--- name: fusionpbx-backup description: "FusionPBX (134.209.72.226) config backup to GitHub — weekly cron, restore wizard, PostgreSQL dump, full rebuild guide" metadata: node_type: memory type: project originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9 --- GitHub repo `myronblair/fusionpbx-config` (private) — PostgreSQL DB dump + FreeSWITCH configs + full rebuild guide. **Why:** FusionPBX stores ALL config in PostgreSQL — extensions, dialplans, SIP gateways, IVR, ring groups, devices, voicemail, users. The DB dump IS the backup. **How to apply:** Reference when discussing FusionPBX DR, the backup cron, or if the server needs to be rebuilt. See [[fusionpbx-freeswitch-setup]] for full FusionPBX operational config. ## SSH Access (critical — port 22 firewalled from internet) Only accessible from: 107.178.2.130 (FortiGate home) and 97.154.109.245 (FortiGate secondary). **From anywhere else, relay through DO:** ```bash sshpass -p 'Gonewalk1974!@#' ssh -o StrictHostKeyChecking=no root@165.22.1.228 \ 'sshpass -p "Joker1974!@#" ssh -o StrictHostKeyChecking=no root@134.209.72.226 "command"' ``` ## Repo Structure - `database/fusionpbx.sql.gz` — Full PostgreSQL dump (gzip compressed; 306MB raw → ~29MB) - `database/postgres_globals.sql` — PostgreSQL roles/passwords - `freeswitch/` — vars.xml, freeswitch.xml, extensions.conf, sip_profiles/, autoload_configs/ - `fusionpbx-app/config.php` — DB credentials for FusionPBX web app - `nginx/fusionpbx.conf` — nginx config (includes provisioning URL rewrites) - `fail2ban/` — jail.local (trusted IPs: 107.178.2.130, 97.154.109.245) - `network/` — netplan 50-cloud-init.yaml, hosts, hostname - `systemd/` — 9 FusionPBX service units (active_calls, email_queue, event_guard, etc.) - `ssh/authorized_keys` - `recordings/` — call recordings (~4KB currently) ## Schedule Weekly Sunday 5am: `0 5 * * 0 /usr/local/bin/fusionpbx-backup >> /var/log/fusionpbx-backup.log 2>&1` ## Manual trigger `/usr/local/bin/fusionpbx-backup` on the fusion server (or via DO relay) ## What's NOT backed up - SSL certs — re-issue: `certbot --nginx -d fusion.orbishosting.com` - FusionPBX web app `/var/www/fusionpbx/` — reinstalled by official installer - FreeSWITCH binary — installed by FusionPBX installer - Voicemail audio files — small, not critical ## Full Rebuild Flow (30–45 min) ### 1. New Debian 12 droplet Create fresh DO droplet, same region. SSH in (relay via DO if needed). ### 2. Clone repo and run restore ```bash apt update && apt install -y git git clone https://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@github.com/myronblair/fusionpbx-config.git /opt/fusionpbx-config bash /opt/fusionpbx-config/restore.sh ``` ### 3. Restore script phases (interactive) 1. SSH authorized_keys + hostname 2. Run FusionPBX official installer (separate terminal, ~10-15 min): `wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/debian/install.sh | bash` → When asked for domain: `fusion.orbishosting.com` 3. **Critical: PostgreSQL restore** — stops all services, drops+recreates DB, restores from `.sql.gz` 4. FreeSWITCH config files 5. FusionPBX app config.php (DB credentials) 6. nginx config 7. fail2ban 8. Recordings 9. Backup script + cron 10. SSL (manual: `certbot --nginx -d fusion.orbishosting.com`) ### 4. Post-restore checks - Update fail2ban trusted IPs if FortiGate IP changed - Update Yealink provisioning URL if server IP changed (was 134.209.72.226) - Verify SignalWire trunk: FusionPBX → Accounts → Gateways - Delete Sofia XML cache: `rm /var/cache/fusionpbx/FusionPBX.configuration.sofia.conf` - Test ext 1000 (Myron Yealink T48S at 10.48.200.43) - Test ext 1001 (Tommy) - Test IVR 900 ## Key Credentials | Item | Value | |------|-------| | FusionPBX web | https://fusion.orbishosting.com (admin / fY7XP5swgtpbzrYLhkeVYkA4744) | | Root SSH | root / Joker1974!@# | | PostgreSQL | fusionpbx database, user fusionpbx | | Relay DO server | root@165.22.1.228 / Gonewalk1974!@# | ## Architecture Notes - FusionPBX uses Lua XML handler — FreeSWITCH queries PostgreSQL via PHP/Lua for all routing. Static XML config in `/etc/freeswitch/` is mostly skeleton. - SignalWire SIP trunk uses `transport=udp` — TCP caused re-INVITE issues (gateway External URI must end in `;transport=udp`) - Ext 1000 (Yealink T48S) registers from behind FortiGate on port 5080 with `aggressive-nat-detection=true` - FusionPBX cache at `/var/cache/fusionpbx/FusionPBX.configuration.sofia.conf` — delete to force full Sofia reload ## PostgreSQL Dump Size Note 306MB uncompressed, 29MB gzipped. Exceeds GitHub's 100MB limit uncompressed. Must use gzip (`pg_dump | gzip > fusionpbx.sql.gz`). Restore.sh handles both `.sql.gz` (zcat) and plain `.sql` formats.