mirror of
https://github.com/myronblair/infra
synced 2026-06-30 17:50:10 -05:00
Add Claude Code AI memory files
AI context/memory from Claude Code sessions covering all infrastructure: JARVIS, NovaCPX, DO sites, Proxmox, FusionPBX, MediaStack, and project feedback/preferences.
This commit is contained in:
@@ -0,0 +1,103 @@
|
||||
---
|
||||
name: fusionpbx-freeswitch-setup
|
||||
description: FusionPBX on DO 134.209.72.226; Yealink T48S ext 1000/1001/1002; SignalWire SIP trunk; inbound routing; provisioning
|
||||
metadata:
|
||||
node_type: memory
|
||||
type: project
|
||||
originSessionId: 84bfb029-16a6-4be4-aca0-308e896c1219
|
||||
---
|
||||
|
||||
FusionPBX (FreeSWITCH) PBX on DigitalOcean 134.209.72.226.
|
||||
**SSH:** root / Joker1974!@# (must proxy via 165.22.1.228 — direct SSH blocked)
|
||||
**FusionPBX web:** https://fusion.orbishosting.com (admin / fY7XP5swgtpbzrYLhkeVYkA4744)
|
||||
**DB:** fusionpbx user / pSJaF9mUJqPr4Sj5mwJyRqvCCpc, host 127.0.0.1
|
||||
**Domain:** `134.209.72.226` (uuid: de6d867b-54d2-43f4-b1ed-8fd66803acac) — all devices under this domain
|
||||
|
||||
## SIP Profile
|
||||
Only `external` profile running (port 5080, UDP+TCP). No internal profile.
|
||||
Phones register on external profile — non-standard but working.
|
||||
Key settings (2026-06-02):
|
||||
- `auth-calls = true`
|
||||
- `apply-inbound-acl = providers`
|
||||
- `proxy-media = true` (fixes NAT audio issues)
|
||||
- `aggressive-nat-detection = true`, `NDLB-force-rport = true`
|
||||
- `minimum-session-expires = 300`
|
||||
|
||||
**Warning:** Every `sofia profile external restart` drops all phone registrations. Prefer `reloadxml` + `reloadacl` where possible.
|
||||
|
||||
## Extensions
|
||||
- 1000: Myron Blair — Yealink T48S at 10.48.200.2, MAC 80:5e:c0:35:04:77, password `Xk9mPw3nQv7rLs2t`
|
||||
- 1001: Tommy Ivy — Yealink T48S at 10.48.200.43, password `Tv8xNm4pWq6rZs3k`
|
||||
- 1002: Home — Yealink AX86R at 10.48.200.65, password `yXHaJTwa8rj?$GkrVFQB`
|
||||
|
||||
**1001 short registration:** Registers with ~120s expiry. Causes brief unavailability during re-reg. Fix properly by setting registration expiry to 3600s on the phone itself.
|
||||
|
||||
## Phones NAT
|
||||
All phones come from FortiGate NAT IP **97.247.128.120** (updated 2026-06-17, was 97.154.109.245). This IP is in the `providers` ACL — required for both inbound call routing AND outbound calls from phones.
|
||||
|
||||
## providers ACL (v_access_controls uuid: 47da18a2-6085-4740-a316-6d1bce8240b5)
|
||||
Contains: all SignalWire IP ranges (172.110.216.0/21 + individual IPs) + 97.247.128.120 (FortiGate/phones).
|
||||
|
||||
## SignalWire Gateway
|
||||
- FusionPBX gateway name: `signalwire`, profile: `external`
|
||||
- Username: `fusion@orbis-hosting-0364f5f67488.sip.signalwire.com`
|
||||
- `register = false` (IP-based auth), state NOREG / status UP = correct
|
||||
|
||||
**CRITICAL — transport=udp required:**
|
||||
SignalWire SIP Gateway External URI MUST be:
|
||||
`sip:18177645007@134.209.72.226:5080;transport=udp`
|
||||
Without `;transport=udp`, SignalWire uses TCP from 152.42.144.114 / 159.65.244.171 which FreeSWITCH silently drops (no log entry, no response). Only UDP from 172.110.223.179 works. 20/22 calls failed before this fix.
|
||||
|
||||
## Inbound Call Routing (DID: +18177645007)
|
||||
SignalWire sends caller's number as Request-URI destination (not the DID) even with SIP Gateway configured. Single-mode Lua handler can't match this to v_destinations → falls to not-found.
|
||||
|
||||
**Fix:** Global catch-all dialplan:
|
||||
- Name: `signalwire-inbound`, context: `public`, order: 100, domain_uuid: NULL
|
||||
- Expression: `^.*$` → `transfer 900 XML 134.209.72.226`
|
||||
- If deleted, calls fall through to not-found (404)
|
||||
|
||||
Public dialplan order:
|
||||
1. caller-details (10, global, continue=true)
|
||||
2. signalwire-inbound (100, global) → IVR 900
|
||||
3. 18177645007 (100, domain-specific, expression ^(.*)$) → linked via v_destinations
|
||||
4. not-found (999, global)
|
||||
|
||||
## IVR
|
||||
- Extension 900: active IVR, greeting: `ivr_menu_16k.wav`
|
||||
- Extension 800: old FIFO queue (disabled)
|
||||
- IVR dialplan in domain context 134.209.72.226, name "IVR", matches `^900$`
|
||||
|
||||
## Yealink Provisioning
|
||||
URL: `https://fusion.orbishosting.com/app/provision/`
|
||||
Boot file: `{mac}.boot`, model cfg: `y000000000065.cfg`, device cfg: `{mac}.cfg`
|
||||
Yealink web login uses textbook RSA (no padding): encrypt password with g_rsa_n/g_rsa_e from login page using `pow(m,e,n)`.
|
||||
**Web lockout:** Multiple failed logins lock the web UI for several minutes.
|
||||
Provision trigger: `GET /servlet?p=autoprovision-cfg&q=autoprovision`
|
||||
Reboot API: `POST /servlet?p=reboot&q=reboot` (empty body)
|
||||
|
||||
**2026-06-02 issue:** `yealink_firmware_t48s = t48s-66.81.0.110.rom` in v_default_settings caused phone to get stuck downloading non-existent firmware. Fixed by disabling that setting (enabled=false). Phone 1000 (10.48.200.2) had its config reset during this process.
|
||||
|
||||
**Ext 1000 recovery:** If 1000 not registering — go to phone screen: Menu → Settings → Advanced → admin → Accounts → Account 1:
|
||||
server `134.209.72.226`, port `5080`, auth/user `1000`, password `Xk9mPw3nQv7rLs2t`
|
||||
|
||||
## Key Commands
|
||||
```bash
|
||||
# Reload ACL without restart
|
||||
fs_cli -x "reloadacl"
|
||||
# Reload dialplan/XML config
|
||||
fs_cli -x "reloadxml"
|
||||
# Restart external profile (drops registrations — avoid)
|
||||
fs_cli -x "sofia profile external restart"
|
||||
# Check registrations
|
||||
fs_cli -x "sofia status profile external reg"
|
||||
# Check gateway
|
||||
fs_cli -x "sofia xmlstatus gateway"
|
||||
# Clear dialplan cache
|
||||
rm -f /var/cache/fusionpbx/dialplan.public.*
|
||||
# Clear sofia profile cache
|
||||
rm -f /var/cache/fusionpbx/fusion.configuration.sofia.conf
|
||||
```
|
||||
|
||||
## fail2ban Whitelist
|
||||
- 107.178.2.130 (office), 97.247.128.120 (home WAN — updated 2026-06-17, was 97.154.109.245)
|
||||
- sip-auth-ip iptables chain — can get the FortiGate IP blocked; check with `iptables -L sip-auth-ip -n`
|
||||
Reference in New Issue
Block a user