Freepbx in a data center

rwslippey · January 18, 2018, 4:58am

I’ve got a FreePBX box running here at home that powers my small business’s phones. It’s been working great but I’ve got to pull the server it’s running on down soon, well I hope anyways. We’re hopefully moving (home based business) and I don’t foresee having time to get it online somewhere else, then move it again, etc.

I’ve also been thinking of moving this particular server off-site due to cost. I believe it’d be more cost effective to just run the server at a datacenter vs powering it at home, but I digress.

My questions are: Are there any special circumstances to be concerned with regarding running FreePBX on say Digital ocean or Vultr (I’m installing on Vultr right now because I couldn’t find a way to upload an ISO to DO)

Security is a concern being the server is directly on the web (I’d assume, never picked apart a data center before) Should I be worried about security for the phones or security for the web administration and user control panel? What would be a good way to be secure about this hosting?

Any suggestions or guidance?

Edit: Think a small system (think 3 lines and a single truck and maybe 2 calls at once) would work ok on a 1GB VM? Should I spring for the higher plan?

Thanks

lgaetz · January 18, 2018, 1:27pm

The FreePBX firewall does everything you need here. You can configure it to block access to all services by default, and then whitelist IPs for whomever needs access.

rwslippey · January 19, 2018, 2:56am

Thanks for the reply.

I finally got things sort of configured. My main issues were https (which turned out to be a config issue on my A record… typos right?) So I’ve https enabled, I changed the HTTP ports to non-standard ports just so I won’t be lazy and use them.

Now I’ve the built in firewall confgiured and I changed the sip signalling port to a non-standard. Is this really enough?

Thanks

rwslippey · January 19, 2018, 3:17am

Think I’m missing something on how to reject all traffic.

How would I add a reject rule to the firewall? I see how to add trusted networks, although my home’s DDNS isn’t being picked up right for some reason.

thanks again

lgaetz · January 19, 2018, 11:54am

Firewall is deny by default. In the normal basic setup, you set your interface to the “Internet” zone, and any inbound traffic on that interface will only be able to reach services zoned as internet unless it has been specifically white listed in the “Networks” tab.

rwslippey · January 19, 2018, 3:22pm

ah, ok that makes sense.

Think I’m good here then.

Thanks again

mitterhuemer · January 21, 2018, 6:45pm

We host dozens of SNG7 Setups in a Data Center.

We use KVM machines with 2GB Ram and 2 Cores.

This works pretty good.

For Security Reasons i recommend you to make a backup from time to time and save it to your local Storage at home. I do this with Veeam Agent for Linux (it is Free)

snazir · January 22, 2018, 11:34am

You don’t need for third part backup software if you are using KVM Virsh
just you can run snapshot command and you can make your server backup easy way.

virsh snapshot-create-as --domain {VM-NAME} --name “{SNAPSHOT-NAME}”

virsh snapshot-list --domain

mitterhuemer · January 24, 2018, 12:08pm

Would be the easy way if i also have access to the host system. We just rent the virtual machines and do not have access to the KVM host system.

We can decide between paying the datacenter some money for making a snapshot or else we use our own snapshot backup Solution.
Veeam is free and works well. Also E-Mail notifications work if something goes wrong.

system · January 24, 2019, 12:08pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.