# FusionPBX Config Backup & Restore Weekly backup of the FusionPBX/FreeSWITCH PBX server (`fusion`, 134.209.72.226). Debian 12, FreeSWITCH, FusionPBX, PostgreSQL 18, nginx, PHP 8.2. --- ## Critical: The Database IS the Config FusionPBX stores **everything** in PostgreSQL (`fusionpbx` database): - Extensions, voicemail boxes, passwords - Dialplans and call routing - SIP gateways (SignalWire trunk) - IVR menus - Ring groups - Device provisioning (Yealink T48S settings) - Users and permissions - Call recordings index The `database/fusionpbx.sql` dump in this repo is the heart of the backup. --- ## What's Backed Up | Directory | Source | Contents | |-----------|--------|----------| | `database/` | `pg_dump fusionpbx \| gzip` | Complete FusionPBX database (gzip compressed) — extensions, dialplans, SIP, IVR, everything | | `database/postgres_globals.sql` | `pg_dumpall --globals` | PostgreSQL roles and passwords | | `freeswitch/` | `/etc/freeswitch/` | vars.xml, sip_profiles, key autoload configs | | `fusionpbx-app/` | `/var/www/fusionpbx/resources/` | config.php (DB credentials) | | `nginx/` | `/etc/nginx/sites-enabled/` | fusionpbx nginx config (incl. all provisioning URL rewrites) | | `fail2ban/` | `/etc/fail2ban/` | jail.local (trusted IPs: 107.178.2.130, 97.154.109.245) | | `network/` | `/etc/netplan/` | 50-cloud-init.yaml, hosts, hostname | | `systemd/` | `/etc/systemd/system/` | All FusionPBX service units | | `ssh/` | `/root/.ssh/` | authorized_keys | | `recordings/` | `/var/lib/freeswitch/recordings/` | Call recordings (~3.7MB) | **Backup schedule:** Every Sunday at 5:00 AM **Log:** `/var/log/fusionpbx-backup.log` **Manual trigger:** `/usr/local/bin/fusionpbx-backup` --- ## SSH Access — Important Port 22 is **firewalled** from the internet. Only accessible from: - `107.178.2.130` (your home FortiGate external IP) - `97.154.109.245` (FortiGate secondary) **From anywhere else, relay through DO:** ```bash ssh root@165.22.1.228 # DO server (always accessible) ssh root@134.209.72.226 # then hop to FusionPBX ``` --- ## Disaster Recovery — Full Rebuild **Estimated time: 30–45 minutes** ### Step 1 — New Debian 12 Droplet Create a fresh Debian 12 droplet on DigitalOcean, same region as original. Get SSH access, then relay via the DO server if needed. ### Step 2 — Clone this repo and run restore ```bash apt update && apt install -y git git clone https://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@github.com/myronblair/fusionpbx-config.git /opt/fusionpbx-config bash /opt/fusionpbx-config/restore.sh ``` The restore script walks through all phases interactively. ### Step 3 — Update fail2ban trusted IPs if FortiGate IP changed The FortiGate DDNS (`orbisne.fortiddns.com`) resolves to your home IP. If your external IP changed, update `fail2ban/jail.local`: ``` ignoreip = 127.0.0.1/8 ::1 97.154.109.245 ``` ### Step 4 — Update Yealink provisioning URL if server IP changed If the new droplet has a different IP, update the Yealink T48S provisioning: ``` Old URL: http://134.209.72.226/app/provision/?mac={mac} New URL: http:///app/provision/?mac={mac} ``` Set via Yealink web UI or FusionPBX → Apps → Provision → Devices. --- ## PBX Quick Reference | Item | Value | |------|-------| | FusionPBX web | https://fusion.orbishosting.com | | Admin login | admin / fY7XP5swgtpbzrYLhkeVYkA4744 | | Root SSH | root / Joker1974!@# | | PostgreSQL DB | fusionpbx (user: fusionpbx) | | FreeSWITCH CLI | `fs_cli` | | SIP trunk | SignalWire (mod_signalwire) | | SIP profile | Use `internal` profile on port 5060 | | NAT setting | `aggressive-nat-detection=true` | ## Extensions | Ext | Name | Device | Location | |-----|------|--------|----------| | 1000 | Myron | Yealink T48S | 10.48.200.43 (FortiGate LAN) | | 1001 | Tommy | Softphone | Remote | | 1002 | (spare) | — | — | | 900 | IVR | Main number auto-attendant | — | ## Key Commands ```bash # FreeSWITCH CLI fs_cli # Inside fs_cli: sofia status # show SIP profiles sofia status gateway # show gateway registrations show registrations # show registered extensions reload mod_sofia # reload SIP after config change reloadxml # reload dialplan XML # Force FusionPBX to regenerate FreeSWITCH XML cache rm /var/cache/fusionpbx/FusionPBX.configuration.sofia.conf systemctl restart freeswitch # Check all FusionPBX services systemctl status active_calls active_conferences email_queue event_guard \ fax_queue system_status transcribe_queue websockets xml_cdr # Logs journalctl -u freeswitch -f tail -f /var/log/freeswitch/freeswitch.log tail -f /var/log/nginx/access.log ``` --- ## What Is NOT Backed Up | Item | Notes | |------|-------| | SSL certs | `/etc/letsencrypt/` — re-issue: `certbot --nginx -d fusion.orbishosting.com` | | FusionPBX web app | `/var/www/fusionpbx/` — reinstalled by official installer | | FreeSWITCH binary | Installed by FusionPBX installer | | Voicemail audio files | `/var/lib/freeswitch/storage/voicemail/` — small, not critical | --- ## Architecture Notes - FusionPBX uses a **Lua XML handler** — FreeSWITCH queries PostgreSQL via PHP/Lua for all routing decisions. No static XML dialplan files in production. - **SignalWire** SIP trunk uses `transport=udp` — critical, TCP caused re-INVITE issues. - **ext 1000 (Yealink T48S)** registers from behind FortiGate using `aggressive-nat-detection=true` on port 5080 to bypass SIP ALG. - **FusionPBX cache**: `/var/cache/fusionpbx/FusionPBX.configuration.sofia.conf` — delete this file to force a full Sofia reload after changes.