G729 (BCG729) codec

git clone https://github.com/xadhoom/mod_bcg729.git
cd mod_bcg729/
apt install libfreeswitch-dev
ldconfig
FS_MODULES=/opt/SOMME/lib/freeswitch/mod/
FS_INCLUDES=/opt/SOMME/include/freeswitch/
make clean
make
make install
mv mod_bcg729.so /opt/SOMME/lib/freeswitch/mod/
systemctl restart freeswitch
fs_cli

Configure SIP port and Directory

update domain and port in vars.xml
add line followind line 
autoload_configs/xml_curl.conf.xml
<binding name="user_directory"> <param name="gateway-url" value="https://prod3.api.com/directory" bindings="directory" /> </binding>

Enjoy ;)

Some Basic Firewall Rules Each SIP Server Must Have

Please find the bash script to allow and block some unwanted traffic

#!/bin/bash

#DROP all rules
`sudo iptables -F`

# Local Communication
`sudo iptables -A INPUT -i lo -j ACCEPT`
`sudo iptables -A OUTPUT -o lo -j ACCEPT`

#SSH
`sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT`

# HTTPS
`sudo iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT`

# HTTPS
`sudo iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT`

# Homer
`sudo iptables -A INPUT -p tcp --dport 9080 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 9080 -m conntrack --ctstate ESTABLISHED -j ACCEPT`

# HEPLIFY Server
`sudo iptables -A INPUT -p tcp --dport 9060 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 9060 -m conntrack --ctstate ESTABLISHED -j ACCEPT`
`sudo iptables -A INPUT -p udp --dport 9060 -j ACCEPT`
`sudo iptables -A OUTPUT -p udp --sport 9060 -j ACCEPT`

# SIP over TCP
`sudo iptables -A INPUT -p tcp --dport 5060 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 5060 -m conntrack --ctstate ESTABLISHED -j ACCEPT`
# SIP over TLS
`sudo iptables -A INPUT -p tcp --dport 5061 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 5061 -m conntrack --ctstate ESTABLISHED -j ACCEPT`
# SIP over UDP
`sudo iptables -A INPUT -p udp --dport 5060 -j ACCEPT`
`sudo iptables -A OUTPUT -p udp --sport 5060 -j ACCEPT`

# Prometheus Node Exporter
`sudo iptables -A INPUT -p tcp --dport 9100 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 9100 -m conntrack --ctstate ESTABLISHED -j ACCEPT`


# DROP INVALID Packets
`sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP`

# DROP all other unwanted Traffic
`sudo iptables -A INPUT -j DROP`

How to compile and run a next application ?

Install nodejs Use  this  link for further reading curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash nvm inst...