FreePBX 17 Cloud VM Specs, host choices, & firewalls

This is a 3 part discussion, so if this topic needs split, ok.

Part 1: I have a few FPBX VMs running. Mainly in Vultr. Vultr has been great over the years, and I see no reason to switch. But in testing with FreePBX17, and the reported performance improvements, it made me re-evaluate my setup. Currently, on the PBXs on Vultr, I run the $10 plan which has 1 CPU and 2 GB RAM. This is plenty for the workloads on these PBXs. I know quite a few of you on here run PBXs (of smaller extension count/concurrent calls) on the $5 plan, which only has 1 GB RAM. When moving to FPBX17, I am considering changing over to the $5. Has anyone had any issues with this only having 1 GB RAM? I assume a swap file of 1 GB could do wonders here. On some of the PBXs, I would be doing call recordings.

Part 2: As stated, I use Vultr. I notice that Azure has an option (Standard B1s (1 vcpu, 1 GiB memory). If you do a 1 year reserved instance on this, the price goes down to a little under $5/month in the US East region. I spun up a test box with a public IP as a test and nothing immediately made me think this wouldn’t work. Could I be missing something in the pricing that I’m not thinking of? Are there any “gotchas” when using Azure for this type of workload? I have seen other people on here use Azure for this workload, but I haven’t used it personally for this. Just Windows workloads. Any insight/tips would be appreciated here.

Part 3: Firewalls - Again, on the Vultr workloads, I do not use the Vultr firewall product in front of the PBXs. I simply use the integrated firewalls on FreePBX. It works fine. Is there any benefit to using the Vultr firewall in front? I use it for other workloads, and it is quite basic, but is there any added benefit to using it?

Thanks in advance for the discussion.

Anyone? :slight_smile:

Server spec fully depends on your usage. The lowest regular compute $5/month instance in Vultr can handle 20 concurrent calls (at least) based on my testing. Need more disk space for call recordings? Add block storage. I haven’t seen memory really be an issue for standard installations, however that may change if you install other software on top of FreePBX.

Digital Ocean at least allows you to dynamically resize your ‘instance’ on-the-fly to suit your load

Great. Thanks for the feedback. A fresh install of FPBX17, with a lot of unnecessary modules uninstalled, and a few extensions registered and 1 call (with recording) sits at about 480-550 MB RAM utilization. Does that align with what you see as well?

Vultr does the same, as you know. I’ve never experimented with DO. Hopefully Vultr doesn’t give me a reason to in the future.

Yeah that’s normal. You shouldn’t have any issues with the $5/month instance. Just add block storage for call recording whenever you need to.

@dicko Any feedback or suggestions on the provider firewall?

Perfect. Yeah, their block storage option is great, and very affordable.

It’s been a while since Vultr gave me a solid reason not to go back there :wink: but I found the DO api easier to ‘script’ such size changes automatically.

As to firewalls, I only allow URI based secure connections, these are passed through haproxy which has acme.sh managing all the certificates, any non URI connections are silently dropped so ultimately there is little need for many firewall rules apart from perhaps some recalcitrant VSP that only do UDP/5060

I’ve been toying with this idea as well, but haven’t looked at HAProxy. I’ve been looking into Kamailio instead.

Haproxy can filter any tcp or htp/https connection but is not a SIP proxy, kaimalio can’t protect your UCP/provisioning/admin/ssh/mail connections but is my proxy of choice for SIP.

Together you will have ‘good stuff’ way past any current ‘distro’ and will need a minimal firewall if any, (waiting for challenges . . . . :wink: )

1 Like