diff --git a/database/fusionpbx.sql.gz b/database/fusionpbx.sql.gz
new file mode 100644
index 0000000..d5d4efc
Binary files /dev/null and b/database/fusionpbx.sql.gz differ
diff --git a/database/postgres_globals.sql b/database/postgres_globals.sql
new file mode 100644
index 0000000..d8a1b1d
--- /dev/null
+++ b/database/postgres_globals.sql
@@ -0,0 +1,37 @@
+--
+-- PostgreSQL database cluster dump
+--
+
+\restrict h5jdeiwpfVhsdbBfFLUSJhRcoYBsgYhwuNKbaQZVQYpKMdMfuVHD9IB6V4eNr1T
+
+SET default_transaction_read_only = off;
+
+SET client_encoding = 'UTF8';
+SET standard_conforming_strings = on;
+
+--
+-- Roles
+--
+
+CREATE ROLE fusionpbx;
+ALTER ROLE fusionpbx WITH SUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS PASSWORD 'SCRAM-SHA-256$4096:JOYKSj+lfw3sxgcuge2NEQ==$k1piq39UiU0yXVkXwXp4kq6uf1R+x4f1OJjXkJCWRE8=:iEQk9HFcFZ4tZOtuZ2hWHbCQCv1CFbe+rQsHNk7Nqx0=';
+CREATE ROLE postgres;
+ALTER ROLE postgres WITH SUPERUSER INHERIT CREATEROLE CREATEDB LOGIN REPLICATION BYPASSRLS;
+
+--
+-- User Configurations
+--
+
+
+
+
+
+
+
+
+\unrestrict h5jdeiwpfVhsdbBfFLUSJhRcoYBsgYhwuNKbaQZVQYpKMdMfuVHD9IB6V4eNr1T
+
+--
+-- PostgreSQL database cluster dump complete
+--
+
diff --git a/fail2ban/jail.local b/fail2ban/jail.local
new file mode 100755
index 0000000..9bf919c
--- /dev/null
+++ b/fail2ban/jail.local
@@ -0,0 +1,146 @@
+[DEFAULT]
+ignoreip = 127.0.0.1/8 ::1 107.178.2.130 97.154.109.245
+
+[ssh]
+enabled = true
+port = 22
+protocol = ssh
+filter = sshd
+logpath = /var/log/auth.log
+action = iptables-allports[name=sshd, protocol=all]
+maxretry = 6
+findtime = 60
+bantime = 86400
+
+[freeswitch]
+enabled = false
+port = 5060:5091
+protocol = all
+filter = freeswitch
+logpath = /var/log/freeswitch/freeswitch.log
+#logpath = /usr/local/freeswitch/log/freeswitch.log
+action = iptables-allports[name=freeswitch, protocol=all]
+maxretry = 10
+findtime = 60
+bantime = 3600
+# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
+
+[freeswitch-acl]
+enabled = false
+port = 5060:5091
+protocol = all
+filter = freeswitch-acl
+logpath = /var/log/freeswitch/freeswitch.log
+#logpath = /usr/local/freeswitch/log/freeswitch.log
+action = iptables-allports[name=freeswitch-acl, protocol=all]
+maxretry = 900
+findtime = 60
+bantime = 86400
+
+[freeswitch-ip]
+enabled = false
+port = 5060:5091
+protocol = all
+filter = freeswitch-ip
+logpath = /var/log/freeswitch/freeswitch.log
+#logpath = /usr/local/freeswitch/log/freeswitch.log
+action = iptables-allports[name=freeswitch-ip, protocol=all]
+maxretry = 1
+findtime = 60
+bantime = 86400
+
+[auth-challenge-ip]
+enabled = false
+port = 5060:5091
+protocol = all
+filter = auth-challenge-ip
+logpath = /var/log/freeswitch/freeswitch.log
+#logpath = /usr/local/freeswitch/log/freeswitch.log
+action = iptables-allports[name=auth-challenge-ip, protocol=all]
+maxretry = 1
+findtime = 60
+bantime = 86400
+
+[sip-auth-challenge]
+enabled = false
+port = 5060:5091
+protocol = all
+filter = sip-auth-challenge
+logpath = /var/log/freeswitch/freeswitch.log
+#logpath = /usr/local/freeswitch/log/freeswitch.log
+action = iptables-allports[name=sip-auth-challenge, protocol=all]
+maxretry = 100
+findtime = 60
+bantime = 7200
+
+[sip-auth-failure]
+enabled = false
+port = 5060:5091
+protocol = all
+filter = sip-auth-failure
+logpath = /var/log/freeswitch/freeswitch.log
+#logpath = /usr/local/freeswitch/log/freeswitch.log
+action = iptables-allports[name=sip-auth-failure, protocol=all]
+maxretry = 6
+findtime = 60
+bantime = 7200
+
+[fusionpbx-404]
+enabled = false
+port = 5060:5091
+protocol = all
+filter = fusionpbx-404
+logpath = /var/log/freeswitch/freeswitch.log
+#logpath = /usr/local/freeswitch/log/freeswitch.log
+action = iptables-allports[name=fusionpbx-404, protocol=all]
+maxretry = 6
+findtime = 60
+bantime = 86400
+
+[fusionpbx]
+enabled = true
+port = 80,443
+protocol = tcp
+filter = fusionpbx
+logpath = /var/log/auth.log
+action = iptables-allports[name=fusionpbx, protocol=all]
+# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
+maxretry = 20
+findtime = 60
+bantime = 3600
+
+[fusionpbx-mac]
+enabled = true
+port = 80,443
+protocol = tcp
+filter = fusionpbx-mac
+logpath = /var/log/syslog
+action = iptables-allports[name=fusionpbx-mac, protocol=all]
+# sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed
+maxretry = 10
+findtime = 60
+bantime = 86400
+
+[nginx-404]
+enabled = true
+port = 80,443
+protocol = tcp
+filter = nginx-404
+logpath = /var/log/nginx/access*.log
+action = iptables-allports[name=nginx-404, protocol=all]
+bantime = 3600
+findtime = 60
+maxretry = 300
+
+[nginx-dos]
+# Based on apache-badbots but a simple IP check (any IP requesting more than
+# 300 pages in 60 seconds, or 5p/s average, is suspicious)
+enabled = true
+port = 80,443
+protocol = tcp
+filter = nginx-dos
+logpath = /var/log/nginx/access*.log
+action = iptables-allports[name=nginx-dos, protocol=all]
+findtime = 60
+bantime = 86400
+maxretry = 800
diff --git a/freeswitch/autoload_configs/conference.conf b/freeswitch/autoload_configs/conference.conf
new file mode 100644
index 0000000..7c9e925
--- /dev/null
+++ b/freeswitch/autoload_configs/conference.conf
@@ -0,0 +1,439 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/freeswitch/autoload_configs/event_socket.conf.xml b/freeswitch/autoload_configs/event_socket.conf.xml
new file mode 100644
index 0000000..5ea2e09
--- /dev/null
+++ b/freeswitch/autoload_configs/event_socket.conf.xml
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
diff --git a/freeswitch/autoload_configs/logfile.conf.xml b/freeswitch/autoload_configs/logfile.conf.xml
new file mode 100644
index 0000000..b28d6ce
--- /dev/null
+++ b/freeswitch/autoload_configs/logfile.conf.xml
@@ -0,0 +1,29 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/freeswitch/autoload_configs/lua.conf.xml b/freeswitch/autoload_configs/lua.conf.xml
new file mode 100644
index 0000000..6d41cad
--- /dev/null
+++ b/freeswitch/autoload_configs/lua.conf.xml
@@ -0,0 +1,65 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/freeswitch/autoload_configs/modules.conf.xml b/freeswitch/autoload_configs/modules.conf.xml
new file mode 100644
index 0000000..cba3bb0
--- /dev/null
+++ b/freeswitch/autoload_configs/modules.conf.xml
@@ -0,0 +1,78 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/freeswitch/autoload_configs/sofia.conf.xml b/freeswitch/autoload_configs/sofia.conf.xml
new file mode 100644
index 0000000..a5e8614
--- /dev/null
+++ b/freeswitch/autoload_configs/sofia.conf.xml
@@ -0,0 +1,19 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/freeswitch/autoload_configs/switch.conf.xml b/freeswitch/autoload_configs/switch.conf.xml
new file mode 100644
index 0000000..c1972a1
--- /dev/null
+++ b/freeswitch/autoload_configs/switch.conf.xml
@@ -0,0 +1,170 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/freeswitch/extensions.conf b/freeswitch/extensions.conf
new file mode 100644
index 0000000..c2f02f6
--- /dev/null
+++ b/freeswitch/extensions.conf
@@ -0,0 +1,21 @@
+[default]
+
+; Things you're used to....
+exten => music,n,Dial(SIP/1234@conference.freeswitch.org|120)
+
+exten => _1XXXXX,n,set(cool=${EXTEN})
+exten => _1XXXXX,n,set(myvar=true)
+exten => _1XXXXX,n,Goto(default|music)
+exten => 2137991400/1000,n,Goto(default|music)
+
+
+; Some new magic you can do....
+exten => ~^(18(0{2}|8{2}|7{2}|6{2})\d{7})$,n,enum($1)
+exten => ~^(18(0{2}|8{2}|7{2}|6{2})\d{7})$,n,bridge(${enum_auto_route})
+
+; instead of exten, put anything about the call you would rather match on.
+; either the names of a field in caller_profile or a string of variables to expand.
+caller_id_number => 2137991400,n,Goto(default|music)
+${sip_from_user} => bill,n,Goto(default|music)
+
+
diff --git a/freeswitch/freeswitch.xml b/freeswitch/freeswitch.xml
new file mode 100644
index 0000000..28df2b5
--- /dev/null
+++ b/freeswitch/freeswitch.xml
@@ -0,0 +1,70 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/freeswitch/vars.xml b/freeswitch/vars.xml
new file mode 100644
index 0000000..9a952e0
--- /dev/null
+++ b/freeswitch/vars.xml
@@ -0,0 +1,91 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/network/50-cloud-init.yaml b/network/50-cloud-init.yaml
new file mode 100644
index 0000000..a989249
--- /dev/null
+++ b/network/50-cloud-init.yaml
@@ -0,0 +1,40 @@
+# This file is generated from information provided by the datasource. Changes
+# to it will not persist across an instance reboot. To disable cloud-init's
+# network configuration capabilities, write a file
+# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
+# network: {config: disabled}
+network:
+ version: 2
+ ethernets:
+ eth0:
+ accept-ra: false
+ addresses:
+ - 2604:A880:0400:00D1:0000:0004:7377:4001/64
+ - 134.209.72.226/20
+ - 10.10.0.5/16
+ match:
+ macaddress: fa:01:e4:87:a2:9b
+ mtu: 1500
+ nameservers:
+ addresses:
+ - 67.207.67.2
+ - 67.207.67.3
+ search: []
+ routes:
+ - to: ::/0
+ via: 2604:A880:0400:00D1:0000:0000:0000:0001
+ - to: 0.0.0.0/0
+ via: 134.209.64.1
+ set-name: eth0
+ eth1:
+ addresses:
+ - 10.116.0.3/20
+ match:
+ macaddress: 32:a5:04:32:aa:0b
+ mtu: 1500
+ nameservers:
+ addresses:
+ - 67.207.67.2
+ - 67.207.67.3
+ search: []
+ set-name: eth1
diff --git a/network/hostname b/network/hostname
new file mode 100644
index 0000000..233d3e6
--- /dev/null
+++ b/network/hostname
@@ -0,0 +1 @@
+fusion
diff --git a/network/hosts b/network/hosts
new file mode 100644
index 0000000..41d3dee
--- /dev/null
+++ b/network/hosts
@@ -0,0 +1,15 @@
+# Your system has configured 'manage_etc_hosts' as True.
+# As a result, if you wish for changes to this file to persist
+# then you will need to either
+# a.) make changes to the master file in /etc/cloud/templates/hosts.debian.tmpl
+# b.) change or remove the value of 'manage_etc_hosts' in
+# /etc/cloud/cloud.cfg or cloud-config from user-data
+#
+127.0.0.1 localhost
+127.0.1.1 fusion.orbishosting.com
+
+# The following lines are desirable for IPv6 capable hosts
+::1 localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+
diff --git a/nginx/fusionpbx.conf b/nginx/fusionpbx.conf
new file mode 100755
index 0000000..3bd6f9d
--- /dev/null
+++ b/nginx/fusionpbx.conf
@@ -0,0 +1,341 @@
+
+server {
+ listen 127.0.0.1:80;
+ server_name 127.0.0.1;
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ client_max_body_size 80M;
+ client_body_buffer_size 128k;
+
+ location / {
+ root /var/www/fusionpbx;
+ index index.php;
+ }
+
+ location ~ \.php$ {
+ fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
+ #fastcgi_pass 127.0.0.1:9000;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+ }
+
+ # Allow the upgrade routines to run longer than normal
+ location = /core/upgrade/index.php {
+ fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
+ #fastcgi_pass 127.0.0.1:9000;
+ fastcgi_read_timeout 15m;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+ }
+
+ # Disable viewing .htaccess & .htpassword & .db & .git
+ location ~ .htaccess {
+ deny all;
+ }
+ location ~ .htpassword {
+ deny all;
+ }
+ location ~^.+.(db)$ {
+ deny all;
+ }
+ location ~ /\.git {
+ deny all;
+ }
+ location ~ /\.lua {
+ deny all;
+ }
+ location ~ /\. {
+ deny all;
+ }
+}
+
+server {
+ if ($host = fusion.orbishosting.com) {
+ return 301 https://$host$request_uri;
+ } # managed by Certbot
+
+
+ listen [::]:80;
+ listen 80;
+ server_name fusion.orbishosting.com 134.209.72.226;
+
+ #redirect letsencrypt to dehydrated
+ location ^~ /.well-known/acme-challenge {
+ default_type "text/plain";
+ auth_basic "off";
+ alias /var/www/dehydrated;
+ }
+
+ #rewrite rule - send to https with an exception for provisioning
+ if ($uri !~* ^.*(provision|xml_cdr|firmware).*$) {
+ rewrite ^(.*) https://$host$1 permanent;
+ break;
+ }
+
+ #REST api
+ if ($uri ~* ^.*/api/.*$) {
+ rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
+ break;
+ }
+
+ #algo
+ rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
+
+ #avaya
+ rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;
+
+ #mitel
+ rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
+ rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
+
+ #grandstream
+ rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
+ rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
+ rewrite "^.*/provision/phonebook.xml$" /app/provision/?mac=$1&file=phonebook.xml;
+
+ #aastra
+ rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
+ #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
+
+ #yealink
+ rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.boot)$" /app/provision/index.php?mac=$1&file=%7b%24mac%7d.boot;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
+
+ #polycom
+ rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
+ #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
+ rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
+
+ #cisco
+ rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
+ rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
+
+ #Escene
+ rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
+ rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
+
+ #Vtech
+ rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
+ rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
+
+ #Digium
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
+
+ #Snom
+ rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
+ rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ client_max_body_size 80M;
+ client_body_buffer_size 128k;
+
+ location / {
+ root /var/www/fusionpbx;
+ index index.php;
+ }
+
+ location ~ \.php$ {
+ fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
+ #fastcgi_pass 127.0.0.1:9000;
+ fastcgi_read_timeout 15m;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+ }
+
+ # Allow the upgrade routines to run longer than normal
+ location = /core/upgrade/index.php {
+ fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
+ #fastcgi_pass 127.0.0.1:9000;
+ fastcgi_read_timeout 15m;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+ }
+
+ # Disable viewing .htaccess & .htpassword & .db & .git
+ location ~ .htaccess {
+ deny all;
+ }
+ location ~ .htpassword {
+ deny all;
+ }
+ location ~^.+.(db)$ {
+ deny all;
+ }
+ location ~ /\.git {
+ deny all;
+ }
+ location ~ /\.lua {
+ deny all;
+ }
+ location ~ /\. {
+ deny all;
+ }
+
+
+}
+
+server {
+ listen [::]:443 ssl;
+ listen 443 ssl;
+ #listen 443 ssl http2;
+ server_name fusion.orbishosting.com 134.209.72.226;
+ ssl_certificate /etc/letsencrypt/live/fusion.orbishosting.com/fullchain.pem; # managed by Certbot
+ ssl_certificate_key /etc/letsencrypt/live/fusion.orbishosting.com/privkey.pem; # managed by Certbot
+ #ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+ ssl_prefer_server_ciphers on;
+ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA;
+ ssl_session_cache shared:SSL:40m;
+ ssl_session_timeout 2h;
+ ssl_session_tickets off;
+
+ #redirect websockets to port 8080
+ location /websockets/ {
+ proxy_pass http://127.0.0.1:8080;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_set_header Host $host;
+ }
+
+ #redirect letsencrypt to dehydrated
+ location ^~ /.well-known/acme-challenge {
+ default_type "text/plain";
+ auth_basic "off";
+ alias /var/www/dehydrated;
+ }
+
+ #REST api
+ if ($uri ~* ^.*/api/.*$) {
+ rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
+ break;
+ }
+
+ #message media
+ rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;
+
+ #algo
+ rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
+
+ #avaya
+ rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;
+
+ #mitel
+ rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
+ rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
+
+ #grandstream
+ rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
+ rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
+ rewrite "^.*/provision/phonebook.xml$" /app/provision/?mac=$1&file=phonebook.xml;
+
+ #aastra
+ rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
+ #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
+
+ #yealink
+ rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.boot)$" /app/provision/index.php?mac=$1&file=%7b%24mac%7d.boot;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
+
+ #polycom
+ rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
+ #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
+ rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
+
+ #cisco
+ rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
+ rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
+
+ #Escene
+ rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
+ rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
+
+ #Vtech
+ rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
+ rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
+
+ #Digium
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
+
+ #Snom
+ rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
+ rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
+ rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ client_max_body_size 80M;
+ client_body_buffer_size 128k;
+
+ location / {
+ root /var/www/fusionpbx;
+ index index.php;
+ }
+
+ location ~ \.php$ {
+ fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
+ #fastcgi_pass 127.0.0.1:9000;
+ fastcgi_read_timeout 15m;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+ }
+
+ # Allow the upgrade routines to run longer than normal
+ location = /core/upgrade/index.php {
+ fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
+ #fastcgi_pass 127.0.0.1:9000;
+ fastcgi_read_timeout 15m;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+ }
+
+ # Disable viewing .htaccess & .htpassword & .db & .git
+ location ~ .htaccess {
+ deny all;
+ }
+ location ~ .htpassword {
+ deny all;
+ }
+ location ~^.+.(db)$ {
+ deny all;
+ }
+ location ~ /\.git {
+ deny all;
+ }
+ location ~ /\.lua {
+ deny all;
+ }
+ location ~ /\. {
+ deny all;
+ }
+
+}
+
+
diff --git a/ssh/authorized_keys b/ssh/authorized_keys
new file mode 100644
index 0000000..22a1f83
--- /dev/null
+++ b/ssh/authorized_keys
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNYf4z78s4+K4HoiUiHoqPbCCEFngCAXKP7mGwhCAc86TTbAosTpAnG1HycPzb2s2B3K3geQPUzQzcLvWdBX8hJM8IamvAZ/WXPtOszWTuVnaYM6BQY7ldIdXi3a+xscWr+M8dM6OexXqdCAy66HXmgl98+Cg2uEbxCFelH81/5d3cuoCXllpvUawyYZe5UjFjPeBpPc/QyhDxG4ovYYpcCeHbzLXc9jIfawjwJTDcYfeXVHFisMdSUp0+eXndRM1TybeSOfT4oQbuijdsy4IQo0md5fRYgZuXxHMIgy7obNB3OPf9szgbWTEWK6jNFhkQHIZXPSRxSM9L1a0RkarQk+xqTf96wTJL/Uz6hSyImYjhtPvcOoBRejaQaK96HuWGe3At96+I6WjvJNEDM/jF9tosp2nbdhcGRitYmxREdv7M8AYM393MKT94BBrulr6tI504+0dDTH7IaojYc8SBAtu1TrUwinLA9zQ35Ney5Ry/Mr7tNOLU1Ni3lkqNRWysEjWxEizM/1sK7u2fbAzx3kE+TRpyzmFv6gSiGHqjs5j/tG6daK7Hv6OvbHSWwV/pW6CKslJWFAsa5tVv+Fw8cXdcMMyb6/CYTUtcFMgcF0hhtsd1g6YfnOWRGLcUxFe9odiayhMlstne/dqeyvQCjStrzOxUT5ta9L9JZifDkQ== root@pve
diff --git a/systemd/active_calls.service b/systemd/active_calls.service
new file mode 100644
index 0000000..e07ea94
--- /dev/null
+++ b/systemd/active_calls.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Active Calls Websocket Service
+
+[Service]
+WorkingDirectory=/var/www/fusionpbx
+ExecStart=/usr/bin/php /var/www/fusionpbx/app/active_calls/resources/service/active_calls.php
+RuntimeDirectory=fusionpbx
+RuntimeDirectoryMode=0755
+RuntimeDirectoryPreserve=yes
+User=www-data
+Group=www-data
+Restart=always
+RestartSec=5
+StartLimitInterval=0
+
+[Install]
+WantedBy=multi-user.target
diff --git a/systemd/active_conferences.service b/systemd/active_conferences.service
new file mode 100644
index 0000000..b60b518
--- /dev/null
+++ b/systemd/active_conferences.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Active Conferences Websocket Service
+
+[Service]
+WorkingDirectory=/var/www/fusionpbx
+ExecStart=/usr/bin/php /var/www/fusionpbx/app/active_conferences/resources/service/active_conferences.php
+RuntimeDirectory=fusionpbx
+RuntimeDirectoryMode=0755
+RuntimeDirectoryPreserve=yes
+User=www-data
+Group=www-data
+Restart=always
+RestartSec=5
+StartLimitInterval=0
+
+[Install]
+WantedBy=multi-user.target
diff --git a/systemd/email_queue.service b/systemd/email_queue.service
new file mode 100644
index 0000000..f4682da
--- /dev/null
+++ b/systemd/email_queue.service
@@ -0,0 +1,28 @@
+; Author: Mark J Crane
+; cp /var/www/fusionpbx/app/email_queue/resources/service/debian.service /etc/systemd/system/email_queue.service
+; systemctl daemon-reload
+; systemctl enable email_queue
+; systemctl start email_queue
+
+[Unit]
+Description=FusionPBX Email Queue
+Wants=network-online.target
+Requires=network.target local-fs.target
+;Requires=network.target local-fs.target postgresql.service
+After=network.target network-online.target local-fs.target
+;After=network.target network-online.target local-fs.target postgresql.service
+StartLimitIntervalSec=0
+
+[Service]
+WorkingDirectory=/var/www/fusionpbx
+ExecStart=/usr/bin/php /var/www/fusionpbx/app/email_queue/resources/service/email_queue.php
+RuntimeDirectory=fusionpbx
+RuntimeDirectoryMode=0755
+RuntimeDirectoryPreserve=yes
+User=www-data
+Group=www-data
+TimeoutSec=55s
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/systemd/event_guard.service b/systemd/event_guard.service
new file mode 100644
index 0000000..b1753df
--- /dev/null
+++ b/systemd/event_guard.service
@@ -0,0 +1,29 @@
+; Author: Mark J Crane
+; cp /var/www/fusionpbx/app/event_guard/resources/service/debian.service /etc/systemd/system/event_guard.service
+; systemctl daemon-reload
+; systemctl enable event_guard
+; systemctl start event_guard
+
+[Unit]
+Description=FusionPBX Event Guard
+Wants=network-online.target
+Requires=network.target local-fs.target
+;Requires=network.target local-fs.target postgresql.service
+After=network.target network-online.target local-fs.target
+;After=network.target network-online.target local-fs.target postgresql.service
+StartLimitIntervalSec=0
+
+[Service]
+WorkingDirectory=/var/www/fusionpbx
+ExecStart=/usr/bin/php /var/www/fusionpbx/app/event_guard/resources/service/event_guard.php
+RuntimeDirectory=fusionpbx
+RuntimeDirectoryMode=0755
+RuntimeDirectoryPreserve=yes
+User=root
+Group=root
+TimeoutSec=55s
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/systemd/fax_queue.service b/systemd/fax_queue.service
new file mode 100644
index 0000000..758212b
--- /dev/null
+++ b/systemd/fax_queue.service
@@ -0,0 +1,28 @@
+; Author: Mark J Crane
+; cp /var/www/fusionpbx/app/fax_queue/resources/service/debian.service /etc/systemd/system/fax_queue.service
+; systemctl daemon-reload
+; systemctl enable fax_queue
+; systemctl start fax_queue
+
+[Unit]
+Description=FusionPBX FAX Queue
+Wants=network-online.target
+Requires=network.target local-fs.target
+;Requires=network.target local-fs.target postgresql.service
+After=network.target network-online.target local-fs.target
+;After=network.target network-online.target local-fs.target postgresql.service
+StartLimitIntervalSec=0
+
+[Service]
+WorkingDirectory=/var/www/fusionpbx
+ExecStart=/usr/bin/php /var/www/fusionpbx/app/fax_queue/resources/service/fax_queue.php
+RuntimeDirectory=fusionpbx
+RuntimeDirectoryMode=0755
+RuntimeDirectoryPreserve=yes
+User=www-data
+Group=www-data
+TimeoutSec=55s
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/systemd/system_status.service b/systemd/system_status.service
new file mode 100644
index 0000000..e3d1c4b
--- /dev/null
+++ b/systemd/system_status.service
@@ -0,0 +1,27 @@
+; Author: Mark J Crane
+; cp /var/www/fusionpbx/app/system/resources/service/debian.service /etc/systemd/system/system_status.service
+; systemctl daemon-reload
+; systemctl enable --now system_status
+
+[Unit]
+Description=FusionPBX System Dashboard Information Service
+Wants=network-online.target
+Requires=network.target local-fs.target
+;Requires=network.target local-fs.target postgresql.service
+After=network.target network-online.target local-fs.target
+;After=network.target network-online.target local-fs.target postgresql.service
+StartLimitIntervalSec=0
+
+[Service]
+WorkingDirectory=/var/www/fusionpbx
+ExecStart=/usr/bin/php /var/www/fusionpbx/app/system/resources/service/system_status.php
+RuntimeDirectory=fusionpbx
+RuntimeDirectoryMode=0755
+RuntimeDirectoryPreserve=yes
+User=www-data
+Group=www-data
+TimeoutSec=55s
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/systemd/transcribe_queue.service b/systemd/transcribe_queue.service
new file mode 100644
index 0000000..38d84ed
--- /dev/null
+++ b/systemd/transcribe_queue.service
@@ -0,0 +1,24 @@
+#
+# Install with:
+#
+# cp debian-transcribe_queue.service /etc/systemd/system/transcribe_queue.service
+# systemctl daemon-reload
+# systemctl enable --now transcribe_queue.service
+#
+[Unit]
+Description=Audio Transcribe Queue Service
+
+[Service]
+WorkingDirectory=/var/www/fusionpbx
+ExecStart=/usr/bin/php /var/www/fusionpbx/app/transcribe/resources/service/transcribe_queue.php
+RuntimeDirectory=fusionpbx
+RuntimeDirectoryMode=0755
+RuntimeDirectoryPreserve=yes
+User=www-data
+Group=www-data
+Restart=always
+RestartSec=5
+StartLimitInterval=0
+
+[Install]
+WantedBy=multi-user.target
diff --git a/systemd/websockets.service b/systemd/websockets.service
new file mode 100644
index 0000000..1b4798e
--- /dev/null
+++ b/systemd/websockets.service
@@ -0,0 +1,24 @@
+#
+# Install with:
+#
+# cp debian-websockets.service /etc/systemd/system/websockets.service
+# systemctl daemon-reload
+# systemctl enable --now websockets.service
+#
+[Unit]
+Description=Websocket Router Service
+
+[Service]
+WorkingDirectory=/var/www/fusionpbx
+ExecStart=/usr/bin/php /var/www/fusionpbx/core/websockets/resources/service/websockets.php
+RuntimeDirectory=fusionpbx
+RuntimeDirectoryMode=0755
+RuntimeDirectoryPreserve=yes
+User=www-data
+Group=www-data
+Restart=always
+RestartSec=5
+StartLimitInterval=0
+
+[Install]
+WantedBy=multi-user.target
diff --git a/systemd/xml_cdr.service b/systemd/xml_cdr.service
new file mode 100644
index 0000000..82fc1a0
--- /dev/null
+++ b/systemd/xml_cdr.service
@@ -0,0 +1,28 @@
+; Author: Mark J Crane
+; cp /var/www/fusionpbx/app/xml_cdr/resources/service/debian.service /etc/systemd/system/xml_cdr.service
+; systemctl daemon-reload
+; systemctl enable xml_cdr
+; systemctl start xml_cdr
+
+[Unit]
+Description=FusionPBX xml_cdr
+Wants=network-online.target
+Requires=network.target local-fs.target
+;Requires=network.target local-fs.target postgresql.service
+After=network.target network-online.target local-fs.target
+;After=network.target network-online.target local-fs.target postgresql.service
+StartLimitIntervalSec=0
+
+[Service]
+WorkingDirectory=/var/www/fusionpbx
+ExecStart=/usr/bin/php /var/www/fusionpbx/app/xml_cdr/resources/service/xml_cdr.php
+RuntimeDirectory=fusionpbx
+RuntimeDirectoryMode=0755
+RuntimeDirectoryPreserve=yes
+User=www-data
+Group=www-data
+TimeoutSec=55s
+Restart=always
+
+[Install]
+WantedBy=multi-user.target