Description of MikoPBX and the sections you can find in the documentation. Introduction to the documentation.
Foreword
Welcome to the MikoPBX documentation resource! Here you can find step-by-step instructions related to interacting with the MikoPBX PBX system. For your convenience, the documentation is organized into sections - just like in the web interface, making it very easy to navigate.
Thank you for choosing MikoPBX! ❤️
What is MikoPBX?
MikoPBX is a free telephony server with its own operating system and a simple, user-friendly web interface. It works with virtually any telephony technology in the world.
MikoPBX Interface
MikoPBX is a fully modular interface for Asterisk, written in PHP and JavaScript. This means that you can implement absolutely any additional Asterisk telephony functionality within MikoPBX. Moreover, if you develop a useful module, you can place it in the public repository and make it available to all MikoPBX users. Additionally, MikoPBX has very low hardware requirements:
Simultaneous Calls
Minimally Recommended Configuration
To get started, you should install MikoPBX using any method convenient for you. Below are installation options. By clicking on their names, you can access detailed articles:
Installation .
Installation .
Installation .
Installation in a
After installation, you can begin exploring your PBX system. The "User Guide" documentation will help you with this, providing detailed information about specific sections:
.
.
.
.
For additional help with getting started quickly, you can refer to .
If you have familiarized yourself with the basic setup and operation of MikoPBX, you can expand its functionality using modules.
Modules allow you to add extra features to your system. You can learn more about them step by step:
– here you'll find a detailed description of the registration process and its specifics.
– this section provides a detailed explanation of how to install and manage modules.
– in this section, you'll find detailed descriptions of each module, as well as steps for configuring and using them.
In this section, you can find answers to your questions and solutions that will help you expand the functionality of basic features. This section, like the main documentation, is divided into categories for easy navigation.
If you have a question that isn't covered here, you can seek assistance in the , where MikoPBX users help each other resolve issues and needs related to the PBX system.
Quick start
This guide provides detailed steps to get started with MikoPBX and helps you quickly configure the system.
Follow the step-by-step instructions in the order presented for a quick and successful system setup.
Installing MikoPBX
MikoPBX is a full-fledged operating system for your hardware; it is not a standalone application. It is provided as an image file (*.iso, *.img, *.raw).
Follow the link for your preferred installation method and proceed according to the provided instructions.
After installation, you need to access the MikoPBX web interface for further system configuration. To do this, find the PBX's IP address in the MikoPBX console:
In this example, the IP address is 192.168.0.203. To access the web interface, enter this IP address into your browser's address bar:
After the first login, the system will prompt you to change your password.
For stable PBX operation, you need to configure the network through the Network and Firewall → Network Interface section. Detailed instructions for these settings can be found .
In MikoPBX, all local subnets can be defined in the Network and Firewall → Firewall section. The firewall is intended to restrict access to the PBX based on traffic type and subnets. Follow the setup instructions .
Fail2Ban blocks IP addresses exhibiting unusual activity; it can reduce the rate of failed authentication attempts and helps protect your PBX from hacking. Instructions to help with the setup can be found .
After completing the initial PBX setup, you can proceed to create accounts for your employees. This will assist you.
After adding employees, you need to connect providers to your PBX. Instructions for this section can be found . Instructions with examples of configuring real providers can be found .
At this stage, you need to set routing rules for incoming and outgoing calls: how calls passing through a specific provider will be handled:
To create routing rules, you may also need the following features:
The Marketplace allows you to extend the system's standard functionality using modules:
You can read more about Modules in MikoPBX in .
Information on registering in the MikoPBX Marketplace can be found .
If the logs do not provide a username and password, use the default credentials:
Username: admin
Password: admin
Settings Within the Web Interface:
Network and Firewall Settings
Configuring Protection Against Hacking (Fail2Ban)
Adding and Configuring Employee Accounts
Connecting Providers
Setting Up Incoming and Outgoing Routing
Marketplace and Modules
This completes the basic setup of MikoPBX! For a deeper exploration of MikoPBX's capabilities, we recommend referring to the comprehensive documentation.
In this article you will find instructions on how to install MikoPBX using various cloud services.
MikoPBX supports installation via many cloud services. In this section you can find detailed instructions for them. Click on an item in the list below to go to the instruction for a specific virtual machine:
AWS
MikoPBX Installation Options Using AWS
The simplest way to install MikoPBX is by deploying a ready-made image from the AWS Marketplace. If you wish to launch a custom version of MikoPBX, please refer to the detailed instructions where we describe step-by-step how to create an AMI image from any MikoPBX distribution.
Detailed instruction on how to create an AMI image
AWS Marketplace
Instructions for installing a ready-made image from AWS Marketplace
AWS Terraform script
Installation instructions using Terraform (IaC)
Virtual Machine
In this article you will find instructions on how to install MikoPBX using various virtual machines.
MikoPBX supports installation using many virtual machines. In this section you can find detailed instructions for them. Click on an item in the list below to go to the instruction for a specific virtual machine:
Description of the first login to the MikoPBX web-interface
First login to the MikoPBX system
Go to the MikoPBX installation console, remember the IP address that your PBX received.
MikoPBX IP address for connecting to the WEB interface
Enter the received MikoPBX IP address in the web browser. The authorization page will be displayed. Log in using the default credentials:
Use the following default credentials for the first login to the MikoPBX web interface:
Username: admin
Password: admin
Authorization page in the web interface
After successful authorization, MikoPBX will automatically open the settings for changing the password:
First authorization in the MikoPBX WEB interface
For more information about the General Settings, see the section.
After changing the password, the system will be fully operational. It is recommended to immediately configure the firewall rules. You can read about how to do this by following the link.
System requirements
Discription of system requirements for the MikoPBX system
Network Channel Requirement
An example of calculating the required channel bandwidth for different codecs for 30 simultaneous calls. PBX supports the most popular codecs:
G.711 - 4.67 Mbps
GSM - 1.68 Mbps
G.722 - 4.67 Mbps
G.729 - 1.38 Mbps
800 Mb hard disk for the main system
A 50+ Gb hard drive for recording conversations
1 (2 cores) x86-64 processor
Google Cloud
MikoPBX Installation Guide using Google Cloud
Installing MikoPBX in Google Cloud can be done in two ways: using an image from the Google Cloud Marketplace or from an image based on a file uploaded from the MikoPBX distribution. The first method provides quick and easy deployment of the standard version of MikoPBX, while the second is suitable for intermediate releases.
Date and Time
In this subsection, you can configure the clock and calendar settings.
You need to set the time zone correctly to ensure accurate system time display. If the time zone is not set, notifications and call history will be recorded with incorrect timestamps.
To configure the time zone, go to the "System" section and select "Time Settings":
"Time Settings" section
There is an option to set the time "manually" without using an NTP server. However, whenever possible, we recommend using automatic time synchronization.
To manually set the time, toggle the switch "Adjust the time manually."
"Adjust the time manually" switch
Standalone Computer
In this article you will find instructions on how to install MikoPBX on a separate computer.
MikoPBX supports installation on a standalone computer. There are two installation methods:
Live USB — writing the image to a flash drive and then installing it onto another disk.
Bootable USB — installing the system directly onto the USB drive itself, allowing you to boot and run the system from it.
This section provides image writing instructions for all supported operating systems (Windows, MacOS, Linux).
Conferences
Creating and configuring conferences in MikoPBX
Conference calling is used for conducting group discussions, meetings, or negotiations in cases where participants are unable to meet in person. It is also used when a particular matter needs to be discussed with multiple participants simultaneously.
The list of conference rooms is located in the "Telephony" -> "Conferences section".
To create a new conference room, click the "Add conference".
You must specify the name of the conference and its internal number, by calling which you can enter this conference
To prevent unauthorized access to the conference by employees for whom the discussion is not intended, you can secure the conference room with a password. To do this, fill in the "
Sound files
Adding/Creating Audio Files in MikoPBX
Audio files in MikoPBX are used in various call scenarios and interactive voice menus (In IVR menu, during non-working hours, in call queues, for various system notifications, and in hold music.) to play voice greetings or notify customers.
The list of available sound files is displayed in the "Telephony" -> "Sound files".
To add a new sound file, click "Add a new sound file".
Click "Upload a new file" and select a sound file.
Telephony
Description of the MikoPBX telephony section
The "Telephony" chapter in the MikoPBX documentation contains detailed information and instructions related to setting up and using telephony in the system.
Extensions in MikoPBX are individual users of the system who are assigned internal numbers for making and receiving calls. They have personal accounts that allow you to configure access rights, call forwarding and other personal settings in the system.
In this article, you will find detailed documentation on adding new employees to the station, setting up their rights and profiles. In addition, information about their additional parameters.
Call queues in MikoPBX are a feature that allows you to distribute incoming calls between a group of operators, holding calls in a queue until an operator becomes available. This ensures efficient management of a large call flow and improves customer service.
Modules
Description of the Modules section in MikoPBX
The "Modules" section in MikoPBX is an interface for managing additional functional components of the system, which includes two subsections: "Module Management" and "Dialplan Applications".
Managing these subsections allows you to configure MikoPBX as flexibly and efficiently as possible, expanding the functionality of the telephone system and adapting it to the unique requirements of the organization.
Registration in the MikoPBX Marketplace does not affect the basic functionality of the system. You can use MikoPBX to work with calls without registration and installation of additional modules. However, we recommend that you go through the registration procedure in the marketplace to get the opportunity to expand the functionality of the system.
Registration will give you access to additional modules and extensions.
Module management
Installation on MDADM RAID1
Prepare a PC with two disks of the same size.
Boot the machine in.
Connect to the machine via .
Docker container
MikoPBX Installation Guide using Docker container
MikoPBX can be run in Docker using two main methods. The first method involves running the container directly using a Docker command with the necessary parameters. The second method involves using Docker Compose, which simplifies managing multi-container applications and allows the entire configuration to be described in a yaml file, making the deployment and maintenance of the system more convenient.
Updating from the MikoPBX console
Update option from MikoPBX console
Below is an example of a PBX installed on a VirtualBOX virtual machine, updated from version 2023.1.223 to version 2023.2.206.
Download the iso image of the required PBX version from the .
In VirtualBOX, open the settings of the virtual machine where the PBX is installed.
Go to the Storage section.
Select the virtual optical drive.
Click the icon in the Attributes group, and click Choose Disk File.
Select the downloaded PBX iso image.
Start the machine.
The console will display the line "The system loaded in Recovery mode".
Select Install / Repair (or press the number
System
Description of the "System" section in MikoPBX
The "System" section in MikoPBX is the interface for managing general settings and parameters of the telephone system. Here, administrators can configure core system parameters, manage updates, date, and other functions that ensure stable and secure operation of MikoPBX. This section allows you to control and optimize the system's operation at the entire infrastructure level.
In the "General settings" section of MikoPBX, administrators can manage the main system parameters, such as call recording retention settings, notifications, log parameters, voice prompt language, and many other system options. This section provides control over general functions and behavior of MikoPBX, allowing you to optimize the system's operation according to the organization's needs.
The "Time Settings" section in MikoPBX is an interface for configuring system date and time parameters. Here, administrators can set the current date and time, choose a time zone, and configure synchronization with Network Time Protocol (NTP) servers. Correct date and time settings are important for accurate event logging, call logs, and the operation of schedule-dependent functions, ensuring system synchronization with other network devices and services.
Call Routing
Description of the MikoPBX routing section
The "Call Routing" section in MikoPBX is an interface for configuring call direction rules within the telephone system. Here, administrators can determine how to handle incoming and outgoing calls by setting conditions and routes for efficient distribution of calls among employees, departments, or external lines.
Telephony providers in MikoPBX is the system section where connections to external communication operators are configured via internet protocols for IP telephony. Here, administrators can add and configure SIP trunk accounts or other types of connections that allow the system to make and receive calls to and from landline and mobile numbers.
In this article, you will find detailed documentation on connecting providers to the system, their configuration, and features.
Incoming Routing in MikoPBX are a set of rules that define how the system handles incoming calls from external telephony providers. With them, administrators can set call directions based on various conditions such as the caller's number, time of day, or the specific number the call was received on. This enables automatic distribution of incoming calls to specific employees, departments, IVR menus, or call queues. Configuring incoming routes helps optimize call handling and improve customer service quality by providing flexible and efficient management of the company's telephone communications.
Migrating MikoPBX to Another Server
Overview of methods for transferring MikoPBX to another server
There are several ways to transfer MikoPBX to a different host (server). Each method has its advantages and special considerations. Below is a brief overview of each option, and you can refer to the detailed guides in this section.
Description:
A backup of the current MikoPBX configuration is created and then uploaded to the new server. This method is suitable for smaller amounts of data.
Pros:
Easy to set up.
Docker installation and creating a user and directories
Preparation guide for MikoPBX using Docker
Before working with Docker, you need to install Docker and Docker Compose themselves. Here's how to do it:
Before creating the container on the host machine, it's necessary to create a user and group with limited permissions, as well as a folder for storing configuration settings and call recordings
Command to connect to the PBX console:
Command to connect to the PBX console menu:
Connecting to sngrep for SIP analysis
Maintenance
Description of the Maintenance section in MikoPBX
The Maintenance section of MikoPBX is an interface for managing the technical aspects of the system and ensuring its stable operation. Here, administrators can perform tasks on data backup and recovery, software updates, system status monitoring, and event log management. This section helps maintain the functionality of the telephone system, promptly detect and eliminate possible problems.
The "PBX update" section in MikoPBX is an interface for managing system software updates. Here, administrators can check for new versions, install updates, and view the change history. Regular use of this section ensures that MikoPBX is up-to-date, secure, and stable.
The "System log entries" section in MikoPBX is a tool for monitoring and analyzing the status of the telephone system. Here, administrators can view event logs, check the status of various services and system components, and test connections and calls. Using this section helps to promptly detect and eliminate technical problems, ensuring stable and efficient operation of MikoPBX.
Change the login name
When a new is added to the PBX, a SIP account with a numeric internal number is created on the PBX. In some cases, for security reasons, it is necessary to change the name for authorization of this employee.
When configuring SIP Clients, you can often see two key parameters:
Username - usually equal to the account ID, in the case of MikoPBX equal to the internal number
Auth name - username for authorization. In the case of MikoPBX is equal to the internal number
PBX update
This article contains step-by-step instructions for updating MikoPBX to a newer version.
Network and Firewall
Description of the Network and Firewall section in MikoPBX
The "Network and Firewall" section of MikoPBX is an interface for configuring network settings and managing the system's firewall. Here, administrators can configure IP addresses, network interfaces, and create firewall rules to protect the system from unauthorized access. This section ensures the secure and stable operation of MikoPBX in the organization's network infrastructure.
The "Network Interface" section in MikoPBX is an interface for configuring the system's network connection parameters. Here, administrators can manage IP addresses, subnet masks, gateways, and other network settings for each network interface. This allows MikoPBX to be correctly integrated into the organization's network and ensure its stable operation in accordance with the requirements of the network infrastructure.
The "Firewall" section of MikoPBX is an interface for configuring the system's firewall. Here, administrators can create and manage network traffic filtering rules, controlling access to MikoPBX and protecting it from unauthorized access and network threats. Configuring the firewall ensures the security of the telephone system, preventing potential attacks and ensuring stable operation in the organization's network infrastructure.
Transfer using scheduled backup (SFTP)
A method to transfer MikoPBX to another host using scheduled backup via SFTP
The second method involves setting up automatic scheduled backups, saving the data directly onto the target server via SFTP. This approach is particularly convenient for transferring larger amounts of data, as it eliminates the need for intermediate storage of the backup.
First, you need to configure scheduled backups for the MikoPBX you want to transfer data from.
Go to the "Backup" module. Navigate to the "Backup Schedule" tab:
2 GB of RAM
Network Adapter
The calculation is approximate, when using the same codec on all devices connected to the PBX. Read more here.
Minimum system requirements
We recommend using two hard drives for PBX deployment.
A PC with such parameters, in our tests, holds 38 simultaneous incoming calls under the conditions:
10 agents are connected to the queue (all online)
Every second a new call comes in
Music (MOH) is played to the client while waiting
Modules on the PBX is not installed
Approximately, 1 hour of conversation takes up 14MB of disk space. The recommended size for the disk storing call recordings is at least 50 gigabytes.
Installation by writing the image to a USB drive (Live USB)
Installing the system directly onto a USB drive (Bootable USB)
The "Host system" must run on Linux 5+. Tested on Debian 11, Ubuntu 21.04, and Ubuntu Server 22.04 LTS.
Docker installation and creating a user and directories
Commands to install Docker and Docker Compose and configuration before creating the container
Running MikoPBX in a container
Instructions for running a ready-made MikoPBX container, creating a container from a custom image, and running it
Running MikoPBX using docker compose
Instructions for running multiple MikoPBX instances on a single host using Docker Compose
External firewall for Docker
How to protect the web interface when `userland-proxy=true`: an external bouncer or host networking.
The "Reboot" section in MikoPBX is an interface for securely managing the state of the telephone system via the web interface. Here, administrators can reboot the system to apply new settings or shut it down gracefully for maintenance. Using this section prevents possible errors and ensures stable operation of MikoPBX. In addition, the possibility of rebooting via the console will be discussed.
Instructions for installing a ready-made image from Google Cloud Marketplace
Google Cloud deployment guide
Detailed instructions for uploading MikoPBX from an image based on a .vhd file from the distribution
The "Anti brute force (Fail2Ban)" section in MikoPBX is a tool for ensuring system security from unauthorized access and network attacks. Fail2Ban monitors event logs and automatically blocks IP addresses that make suspicious or repeated failed login attempts. Setting up this section helps prevent system hacking and protect the organization's confidential data.
In this article, you will find detailed documentation on creating and configuring such queues.
IVR menu in MikoPBX is an interactive voice menu that allows callers to interact with the phone system by pressing keys (DTMF). It automatically routes calls to the right departments or employees, improving call handling efficiency and customer service.
In this article, you will find documentation on creating and configuring an IVR menu.
Conferences in MikoPBX are a feature that allows you to organize group phone calls with multiple participants at the same time. It allows you to hold group discussions, meetings and appointments over the phone, improving communication both within the company and with external partners.
In this article, you will find documentation on creating and configuring conference rooms.
Sound files in MikoPBX are audio recordings that are used by the system to play various messages, such as greetings, announcements, IVR menu instructions or waiting signals. They allow you to personalize the audio content that callers hear, improving interaction with the system and providing the necessary information.
In this article, you will find detailed information about them, as well as how to add and edit them.
Call detail records in MikoPBX is a log that stores information about all incoming and outgoing calls through the system. It provides detailed data about each call, including time, duration, participant numbers and status, which allows you to analyze communications and optimize the operation of the company's telephone network. In this article, you will find information about storing call records and their filters.
in MikoPBX is an interface for managing additional system components that expand its functionality. Here, administrators can install, update, enable or disable modules, adding new features or integrations with external services. This section allows you to adapt the system to the specific needs of the company, ensuring flexibility and scalability of the telephone network.
MikoPBX dialplan applications are a set of tools that allow you to set up individual call processing scenarios within the system. With their help, you can define a sequence of actions that the system will perform when a call is received or made. This may include redirecting a call to a specific extension, playing special audio messages, requesting additional information from the caller, or performing other functions.
Using dialplan applications, you can flexibly customize the logic of the telephone system to the needs of your business without delving into complex programming. This makes it easier to create complex call processing scenarios, allowing you to improve the efficiency of communications and improve the level of customer service.
The "Mail settings" section in MikoPBX allows you to configure sending system notifications via email. Here, administrators specify SMTP server parameters, define events for notifications, such as voice messages or system errors, and edit email templates. This section helps to timely inform users and administrators about important events, ensuring effective control over the system's operation.
The "Asterisk Manager Inteface (AMI)" section in MikoPBX is an interface for configuring access to the Asterisk Manager Interface (AMI). Here, administrators can manage AMI connection parameters, such as enabling or disabling access, specifying login credentials for authentication. Configuring AMI access allows external applications or scripts to interact with the MikoPBX system for monitoring and managing calls, expanding the telephone system's functional capabilities.
The "System files customization" section in MikoPBX provides administrators with the ability to directly modify or supplement the system's standard configuration files. Here, you can make individual settings that are not available through the standard web interface and adapt the system's behavior to the specific requirements of your organization.
This section is intended for advanced users who have a deep understanding of the structure and operation of MikoPBX. With its help, you can:
Edit configuration files: Make changes to existing files or add new parameters.
Override standard settings: Change default values for certain functions or modules.
Add your own scripts or modules: Expand the system's functionality by integrating custom solutions.
It is important to note that incorrect modification of system files can lead to unstable operation or system failures. Therefore, it is recommended to create backups before making changes and to carefully check the correctness of the settings.
In this article, you will find detailed documentation on configuring incoming routing.
Outgoing Routes in MikoPBX are a set of rules and settings that determine how the system handles outgoing calls from employees to external numbers. With them, administrators can manage call direction through various telephony providers or communication lines based on certain conditions such as the dialed number, prefixes, time of day, or user access rights. This helps optimize communication costs, distribute load between channels, and implement security policies by restricting or allowing certain types of calls. Configuring outgoing routes provides flexibility and control over outgoing telephone communication, contributing to the effective operation of the company's communication system.
In this article, you will find detailed documentation on configuring outgoing routing.
Off-Work Time in MikoPBX is a tool for setting up call handling rules during periods when the company is not operating, such as at night, on weekends, or on holidays. With it, administrators can define how the system will handle incoming calls during off-hours: redirect to voicemail, play special voice messages, or forward calls to the mobile numbers of on-call staff. This allows for proper interaction with clients outside of working hours and maintains a high level of service.
In this article, you will find detailed documentation on setting up off-work time for your system.
Requires intermediate storage for the backup (e.g., local disk or cloud).
Description:
A backup is automatically created and saved directly to the target server via the SFTP protocol. This method is especially effective for large amounts of data.
Pros:
Suitable for large amounts of data.
Minimizes manual actions.
Provides direct data transfer between servers.
Considerations:
Requires SFTP configuration on both servers.
Needs correct SSH user settings for proper operation.
Description:
The rsync command is used to directly synchronize data between the old and new servers. This method is convenient for experienced users.
Pros:
Fast synchronization, even for large data volumes.
Preserves access rights and directory structure.
Does not require creating intermediate backups.
Considerations:
Requires basic command-line knowledge.
Possible errors if configurations (e.g., paths) are incorrect.
Both servers must be accessible on the network at the same time.
Option #1: Transfer Using Backup
Option #2: Transfer Using SFTP and Scheduled Backups
# Creating a new user (e.g., www-user) without superuser rights
sudo adduser --disabled-password --gecos "" www-user
# Creating directories for data storage
sudo mkdir -p /var/spool/mikopbx/cf
sudo mkdir -p /var/spool/mikopbx/storage
# Granting the created user ownership of the directories
sudo chown -R www-user:www-user /var/spool/mikopbx/
Installing Docker and Docker Compose on Ubuntu 22.04
Creating a user and directories on the host system
Useful commands
Run the following command in the console to display disk names:
The disk names will be displayed. In this example, the disk names are:
Clear the superblocks on the disks:
Clean the old metadata:
Create the RAID1 array:
When prompted with "Continue creating array?", confirm by entering "y".
You can now proceed with the installation as per the installation guide. When selecting the disk during installation, choose md0.
TODO: You may need to modify the grub.cfg file. Otherwise, there is no guarantee that the system will boot if one of the disks fails.
" field. Only digits can be entered in this field, with a minimum requirement of at least one digit.
Conference PIN field
In this case, to join the conference, employees will need to enter the PIN code after dialing the conference PIN.
Communication is conducted solely through voice (no other means of information transmission besides speech are provided).
All participants can speak and hear each other simultaneously, ensuring duplex communication.
Participants use telephones (hardware or software) for communication.
Each participant dials the conference number. The first participant hears hold music until at least one more participant joins the conference. An employee can transfer their caller into the conference by using specific key combinations on their phone. Transfers can be made to both internal and external numbers. The key combination for transfers is set in the System -> General Settings -> Call Transfers section.
Example: An employee dials the combination **1111 (the combination for unconditional transfer), and their caller joins the conference as its first participant. The call is completed for the transferring employee, and to join the conference, they dial the conference number 1111.
Create conference rooms
"Add conference" button
New conference room parameters
Characteristics of conference calling include:
Usage:
The maximum number of conference participants is not limited.
"Upload a new file" button
Correct the file name if necessary.
The name of the recording file
Save settings
"Save settings" button
"Start recording" button
Custom sound files are stored on the PBX along the path /storage/usbdisk1/mikopbx/media/custom. Music on hold files are stored in /storage/usbdisk1/mikopbx/media/moh.
If a client gets into a queue during a call or is waiting for redirection, the PBX plays a melody for him. It is possible to download your own tunes for listening while waiting.
You can do this on the "Music on Hold" tab as described above.
"Music on hold" tab
Uploading a sound file to the PBX
Supported file formats: wav, mp3, ogg, m4a, aac.
"Sound files" section
"add a new sound file" button
When working over the https protocol, it is possible to record an audio file using a microphone.
Music on hold
8
on the keyboard) and press
Enter
.
You need the command "Update to version ****.*.**". Press the number 2 on the keyboard, then press Enter.
The update installation will begin. When it is complete, the PBX will reboot.
Update installation process
After the PBX reboots, the message "The system loaded in Recovery mode" will no longer appear, indicating that the PBX has booted from the hard disk and not from the virtual optical drive.
The installed update version will be displayed in green at the top.
Server Address: Enter the address of your new MikoPBX server.
Mode: SFTP mode
Port: 22
Username: The SSH username for your new MikoPBX server.
Password: The SSH password for your new MikoPBX server.
The path on the server: "/storage/usbdisk1/mikopbx/backup/"
For information on SSH connection, refer to the related documentation. To start the backup immediately after saving the settings, choose the option "Start backup immediately after saving settings". You can also select the specific data you want to transfer in the corresponding section.
Parameters of backup
Wait for the backup to complete, and then shut down the old machine.
If the data transfer is successful, your backup will appear in the backup module section on the new host:
Backup copy
To restore from the backup on your new host, do the following:
Go to the backup settings by clicking on the respective element:
Way to recovery settings from a copy
Select the data you need to transfer and click "Restore from a backup":
"Restore from a backup"
Configuring Scheduled Backup
"Backup schedule" button
Restoring from the Backup on the New Host
Google Cloud Marketplace
MikoPBX Installation Guide using Google Cloud Marketplace
For quick and easy search on the Google Cloud platform, use the search bar
Adding roles to a Service account
If you have a service account, check if it has the necessary roles, and add them if needed
If you do not have a service account, create one and add the necessary roles
Open the Navigation menu / Products & solutions / Management / IAM & Admin
Go to the Service accounts tab and click on CREATE SERVICE ACCOUNT
Enter a name for the service account, for example mikopbx-service-account
Click the CREATE AND CONTINUE button
Add the roles Cloud Infrastructure Manager Agent, Compute Admin, Compute Network Admin, Service Account User
Click the DONE button
Open the Marketplace and enter MikoPBX in the search bar
Select the image
On the opened tab select LAUNCH
In the Deployment name field, enter a name, for example mikopbx-vm
In the Deployment Service Account section, check the Existing account option and select the previously created service account
If necessary, change the size of the data storage disk in the Data Storage section. By default, its size is 50 GB
Under Networking, all required Firewall rules are configured automatically
For other fields, use the default values
After entering the values, click the DEPLOY button
Open the Compute Engine tab and go to the Virtual machines / VM Instance section
Go to the created virtual machine mikopbx-vm-mikopbx-vm
On the opened tab, go to Logs / Serial port 1 (console)
Copy the external address of the created virtual machine and enter it in the browser address bar
Use the login and password provided in Serial port 1 (console) to log in
Updating from the web interface
Update option from the web interface
In some sections of the interface (e.g., Extensions), the current version of MikoPBX is displayed in the lower right corner.
Displaying the version in the web interface
In the PBX web interface, go to Maintenance → PBX update.
"PBX update" section
If there are newer versions of the PBX available, they will be displayed in the Online updatesavailable table, with the version number in the first field and the list of changes in the second.
We recommend performing updates sequentially without skipping releases.
Section "Available online updates"
There are two update options: online update and update using a downloaded img file.
Online upgrade
Be cautious! If the system is installed on the same disk where call recordings are stored, there may be difficulties with the update.
Updates are downloaded to the PBX and applied immediately.
To update this way, click the button for the desired version.
A warning window will appear. Click Upgrade.
The PBX will download and apply the updates, and then reboot.
To update using this method, click the button for the desired version.
The img file will start downloading. Wait for the download to complete.
Then click the button and select the downloaded img file.
Then click Apply the update, and in the warning window, click Upgrade.
The updates will be applied, and the PBX will reboot upon completion.
Incoming routing
Description and configuration of incoming routing
In this section, you need to create rules and templates for distributing incoming calls for providers created in MikoPBX. The rules for incoming calls describe the route of a call from the moment it arrives at the PBX to the moment it is completed. You can create an unlimited number of inbound routing rules. You can create several rules for one provider.
"Call Routing" -> "Incoming Routing" section
Additional examples of configuring incoming routing are available in the section.
Routing rule priority and default route
Rules are listed in order of priority. If no one answers the incoming call within the time interval specified in the rule, the call will be routed to the next priority rule. Rules can be moved up and down in the list, that is, their priority can be changed by dragging them by the arrows.
Priority Scheme
If the call is not answered according to any of the rules, the Default incoming route is used.
Default incoming route
The following actions are available and can be specified as the default rule:
Play busy signal - the client will play a busy signal and the incoming call will be ended;
Hang up;
Redirect the call - the call can be transferred to a number that you can select in the field located to the right of the action. You can select an IVR menu, call queue, conference, or employee extension number as the number for transfer.
For one provider, you can describe several incoming routes.
First, the call goes along the upper route. If the client does not get through, then the call goes according to the lower rule (lower priority). If the client does not get through via the second route, then the call goes through the default route.
To add a new incoming routing rule, click the Add a new rule button.
In the Note field, describe the route you want to implement. In the future, this will help you debug the call circuit.
Select the Provider for which you are creating a new incoming call distribution template.
The additional DID number is the number the client called you on. This field is optional and should be completed if you need to route calls more accurately.
At the next step, you need to indicate to which phone number the incoming call from the client will be sent. The telephone number can be IVR menu numbers, call queues, conferences, or employee internal numbers.
Specify the time during which the call will be sent to the phone number you specified.
If after the specified time interval no one answers the incoming call, the call will be routed to the next priority rule.
Night and Holiday Switch
Setting up non-working time rules
"Off-hours" in MikoPBX is a tool for setting up call processing rules during periods when the company is not working, such as at night, on weekends or holidays. With its help, administrators can determine how the system will handle incoming calls during off-hours: forward to an answering machine, play special voice messages or forward calls to the mobile numbers of on-duty employees. This ensures correct interaction with customers outside of working hours and maintains a high level of service.
"Call routing" -> "Night and Holiday Switch" Section
Creating a rule
To add a new rule, click on the "Add Time Interval" button.
"Add time interval" button
A form for creating a new rule will open.
A form for creating a new rule
In the form, you will find the following fields:
Period: The calendar period when employees are absent from the office, such as during New Year's or May holidays.
Weekdays: Specific weekdays for which the rule will be applied.
Time Range: The time period during the day when employees are absent.
Incoming Call Action: You can choose to play a sound file or perform a call transfer. Call transfer options include transferring the call to a conference, IVR menu, queue, internal employee extension, or specific termination numbers.
In the Note field, you can add a note with a description of the created rule, so that you can quickly navigate through the essence of this rule using this description. With the eraser button, you can clear the fields opposite which this button is located.
By activating this function, a new menu "Route restrictions" will appear on top of you
Here you can choose which specific routes the rule you are creating will apply to.
This rule is used for calls during non-working hours from Monday to Friday, specifically from 7:00PM to 9:00 AM:
This rule is used to handle calls on Saturdays and Sundays:
Call detail records (CDR)
How to view and filter call history in MikoPBX
Call History provides a log of all incoming, outgoing, and internal calls. It is located under "Telephony" -> "Call History".
Call detail records (CDR)
Benefits
The Call History feature in MikoPBX enables users to:
Display all calls;
Filter calls based on criteria;
Visually identify missed calls from the call log;
Download or listen to call recordings.
Each entry in the call log contains information about:
The caller’s phone number (Who);
The recipient’s phone number (To Whom);
The date and time of the call (Call Date);
Calls marked in red are missed calls. Their duration is logged as zero, and these calls cannot be played back:
For answered calls, users can listen to or download the recording. When downloading a recording, you can choose WebM (Opus), MP3, WAV, or OGG (Opus) format.
Each call log entry provides detailed information about the participants involved.
The search bar in the Call History page supports the following filters:
Phone Number Filter
You can search using either an internal staff number or an external client number.
Specific Field Filter
You can add a prefix to search only in a specific field:
src:74952293042 - search by caller number;
dst:302 - search by destination number;
did:74952293042 - search by DID number;
If no prefix is specified, MikoPBX performs a general search by caller number, destination number, DID, and employee name.
Date Filter
When opening the Call History, MikoPBX selects a date range based on the latest call records. To filter for a specific period, select the date range and click Apply.
Then go to the "Proton Mail" -> "IMAP/SMTP" section.
"IMAP/SMTP" section
Scroll down to the "SMTP submission" section. Click "Generate token".
Enter an arbitrary name in the "Token name" field — MikoPBX in our case — and select the Email address for which you are creating the token.
A token will be created. Its parameters will be shown only once and will become unavailable once you close the window. Save them, as we will use them for further configuration.
Go to the "System" -> "Mail and Notifications" section.
Go to "SMTP Settings". Fill in all the required parameters:
Sender Address - your email address that you used to generate the token.
Sender Name - the name from which the mail is sent.
Authentication Type - "Username and password".
Click "Save".
Click "Test connection". You will see the following window confirming that the entered data is correct:
Reboot
Description of section functions
Rebooting the station via the MikoPBX interface
The system shutdown/reboot menu can be found in MikoPBX by clicking on "Reboot" in the "Maintenance" section.
"Maintenance" -> "Reboot" section
When you open the page, a list of active calls to the PBX will be displayed. The start date of the call is displayed, from whom and to whom the call.
As long as there are active calls, the reboot and shutdown will not be available via the web interface.
List of active calls
Restart the PBX - the command starts restarting the station.
Turn off PBX - completes all processes and disconnects the station.
You can restart the station via the console menu. To do this, select the section "[3] Reboot the system"
If you want to restart the station: press "[1] Reboot MikoPBX"
If you want to turn off the station: press "[2] Shutdown"
The system will reboot.
In case of an emergency restart of the PBX (for example, power outage), it may be necessary to check the disk for errors.
In the PBX console menu, enter the command "[9] Console(Shell)" and press Enter.
System launch the MikoPBX console.
Enter the command reboot. Press Enter.
The system will reboot with a disk check.
Resetting WEB Interface Credentials
Steps to reset the WEB interface credentials from the MikoPBX console
You may encounter a situation where you have forgotten the username or password for the MikoPBX web interface. This guide explains how to reset them.
Authorization failed
Solution
Go to the MikoPBX console.
The location of the console depends on the installation method:
If installed on a physical server - on the monitor connected to the server.
If installed in a virtual machine - in the virtual machine management console.
MikoPBX Console
Select the option "[7] Reset password for the web interface".
Type y to confirm resetting the login and password.
Log in to the web interface using the default credentials:
After the first login, you will be prompted to change the credentials.
Access the container shell:
Launch the menu using this command:
Navigate to "[7] Reset password for the web interface".
Enter "y" to confirm resetting the username and password.
Log in to the web interface using the default credentials:
Change the login credentials after the first authorization:
Fine-tuning the firewall
This page applies to bare-metal and LXC installations. For Docker deployments see .
When publishing a PBX on a public IP address, the task arises to protect the speaker from scanners, pests who are trying to pick up passwords to SIP PBX accounts. If a simple numeric password is set, it will be picked up very quickly, which will cause losses.
For basic protection against scanners, fail2ban must be enabled. Additionally, you can fine-tune the iptables rules.
Go to the "System file customization" section
"System file customization" section
Go to edit the /etc/firewall_additional file
Set the "Add to end of file" mode, insert the following code:
A more complete example of a set of rules:
This will protect you from most scanners that I mention User-Agent when requesting.
Storing Recordings in a Shared Windows Folder
In some cases, it is necessary to save call recordings on a network drive. This example shows how to connect a shared Windows folder to MikoPBX.
Note: If the network folder becomes unavailable, it may cause disruptions in PBX operation.
In the script variables "HOST, USER, PASS", specify the connection parameters to the shared folder.
Add the script to cron for automatic connection of the shared folder.
Go to the System → Customizing System Files section.
Test the PBX operation to ensure that call recordings are being saved to the network drive.
Firewall
Description and configuration of Firewall rules in MikoPBX
The Firewall in MikoPBX is an interface for configuring the system's firewall. Here, administrators can create and manage network traffic filtering rules, controlling access to MikoPBX and protecting it from unauthorized access and network threats. Configuring the firewall ensures the security of the telephone system, preventing potential attacks and ensuring stable operation in the organization's network infrastructure.
In MikoPBX, all local subnets can be described in the "Network and Firewall" → "Firewall" section. The firewall is designed to restrict access to the station by traffic type and subnets.
Section "Network and Firewall" -> "Firewall" in MikoPBX
To add a new rule, you need to click on the button:
Button for creating a new rule
General settings
You can give the rule any custom name. To the right of the subnet address, there is a field for Subnet Mask in CIDR format.
SIP&RTP - registration of phones and voice traffic. Session Initiation Protocol is used for establishing connections between VoIP phones.
WEB - access to the administrative interface for configuring the PBX. SSH - root access to the system.
SSH (Secure Shell) allows accessing the MikoPBX console.
Each subnet has a flag 'Is it a VPN or a local network'. When this flag is set, MikoPBX will present itself as a local IP to all local subnets instead of external ones.
The flag 'Never block addresses from this network' should be enabled only for trusted subnets. If this flag is enabled, intrusion prevention rules will not apply to this subnet
In Docker bridge mode the MikoPBX built-in firewall and fail2ban do not protect the web interface: the container cannot manage host iptables, and HTTP clients arrive from the docker0 gateway. SIP protection continues to work (UDP DNAT preserves the source IP).
To protect the web interface in Docker, choose one of:
network_mode: host for the container (when the host is dedicated to the PBX);
An external CrowdSec-compatible bouncer in front of the MikoPBX API — see .
Anti brute force
This section is used to configure Fail2ban
Fail2ban is enabled together with the Network Firewall switch in the "Network and Firewall" → "Firewall" section.
"Firewall and anti-hacking protection are enabled" switch
Fail2ban blocks IP addresses with abnormal activity. When there is a failed authentication attempt, information about the error will be logged in the PBX. Fail2ban analyzes all failed attempts and keeps track of them. When the number of failed attempts exceeds the maximum allowed authentication attempts, the IP address is banned. Fail2ban is capable of slowing down the rate of failed authentication attempts.
Please note that Fail2ban will not help with the use of simple passwords.
The Anti brute force settings can be found at the bottom of the "Network Firewall settings":
"Anti brute force" section
If a certain number of failed login attempts (Number of attempts for blocking) occurs within a specific period (Within (seconds)), the IP address will be blocked for a specified duration (Block for (seconds)).
The whitelist of addresses defines IP addresses that will not be blocked by Fail2ban. You can specify individual IP addresses like 93.188.40.10 or subnet like 93.188.40.10/32. The separator used is a 'space'.
Please note that if you have set the 'Never block addresses from this network' option in the 'Network Firewall' section for a subnet, that subnet is automatically added to the whitelist, and you don't need to add it manually. It is not recommended to manually populate the whitelist of IP addresses. It is preferable to specify IP addresses only in exceptional cases.
The list of blocked addresses shows which IP addresses are currently blocked.
You can also unblock an address by clicking on the corresponding icon in the table.
Updating the docker
Upgrade option for MikoPBX in Docker container
To update the MikoPBX container to the latest version, you can follow these steps in the command line. These steps include stopping the current container, downloading the new version of the image, and running the container with the updated image.
Updating the docker
First, you need to properly stop the running container. After stopping the container, you can safely remove it
# Stop the current container
sudo docker stop mikopbx
# Remove the current container
sudo docker rm mikopbx
To launch a new container using the latest image version with the same settings as before, use the following commands:
# Downloading the latest container image version
sudo docker pull ghcr.io/mikopbx/mikopbx-x86-64:latest
# Starting the container in unprivileged mode
sudo docker run --cap-add=NET_ADMIN --net=host --name mikopbx --hostname mikopbx \
-v data_volume:/cf \
-v data_volume:/storage \
-e SSH_PORT=23 \
-it -d --restart always ghcr.io/mikopbx/mikopbx-x86-64:latest
Updating using Docker compose
First, you need to properly stop the running container. After stopping the container, you can safely remove it
# Stop the current container
sudo docker stop mikopbx
# Remove the current container
sudo docker rm mikopbx
The next step is to download the latest MikoPBX image:
# Downloading the latest container image
sudo docker pull ghcr.io/mikopbx/mikopbx-x86-64:latest
An example of the docker-compose.yml file that can be used to update your MikoPBX container through Docker Compose:
docker-compose.yml
services:
mikopbx:
container_name: "mikopbx"
image: "ghcr.io/mikopbx/mikopbx-x86-64:latest"
network_mode: "host"
cap_add:
- NET_ADMIN
entrypoint: "/sbin/docker-entrypoint"
hostname: "mikopbx-in-a-docker"
volumes:
- data_volume:/cf
- data_volume:/storage
tty: true
environment:
# Change the station name through environment variables
- PBX_NAME=MikoPBX-in-Docker
# Change the default SSH port to 23
- SSH_PORT=23
# Change the default WEB port to 8080
- WEB_PORT=8080
# Change the default WEB HTTPS port to 8443
- WEB_HTTPS_PORT=8443
volumes:
data_volume:
Save the contents to a file named docker-compose.yml, make the necessary adjustments, and run the command:
Data: Since data is stored in Docker volumes (mikopbx_cf and mikopbx_storage), it remains untouched during the update, preserving settings and user data.
Environment Variables: Ensure that all necessary environment variables are correctly passed.
Safety: Always create backups of your data before updating.
These steps will help ensure a smooth and safe update of your MikoPBX container.
Transfer Using Backup
A method to transfer MikoPBX to another host using backup
This method involves creating a backup of your current MikoPBX configuration, transferring it, and restoring it on the new server. It’s simple to implement and suitable for small systems. This approach is convenient for users with minimal technical experience.
First, create a backup of your previous system. You can find detailed instructions in this article.
Creating a new backup copy
Select the data you want to transfer and wait for the process to complete.
Download your archive by clicking the corresponding button in the "Backup Module" section:
On the new host (server) with your MikoPBX installation, restore from the archive by clicking "Upload backup file":
After this, your system will be restored from the archive. This method is ideal for transferring small amounts of data.
Adding Passkeys
Configure passwordless login to MikoPBX using biometrics or hardware keys
Passkeys are a modern passwordless authentication standard based on WebAuthn technology. They allow you to log in using biometrics or hardware security keys instead of a traditional password.
What are Passkeys?
Passkeys are cryptographic keys stored on your device that replace traditional passwords with a more secure technology. The private key never leaves your device — the server only stores the public key, which is useless to attackers.
Supported authentication methods:
📱 Biometrics — Face ID, Touch ID, Windows Hello
🔑 Hardware keys — YubiKey, Titan Key
💻 Built-in methods — Device PIN code
Advantages:
Protection against phishing and data interception
Fast authentication in 1–2 seconds
No need to memorize passwords
Unique keys for each site
Go to "System" → "General Settings" → "WEB interface password" tab.
In the Passkeys block, click "(+) Add Passkey".
Follow the browser instructions to register. For example:
Setting up a Passkey on a MacBook with TouchID in Safari: you can click "More options" and choose between a fingerprint, a keychain in an authenticator app, and a physical key:
After successful registration, the Passkey will appear in the list. On your next login, you can use it instead of a password.
UTM
Installing MikoPBX in UTM
In this manual, the installation will be performed on UTM. Before it starts, download the disk image file with the ".iso" extension. You can do this by .
Go to UTM. Click "Create a New Virtual Machine" to create a new virtual machine.
Select "Virtualize" as the VM type.
AWS Marketplace
Installation guide for MikoPBX image from AWS Marketplace
Sign in to the service Amazon Web Services
Let's get started with the setup
Open Services / Compute / EC2 and navigate to Images / AMI Catalog
In the open tab enter MikoPBX in the search bar
Transfer using rsync
A method for transferring MikoPBX to another host using rsync (preferred)
This article discusses transferring data to a new host using rsync. This approach uses a generated SSH key for authentication, making it the most reliable and therefore the recommended method.
Schematically, the transfer process can be depicted as follows:
First, establish an SSH connection to your new MikoPBX. You can find instructions on how to do this in .
Connecting DigitalOcean S3 Storage
Instructions for connecting DigitalOcean Spaces Object Storage as an S3 storage
Go to the DigitalOcean console ().
Navigate to Manage → Spaces Object Storage. Click Create a Spaces Bucket to create a new bucket.
Storage
Disk space usage and storage settings
The "Storage" section in MikoPBX allows you to monitor disk space usage and manage data storage settings. It provides a detailed breakdown of occupied space by category: call recordings, system logs, backups, and other files. In addition to local storage monitoring, the section allows you to configure automatic upload of recordings to an S3 cloud storage.
Section location: "Maintenance" -> "Storage".
The "Storage information" tab provides an overview of disk space usage.
At the top of the page there is a block with a horizontal chart that visually shows what share of the total disk volume each data category occupies. In the example, 56.0 GB out of 100.0 GB is used. Each segment of the chart is color-coded according to the legend:
Monitoring Providers on MikoPBX
When working with telecom service providers, issues may occasionally arise. For example, the provider's server might become unresponsive or unavailable. This article provides a mechanism for notifying the system administrator via email.
Create a new "Dialplan Application".
Enter a name (e.g., Blacklist), a short number for the application (e.g., 99), and select "Code Type" - "PHP AGI Script".
Backup Internet and Provider Re-Registration
Configuring Backup Internet
If your PBX is behind NAT and its public IP address changes, the PBX may not receive incoming calls until it re-registers with the provider, which by default can take 2–6 minutes.
Connect using SSH into your MikoPBX (documentation about different ways to do that - )
Create a new script file with this command:
The system will wait for input; paste the following script into the terminal:
Passkeys work in modern browsers: Chrome, Safari, Edge, and Firefox (2023 versions and newer). WebAuthn support on the device is required.
How to add a Passkey?
The "WEB Interface Password" section in MikoPBX system settings
Button for adding a new Passkey
Choosing the authentication type for Passkey
Authorized Passkeys
Update using a downloaded img file
Please note that this method can also be used to roll back to a previous version.
In Docker (bridge mode) fail2ban writes bans to Redis but the container cannot manage host iptables — web-interface bans are not applied automatically. To project them to the host, run an external bouncer (see External firewall for Docker). SIP protection works normally.
Parameters of the Anti Brute Force rule
Blocked addresses list
Unlock button
Selecting data for backup copy
Button to download archive
"Upload backup file" button
If installed in the cloud - in the cloud serial console (also in the virtual machine management console).
The reset method when installing in a Docker container is described in more detail in the current documentation.
In addition, the console can be accessed using SSH authorization. You can read more about SSH connection here.
Select "Preconfigured" - "Linux" as the operating system type.
Choosing the type of operating system
Select the previously downloaded disk image file in the "Boot ISO Image" section. To do this, click on "Browse...".
Selecting a disk image file for a VM
Next, specify the characteristics of your virtual machine. In our case, 2 GB of RAM and 2 processor cores will be used.
VM Configuration
Next, specify the size for the system disk. In our case, 1 GB.
Specifying the size of the system disk
Click Continue.
The "Shared Directory" section
The final configuration of the VM will be displayed. Give it the desired name (the "Name" field). And click "Save".
The final configuration
Go to the VM settings. To do this, right-click on its name, then "Edit".
VM Settings
Go to "Drives". Click "New..."
"Drives" section
Create a new disk with the following parameters:
Interface - VirtlO
Size - at least 50 GB (in this documentation, 10 GB will be used for the test machine)
Click "Create".
Creating a second disk
Start the VM.
Launching a VM
After loading, you will see the message PBX is running in Live or Recovery mode. This means that the system is loaded from the disk image in Live mode. It is necessary to install the system. To do this, go to the "[8] Install on Hard Drive" section.
MikoPBX in LiveCD mode
Select the disk to install the system. In our case, vda and vdb disks are available, and we select the vda disk for installation.
Selecting a disk to install the system on
Confirm the selection: enter "y" from the keyboard and press Enter.
Confirming the disk selection
Next, select a disk for storing conversation recordings. In our case, the only remaining one is 10 GB size disk.
Selecting a disk for storing conversation recordings
After that, the system will reboot and be available in normal mode (the label "PBX is running in Live or Recovery mode" will disappear).
MikoPBX IP-address
Enter this IP address in the browser bar to access the Web interface.
MikoPBX Web-interface
This instruction has been relevant since the first release, published in 2026. Tested on Apple Silicon processors.
Make sure to configure the Firewall on the MikoPBX
Once connected, switch to the console ([9] Console). First, you need to create a directory to store the script file. Use the following command:
Navigate to the created directory:
Create the file "transfer-rsync.sh" to store the script:
Running commands to create a file
Next, you need to fill the file with the script content. You can find the script here.
Use the following command to download the script:
Make the file executable:
Run the script:
You will be prompted to enter necessary information about your old MikoPBX:
IP address of your old station
Username for SSH authentication
Port for SSH authentication
Entering the required data
Next, you’ll be asked whether to generate a new key. If you haven’t done this before, type "y" to confirm. If you previously generated a key for accessing the second MikoPBX, type "n":
Generating a new key
A new SSH key will be created. You must copy this key and insert it into the web interface of your old MikoPBX at General Settings → SSH → SSH Authorized keys field.
Generated ssh key
Inserted key
After saving the key on the old MikoPBX, wait a few seconds, then press any key to continue the script.
The transfer of all data to the new host will begin. This may take some time.
After the transfer, always verify the integrity of all data before retiring the old MikoPBX!
On the bucket creation page, under Choose a datacenter region, select the region closest to your MikoPBX server. Choose Standard Storage.
Bucket creation parameters #1
In the Choose a unique Spaces Bucket name field, enter a name of your choice for the bucket.
Click Subscribe & Create Bucket.
Bucket creation parameters #2
Open the page of the newly created bucket by clicking its name in the Buckets section.
Created bucket in the Buckets section
Go to the Settings tab.
Settings tab on the created bucket page
Scroll down to the Access Keys section. Click Create Access Key to generate a new key pair.
Access Keys section
Fill in the required parameters for the new key:
Select access scope — Limited Access.
Buckets — select the bucket you created earlier.
Permissions — Read/Write/Delete.
Give this access key a name — enter an arbitrary name to identify this key pair.
Click Create Access Key.
Access key creation parameters
Your key pair values (Access Key ID and Secret Key) will be displayed. Save these values — you will need them when configuring MikoPBX.
Access key pair
Go to the Maintenance → Storage tab.
Storage section in MikoPBX web-interface
Open the S3 Cloud Storage tab and fill in the following fields:
Automatically upload recordings to cloud storage — enable the toggle.
S3 Endpoint URL — enter https://sgp1.digitaloceanspaces.com, replacing sgp1 with your region.
S3 Region — enter the region of your DigitalOcean bucket (e.g. sgp1 in this guide).
S3 Bucket Name — enter the name of the bucket you created in DigitalOcean (e.g. mikopbx-s3-storage in this guide).
Access Key and Secret Key — paste the values obtained in the first part of this guide.
Use the Local Storage (S3 mode) slider to configure how long recordings are kept locally before being deleted after upload to the cloud.
Click Save.
DigitalOcean S3 connection parameters
After saving the settings, click Test Connection. If the connection is successful, you will see the message "S3 connection successful" and synchronization of call recordings will begin.
Remember your region name (sgp1 in the screenshot below) — you will need it later when configuring MikoPBX.
Connecting to MikoPBX
A shorter local retention period frees up disk space faster.
🟠 Call recordings
🟣 Call history
🔵 System logs
🟢 Additional modules
🩵 Backups
🔴 System caches
⚫ Other files
"Storage information" tab
At the bottom of the page there is a list of data categories and the amount of storage each one occupies.
The "Local Storage" tab allows you to set the retention period for call recordings on the station. Use the slider to select the desired period:
30 days (1 month) — minimum retention period.
90 days (3 months) — recommended for small businesses.
1 year — for compliance with legal requirements.
Unlimited — store all recordings without restrictions.
Click "Save" to save the settings.
"Local storage" tab
This tab is used to configure automatic upload of call recordings to an external S3-compatible storage (e.g.: Amazon S3, MinIO, Wasabi).
At the top of the tab there is a toggle "Automatic recording upload to cloud storage" — it enables or disables the upload feature.
To connect to a bucket, fill in the following fields:
S3 endpoint URL — the address of the storage service (e.g., https://storage.yandexcloud.net for Yandex Cloud S3).
S3 region — the region where the bucket is located (e.g., ru-central1 in our case).
S3 bucket name — the name of the bucket where recordings will be uploaded.
Access key and Secret key — service account credentials for authorization.
Click "Save" to save the settings.
"Cloud storage S3" tab
Next, click the "Test Connection" button — the system will perform a test connection and display the result at the top of the page. Upon successful connection, the message "S3 connection successful" will appear and synchronization of call recordings will begin.
Successful connection to S3 storage
At the bottom of the tab there is a "Local storage period (S3 mode)" slider — it determines how long recordings will be stored locally on the station after being uploaded to the cloud before being automatically deleted. The local retention period cannot exceed the total retention period.
"Local storage (S3 mode)" slider
Storage information
"Maintenance" -> "Storage" section
Local Storage
Longer retention periods require more disk space.
S3 Cloud Storage
Shorter local storage duration frees up disk space faster.
#!/bin/bash
# File to store the previous IP
IP_FILE="/tmp/last_ip.txt"
# Command to retrieve the current public IP
CURRENT_IP=$(/usr/bin/curl -s https://checkip.amazonaws.com)
# Check if the file with the previous IP exists
if [ -f "$IP_FILE" ]; then
LAST_IP=$(cat "$IP_FILE")
else
LAST_IP=""
fi
# Compare the current IP with the previous IP
if [ "$CURRENT_IP" != "$LAST_IP" ]; then
/bin/busybox logger -t 'UpdateIP' "IP changed: $LAST_IP -> $CURRENT_IP"
echo "$CURRENT_IP" > "$IP_FILE"
# Trigger an Asterisk command
/usr/sbin/asterisk -rx 'pjsip send register *all'
fi
On the Specify Name and Location tab, enter the name of the virtual machine, for example mikopbx-vm
Configuring Virtual Machine
Proceed to the Specify Generation tab, and select Generation 1
On the Assign Memory tab, allocate the required amount of RAM based on the expected load on the PBX. For a test machine, you can specify 2 GB
Proceed to the Configure Networking tab, and select a pre-configured network connection
On the Connect Virtual Hard Disk tab, adjust the system disk size to 1 GB
On the Installation Options tab, check the Install an operating system from a bootable CD/DVD-ROM option
Select Image file (.iso) and provide the link to the MikoPBX distribution file with the .iso extension
After entering all values, click the Finish button
Go to the settings of the created virtual machine
Select the IDE controller to which the system disk is connected
On the opened tab, select Hard Drive and click the Add button
Click the
On the Choose disk type tab, select Fixed size
On the Specify name and location tab, specify the name (e.g., storage.vhd) and the location of the disk
On the Configure Disk tab, set the disk size for data storage to at least 50 GB
Use the default values for other fields
Complete the setup by clicking the Finish button
To start the virtual machine, click Connect... -> Start
Go to the Connect tab of the created virtual machine mikopbx-vm
If the boot is successful, a console menu will appear. Enter 8 from the keyboard to start the installation
Select the system disk and enter the disk name from the keyboard, for example sda. Confirm the selection by entering y from the keyboard
Connect the disk for storing call recordings, and enter the disk name for connection from the keyboard, for example sdb
To access the MikoPBX web interface, enter your virtual machine's IP address in your browser's address bar. You can find the IP address in the console.
Enter the IP address in your browser’s address bar. Log in using the default credentials.
VMware ESXi
Installing MikoPBX using VMware ESXi.
Creating a Virtual Machine
Start by creating a new virtual machine.
Enter the Name, Type, and Version of the virtual machine, as shown in the image below.
Name, Type and Version of the virtual machine
Select a datastore for the virtual machine.
Allocate 1024 MB of memory to the virtual machine and create a new virtual hard disk for the system with a size of 1024 MB.
Choose the SCSI controller type and adapter type, as shown in the image below.
Select BIOS as the Firmware option.
Review and save the changes.
Open the settings of the created virtual machine. Create a new hard disk for storing call recordings.
Go to the CD/DVD Drive tab. Upload the ISO image for installation, and check the box next to "Connect at power on."
Start the virtual machine.
The MikoPBX command-line interface will open as the PBX starts loading from the optical disk containing the ISO image. You will see the message: "The system is loaded in recovery mode (Live CD)".
Install MikoPBX:
Go to [8] Install:
Information about all available disks will appear (in this example: sdb, sdc).
Enter the name of the disk you intended as the "system" disk, in this case, sdb, and press Enter (or simply press Enter if it’s already selected).
The system will prompt for confirmation. Type y and press Enter:
Once installation is complete, you will be prompted to select a disk for storing call recordings.
Enter the disk name (in this example, the only available disk is sdc) and press Enter.
After installation, the system will reboot.
MikoPBX will now boot from sdb, the system disk, and the line "The system is loaded in Recovery mode" will no longer appear—indicating a successful installation.
This completes the MikoPBX installation.
To access the control panel, enter the virtual machine's IP address in your browser's address bar.
The default login credentials are admin for both username and password.
This completes the MikoPBX installation.
Digital Ocean
Installing MikoPBX using the DigitalOcean Cloud Platform
This guide applies to MikoPBX version 2024.2.111 and newer!
In this guide, we will perform a step-by-step installation of MikoPBX using the DigitalOcean cloud platform.
Before beginning, you need to copy the download link for the latest .raw MikoPBX image. You can find these on MikoPBX's GitHub releases.
Uploading the Image to DigitalOcean
Go to "Manage" → "Backups & Snapshots":
Section "Backups & Snapshots"
Go to "Custom Images" → "Import via URL":
Paste the link to the .raw disk image file you copied earlier.
Enter a name for the image, select the region where it will be uploaded (this should match the region of your future virtual machine), and choose "Unknown" as the operating system type.
Click "Upload image".
Wait for the image upload to complete.
Go to DigitalOcean’s main page:
To create a new virtual machine (Droplet), go to "Create" → "Droplets":
Select a region and datacenter for your virtual machine:
Next, choose the previously uploaded image and configuration for your virtual machine:
Go to the "Additional Storage" tab. Here, you can add a second disk that will be used for call recordings. To do this, click "Add volume" and specify the parameters for the new disk.
Go to "Choose authentication method." Here, you need to select "SSH Key" and add the key pair for SSH authentication. For more information on generating SSH keys, see:
Click "Create Droplet."
Go to the page of the newly created Droplet. Wait for it to start. Then connect via the built-in DigitalOcean console (shown in the screenshot).
After the system boots, open the web interface using the external IP address shown in the console (external).
Paste the machine’s IP address into your browser’s address bar. When you reach the MikoPBX login page, use the following credentials:
Username: admin
Password: The Droplet ID, which you can find in the browser’s address bar:
To connect via SSH, follow . This example uses PowerShell (Windows).
Open PowerShell and run the following command:
After pressing Enter, you will be authenticated via SSH and arrive at the MikoPBX console menu.
Network interface
Description and configuration of network interfaces
The "Network Interface" section in MikoPBX is an interface for configuring the system's network connection parameters. Here, administrators can manage IP addresses, subnet masks, gateways, and other network settings for each network interface. This allows MikoPBX to be correctly integrated into the organization's network and ensure its stable operation in accordance with the requirements of the network infrastructure.
The section is located in "Network and Firewall" -> "Network Interface":
"Network Interface" Section in MikoPBX system
General parameters
The hostname is the name of the machine. If no value is specified, the default hostname used is 'mikopbx.local'.
Network interfaces
There are two ways to configure the IP address:
DHCP (Dynamic Host Configuration Protocol) can be used for automatic IP address configuration. Enable the 'Use DHCP to obtain network settings' switch. This is recommended for most users. To not rely on DHCP server settings (to provide a specific address), you can disable the switch.
If you do not want to use settings obtained from a DHCP server, you can configure the network manually. This requires some knowledge about the network topology. To the right of the IP address, there is a field for Subnet Mask in CIDR format. You should use the alternative format: /8 corresponds to the subnet mask 255.0.0.0, /16 corresponds to 255.255.0.0, and /24 corresponds to 255.255.255.0.
"VLAN ID" - MikoPBX supports virtual network interfaces. This is relevant only for physical PCs. Sometimes a PC may have only one network interface, and it may not be possible to connect a second one physically. Using VLAN, you can create a virtual interface that works 'on top' of the physical one. One of the advantages of using VLAN is that all phone calls can be routed through it, while the network equipment can 'tag' all VLAN traffic and guarantee a stable connection.
The number of network interfaces in MikoPBX is not limited.
The 'Network interface with internet access' is the primary network interface through which access to external addresses (non-local) will be established.
If no DNS server address is specified, the default server 8.8.8.8 will be used.
Depending on your network topology, you need to perform the following steps to configure MikoPBX. The PBX can be behind a network router, which is the most common scenario, or it can have a public IP.
If the PBX is behind a router, you need to check the 'This station is located behind a NAT router' option.
If you know the external address of the station (IP or domain name) and have forwarded the ports of the PBX to the external world, it is recommended to fill in the fields 'External IP address of your router' or 'External hostname of your router'.
For all addresses that are not local to the PBX, the station will be represented by the external address:
If 'External IP address of your router' is empty and 'External hostname of your router' is filled, the PBX will be represented by the hostname (External hostname) field.
Go to the 'System' → 'System file customization' section.
Open the file '/etc/static-routes' for editing.
Select the 'To replace all' mode and insert the rule. For example, 'route add -net 54.246.198.136 netmask 255.255.255.255 gw 172.16.32.15 dev eth0'
We specify to the operating system that the specified IP address 54.246.198.136 can be found through the network interface 'eth0' and the request should be directed to the gateway (172.16.32.15).
The netmask '255.255.255.255' indicates that the rule will only be applicable to the address 54.246.198.136. If you need to create a rule for a group of addresses, for example, the entire subnet 54.246.198.0: In fact, it is the range of addresses from 54.246.198.1 to 54.246.198.254.
Click "Save settings".
Registration in the modules marketplace
Description of the registration process
General Information
Registering in the MikoPBX Module Marketplace is not required for the system’s basic functionality. You can fully utilize MikoPBX for handling calls without registration or installing additional modules. However, we recommend registering in the marketplace to expand your system’s capabilities.
Registration gives you access to additional modules and extensions.
These include both free modules (moved out of the core system for easier initial setup) and paid modules from us and third-party developers.
If you are a developer, you can contact us at developers@mikopbx.com to get instructions on creating and adding your module to the Marketplace.
MikoPBX is a free solution and does not require registration.
The absence of a license does not impact call functionality. You can register or cancel your Marketplace registration anytime.
To begin the registration process, navigate to "Modules" -> "Marketplace of modules":
Section "Modules" -> "Marketplace of modules"
If you are not registered in the Marketplace, the section will look as follows:
Marketplace section if registration is not completed
To start the registration process, click the Register in Marketplace button:
The license key stores all your licenses for MikoPBX products. If you already have a key, you can enter it in the corresponding field. If you've forgotten your key, search your email inbox for messages from lic@miko.ru
If you don’t have a key, you can generate a new one by completing the registration form:
Organization Name – Enter your company/organization name.
Contact Email – Enter your organization’s email address.
Contact Person – Enter the name of the contact person.
Click Register.
Upon successful registration, you will see the following screen:
A notification confirming the system's registration.
The license key field will display a blurred value by default. Hover over it to view or copy the key.
To manage your license, go to Marketplace -> License Management and click the corresponding option:
You will be redirected to the :
Enter your license key in the Enter your license key or activated coupon field and click Login:
You will access a system with nine sections:
Go to the Session monitor section:
In the Info column, click the i button for each binding to view detailed host information.
In the Action column, use the Drop button to unbind the license from the current host.
If you encounter issues during registration, check for internet access to the MikoPBX server. Ensure connectivity to lic.miko.ru and lic.mikopbx.com over port 443 (HTTPS). Verify firewall settings and network permissions.
MikoPBX periodically connects to licensing servers to verify installed modules. If a module license becomes unavailable, the module will be disabled, and a strikethrough key icon will appear next to its name.
Mail and Notifications
Mail and Notifications Settings
The "Mail and Notifications" section in MikoPBX allows you to configure sending system notifications via email. Here, administrators specify SMTP server parameters, define events for notifications such as voicemail or system errors, and edit email templates. This section helps keep users and administrators informed about important events in a timely manner, ensuring effective system monitoring.
"Mail and notifications" section in MikoPBX
General Settings
General mail settings
Enable Notifications - enables/disables all email notifications, including voicemail.
Common Email for Missed Call Notifications - a shared email address for sending notifications about missed external calls (if an employee has no email specified, this shared address is used).
Common Email for Voicemail Messages - a shared email address for sending voicemail notifications (priority: 1. Employee's personal email; 2. The email specified in this field).
Send login notifications - enables/disables system login notifications.
Send system notifications - enables/disables sending of system notifications.
System Administrator Email - the address to which system notifications will be sent.
Sender Address, Sender Name - emails will be sent on behalf of this address and name.
Authentication Type:
Username and Password - classic authentication method when connecting to an SMTP server, using a mailbox address (login) and password. All parameters (server, port, encryption, login, and password) are entered and stored manually.
OAuth2 Provider - the mail service through which OAuth authentication is performed (e.g., Microsoft/Outlook, Google/Gmail).
Application ID (Client ID) - the unique identifier of the application created in the control panel of the selected OAuth provider. Used so the provider knows which application is requesting access to the mailbox.
Our documentation includes several connection examples for each authentication type. Below you can find links to these instructions.
Login and password authentication:
OAuth2 authentication:
IVR Menu
Creating and configuring IVR menu in MikoPBX
An IVR menu includes options for routing incoming calls using an interactive voice menu. It allows callers to navigate through a series of menu prompts using their telephone keypad (DTMF). Each option in the menu can be associated with a specific action or routing destination, such as transferring the call to a particular department, providing self-service options, or connecting the caller to a specific extension or queue. The IVR menu enhances the caller's experience by offering a self-service mechanism and streamlining call routing based on their selections.
Pre-configuration
Before creating an IVR menu, it is necessary to upload audio files that will be played to callers when they contact your company. The audio files can be added in the "Telephony" -> "Sound files"
"Sound files" section
Choose your music file using "Upload a new file"
"Upload a new sound file" button
Additionally, there is the option to record a file using a microphone if you connect to the MikoPBX over HTTPS.
Go to "Telephony" → "IVR menu" section.
Click "Add new IVR nenu."
Set the name, number, and, if necessary, a comment for the IVR menu. Select the audio file that you uploaded in the previous step.
Configure Actions when you extend. In the first column, specify the extension number, and in the second column, set the addressing rule.
Set the number of retries before transferring to the default number.
Set the timeout for entering an extension number (value in seconds) after which the voice greeting will be repeated.
The Default extension is required in case the client does not enter an extension number (for example, due to technical limitations).
Enable the "Allow Dialing of any extension" toggle switch if needed.
Enter the IVR menu number that can be dialed to reach that specific IVR menu.
Press "Save settings."
The principle of operation of an IVR (Interactive Voice Response) is as follows:
When calling the IVR menu number, the Voice Greeting audio file starts playing.
During the playback of the voice menu, the caller can select menu options or dial an employee's internal extension. The "Allow Dialing Any Internal Number" flag allows callers to dial internal employee numbers with SIP accounts. Routing to queues, IVRs, conferences, and other destinations is configured separately in the IVR action table.
After the voice menu is played, there is a waiting period of the "Input Extension Timeout" for entering an extension number.
Module management
This guide explains how to connect, configure, and manage modules in MikoPBX. It also covers how to install applications using the built-in Marketplace.
Additional modules allow you to expand the functionality of the main system. In this guide, you will find information on managing modules and installing applications using the built-in Marketplace.
To use both paid and free modules, you need to register your copy of MikoPBX and obtain a free license key. Instructions on how to do this can be found .
Detailed instructions for configuring and operating each module can be found here.
You can find the Module Management section under "Modules" -> "Marketplace of modules".
"Marketplace of modules" section
Installed Modules
This section allows you to manage modules: connecting them, configuring them, and uploading your own custom modules. Documentation on developing your own modules can be found here.
All installed modules are listed under the tab of the same name:
All installed modules
You can upload your own module using the "Upload New Module" button. You need to upload .zip files. After uploading, the module will appear in the list under the "Installed Modules" tab.
You can also access the settings of any module for further configuration:
Additionally, you can enable or disable a module.
From the interface of an installed module, you can quickly access its documentation by clicking on the question mark to the right of the module's short description:
You can add any module to the sidebar menu for quick access, which can be useful if you need constant access to the module's settings to change parameters or its status.
To do this, follow these instructions:
Go to the settings of the module you want to add to the sidebar menu by clicking on the edit icon to the right of the module's version:
Click on the settings icon to the right of the module's status to access the display settings for the module in the sidebar menu:
In this section, you can:
Toggle the display of the module in the sidebar menu—"Show module in sidebar menu".
Choose the section where it will be displayed—in the example, the "Modules" section is selected.
Specify a custom name for the module if desired.
After completing the settings, click "Save".
In this section, you can install modules from MIKO as well as from partner developers.
Each module has a button for downloading and installing it. Basic information about the module with a short description is also displayed here.
To the left of the module's name, you can find an icon indicating whether it is paid or free. For example, in the image above, the "Access Control Management" module is paid, while the "Backup&Recovery module" module is free.
You can access a module's detailed page by clicking on its name in the Marketplace interface.
Here you can find the version of the current release, information about the developer, and whether the module is paid or free. There are also three sections:
Module Description
This section contains images illustrating the module's functionality and settings. Additionally, there is a basic description of the module and a "Useful Links" section with a link to detailed documentation on configuring and operating the module.
Version History
In this section, you can find the module's version history with detailed descriptions of changes, as well as the minimum compatible version of MikoPBX for proper operation. You can also install a specific version of the module by clicking on the blue link under its description.
If you purchase a module, you will receive a coupon. To activate it, go to Modules -> Marketplace of modules:
Then navigate to the "License Management" section.
In the "Activate Coupon" field, enter your coupon code and click "Activate Coupon"
API Keys
Description of usage in MikoPBX
REST API MikoPBX allows you to automate station management and integrate it with external systems - CRM, helpdesk, corporate portals, and custom services. API keys are used to access the API.
Authorization
All REST API requests are authorized via the Authorization: Bearer <token> header. MikoPBX supports two token types:
Type
When to use?
JWT token
For external integrations, always use an API key — it is created manually, has configurable access permissions, and can be revoked at any time.
Go to "System" → "API Keys".
`Click "Add API Key".
Fill in the Description field (e.g.: CRM Integration)
Copy the generated API key — it is displayed only once
Important: save the key immediately after creation. Once the page is closed, it cannot be recovered — you will need to create a new one.
Follow the principle of least privilege — each key should only have access to the resources that are actually needed.
When creating a key, two options are available:
Full access — the key gets read and write access to all API resources. Use only if truly necessary.
Manual configuration — the access level for each API resource is specified individually: read-only, read and write, or no access.
Network filter: choose one of two options:
Localhost connections only — the key will only work from the local network. Recommended if the integration runs within the infrastructure.
Connections from any address are allowed — the key is accessible without IP restrictions. Use only if the client is located outside the local network.
Following these requirements protects the API from token interception and unauthorized access:
Valid SSL certificate:
Use a trusted SSL certificate on the MikoPBX server side. The easiest way is to issue a free certificate via the Let's Encrypt module (instructions for working with the module are available here).
Operating without a valid certificate is only acceptable in an isolated test environment with no internet access.
Certificate trust on the client side:
The client must verify the server certificate on every request. Disabling verification (verify=False in Python, -k in curl) is not acceptable in production: without it, a man-in-the-middle (MITM) attack becomes possible, where an attacker intercepts the Bearer token in plaintext.
Key scope restriction:
Each key must only have access to the resources actually used by the integration. Do not use "Full access" unless necessary — compromising such a key gives an attacker full control over the API.
Network access restriction:
If the integration runs within a local network — choose "Local connections only". This prevents a compromised key from being used from an external network.
Use "Allow connections from any address" only when the client is physically located outside the local network, and make sure all other security measures are in place — a valid SSL certificate and minimal key permissions.
Click a card to navigate:
Installing Language Packs
Instructions for installing language packs to add new system message sounds
By default, MikoPBX ships with a limited set of languages for system messages. Language packs allow you to expand this set - adding voice files in the desired language and making them available for use in IVR menus, call queues, and other telephony elements.
This article walks through the installation of a language pack using Japanese as an example.
First, you need to register in the MikoPBX Marketplace. Instructions are available here.
Go to Modules → Module marketplace.
In the Marketplace section, find the language pack you need (Japanese in this guide) and install it.
After installation, the corresponding set of sound files will be downloaded to the disk at /storage/usbdisk1/mikopbx/media/sounds/ja-jp (for Japanese).
Go to the Installed Modules tab and enable the installed language pack module.
Go to System → General settings.
On the Main tab, locate the Language of system audio messages field and select your language.
Click Save.
The Asterisk service will restart and the system message language will be updated accordingly.
Installing the system on a USB drive (Bootable USB)
Before starting, download the disk image file with the .raw extension. You can do this .
This guide uses the balenaEtcher utility. You can download it .
First, format your USB drive with the following parameters:
File system
VMware Fusion
Installing MikoPBX using VMware Fusion.
Creating a new virtual machine.
After downloading the latest version of the image (), specify the ISO file with the installation distribution.
Click "Continue"
VMware Workstation Pro
Installing MikoPBX using VMware Workstation Pro.
This guide covers creating and configuring a virtual machine in VMware Workstation Pro and installing MikoPBX on it.
You can download the VMware Workstation Pro installer from .
Open VMware Workstation Pro and click "Create a New Virtual Machine" to start creating a new virtual machine.
Proxmox LXC Container
Installing MikoPBX in an LXC container
Proxmox LXC is a lightweight container solution within the Proxmox VE virtualization platform, based on LXC (Linux Containers) technology. They allow running isolated Linux systems with minimal resource consumption compared to full virtual machines.
Go to the "local" storage, then "CT Templates". Click "Download from URL" to open the template download dialog from a URL.
Go to with releases and copy the download link for the template file with the "
Asterisk Manager Interface (AMI)
Setting up AMI access
Asterisk Manager Interface (AMI) is a powerful and convenient Asterisk programming interface (API) for managing the system from external programs. Thanks to the AMI, external programs can connect to Asterisk via the TCP protocol, initiate the execution of commands, read the result of their execution, as well as receive notifications about events in real time.
AMI is often used for integration with business processes and systems, CRM software (Customer Relationship Management - customer interaction management). Asterisk is often managed from the CLI console, but using AMI does not require direct access to the server running Asterisk. AMI is the simplest tool, which in the hands of a developer can be a very powerful and flexible tool for integration with other software products. It enables developers to use the information generated by Asterisk in real time.
The first thing to do is to enable the AMI and create a user with which the client program will authenticate. "System" -> "Asterisk Manager Interface(AMI)":
To add a new account, you must specify a Username and Password. In addition, it is necessary to set a Network filter, i.e. from which subnet the connection to the AMI user is allowed. You can allow connections from any addresses, or specify a specific network that you have configured in the "
The extra disk space has run out, the disk size has increased
To execute the following commands, you will need to .
Before starting work, you should unmount the disk. To do this, run the script:
Make sure that the data storage disk is no longer mounted:
First, delete the existing partition. This operation does NOT delete data on the disk, just edits the partition table.
Launching the Section Editor:
The system will prompt you to enter a command, enter "d" and press Enter:
System log entries
Description of section functions
The "System Diagnostics" section in MikoPBX is a tool for monitoring and analyzing the status of the telephone system. Using this section helps to promptly detect and eliminate technical problems, ensuring stable and efficient operation of MikoPBX.
"Read and write" allows you to create, modify, and delete data (POST, PUT, DELETE)
Security
Examples and Detailed Documentation
"API Keys" section in MikoPBX
Basic API key parameters
REST API usage examples
Interactive documentation and endpoint list
Configuring the Virtual Machine
We recommend allocating at least 50 GB for this disk.
Installing MikoPBX
Use the arrow keys to navigate the menu, and press Enter to select an option. You can also press the corresponding number on the numpad.
All data on the disk where MikoPBX is being installed will be lost.
Approximately 14 MB of storage is required for every 1 hour of recorded conversation.
First Login to MikoPBX
Size of RAM and memory for the system hard drive
Controller type and adapter type
"Boot options" section
Loading a system image
System is loaded in recovery mode
[8] Install - for installation process
Available disks for the system
Available disks for the storage
IP-Address of the MikoPBX
Web interface login window
Network topology
The external IP address is mandatory to fill in. If a domain name is specified, it takes priority, and the external IP address field is not used.
When enabling the option 'This station is located behind a NAT router,' it is mandatory to specify the external address or hostname of the router. Additionally, you need to perform port forwarding on the router for SIP port 5060 and RTP ports 10000-10200 to the local address of the PBX.
If your provider allows registration and you do not need to connect external subscribers, you can choose not to enable the option "This PBX is located behind a NAT router", even if the PBX is behind a NAT router.
Manual configuration of network routes
"Network interfaces" section
"Network topology" section
"System file customization" section
/etc/static-routes file
code for /etc/static-routes file
Contact Phone (optional) – Provide a contact number.
Unique Company Identifier (e.g., Tax ID, VAT) (optional).
Registration Process
If you move MikoPBX to another host or restore it from a backup, you will need to reset license bindings in the License Manager.
One license key is issued per company. If your company uses multiple MikoPBX instances, a single registration is sufficient.
OAuth2 - an authentication method in which you do not store or transmit your mailbox password. Instead, the application obtains a temporary access token from the mail provider (Microsoft 365/Outlook, Google Workspace/Gmail, etc.) and uses it when sending emails via SMTP.
Encryption type:
No encryption (port 25) - classic SMTP connection without channel protection.
STARTTLS (port 587) - the recommended and most common method for sending mail. The connection starts without encryption, after which the client and server negotiate a transition to a secure channel.
SSL/TLS (port 465) - SMTP connection with encryption from the very beginning of the connection. The channel is secured immediately after the TCP connection is established, without a switching phase.
Verify server certificate - a security setting that determines whether the client will verify the authenticity of the SMTP server's SSL/TLS certificate when establishing a secure connection (STARTTLS or SSL/TLS).
Secret Key (Client Secret) - the confidential application key issued by the OAuth provider. Used together with the Client ID to verify the authenticity of the application when obtaining and refreshing access tokens. Must be kept secret and not shared with third parties.
SMTP Host - mail server address.
SMTP Port - mail server port.
Encryption type:
No encryption (port 25) — classic SMTP connection without channel protection.
STARTTLS (port 587) — the recommended and most common method for sending mail. The connection starts without encryption, after which the client and server negotiate a transition to a secure channel.
SSL/TLS (port 465) — SMTP connection with encryption from the very beginning of the connection. The channel is secured immediately after the TCP connection is established, without a switching phase.
Verify Server Certificate - a security setting that determines whether the client will verify the authenticity of the SMTP server's SSL/TLS certificate when establishing a secure connection (STARTTLS or SSL/TLS).
SMTP Settings. Username and Password Authentication Type
SMTP Settings.OAuth2 Authentication Type
The total time allowed for entering the extension number is calculated as the sum of the audio file duration and the input extension timeout.
If the total time for entering the extension number expires, a repeat voice announcement occurs, and there is another waiting period within the timeout for the next IVR attempt.
If the user enters an incorrect number or does not enter any number at all, a repeat voice announcement occurs, and there is another waiting period within the timeout for the next IVR attempt.
The maximum number of attempts is set by the "Number of Retries" parameter before transferring to the default number.
Once the number of attempts exceeds the specified value, the call is redirected to the default number.
Creating an IVR menu
How IVR works
"IVR Menu" section
"Add new IVR menu" button
Parameters of the new IVR menu
"Actions when you extend" section
Number of repetitions before transferring to the default number
Timeout to enter an extension number after IVR menu playback
Default extension
"Allow dialing of any extension" switch
"IVR menu extension"
Quick Access to Modules
Marketplace
Each paid module has a trial period of 2 weeks. During this period, you can try the module's functionality and decide whether to purchase it. To purchase a module, write to sale@mikopbx.com
Module Card
Activating Coupons
The protection key always starts with MIKO-. Coupons for modifying product composition always start with MIKOUPD-.
Installing a language pack in the MikoPBX Marketplace
Enabling a module with a language pack
"General settings" section
Selecting a language for audio messages
Система запросит выбрать раздел к удалению, он один, вводим номер раздела «1» и жмем Enter:
Сохраняем таблицу разделов, вводим команду «w» и жмем Enter:
Launching the Section Editor:
The system will prompt you to enter a command, enter "n" and press Enter:
Next, specify the command "p", the section will be primary, press Enter:
Enter the number of the created section "1", press Enter:
Next, the system will ask you to enter the numbers of the first and last sector "First sector" / "Last sector", wait for Enter, do not enter anything and agree with the "default" values.
Run the verification command:
Example of the result of the team's work:
Run the command:
Example of command output:
When booting, the system will automatically mount a disk for data storage:
Some virtual machines allow you to increase the disk size
Be sure to back up your data before you work!
Control of free disk space
The data storage disk is usually mounted in the "/storage/usbdisk1" directory. From the example above, it can be seen that 4.5G of 4.9G is currently available.
When the message "Press any key within 30 seconds to boot from LiveCD..." appears, do not press any buttons. In this case, the system will boot from the hard drive.
Starting MikoPBX
Use the following default credentials for the first login to the MikoPBX web interface:
Username: admin
Password: admin
Configuring Virtual Machine
Configuring Virtual Machine
Configuring Virtual Machine
Configuring Virtual Machine
Configuring Virtual Machine
Configuring Virtual Machine
Adding second hard disk
Adding second hard disk
Adding second hard disk
Adding second hard disk
Adding second hard disk
"Connect..." button
Installing MikoPBX
Installing MikoPBX
Installing MikoPBX
Installing MikoPBX
MikoPBX IP-address
MikoPBX web-interface authorization page
disk for storing call recordings
- FAT32
Allocation unit size - 8192 bytes
Formatting USB drive
Open balenaEtcher. Click "Flash from file" and select the previously downloaded .raw file.
"Flash from file" button
Click "Select target".
"Select target" button
From the list, select your USB drive. Then click "Select 1".
This command displays all connected disks. Look for the disk labeled (external, physical).
In our case, it is disk4 (the number may differ on your system). Use this number in the following steps.
List of all available disks
Next, format the USB drive using this command:
Enter your administrator password when prompted and wait for the formatting to complete.
Formatting the disk
Unmount (disconnect) the disk using the following command:
unmountDisk command
Write the image to the USB drive using this command:
Boot from the USB drive. If errors occur (black screen), make sure that:
Secure Boot - Disabled
CSM (Compatibility Support Module) - Enabled
Booting from USB drive
The system has successfully booted, but no drive is connected for storing call recordings. To connect it, use the arrow keys to navigate to "[6] Data storage" and press Enter.
"[6] Data Storage" section
Then select "Mount drive as data storage" to connect the disk.
"Mount drive as data storage" option
Select the disk that will be used to store call recordings. Enter its ID (name), for example sdc in our case, and press Enter.
Selecting the disk
After this, the system will reboot and will be ready for use and for the first login to the Web interface.
Successfully installed MikoPBX system
To open the Web interface, enter your MikoPBX IP address in your browser’s address bar.
Use the default login credentials.
Installing the system on a USB drive
Windows
The USB drive must be at least 1 GB in size. All data on the USB drive will be deleted!
1 hour of recording conversations takes approximately 14mb on disk.
Installing MikoPBX
First connection to MikoPBX
Default creditionals for the first login are:
Username - admin
Password - admin
System will ask to change them after the first login. It is important for the security of your MikoPBX.
In the setup interface, select the virtual machine type: "
Typical (recommended)
". Then, click "
Next >
".
Selecting the type of virtual machine to create
Choose the installation source, "Installer disc image file (iso):". Select the .iso file you want to use. You can download the distribution from this link. Click "Next >" to continue.
Selecting the system installation source for the virtual machine being created
Select "Linux" for the "Guest operating system" and "Debian 11.x 64-bit" as the version. Click "Next >".
Selecting an operating system and version for the virtual machine being created
Enter a desired name for the virtual machine in "Virtual machine name:" and, if necessary, specify a location on your computer under "Location". Click "Next >".
Specifying the name and path for the virtual machine being created
Set the size for the primary (system) hard drive, with a recommended size of 1GB. Choose "Split virtual disk into multiple files" and click "Next >".
Specifying parameters for the system hard disk for the virtual machine being created
A summary of the virtual machine configuration will appear. Click "Finish" to create the virtual machine.
The final configuration of the machine being created.
Now, let's create and attach a second hard drive, which will be used to store call recordings.
Open the settings of the previously created virtual machine.
Virtual Machine Settings Section
Click "Add..." to add a new system component.
Button for adding a new system element
In Hardware types, select "Hard Disk" and click "Next >".
Selecting the type of a new system element
Choose "Virtual disk type" - "SCSI". Click "Next >".
Selecting a disk type
Choose "Create a new virtual disk" and click "Next >".
Selecting the "Create a new virtual disk" option
Specify the disk size, with a recommended minimum of 50GB. Also, choose "Split virtual disk into multiple files". Click "Next >".
Specifying parameters for the disk being created
Give the hard drive a custom name and click "Finish".
Name for the second hard drive
In the settings, go to "Network Adapter" and select "Network connection" - "Bridged: Connected directly to the physical network". Click "OK".
Setting up a network interface
Start the virtual machine.
Button to start the virtual machine
The MikoPBX command-line interface will open as the PBX starts loading from the optical disk where the ISO image was mounted. This is indicated by the line: "The system is loaded in Recovery mode":
Loaded MikoPBX from optical disk
To install MikoPBX, select "[8] Install".
A list of available disks will be displayed (in this example, sdb, sdc). The system suggests a default disk, sdb in our case, for the installation. If you agree with the suggested disk for the system, press Enter. Otherwise, enter the name of another disk.
Selecting a disk for the system
The system will issue a warning. To confirm the operation, enter "y" and press Enter.
After installation, you'll be prompted to select a disk for storing call recordings. Enter the disk name (in this example, sdc) and press Enter.
Selecting a disk for storing call recordings
After installation, the system will restart. MikoPBX will now boot from sdb, the installation disk, without the line "The system is loaded in Recovery mode"—indicating a successful installation.
MikoPBX successfully installed
To access the MikoPBX web interface, enter your virtual machine's IP address in your browser's address bar. You can find the IP address in the console.
MikoPBX IP address
Enter the IP address in your browser’s address bar. Log in using the default credentials.
MikoPBX WEB interface authorization page
Use versions of MikoPBX other than 2024.1.114 for installation on VMware Workstation Pro. Version 2024.1.114 currently does not support installation via VMware Workstation Pro!
Configuring the Network Interface for the Virtual Machine
First System Boot
Use the to navigate through the menu options.
Press Enter to select an option, or press the corresponding number on the .
All data on the selected installation disk will be erased.
First Login to MikoPBX
Use the following default credentials for the first login to the MikoPBX web interface:
Username: admin
Password: admin
lxc.tar.gz
" extension.
Copying the template link
Paste the link into the "URL" field and click "Query URL". If you copied the correct link, the "File name" field will be populated with the filename having the "lxc.tar.gz" extension.
Click "Download" to start the download.
Downloading a template from URL
After the download is complete, you will see the "TASK OK" message.
Successful template download
Click "Create CT" in the upper right part of the interface to create a new container.
"Create CT" button for creating a new container
Fill in all the basic container parameters:
Hostname — enter a name for the service.
Password — enter the password for logging into the MikoPBX web interface.
SSH public keys — generate and paste your SSH key. You will then be able to use it to connect to the station via SSH. More details about key generation and SSH connection can be found here.
Click "Next".
Basic container parameters
Select the previously downloaded template in the "Template" section.
Click "Next".
Selecting a template for the container being created
Next, specify the system disk size. The recommended value is 1 GB.
Click "Add" to add a new disk.
System disk parameters
Specify the size of the second disk — this is where call recordings will be stored. The recommended size is at least 50 GB. Also specify the disk path — "/storage".
Click "Add" to add a new disk.
Parameters for the second disk
Specify the size of the third disk for storing configuration. The recommended size is 0.5 GB. Also specify the disk path — "/cf".
Click "Next".
Parameters for the third disk
On the next tab, specify the number of CPU cores to be used. For a small company, 1–2 cores is sufficient (see this article for more details).
Click "Next".
Container parameters (CPU)
Next, specify the amount of RAM and Swap memory for the container.
Click "Next".
Container parameters (Memory)
In the next section, configure your network settings. In our case, DHCP is used to obtain an IPv4 address. The Firewall does not need to be enabled here, but it must be configured later in MikoPBX (see this article for more details).
Click "Next".
Container parameters (Network)
In the DNS settings section, click "Next".
Container parameters (DNS)
You will see the final container configuration. Click "Finish".
Final container configuration
Go to the management window of the created container by clicking on its name. Click the "Start" button to launch it.
Container startup process
Then go to the "Console" tab. Wait for the system to load and find the web interface IP address.
Web interface IP address
Enter it in your browser's address bar. Then perform the first login to MikoPBX.
Swap is a disk area that the system uses as additional memory when RAM runs out. It operates significantly slower than RAM and serves as a reserve to prevent the system from terminating processes when memory is insufficient.
First Launch
Login credentials:
Login: admin
Password: the password you set during the initial container creation.
Network and Firewall" → "
"
New User AMI Parameters
AMI user rights set in the [user] section of the configuration file /etc/asterisk/manager.conf
rights ID
reading
writing
System
Reading general information about the system, for example, configuration restart notifications
Allows the user to execute Asterisk control system commands such as Restart, Reload, or Shutdown. This permission also gives users the ability to run system commands outside of Asterisk. Granting such permission is equivalent to granting access to the command shell, with the rights of the user/group under which the Asterisk process is running
Set the filter by entering a string to be included in the selection.
"Show log" section
The following options are available:
Download the selected log as a file .
Refresh the log .
Auto-refresh the log .
Filters
Suppose you need to analyze an outgoing call to the number 74952293042.
Select the log file asterisk/verbose.
Set the phone number 74952293042 as the filter.
Set the limit to a sufficient value, such as 2000, to ensure all log entries are included.
In the last line of the log selection, find the identifier:
In this example, the ID = C-0000000f.
Repeat the log query but use the filter C-0000000f this time.
You will receive the entire log of the dialplan process.
The obtained data can be sent to technical support for further assistance.
The tab displays the following information:
Network settings
CPU load
RAM usage
iptables settings
System information section
This section allows you to perform a detailed analysis of errors in PBX operation.
"Computer network packets" section
You can start capturing network packets passing through the network interface.
To start the process, press the Start button.
"Start" button
Reproduce your issue: make a call or perform an action that causes the error or failure.
Press the Stop and Download button.
"Stop" button
The network packets will automatically be saved in the archive MikoPBXLogs_log-tcpdump-XXXXXXXXXX. They should also automatically save in your browser's Downloads folder.
Logs file
If you cannot find the archive in the Downloads folder, you can connect to the PBX via WinSCP and download it from the /storage/usbdisk1/mikopbx/tmp directory - the file will be log-tcpdump-XXXXXXXXXX.zip.
You can download all system logs accumulated on the PBX. To do this, click the Download All System Logs button.
"Download all system logs" button
The system logs will automatically be saved in the archive MikoPBXLogs_log-sys-XXXXXXXXXX.zip. The logs should also automatically save in your browser's Downloads folder.
You can also obtain this log archive from the /storage/usbdisk1/mikopbx/tmp directory by connecting to the PBX using WinSCP. The file will be log-sys-XXXXXXXXXX.zip.
Solution: enter the station's URL address in the MikoPBX web interface: "Network and Firewall" -> "Network Interfaces". Go to the "Network Topology" section and enter the hostname in the "External hostname of your router" field. (Enable "This station is located behind a NAT router".)
Problem solution
Setting up OAuth 2.0 in Google requires using the station's URL address.
The easiest way is to create a DNS record on the local server or add an IP address-to-domain name mapping in the hosts file on the device from which the configuration is being performed.
Installation via writing the image to a USB drive (Live USB)
Installing the system by writing the image to a USB drive
Writing the image to a USB drive
Windows
Before starting the process, format your USB drive with the following parameters:
File system - FAT32
Allocation unit size - 8192 bytes
Formatting the disk
The image will be written using the Rufus utility. You can download it here.
After installing the utility, open its interface. In the "Device" section, select your USB drive, click SELECT, and choose the previously downloaded . Its verification will begin.
Once verification is complete, set the following parameters and click START:
File system - FAT32
Cluster size - 8192 Bytes
Quick format - checked
In the popup window, select "Write in DD Image mode" and click OK.
In the confirmation window warning that all data on the disk will be erased, click OK.'
Wait until the image writing process is complete. When done, you’ll see the message "READY".
Then proceed to the section .
Connect your USB drive and open the Terminal.
Run the following command:
This will display information about all connected disks. Find the one labeled (external, physical) — for example, disk4 (the number may differ on your system). Use its number for the next steps.
Next, format the USB drive with this command:
Enter your admin password when prompted and wait until formatting completes.
Unmount (disconnect) the disk using this command:
Write the image to the USB drive using this command:
Wait until the writing process is complete. Then proceed to the section .
This example uses Ubuntu 24.04 to demonstrate the image writing process.
Connect your USB drive and open the Terminal.
Run the following command:
This will display information about all connected drives.
Find your USB drive in the list and remember its name. In our example, it is sdb.
Next, format the USB drive with the following command:
Enter your admin password when prompted and wait until formatting completes.
Unmount (disconnect) the disk using this command:
Write the image to the USB drive using this command:
Wait until the writing process is complete. Then proceed to the section .
Boot from the USB drive.
If errors occur (black screen), make sure that:
Secure Boot - Disabled
CSM (Compatibility Support Module) - Enabled
The system is booted in LiveCD mode — indicated by the red message. To install, use the keyboard arrows to navigate to "[8] Install" and press Enter.
Select the disk where the system will be installed. Enter its ID (name), for example sdc.
Confirm your choice by typing "y" to continue.
After installation, you will be asked to select a disk for storing call recordings.
Make your choice as before.
After that, the system will reboot and be ready for use and the first login to the Web interface.
To open the Web interface, enter the IP address of your MikoPBX in your browser’s address bar.
Use the default login credentials.
For quick and convenient searching on the Azure portal, use the search bar.
Creating a resource group
Open Menu / All services / General / Resource groups
In the Resource groups tab, select Create
Enter the group name, for example MikoPBX_group
Use default values for other fields
After entering the values, click the Review + create button, then the Create button
Open Menu / All services / Analyze and transform data / Storage accounts
In the Storage accounts tab, select Create
Specify the created resource group MikoPBX_group
Go to the card of the created storage account pbximgs
In the opened tab, go to the Data storage / Containers
Add a new container
Enter the container name, for example imgs
Open the created container imgs
In the opened tab, select Upload
Select a file from the MikoPBX distribution with the .vhd extension
Open Menu / All services / Compute / Images
In the Images tab, select Create, let's create a new image based on the uploaded *.vhd file
Specify the resource group MikoPBX_group
Specify the OS type - Linux
Specify the generation of virtual machines - Gen 1
Select the blob storage object by clicking Browse, Browse / pbximgs / imgs / *.vhd
Open Menu / All services / Compute / Virtual machines
In the Virtual machines tab, select Create / Azure virtual machine
Specify the resource group MikoPBX_group
Choose the previously created image, See all images / Other items / My images / MikoPBX_Azure
Specify the machine size (combination of CPU / RAM to be at least 1GB / HDD parameters)
Specify the username for the administrator account
If you have an SSH key, do the following
Select the source of the SSH public key - Use existing public key
Specify it in the SSH public key field
If you do not have an SSH key, do the following
Select the source of the SSH public key - Generate new key pair
Specify the key pair name, for example mikopbx_key
Continue with the following instructions:
In the license type field, specify Other
Use default values for the other fields
Go to the Disks tab
Specify the OS disk type
Check the Delete with VM checkbox
Create a new data disk
Specify the disk size to be at least 50GB
Use default values for the other fields, click OK
After entering the values, click the Review + create button, then click Create
Open the virtual machine you created and go to Networking / Network settings / Rules
In the tab, choose Create inbound port rule
Specify the destination port ranges - 0 - 65535
Specify a name, for example TCP
Use default values for the other fields
After entering the values, click the Add button
Similarly, create a rule for UDP. Specify the destination port ranges - 0 - 65535, protocol UDP, and name
Open the virtual machine you created and go to the Connect section
In the drop-down menu under More ways to connect, select Serial console
Copy the external address of the created virtual machine and enter it in the browser's address bar
For login use the login and password provided in Serial console
Proxmox
Installing MikoPBX using Proxmox.
Loading the MikoPBX image
Open the local / ISO images tab and select Download from URL
In the URL field, paste the link to the MikoPBX distribution file with the .iso extension
Click the Download button and wait for the file to finish downloading
Select Create VM
On the General tab, enter the name of the virtual machine, for example mikopbx-vm
Go to the OS tab, and in the ISO image field, select the previously downloaded image
Set the OS type to Linux
On the System tab, uncheck the Qemu Agent box, and use the default values for other fields
Go to the Disks tab
Adjust the size of the system disk to 1 GB
Click the Add button and add an additional disk for data storage
Specify a disk size of at least 50 GB
On the CPU and Memory tabs, specify the computing resources for the virtual machine based on the expected load on the PBX. For a test machine, you can set Cores (CPU tab) to 2 and Memory (Memory tab) to 2 GB
On the Network tab, uncheck the Firewall box
Go to the last tab, Confirm, and check the Start after created box
After entering the values, click the Finish button
Go to the created virtual machine mikopbx-vm
On the open tab, go to the Console section
If the boot is successful, a console menu will appear. Enter 8 from the keyboard to start the installation
Select the disk for the system and enter the disk name from the keyboard, for example sda. Confirm the selection by entering y from the keyboard
Connect the disk for storing call recordings, enter the disk name for connection from the keyboard, for example sdb
To access the MikoPBX web interface, enter your virtual machine's IP address in your browser's address bar. You can find the IP address in the console.
Enter the IP address in your browser’s address bar. Log in using the default credentials.
The QEMU Guest Agent lets Proxmox read the guest IP addresses from MikoPBX, perform a clean OS-level shutdown from the Shutdown button, and take consistent backups (fs-freeze). The qemu-ga binary is already shipped with MikoPBX and is automatically started by monit (the vm-tools service) — you only need to enable the agent channel on the Proxmox side.
Select the MikoPBX virtual machine, open the Options tab and double-click the QEMU Guest Agent row
Tick Use QEMU Guest Agent (set to Enabled), keep Type = VirtIO (default) and click OK
On the Proxmox host (quick alive/dead check):
Inside MikoPBX (via SSH):
If monit summary shows vm-tools Initializing and /dev/virtio-ports/org.qemu.guest_agent.0 is missing, the virtio-serial channel has not been attached to the VM yet — either the option is not enabled on the Proxmox side, or the VM has not been cold-restarted after enabling it.
Call queues
Creating and configuring call queues.
Queues allow you to:
Distribute phone calls among a group of employees (agents): You can create a call queue and add multiple employees to it. When a call comes in, the system automatically routes it to an available employee in the queue, ensuring a more even distribution of workload and increasing call handling efficiency.
Hold the customer on the line when all employees are busy: If all employees in the queue are occupied with other calls, the customer will be placed on hold until one of the employees becomes available. This helps avoid call abandonment and ensures better customer service.
Notify the customer of their position in the queue and approximate wait time: While the customer is in the queue, the system can provide information about their current position in the queue and an estimated wait time. This helps keep the customer informed and improves their waiting experience.
Display the queue name along with the customer's number on the employee's phone: When an employee answers a call from the queue, their phone displays not only the customer's number but also the name of the corresponding queue. This helps the employee handle calls more effectively and provide personalized service.
To configure call queues in MikoPBX, go to the "Telephony" section and select "Call Queue." Here, you can create and customize your queues according to your business requirements and customer service needs.
To add a new queue, perform the "Add a new call queue" action
In the queue creation form or dialog, you will find the following fields:
Queue Name: Enter a name for the queue. This name will be used for reference when setting up call routing rules.
Note: Provide a brief description or note about the queue. This information will be visible in the queue list, allowing you to provide additional details or instructions.
In the Queue Agents section, you can add an arbitrary number of employees (queue agents) and specify a call distribution strategy.
Here are the options for queue strategy:
Ring All: Calls are distributed to all agents at the same time until someone answers the call (default behavior).
Linear: Calls are sent to agents one by one in the order configured in the Queue Agents list. After the Time attempt call to agents interval expires, the call is sent to the next agent.
Linear Progressive: The first agent starts ringing immediately. After each Time attempt call to agents interval, the next agent is added while the previous agents continue ringing. Make sure the timeout in Scenario 1
In this section, you can provide additional information:
Phone number for this queue - you can call the queue using this number from any internal employee extension. Calls can also be transferred to this number.
Short name for the queue - for display before the CallerID on the telephone device of the subscriber, for example, "consult."
Time attempt call to agents - the duration in seconds for which a call will ring on an individual agent's phone. After this time elapses, the call to the agent will be logged as a missed call in the call history. Once the ring time is over, the call will be routed to the next available agent based on the selected strategy.
The rest time of the agent after the processing of the call, before starting to accept new calls - the duration in seconds that is counted from the moment an agent finishes a call from the queue until they are ready to receive new calls. This period allows agents to update notes, complete necessary tasks, or take a short break before being assigned another call.
What the caller hears while waiting - During the wait for their call to be answered, the caller can hear either hold music or a ringing tone.
Background Music (MOH) - You can specify a unique audio file to be played to the caller during the wait, such as promotional materials.
Notify about current queue position - If all operators (queue agents) are occupied, enabling this toggle switch allows you to notify the caller about their position in the queue. If the Additional Audio Announcement option is activated, this announcement will supplement the information about the position.
The script #1 - In this scenario, you can configure the maximum allowable wait time for a client in the queue. If none of the queue agents can answer the client within the specified time, the call will be redirected to the selected number. If no redirect destination is selected, the overall queue timeout is not applied.
The script #2 - If there are no agents available in the queue (meaning no agents are currently logged into the phone system), you can specify a number to which the client's call will be transferred.
Microsoft Outlook Setup (OAuth2)
Mail setup for the Outlook service (outlook.com; hotmail.com) via OAuth2 Authentication
Go to "Entra ID" -> "App registrations". Then click "New registration" to register a new application.
Registering a new application
Select the following parameters for your application:
Name - enter a name for your application.
Supported account types - select "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)".
Specify the Redirect URL:
Select a platform — select "Web".
URL:
Replace 192.168.100.71 with your MikoPBX address.
Then click "Register".
The application will be created. Save the Client ID — you will need it in the future for configuration inside the MikoPBX web interface.
From the application's main page, go to "Manage" -> "API permissions".
Click "Add a permission".
In the "Microsoft Graph" section, select "Delegated Permissions". Enter "SMTP" in the search bar. Check the box next to "SMTP.Send".
Also enter "offline" in the search bar. Check the box next to "offline_access".
Click "Add permissions".
Next, go to "Certificates & secrets" -> "Client secrets". Click "New client secret".
Set the required parameters:
Description - an arbitrary description.
Expires - the duration for which you are issuing this client secret. It will be needed for application authentication in MikoPBX.
Click "Add".
Copy the "Value" (not the Secret ID!). It will be needed for configuration in the MikoPBX web interface.
For the application to work correctly, you need to grant permission to use the SMTP protocol for the user whose mailbox you are authorizing during this setup. To do this, follow these steps:
Go to the organization's admin center ().
Go to "Users" -> "Active Users". Click on the name of the user account under which the application is being created.
In the account, go to the "Mail" section and select "Manage email apps".
Make sure that "Authenticated SMTP" is allowed. Save the changes by clicking "Save changes".
Go to the MikoPBX web interface. Then "System" -> "Mail and Notifications" -> "SMTP Settings".
Fill in all the required fields:
Sender address, Sender name — your email and the name from which the emails will be sent.
Authentication type — OAuth2.
SMTP login — your email.
Leave all other settings at their default values. A more detailed description can be found in the main article about mail parameters ().
After that, click "Save"!
Click "Connect via OAuth2". Sign in to your Microsoft account. Then confirm granting all requested permissions.
Upon successful authorization, you will see the corresponding window.
Running MikoPBX in a container
MikoPBX Installation Guide using Docker container
To work with MikoPBX in a container, you need to install Docker and Docker Compose, as well as create a user and directories for storing configuration settings and call recordings according to the instructions
To launch the container with your application, use the following commands:
# Pulling the container image
sudo docker pull ghcr.io/mikopbx/mikopbx:latest
## Alternatively, you can download the image from Docker Hub.
# sudo docker pull mikopbx/mikopbx:latest
# Running the container in unprivileged mode
sudo docker run --cap-add=NET_ADMIN --net=host --name mikopbx --hostname mikopbx \
-v /var/spool/mikopbx/cf:/cf \
-v /var/spool/mikopbx/storage:/storage \
-e SSH_PORT=23 \
-e ID_WWW_USER="$(id -u www-user)" \
-e ID_WWW_GROUP="$(id -g www-user)" \
-it -d --restart always ghcr.io/mikopbx/mikopbx:latest
Docker will automatically download the image for your system architecture (x86-64 or arm64).
The image is also available on Docker Hub: mikopbx/mikopbx:latest
Testing the functionality
To ensure that your MikoPBX application is posted and working in the Docker container, you can follow these steps after launching it. These steps will help you verify the container's status and view its logs.
Step 1: Check container status
First, ensure that the container is successfully launched and running. To do this, use the command docker ps, which will show a list of running containers and their statuses.
sudo docker ps
This command will display information about all active containers. Make sure that the mikopbx container is present in the list and its status indicates that it is running (e.g., status up).
After confirming that the container is running, the next step is to view the logs to ensure that the application has loaded without errors and is functioning properly. The docker logs command will allow you to see the output generated by your application.
Check the command output for a message similar to the one below. This message indicates that MikoPBX is successfully loaded and ready for use:
If you see the MikoPBX startup process, wait a moment and re-run the command sudo docker logs mikopbx
When the container starts, it lacks information about the host system's address, so you need to open the external address of the host system, in this case, Ubuntu, in a web browser. https://<host machine IP>
Log into the web interface using the admin login and the admin password to make sure that the web interface is accessible and functioning correctly.
The NET_ADMIN flag is required for the proactive protection system fail2ban and the firewall iptables to function inside the container. When an access block is triggered, for example, by entering an incorrect password, access from the IP address of the attacker will be blocked.
If you need to use the "", the container should be run with the –privileged flag. When MikoPBX is run in a container, backups can also be performed by manually archiving the cf and storage directories. In this case, the privileged mode is not necessary, but the container must be stopped during copying.
In addition to using our official registry, you might need to create a container from an image, for example, for a beta version. Our published releases and pre-releases include a tar archive, which we use to create a container.
Here is an example code for its use:
Below are some of the environment variables that will allow you to adjust the MikoPBX ports and settings used.
SSH_PORT - port for SSH (22)
WEB_PORT - port for the web interface via HTTP protocol (80)
WEB_HTTPS_PORT - port for the web interface via HTTPS protocol (443)
A full list of all possible setting parameters is available in the source code .
Connecting AWS S3 Storage
Instructions for connecting AWS S3 as cloud storage for automatic uploading of call recordings from MikoPBX
Creating a Bucket
Go to the AWS console (link). Navigate to "All services" -> "Storage" -> "S3".
"S3" section in AWS
Click "Create bucket".
Button for creating a bucket
Enter any name for the bucket (field "Bucket name"). Leave all other parameters as default and click "Create bucket".
Go to "All services" -> "Security, Identity, & Compliance" -> "IAM".
Next, create a new IAM user. Go to the "Access Management" tab, then "Users". Click "Create user".
Enter the name of the IAM user in the "User name" field.
Click "Next".
Select "Attach policies directly" as the "Permissions options". Scroll down the page.
In the "Permissions policies" section click "Create policy".
In the newly opened tab, in the "Policy editor", select "JSON" as the format and paste the following content into the parameters field:
Click "Next".
Next, specify any name for the policy being created.
Click "Next".
Return to the user creation tab, refresh the policy list, and select the previously created policy (in this guide — "access-mikopbx").
Click "Next".
Confirm user creation: click "Create user".
Open the page of the created user by clicking on the username.
Go to the "Security credentials" section. Click "Create access key".
Enter a description for the key so that you can identify it later. Click "Create access key".
The Access key and Secret access key will be displayed. Save them — they will be needed later when configuring MikoPBX.
Go to the "Maintenance" -> "Storage" tab.
Open the "S3 Cloud Storage" tab and fill in the following fields:
Automatic recording upload to cloud storage — enable the switch.
S3 endpoint URL — enter the S3 AWS endpoint depending on the region of your bucket ( to the table with all URLs). In this guide — https://s3.ap-southeast-1.amazonaws.com
S3 region — specify the region of your bucket. In this guide — ap-southeast-1
Configure the “Local storage period (S3 mode)” slider — choose how long recordings will be stored locally before being deleted after uploading to the cloud.
Click “Save”.
After saving the settings, click "Test connection". If the connection is successful, the message “S3 connection successful” will appear and synchronization of call recordings will begin.
Vultr
Installing MikoPBX using the Vultr cloud platform
This guide provides a step-by-step process for installing MikoPBX on the Vultr cloud platform.
Before starting, you must download the latest .iso MikoPBX image file from .
First, you need to upload the image to the cloud platform.
Navigate to "Cloud Storage" → "Object Storage":
System files customisation
Description of the capabilities of the "System file customization" section
The system file customization section can be found under "System" -> "System file customization":
This section allows for customization of system and Asterisk configuration files. We recommend using this section only for experienced Asterisk administrators. MikoPBX provides the ability to modify the following configuration files via the web interface:
Connecting Wasabi S3 Storage
Instructions for connecting Wasabi Cloud Storage as an S3 storage
Go to the Wasabi console ().
In the left menu, select "Buckets" and click "Create Bucket".
Outbound routing
Description and configuration of outgoing routing
Outgoing routes in MikoPBX are a set of rules and settings that determine how the system handles outgoing calls from employees to external numbers. With their help, administrators can control the direction of calls through different telephony providers or communication lines depending on certain conditions, such as the dialed number, prefixes, time of day or user access rights. This allows you to optimize communication costs, distribute the load between channels and apply security policies by restricting or allowing certain types of calls. Setting up outgoing routes provides flexibility and control over outgoing telephone communications, contributing to the efficient operation of the company's communication system.
In this article, you will find detailed documentation on setting up outgoing routing.
To add a new outgoing routing rule, click the "Add a new rule" button.
The name of the rule can be set arbitrarily.
Enter the storage account name, for example pbximgs
Use default values for other fields
After entering the values, click the Review + create button, then the Create button
Click the Create button
Click the Upload button
Enter a unique name for the image, for example MikoPBX_Azure
Specify the account type - Standard HDD
Use default values for other fields
After entering the values, click the Review + create button, then the Create button
Enter the virtual machine name, for example MikoPBX-vm
Choose the protocol TCP
Creating a storage account
Configuring the created storage account
Creating an image
Creating a virtual machine
To deploy the PBX use two disks:
A 1 Gb disk for the main system
A 50+ Gb disk for storing call recordings
Configuring ports for incoming connections
Make sure to configure the Firewall on the MikoPBX
Starting MikoPBX
is long enough for all required agents to be added.
Least Recent: The call is routed to the agent who has been idle for the longest time within the queue.
Fewest Calls: The call is routed to the agent who has handled the fewest answered calls within the queue.
Random: A random available agent within the queue is selected to receive the call.
Memory Hunt: The system remembers the last agent who answered a call and starts the next distribution from the following agent.
Receive New Calls During A Call - this toggle switch enables or disables the ability to receive new calls while the agent is already on a call. When enabled, agents can handle multiple calls simultaneously.
Notify about estimated hold time - If all operators (queue agents) are occupied, enabling this toggle switch allows you to inform the caller about the approximate wait time for a call to be answered. If the Additional Audio Announcement option is activated, this announcement will supplement the information about the estimated wait time.
Additional notification - A sound message is played only if all participants in the queue are occupied.
Time in seconds to repeat all alerts periodically - Describes the interval at which to announce the queue position, wait time, and announcement.
If Scenario 1 has no backup destination selected, the queue has no overall waiting timeout: the call remains in the queue until an agent answers or the caller hangs up. To limit the waiting time, set the duration in Scenario 1 and choose the destination for redirecting the call.
Main settings
Queue Agents
After saving the queue, MikoPBX regenerates and reloads the queue configuration automatically. A manual Asterisk restart is not required when changing the strategy.
Advanced Settings
Queue settings for agents
Queue settings for the caller
Call routing in case of failures
In these scenarios, as a redirection number, you can choose not only an internal extension but also options such as a conference, queue, IVR (Interactive Voice Response), or a special number within the dial plan application. These options provide flexibility in directing the call to different destinations based on your specific requirements or business needs.
In Scenario 1, specify both the waiting time and the redirect destination. If only the time is filled in without a backup destination, MikoPBX does not pass the overall timeout to the queue application so that the call is not ended without a route to continue.
"Call queue" section
"Add a new call queue" button
New call queue parameters
Queue agents section
Advanced settings button
Queue settings for the caller
Call routing in case of failures
Allows the user to set information on channels
Log
Provides the user with access to reading logs
Read only
Verbose
Provides the user with access to reading detailed logs
Read only
Agent
Reading agent status events from app_queue and chan_agent modules
Allows the user to perform actions to manage and retrieve the status of queues and agents
User
Access to user events as well as Jabber/XMPP user events
Allows the user to execute the UserEvent command to create custom events
Config
For recording only
Allows the user to receive, update, and overload configuration files
Command
For recording only
Allows the user to execute Asterisk CLI commands from AMI
DTMF
Allows the user to receive DTMF events
Read only
Reporting
Access to call quality events such as jitterbuffer or RTCP
Allows the user to perform a number of actions to obtain statistics and information about the status of the entire system
Cdr
Reading data write events in CDR
Read only
Dialplan
Reading events for setting dialplan variables, creating extents
Read only
Originate
For recording only
Allowing the user to execute the Originate command, which sends a request to create a new call
OAuth2 Provider — Microsoft/Outlook.
Application ID (Client ID), Secret key (Client Secret) — data from Microsoft Entra.
Granting Permissions and Creating a Client Secret
After expiration, the created client secret will stop functioning and you will need to repeat the process of creating a new key and connecting to MikoPBX.
After creation, the Client Secret value will be shown only once. Do not forget to copy it into the MikoPBX web interface.
The –net=host flag indicates that NAT between the host and container will not be used. MikoPBX will be directly connected to the host machine's network. All ports that the container needs to occupy will also be occupied on the host machine. If any port on the host machine is unavailable, errors will occur when loading MikoPBX. More details in the Docker documentation.
If necessary, you can adjust the standard set of ports used by MikoPBX. This can be done by declaring environment variables when launching the container.
SIP_PORT - port for connecting a SIP client (5060)
TLS_PORT - port for connecting a SIP client with encryption (5061)
RTP_PORT_FROM - beginning of the RTP port range, voice transmission (10000)
RTP_PORT_TO - end of the RTP port range, voice transmission (10800)
IAX_PORT - port for connecting IAX clients (4569)
AMI_PORT - AMI port (5038)
AJAM_PORT - AJAM port used for connecting the telephony panel for 1C (8088)
AJAM_PORT_TLS - AJAM port used for connecting the telephony panel for 1C (8089)
BEANSTALK_PORT - port for the Beanstalkd queue server (4229)
REDIS_PORT - port for the Redis server (6379)
GNATS_PORT - port for the gnatsd server (4223)
ID_WWW_USER - identifier for www-user (can be set with the expression
$(id -u www-user), where www-user is NOT a root user)
ID_WWW_GROUP - group identifier for www-user (can be set with the expression
$(id -g www-user), where www-user is NOT a root group)
WEB_ADMIN_LOGIN - login for Web interface access
WEB_ADMIN_PASSWORD - password for Web interface access
sudo docker logs mikopbx
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| All services are fully loaded welcome |
| MikoPBX 2026.1.223 |
| built on Tue Apr 7 03:39:14 UTC 2026 (arm64) in Docker |
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| Web Interface Access |
| |
| Local Network Address: |
| https://192.168.65.3 | |
| |
| Web credentials: |
| Login: admin |
| Password: admin |
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| SSH access disabled! |
| |
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Create a container from a tar archive (you need to download it first!)
sudo docker load -i mikopbx-2026.1.223-x86_64-docker.tar
# Launch the created container
sudo docker run --cap-add=NET_ADMIN --net=host --name mikopbx --hostname mikopbx \
-v mikopbx_cf:/cf \
-v mikopbx_storage:/storage \
-e SSH_PORT=23 \
-e ID_WWW_USER="$(id -u www-user)" \
-e ID_WWW_GROUP="$(id -g www-user)" \
-it mikopbx:2026.1.223
We recommend at least 50GB for storing call recordings. This guide uses 30GB as an example.
Installing the System
Connecting to the Web Interface
General (global) settings of Asterisk.
In the asterisk.conf configuration file, you define the following:
- The location, permissions, and owner of the socket used to connect the remote management console to the server.
The location of various directories used by the Asterisk server to determine where configuration files, libraries, scripts, and logs will be created.
Default command-line parameters for starting the server.
cel.conf
Channel Event Logging. Unlike CDR, it logs all events that occur in the channel.
extensions.conf
The Asterisk dialplan. It defines how incoming and outgoing calls are handled and routed. This file controls the behavior of all connections passing through your PBX.
features.conf
The file defines custom codes and options for Asterisk functions like call transfer, call pickup, on-demand recording, digit timeout, call parking, etc.
http.conf
Built-in Asterisk HTTP server configuration.
iax.conf
Describes your IAX protocol connections.
indications.conf
Nationalization of tonal signals.
logger.conf
Asterisk logging configuration. This file configures logging of Asterisk events to files, console, and Linux syslog. To apply settings, run the command "logger reload" in the Asterisk console (CLI).
manager.conf
AMI (Asterisk Manager Interface) configuration.
modules.conf
Asterisk module loading parameters.
musiconhold.conf
Music-on-hold settings in IVR.
queues.conf
Asterisk queue settings. Detailed description of call strategies, penalty, timeout, member, and other available parameters.
rtp.conf
Global RTP settings – media ports and protocol.
sip.conf
Configures internal and external SIP channels in Asterisk.
voicemail.conf
Email notification settings.
jail.local
Fail2ban settings.
msmtp.conf
SMTP client settings.
To edit a configuration file, use the button:
You will be presented with the configuration file editing form:
Customization menu of the system file /acl.conf (example)
"Add to end of file" - appends content to the end of the selected configuration file (recommended).
"To replace all" - your changes will completely overwrite the configuration file.
"Script" mode in MikoPBX system file customization allows administrators to add custom scripts or commands directly into the configuration files. This mode is ideal for advanced users who need to execute specific actions, automate tasks, or modify system behavior dynamically, enhancing the flexibility of the PBX configuration. It should be used with caution to avoid system disruptions.
In some cases, more complex modifications to system files are required than simply adding text to the end of a configuration file. For instance, you may need to redistribute PJSIP account parameters while retaining the ability to configure the system through the web interface.
We've introduced a new approach to customization, where you can describe a Bash script that will execute each time the system generates a configuration file. This way, integrators can make precise changes to configuration files without developing additional modules.
For example, you can modify the pjsip.conf file and change the max_contacts parameter for all internal numbers, except one.
File customization with "Scripts"
You can add parameters to an existing section using the (+) syntax:
It is possible to intercept the execution of the dialplan by defining custom contexts. Currently, you can intercept executions in the following contexts:
internal-originate-custom - used for calls originating from the telephony panel for 1C.
<PROVIDER-ID>-incoming-custom - used for handling incoming calls from the provider.
<PROVIDER-ID>-outgoing-custom - used for handling outgoing calls via the provider.
all_peers-custom - used for direct outgoing calls from a phone.
outgoing-custom - used when dialing an external number, before selecting an outbound route.
add-trim-prefix-clid-custom - used for handling incoming calls, best suited for normalizing incoming phone numbers by adding/removing a prefix.
internal-users-custom - used for handling calls to internal extensions.
public-direct-dial-custom - used for handling incoming calls without authentication.
Example context:
Make sure to call the method "return" at the end.
File Name
Description
System file customization section
asterisk.conf
[user2_pingtel]
type=friend
username=user2_pingtel
secret=blah
host=dynamic
qualify=1000 ; Consider the client unreachable if response time exceeds 1 sec.
callgroup=1,3-4 ; The client is a member of call groups: 1, 3, and 4.
pickupgroup=1,3-4 ; We can "pick up" calls using *8 for calls in groups 1, 3, and 4.
defaultip=192.168.0.60
disallow=all
allow=ulaw
allow=alaw
allow=g729
Modify the dialplan with caution – there is a high chance of disrupting the PBX!
Some examples of using custom contexts:
Configuring outbound AOH for an employee
On the bucket creation page, specify:
Bucket Name — enter any unique name for the bucket (e.g., mikopbx-s3-storage).
Region — select the region closest to your MikoPBX server.
Click "Create Bucket".
Bucket configuration parameters
After creating the bucket, you need to create an access policy. Go to "Policies" in the left menu and click "Create Policy".
Creating a new access policy
Enter a name for the policy (Policy Name) and a description for future identification (Description). In the "Policy Editor" field, paste the following set of rules:
Access policy configuration parameters
Go to "Users" in the left menu (under "Users & Groups") and click "Create User".
Creating a new user
On the first step "Details", fill in the following parameters:
UserName — enter any username (e.g., mikopbx-user).
Type of Access — check only "Programmatic (create API keys)".
Require MFA — leave disabled.
Click "Next".
"Details" tab when creating a user
On the Groups step — skip it and click "Next".
"Groups" tab when creating a user
On the Policies step — select the policy you created earlier (e.g., mikopbx-access in this guide) and click "Next".
"Policies" tab when creating a user
On the Review step, verify the parameters and click "Create User".
"Review" tab when creating a user
After the user is created, the Access Key and Secret Key will be displayed. Save these values — you will need them to configure MikoPBX.The Secret Key is shown only once.
Access Key and Secret Key
Go to the "Maintenance" tab → "Storage".
"Storage" section in MikoPBX
Switch to the "S3 Cloud Storage" tab and fill in the following fields:
Automatically upload recordings to cloud storage — enable the toggle.
S3 endpoint URL — enter the endpoint for your region from the table below.
For example, for region eu-central-1: https://s3.eu-central-1.wasabisys.com
S3 region — specify the region of your Wasabi bucket (e.g., eu-central-1).
S3 bucket Name — specify the name of the bucket created in Wasabi (e.g., mikopbx-s3-storage).
Access Key and Secret Key — paste the values obtained when creating the Access Key.
Configure the "Local storage (S3 mode)" slider — select how long recordings will be stored locally before being deleted after upload to the cloud.
Click "Save".
Region
Endpoing URL
us-east-1 (N. Virginia)
https://s3.wasabisys.com
us-east-2 (N. Virginia)
https://s3.us-east-2.wasabisys.com
us-west-1 (Oregon)
https://s3.us-west-1.wasabisys.com
S3 Wasabi connection parameters
After saving the settings, click "Test Connection". If the connection is successful, the message "S3 connection successful" will appear and synchronization of call recordings will begin.
Remember your region name (e.g., ap-southeast-1), as you will need it when configuring MikoPBX.
Replace "YOUR-BUCKET-NAME" with the name of the bucket you created earlier (e.g., mikopbx-s3-storage in this guide).
Connecting to MikoPBX
In a note, you can describe the call route that you want to implement; this can help you in debugging in the future.
Step 2: Title and Note
Set a template for outgoing calls. Read more about number templates in this articles group.
Step 3: Setting the number template
The example in the picture above means the following: if the dialed number starts with "345" or "375" and the rest of the number consists of 10 digits.
Convert number - this setting is intended to remove the number prefix and replace it with the desired prefix.
Set a template for outgoing calls. Read more about number templates in the next paragraph.
Step 4: Number Conversaion
In the example given, digits are not cut off at the beginning of the number and digits are not added.
Select from the list the provider for which you configured outgoing routing and save the changes.
Step 5: Selecting a provider
The number starts with
The rest of the number consists of the specified number of digits
Examples of numbers
[7-8]{1}
10
79257184255, 84952293042
7925
For example, the number +74952293042 should be converted to the number 84952293042.
The implementation of the rule looks like this:
+7 to 8
For example, the numbers 84952293042 and 74952293042 should be converted to +74952293042.
The implementation of the rule looks like this:
7 and 8 to +7
For example, the numbers 4952293042 and 4996382584 should be converted to 84952293042 and 84996382584 respectively.
The implementation of the rule looks like this:
Prefix 8
For example, the numbers 84952293042 and 74996382584 should be converted to 2293042 and 6382584 respectively.
The implementation of the rule looks like this:
Remove prefix
Creating a rule
Additional examples of configuring outgoing routing are available in the FAQ section.
Step 1: Add a new rule
Step 2: Title and Note
"Call routing" -> "Outbound routing" section
New rule in outbound routing
Step 3. Setting the number template
If the dialed number matches the rules of several routes, then the call will be made in the order of the route descriptions, one by one, until the call is answered, or until there are no more suitable routes.
Step 4: Number Conversion
Step 5. Selecting a provider
Examples
Examples of number templates
Examples of changing number prefixes
Example 1. It is necessary to replace the number prefixes “+7” with “8”.
Example 2. It is necessary to replace the number prefixes “8”, “7” with “+7”.
Example 3: You need to add the prefix "8" to the number.
Example 4: You need to remove the area code "8495" or "7495" or "8499" or "7499" and leave the 7-digit number.
qm agent <VMID> ping # should return an empty response with no error
qm agent <VMID> info # agent version and supported commands
qm guest cmd <VMID> get-host-name # guest hostname — proves the agent actually replies
qm agent <VMID> network-get-interfaces # guest IP addresses (also visible in the VM summary)
ls -la /dev/virtio-ports/org.qemu.guest_agent.0 # this file must exist
ps w | grep qemu-ga | grep -v grep # the qemu-ga process must be running
monit summary | grep vm-tools # expected state: Running
Creating a virtual machine
To deploy the PBX use two disks:
A 1 Gb disk for the main system
A 50+ Gb disk for storing call recordings
Installing MikoPBX
When the message "Press any key within 30 seconds to boot from LiveCD..." appears, do not press any buttons. In this case, the system will boot from the hard drive.
Starting MikoPBX
Use the following default credentials for the first login to the MikoPBX web interface:
Username: admin
Password: admin
Enabling the QEMU Guest Agent
After enabling the option you must perform a full stop and start of the VM (Stop → Start in the WEB UI, or from the Proxmox CLI: qm stop <VMID> && qm start <VMID>).
A regular Reboot is not enough — the virtio-serial device that the agent talks through is attached to the QEMU process only on a cold start. Without that restart the /dev/virtio-ports/org.qemu.guest_agent.0 device never appears inside MikoPBX and the agent cannot start.
How to protect MikoPBX from hacking and unauthorized access
IP PBX systems are increasingly being targeted by attackers. Criminals gain access to your telephony and make calls at your expense - to premium numbers and international destinations. This can result in losses of tens or hundreds of thousands of dollars within just a few hours.
Beyond direct financial losses, a compromised PBX can be used by fraudsters to make calls on behalf of your organization - for example, calling citizens while impersonating banks or government agencies. Victims see your company's phone number, causing reputational damage and potential investigations by law enforcement.
Go through every item in this guide - even if you have already configured the system, something may have been missed.
⚠️ Critical vulnerability in version 2024.1.114!
A vulnerability has been discovered in the external panel module: if the module is exposed to the internet or the Firewall is misconfigured, an attacker can obtain all SIP credentials and make calls on behalf of your company.
You must perform the following steps:
Security Patch for Version 2024.1.114
If you are running version 2024.1.114, install the patch with a single command:
curl -L 'https://files.miko.ru/s/DPZcM2vywc2BTOZ/download' | sh
If you are using an older version — upgrade to the latest release. Steps 3 and 4 from the list above must be completed regardless of your version.
The firewall is your first line of defense. It restricts who can connect to your PBX.
Go to Network and Firewall → Network Firewall, make sure the toggle is enabled, and create rules that allow access only from the required subnets.
Addresses to add to your rules:
Your office subnet
VPN server addresses
Your telephony provider's IP addresses (check with your provider)
Static IP addresses of remote employees
The PBX admin panel is effectively the "master key" to the entire system. If it is accessible from the internet without restrictions, an attacker can gain full control over your telephony.
In the firewall rules, allow WEB and CTI access only for your office subnet or VPN. For all other rules, uncheck the WEB and CTI boxes. If you need remote access — use a VPN.
A weak password is the most common cause of a breach. Attackers try thousands of combinations per second, and passwords like 1234, admin, or password are cracked instantly.
Password requirements for SIP accounts and the web interface:
Minimum 12 characters
UPPER and lowercase letters
Numbers and special characters (!@#$%^&*)
What to check:
Open each employee's profile under Telephony → Extensions and verify that the SIP password is sufficiently complex.
Check the web interface password under System → General Settings → WEB interface password.
By default, the employee's extension number (e.g., 204) is used for SIP authentication. Attackers know this and specifically target standard extension numbers.
Auth Username is the username that a phone or softphone sends when registering with the PBX. It differs from the internal extension number and is used solely for authenticating the connection.
How to configure the Auth Username prefix in MikoPBX:
Go to System → General Settings → SIP and fill in the Auth Username prefix for authorization field. For example, with the prefix MIKO, extension 204 will authenticate as 204MIKO.
After changing the Auth Username, you must update the settings on every phone or softphone. The setting name varies by manufacturer:
Manufacturer
Setting Name
This setting is typically found under the Account or SIP Account section in the phone's web interface.
Fail2Ban automatically blocks IP addresses that exhibit suspicious connection attempts.
Go to Network and Firewall → Intrusion Protection and review the configured protection level:
Weak — 20 attempts in 10 min, ban for 10 min. For initial setup and trusted networks.
Normal — 10 attempts in 1 hour, ban for 1 day. Recommended for most deployments.
Strong — 5 attempts in 6 hours, ban for 7 days. For internet-facing servers.
Warning: Make sure your office addresses are added to the whitelist to avoid accidentally locking yourself out.
Fail2Ban does not replace strong passwords - even with Fail2Ban enabled, a weak password can still be brute-forced.
Docker deployment: in bridge mode the built-in firewall and fail2ban do not protect the web interface. Set up an or switch the container to network_mode: host.
If your PBX is directly accessible from the internet, it becomes a target for automated scanners that continuously search for vulnerable systems.
Place the PBX behind a NAT router.
Use VPN connections for remote employees.
If a public IP is unavoidable — be sure to configure the Firewall and Fail2Ban.
Under Network and Firewall → Network interfaces
Even with strong technical security, it is worth adding a financial safety net. If a breach does occur, these measures will limit potential losses.
Contact your telephony provider and request:
A daily spending limit on outbound calls
A block on service when the balance is negative
Blocking of international and premium-rate calls if you do not use them
Top up your balance in small amounts as needed.
Set up spending alerts with your provider if that option is available.
If you discover that your PBX has been compromised, follow these steps:
Step 1 — Isolate the PBX Immediately
Block all external access via the firewall. Change all passwords — SIP accounts, web interface, SSH.
Step 2 — Save Logs and Call Recordings
Save call recording files and system logs separately — they may be needed as evidence. They can be overwritten over time.
Step 3 — Notify Your Telephony Provider
Contact your telephony provider and report the incident. The provider may be able to block further calls and officially document the breach.
Step 4 — Report the Incident to the Relevant Authorities
File a report with your national cybercrime authority or law enforcement agency. Briefly describe what happened, state that calls were made without your knowledge, and indicate that you are prepared to provide logs and call recordings as evidence.
Go through this list and confirm that every item has been completed:
— configuring access rules.
— network configuration, NAT, DNS.
Alibaba Cloud
Installing MikoPBX using the Alibaba Cloud platform
This guide applies to MikoPBX version 2024.2.135 and later!
This step-by-step guide will walk you through installing MikoPBX on the Alibaba Cloud platform.
First, create a bucket for storing your image. Go to the OSS Management Console (link).
Go to Buckets.
Buckets section
Click Create Bucket:
Specify the following:
Bucket name – a custom name for your storage.
Region – pick the region where your image will be stored.
Click OK.
Go to your newly created bucket by clicking its name in the Buckets section:
Click Upload object and upload the previously downloaded .raw disk image file (leave other parameters at default).
Once the disk image file is uploaded, copy its link. Click View Details to the right of the file name; in the opened menu, copy the URL field.
Return to the ECS Console () and go to Images.
Click Import Image:
Select Linux Operating System and click Next.
Enter/select the following image parameters:
Image File URL – Paste the link to the disk image file you uploaded.
Click OK to create the image. Wait until the process finishes (the Status will show Available).
Next, create and add an SSH key pair in Alibaba Cloud.
In the ECS Console, go to Network Security → Key Pairs:
Click Create SSH Key Pair:
Generate an SSH key pair. For details on how to generate a key pair, see . Fill in the required parameters:
Name – A custom name for your key pair.
Creation Mode – Import
Public Key – Paste your public key, generated earlier.
Click OK to create the key pair in the cloud.
Before creating the virtual machine, you must set up a security group (firewall).
Go to Network & Security → Security Groups:
Click Create Security Group:
Specify the following security group parameters:
Security Group – A custom name for your security group.
Network – Your selected network. If it doesn’t exist yet, click "Create VPC" to the right.
Security Group – Basic Security Group.
Click Create Security Group.
Go to Instances & Images → Instances:
Click Create Instance to create a new virtual machine:
Select your VM parameters:
Billing Method – Choose how you’ll pay for the VM.
Region, Network, and Zone – Select the region and zone to match your needs.
Instance – Pick a configuration for your VM.
Configure additional VM parameters:
Image – Custom Images → Choose the previously imported image.
Storage – Select the type and size of the System Disk (20 GB is the minimum for Alibaba Cloud).
Add a second disk by clicking Add Data Disk, specifying its type and size.
Choose the network parameters for your VM. The security group created earlier will be assigned automatically:
Click Create Order.
In the Instances section, open the newly created VM by clicking its name.
Click Connect.
Select VNC. A new tab will open in your browser with console access.
Enter the following command to connect via SSH:
Replace:
C:\Users\username\.ssh\id_ed25519 with the path to your SSH key,
root if you changed the default user when creating the VM,
ip-adress with the external IP address of your MikoPBX instance.
You will then connect via SSH:
On the VM’s main page, you’ll see important parameters for logging into the MikoPBX web interface.
Paste the IP address into your browser’s address bar to access the MikoPBX web interface login page.
Reset to factory settings
Method 1
Go to "General Settings" -> "Delete all system settings"
In the input field, paste the text "delete everything", click "Save settings"
Method 2
Open the MikoPBX console menu. Use the keyboard to enter 9 to go to the PBX console.
Enter two commands sequentially:
After executing these commands, MikoPBX will reboot. The login to the web interface takes place with the login (admin) and password (admin) by default.
AWS deployment guide
Full installation guide for MikoPBX using AWS
Sign in to the service Amazon Web Services
To follow the instructions, install the Amazon Command Line Utility by opening Terminal and entering the following command
Let's get started with the setup
Go to your account
From the dropdown menu, select Security credentials
VirtualBOX
Installing MikoPBX as a guest machine in VirtualBOX
Download Virtual Box from the and install it.
Create a new virtual machine.
No dictionary words, names, or dates of birth
Snom
Authentication Username
Linphone
Auth userid
Zoiper
Authentication user / Auth. Username
MicroSIP
Login
Cisco (SPA)
Auth ID
Paranoid — 3 attempts in 24 hours, ban for 30 days. For servers under active attack.
, correctly specify the network topology and external address.
Close WEB, CTI, and SIP access to the PBX from external networks.
Update all passwords.
Yealink
Register Name / Authentication User
Grandstream
Authenticate ID
Fanvil
Authentication User
Mandatory Security Measures
Enable the Firewall
Note: For remote employees with dynamic IPs, we recommend purchasing a static IP address from their ISP (typically very low cost per month). An alternative is VPN: all remote employees connect through a VPN server, and only that server's address is added to the Firewall.
Under the Access keys table, select Create access key
Copy the Access key and Secret access key
If you already have an access key, simply copy the Access key and Secret access key
Open Services / Storage / S3
On the tab select Create bucket
Enter a unique bucket name
Use default values for other fields
After entering the values, click Create bucket
Open the created bucket and select Upload
On the opened tab select Add files
Upload the file from the MikoPBX distribution with the .raw extension
Click Upload
Wait for the file to finish uploading
If not done previously for this cloud
Create a separate folder for files on your computer
Create a file named trust-policy.json in the folder
Open Terminal and navigate to the created folder
Run the command vi trust-policy.json
Enter editing mode by pressing i and paste the text
Press ESC and type :wq to save the file
Similarly, create a file named role-policy.json and change the bucket name value in the text to the name of your created bucket
Similarly, create a file named import-image.sh, change the DEFAULT_BUCKET parameter value to the name of your created bucket and the DEFAULT_IMAGE parameter value to the name of the image uploaded to the bucket
Run the command aws configure, specify the region and copied Access key and Secret access key
Run the command
Run the command
Run the command
If the command executes successfully, a unique AMI identifier will be generated
Open Services / Compute / EC2 and navigate to Images / AMIs
Select the created image and click Launch an instance from AMI to create a virtual machine
Enter the virtual machine name, for example mikopbx-vm
Specify the instance type - t3.micro
If you have an SSH key
Specify the SSH key in the Key pair field
If you don't have an SSH key
Select Create new key pair and specify the key pair name, for example mikopbx_key
Follow the instructions further
In the Network settings section, check Allow SSH traffic and Allow HTTPS traffic
If necessary, change the size of the storage disk in Configure storage, default size is 50Gb
For other fields use default values
Click Launch instance
Go to the created virtual machine mikopbx-vm
On the opened tab, select Connect / EC2 serial console, wait for the system to fully load until the authentication parameters are displayed
Copy the external address of the created virtual machine and enter it in the browser's address bar
Use the login and password provided in EC2 serial console for login
#!/bin/bash
# Default variable definition
DEFAULT_IMAGE="mikopbx-2024.1.40-dev-x86_64.raw"
DEFAULT_BUCKET="mikopbx-bucket"
DEFAULT_DESCRIPTION="MikoPBX the best open source PBX on asterisk"
DEFAULT_NAME="MikoPBX 2024.1.40-dev"
# Overriding variables with environment variable values, if set
IMAGE="${IMAGE:-$DEFAULT_IMAGE}"
BUCKET="${BUCKET:-$DEFAULT_BUCKET}"
DESCRIPTION="${DESCRIPTION:-$DEFAULT_DESCRIPTION}"
NAME="${NAME:-$DEFAULT_NAME}"
# JSON file for import-snapshot command
JSON_FILE="disk_container.json"
# Creating JSON file
cat <<EOF> ${JSON_FILE}
{
"Description": "${DESCRIPTION} image",
"Format": "raw",
"UserBucket": {
"S3Bucket": "${BUCKET}",
"S3Key": "${IMAGE}"
}
}
EOF
# Importing the snapshot
IMPORT_TASK_ID=$(aws ec2 import-snapshot --description "${DESCRIPTION} image" --disk-container "file://${JSON_FILE}" --query 'ImportTaskId' --output text)
echo "Import task started with ID: $IMPORT_TASK_ID"
# Waiting for snapshot import to complete
while true; do
STATUS=$(aws ec2 describe-import-snapshot-tasks --import-task-ids $IMPORT_TASK_ID --query 'ImportSnapshotTasks[0].SnapshotTaskDetail.Status' --output text)
echo "Current status: $STATUS"
if [ "$STATUS" == "completed" ]; then
break
fi
sleep 30
done
# Getting SnapshotId
SNAPSHOT_ID=$(aws ec2 describe-import-snapshot-tasks --import-task-ids $IMPORT_TASK_ID --query 'ImportSnapshotTasks[0].SnapshotTaskDetail.SnapshotId' --output text)
# Registering AMI
AMI_ID=$(aws ec2 register-image \
--name "$NAME" \
--description "$DESCRIPTION" \
--architecture x86_64 \
--sriov-net-support simple \
--virtualization-type hvm \
--ena-support \
--boot-mode legacy-bios \
--root-device-name "/dev/sda1" \
--block-device-mappings "[{\"DeviceName\": \"/dev/sda1\", \"Ebs\":{\"DeleteOnTermination\":true, \"VolumeSize\":1, \"SnapshotId\":\"$SNAPSHOT_ID\"}}, {\"DeviceName\": \"/dev/sdb\", \"Ebs\":{\"VolumeSize\":50}}]" \
--query 'ImageId' \
--output text)
echo "AMI created with ID: $AMI_ID"
aws configure
aws iam create-role --role-name vmimport --assume-role-policy-document "file://trust-policy.json"
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document "file://role-policy.json"
sh import-image.sh
Creating a bucket
Adding permissions and attaching policies
Creating a virtual machine
To deploy the PBX use two disks:
A 1 Gb disk for the main system
A 50+ Gb
Starting MikoPBX
Make sure to configure the Firewall on the MikoPBX
Specify the Machine Name and Folder.
Type - Linux.
Version -Other Linux (64Bit).
Click Next.
Parameters of the new VM
Specify the size of the base memory - 1024 MB, as well as the number of processors - 2
Press Next.
Parameters of the new VM
Select Create a new virtual hard disk. Enter a disk size of 700 MB, and also check the box "Pre-allocate Full Size"
Click Create.
Parameters of the new VM
Confirm the creation of the virtual machine: click Finish.
Summary configuration
Go to the settings of the created virtual machine.
To do this, click "Settings" in the upper menu.
"Settings" button
Click the "Storage" tab. Add a new hard drive to store call records.
Creating a new hard disk
In the window that appears, click Create.
Creating a new hard disk
Select the hard disk format - VDI (VirtualBox Disk Image).
Click Next.
Creating a new hard disk
The hard disk must be of a fixed size.
Check the box next to "Pre-allocate Full Size"
Click Next.
Creating a new hard disk
Specify the Name of the created disk.
Set the Disk Size to about 50 GB.
Click Finish.
Creating a new hard disk
Choose the newly created drive and click Select.
Selecting a new hard disk
The created drive will appear in the media list.
Please mount the MikoPBX image onto an optical disc. To do this, select the optical disc in the 'Media' section and click on the image file selection button in the 'Attributes' section.
Mounting an image
In the appeared menu, click on 'Choose a disk file...'
Mounting an image
Select the downloaded ISO disk image.
List of MikoPBX images option. You need .iso image!
"Go to the 'Network' tab.
Set the Connection Type to 'Bridged Adapter'. Click 'OK' to save all the settings you have made.
"Network" tab
Start the created virtual machine.
Button for starting the created VM
The command interface of the PBX will open. The PBX will start booting.
At this stage, MikoPBX is booting from the optical disc containing the ISO image. This is indicated by the message: 'The system is loaded in Recovery mode'.
Installation process
Install MikoPBX.
Click Install.
Installation process
Information about all available disks will be displayed (in this example: sdb, sdc).
Installation process
Enter the name of the disk you referred to as the 'system disk' from the keyboard, in this case sdb, and press Enter. (If it is selected by default, you can simply press Enter).
The system will prompt for confirmation. Enter 'y' and press Enter.
Installation process
After completing the installation, you will be prompted to select a disk for storing call records.
Enter the disk name (in this example, the only available disk is 'cdc') and press Enter.
Installation process
After the installation is complete, the system will reboot.
MikoPBX will now run from the sdb drive where you installed it.
We will see that the line "The system is loaded in Recovery mode" is missing.
MikoPBX Console Page
To access the control panel, you need to enter the IP address of your virtual machine in the browser's address bar.
IP address of your MikoPBX
Web-interface of MikoPBX
The installation of MikoPBX using VirtualBOX is now complete.
Use versions of MikoPBX below 2024.1.114 for installation on VirtualBOX
Version 2024.1.114 temporarily does not support installation on VirtualBOX
You can navigate through the menu items using the .
To select a menu item, press the Enter key.
Alternatively, you can select a menu item by pressing the corresponding ."
All data on the disk where MikoPBX is being installed will be lost
The disk where MikoPBX will be installed is referred to as the system disk (SYSTEM). You can choose a disk with a size larger than 500MB as the system disk.
Approximately, 1 hour of conversation takes up 14MB of disk space.
The first login to MikoPBX
Default creditionals for the first login are:
Username - admin
Password - admin
System will ask to change them after the first login. It is important for the security of your MikoPBX.
External firewall for Docker
ℹ️ Available starting from MikoPBX 2026.2.76. On earlier versions the firewall-bouncer LAPI endpoint, the Firewall page banner, and the "Create bouncer token" button do not exist.
The problem
In Docker mode, MikoPBX's built-in firewall and fail2ban do not protect the web interface:
The container cannot manage host iptables.
With Docker's default userland-proxy=true, the container sees the HTTP client as the docker0 gateway (e.g. 172.17.0.1), not the real attacker IP. Nginx-level ACLs and the fail2ban jail for the web form block only the gateway — i.e. nobody.
SIP protection still works: UDP DNAT preserves the source IP, Asterisk sees the real address, fail2ban writes the ban to Redis, and module reload acl rejects subsequent REGISTERs. Only the HTTP segment is broken.
The fix is to export ban decisions outside the container and apply them in the real host firewall (or edge CDN, or cloud security group) via an external bouncer.
The Security → Web access page shows a yellow banner — "Docker bridge: external firewall enforcement required" — when MikoPBX detects the failure mode. If you see it, this document is for you.
The Check my IP visibility button calls the system:checkClientIpVisibility endpoint and reports one of three verdicts:
ip_visible — the real client IP is visible; no action needed.
ip_not_visible — the real client IP has been replaced by the Docker bridge gateway. HTTP firewall rules will not protect you.
proxy_detected — a reverse proxy is in front of the PBX, and the PBX deliberately does not trust proxy headers. Configure the proxy to expose the real source IP, or deploy an external bouncer.
If the host is dedicated to the PBX and there are no port conflicts, flip the container to host mode:
The container shares the host network namespace; Asterisk and Nginx see real source IPs, and the built-in firewall works as on bare metal. Best for SIP-heavy installations.
Limitations: only one host-mode container per host, no side-by-side PBX copies, conflicts with other processes on standard ports.
The MikoPBX container stays in bridge mode. On the Linux host, install cs-firewall-bouncer (open-source, CrowdSec project). It polls the MikoPBX endpoint every 10 seconds and translates decisions into the host's iptables / nftables.
Recommended for most installations.
Open System → API keys.
Click Create bouncer token (pre-fills the correct path restriction).
A token-creation form opens. The description ("External firewall bouncer (CrowdSec-compatible)") and the API key are pre-filled — optionally pick a Network filter to restrict the source IP the bouncer is allowed to call from. Leave Full access permissions off: the Create bouncer token button has already scoped the token to /api/v3/firewall-bouncer
Save. A modal will pop up with a ready-to-paste cs-firewall-bouncer.yaml snippet — copy it immediately, the API key is shown only once.
Open /etc/crowdsec/bouncers/cs-firewall-bouncer.yaml and replace api_url / api_key with the values from step 1:
📌 api_url is the base URL — cs-firewall-bouncer appends /v1/decisions/stream itself and sends the token in the X-Api-Key header. Do not put the full decisions path in api_url, and do not prefix the key with Bearer — the bouncer manages both.
⚠️ If your MikoPBX listens on HTTPS with a self-signed certificate, add insecure_skip_verify: true or install the CA certificate on the host.
🚨 iptables_chains: [INPUT, FORWARD, DOCKER-USER] is not the CrowdSec default (default is INPUT only). Without DOCKER-USER, traffic Docker routes to the container goes via the DOCKER chain and never sees the bouncer's DROP rule — the ban appears in iptables but actually does nothing. This is the single most common trap when wiring CrowdSec to a Docker-hosted PBX.
The bouncer log should show received N new decisions, 0 deleted.
sudo iptables -L CROWDSEC -n (or the IPv6 counterpart for crowdsec-firewall-bouncer-iptables-v6) lists the applied bans.
Manually ban a test IP via the Firewall → Networks
CrowdSec bouncers ban at IP level, not protocol level — a single ipset entry drops every TCP and UDP packet from the banned address. That includes port 22. If an operator's source IP ends up in the ban list by mistake (say, fail2ban detects three failed auth:login attempts from the office NAT), SSH gets dropped too, and the operator can lock themselves out of the host.
Insert a high-priority ACCEPT for the admin port above the bouncer's DROP rule, so administrative access stays reachable even when the operator's own IP gets banned:
Repeat for any other port you administer through (Wireguard, the cloud provider's serial console, etc.) — anything you do not want the bouncer to ever drop.
For installations where losing access to the host has a high cost, add a systemd-timer that periodically flushes the bouncer's ipset. The bouncer will re-apply current bans on the next poll, so this is a bounded-blast-radius safety net rather than a feature disable:
30 minutes is a reasonable default — short enough that an accidental lockout self-recovers before the operator's coffee gets cold, long enough that real attacks still get blocked for a meaningful window.
CrowdSec maps decisions to a single ipset per IP family. iptables rules then drop all traffic from listed IPs, regardless of protocol or port. So a mikopbx/http ban (web brute-force) will also silently drop the same IP's SIP / IAX / AMI / SSH packets — and the reverse: a mikopbx/sip ban (Asterisk fail2ban jail) will drop the same IP's HTTP and AMI too. MikoPBX feeds all four ban categories (sip, http, ami, iax) into the same stream, so once the bouncer is wired every ban becomes IP-wide.
For most installations that's the right behaviour — if an IP is hostile to HTTP it has no business reaching SIP either, and vice versa. But if you deliberately want per-protocol isolation (e.g. block HTTP brute-forcers without affecting their SIP), do not deploy the bouncer for that PBX. The existing in-Docker SIP defence path (fail2ban → Redis → pjsip ACL inside Asterisk) keeps SIP bans isolated to Asterisk, but only as long as those bans never reach the host ipset — which is exactly what the bouncer changes.
GET /pbxcore/api/v3/firewall-bouncer/v1/decisions/stream returns a snapshot of currently active decisions in the exact shape stock cs-firewall-bouncer expects — {new, deleted} at the top level, no MikoPBX envelope:
new[] carries the full snapshot of currently active bans on every poll — bouncers refresh their entry timeouts to the value of duration, so an active ban stays alive at the source's declared lifetime. deleted[] is computed per-token (MikoPBX stores the previous snapshot per ApiKey id) and contains decisions that disappeared since the last poll. Operator-triggered unbans propagate to the bouncer's ipset in one poll cycle (≈ 5–10 seconds), not at natural-TTL decay.
?startup=true on the first poll after bouncer restart resets the per-token cursor and emits deleted: [] — so a freshly-restarted bouncer never sees phantom evictions for state it never tracked.
Both header forms authenticate the same token:
GET /pbxcore/api/v3/firewall-bouncer/v1/whitelist returns the operator-defined whitelist as a flat JSON array:
This endpoint is MikoPBX-specific. Stock cs-firewall-bouncer does not poll it (CrowdSec LAPI has no "allow" decision type, and the bouncer uses its own whitelists.yaml). Provided for MikoPBX-aware integrations that want server-side whitelist consistency with the PBX's NetworkFilters.
The full response format, query parameters, and MikoPBX↔CrowdSec field mapping are documented in .
Google Cloud deployment guide
MikoPBX Installation deployment Guide using Google Cloud
Authorize on the platform
Let's start configuring
Open Navigation menu / Products & solutions / Storage / Cloud Storage
On the Cloud Storage tab select Create
Extensions
Setting Primary Phone Numbers
Extensions in MikoPBX are individual users of the system who are assigned internal numbers for making and receiving calls. They have personal accounts that allow you to configure access rights, call forwarding and other personal settings in the system.
The "Extensions" section displays a list of internal user accounts for employees. On the left side of each employee, the status of the authorized device is displayed. If the device is successfully authorized under the respective internal user account, a green circle is shown; otherwise, it appears gray.
In the search bar, you can find the desired contact. You can search by the employee's name, internal number, mobile number, or email address.
The form also provides the ability to sort the list of employees by name, internal number, mobile number, or email address. There are buttons for copying the account password to the clipboard, editing the account, and deleting the account.
Telephony providers
Connecting and configuring telephony providers in MikoPBX
"Telephony Providers" in MikoPBX is a section of the system where connections to external telecom operators via Internet protocols for IP telephony are configured. Here, administrators can add and configure SIP trunk accounts or other types of connections that allow the system to make and receive calls from landline and mobile numbers.
To make or receive external phone calls via the public switched telephone network or the Internet, you must create at least one provider account. Each technology has its own account type. To add a new account or change an existing one, go to "Call Routing" -> "Telephony Providers":
The provider overview contains a list of all available service providers. A green icon next to the provider's name indicates that MikoPBX has registered this provider, and you can start using this provider. You can enable or disable the use of the provider using the switch on the left.
To connect a new provider account, click
The firewall-export endpoint
ℹ️ Available starting from MikoPBX 2026.1.76.
Technical reference for developers writing their own bouncers and for integrating MikoPBX with edge providers (Cloudflare, AWS WAF, custom nftables generators).
Base URL:https://<MIKOPBX-HOST>/pbxcore/api/v3/firewall-bouncer/
disk for storing call recordings
, so it has no access to the rest of the API.
UI or trigger a fail2ban ban, and confirm the entry appears in the host iptables within 30 seconds.
Step 1. Check whether this applies to you
Step 2. Choose an approach
Option A — network_mode: host (minimum effort)
Option B — cs-firewall-bouncer apt package on the host
1. Create an API token
2. Install the bouncer on the host
3. Configure
4. Verify
Production deployment notes
Protect SSH (and other admin ports) from the bouncer
api_url: http://<MIKOPBX-HOST>/pbxcore/api/v3/firewall-bouncer/
api_key: <token-from-modal>
update_frequency: 10s
mode: iptables
log_mode: stdout
log_level: info
# CRITICAL for Docker deployments: the rule MUST be inserted in
# DOCKER-USER, otherwise traffic Docker forwards to the container
# bypasses INPUT/FORWARD entirely and the ban is silently
# ineffective.
iptables_chains:
- INPUT
- FORWARD
- DOCKER-USER
# Disable IPv6 unless Docker has an IPv6 bridge configured. ip6tables
# does not have a DOCKER-USER chain on hosts without docker IPv6, and
# the bouncer fatals at startup when it tries to insert there.
disable_ipv6: true
sudo systemctl restart crowdsec-firewall-bouncer.service
sudo systemctl status crowdsec-firewall-bouncer.service
Check the roles for the Cloud Build service account:
Open the IAM page .
Select your Google Cloud project
Connecting Compute Engine API
Creating an image
Creating a virtual machine
To deploy the PBX use two disks:
A 1 Gb disk for the main system
A 50+ Gb
Configuring ports for incoming connections
Make sure to configure the Firewall on the MikoPBX
Starting MikoPBX
Для быстрого и удобного поиска на платформе Google Cloud используйте панель поиска
Создание хранилища
Подключение Cloud Build API
Проверьте роли учетной записи службы Cloud Build, для этого
Откройте страницу IAM
Выберите свой проект Google Cloud
Подключение Compute Engine API
Создание образа
Создание виртуальной машины
Настройка портов для входящих соединений
Запуск АТС MikoPBX
Sorting employees and functions in the main menu
To add a new employee, click the "Add new employee" button.
Button "Add new employee"
There is an option to export and import employees for configuration convenience. To do this, click the arrow to the right of the "Add New Employee" button.
3 options are available:
Import from CSV — load employees from a CSV file into MikoPBX.
Export to CSV — download employees to a CSV file from MikoPBX (employees will not be deleted from the station).
Download template — download a CSV table template to fill in and subsequently import into MikoPBX.
Options for bulk employee import/export
Click "Select CSV file" and choose the previously prepared file with data in the table. It is recommended to use templates from the "Template" tab.
"Import" section
After selecting the file, information about all detected users in the table will be displayed. Select a duplicate handling strategy and click "Confirm import" to start the process.
Employee import parameters
After the process is complete, you will see the employee creation status as well as a notification about the end of the import.
Click "Back to list" to return to the employee list.
Successful employee import
There is an option to export a CSV file with all the data of current employees. Several export formats are available:
Minimal:
number — Internal number (required)
user_username — Employee full name (required)
user_email — Email address
mobile_number — Mobile number
sip_secret — SIP password (will be generated if not specified)
fwd_ringlength — Ring time (seconds) before forwarding
sip_transport — Transport (udp/tcp/tls), default udp,tcp
sip_enableRecording — Call recording (true/false)
fwd_forwardingonbusy — Forwarding number if busy
fwd_forwardingonunavailable — Forwarding number if unavailable
Full:
All parameters from Minimal and Standard.
user_avatar — Photo URL
sip_acceptMultipleCalls — Accept multiple calls at the same time (true/false)
sip_manualattributes — Additional SIP parameters
You can also specify a range of internal employee numbers to export (the "Filter by number range" section).
Click "Export employees". The file will be downloaded to your device.
"Export" section
On this tab, you can download a blank file template with the specified "columns" to fill in and subsequently import into MikoPBX.
Select the template format (see the "Export" section for more details), then click "Download CSV template".
"Template" section
Employee Account Settings Tab
On the "Basic Parameters" tab, you can configure the general settings for an employee's internal account:
Username: This value will be used for name substitution and displayed in the corresponding field on the phone screen.
Internal Number: This is the employee's internal extension number, which is also used as the login when connecting the phone.
Mobile Number: It is used for additional routing purposes.
Email Address: It is used for email notifications.
Password for SIP
Accesses the Advanced drop-down list:
Advanced settings option
Redefining the set string
In the "Redefining the set string" field, enter the dialing rule for mobile numbers according to your provider's requirements.
If you want employees to have the ability to record conversations, you can enable the Сall recording feature.
The setting determines how DTMF (Dual Tone Multi-Frequency) signals are transmitted over the SIP protocol. DTMF signals are used, for example, when dialing phone numbers or interacting with IVR systems.
This setting allows you to specify the transport protocol used for this account. The transport protocol determines how data is transmitted over the network. The most common transport protocols used in SIP (Session Initiation Protocol) are UDP (User Datagram Protocol), TCP (Transmission Control Protocol), and TLS (Transport Layer Security)
The subnet described in the "Network Firewall" section specifies the allowed subnet for this account. It determines which IP addresses or networks are permitted to connect to this account. Connections originating from other subnets will result in authentication errors.
This field is used to modify/override the configuration files of Asterisk. You can override almost all parameters. For example, when using chan_pjsip, a SIP account for an employee is described by the following sections:
To override fields in the sections, you should fill in the "Additional Parameters" field as follows:
"Routing settings" section
On this tab, you can set rules for call forwarding when the employee is unavailable, busy, or does not answer.
Set the time period in seconds during which the call will be directed to the employee's internal account. If the employee cannot answer the call within the specified time, indicate to which number the call should be forwarded. By default, the call will be redirected to the employee's mobile number.
You can also specify the numbers to which the call should be redirected in case of busy and unavailable status.
Feel free to configure these parameters according to your preferences and requirements.
[acl]
; Describe access parameters from different subnets [acl_***]
[auth]
; Describe authentication parameters for outbound calls
[aor]
; Edit AOR section for the endpoint
[endpoint]
; Edit endpoint parameters
Adding an extension
There are two ways to add employees:
1) Adding employees one by one by entering data in the Web interface.
2) Importing multiple employees from a CSV file.
Adding Employees One by One
Importing and Exporting Employees from a CSV File
Import
Export
Template
Main Account Settings
Please set strong passwords for SIP accounts. MikoPBX validates the password length and strength when the account is saved. A secure SIP password should use a non-dictionary combination of uppercase and lowercase letters, digits, and special characters.
By setting complex passwords, you can enhance the security of the user accounts and protect them from unauthorized access.
Advanced Account Settings
Call recording
DTMF Mode
Transport protocol
Network filter
Manual additional attributes for SIP
Routing Settings
Connecting softphones
Connecting telephones
Connect SIP
or
Connect IAX
depending on the type of account you are connecting.
Different types of connection
General settings of provider
In the general settings of the SIP provider, specify the following settings:
Provider Name - an arbitrary name that is convenient for you. It will be displayed in the selection lists in the corresponding menus.
Account Type - the type of registration for the provider account.
Provider host URL or IP Address - can be either a URL or an IP address.
Username and Password provided by your provider.
DTMF Mode - determines how DTMF signals are transmitted over SIP. There are different standards used to transmit DTMF to SIP providers. Try using different standards to find the mode that suits you.
inband sends keypresses as "tones." To use this standard, you need a high-quality audio codec.
Auto, rfc, and info transmit keypresses through SIP encoding.
Advanced Settings
In this section, list all communication service provider addresses from which incoming calls can arrive. Access to these addresses for SIP and RTP ports will be automatically opened on the firewall.
Additional provider hosts or ip
By default, it is set to 5060. The SIP protocol describes how a client application (e.g., a softphone) can request the initiation of a connection from another, possibly physically remote client in the same network using its unique name. The protocol defines how clients agree on opening exchange channels based on other protocols that can be used for direct information transmission (e.g., RTP).
SIP Connection Port
Allows you to specify the transport protocol used for this provider account.
Transport Protocol
This is the provider's SIP proxy server for processing requests. The actual SIP server may differ from this address. The outbound proxy takes on primary requests and forwards them to the appropriate server.
Outbound proxy
When this option is enabled, Asterisk will send SIP OPTIONS packets. This is necessary to support NAT tunneling on your router.
Specify the frequency with which Asterisk will send OPTIONS-type SIP messages to check if this device is working and available for making calls.
If this device does not respond within the specified period (default is 60 seconds), Asterisk considers it turned off and unavailable for making calls.
Support NAT Session
You can disable the use of the fromuser field of the SIP packet header.
Redefining SIP Header "From"
The fromuser and fromdomain parameters in the pjsip.conf file are used for outgoing calls from Asterisk to the SIP device.
You can override:
the username in the From field in SIP packets (fromuser).
the domain name in the From field in SIP packets (fromdomain).
The fields User and Domain serve this purpose.
User and Domain fields
In this field, you can modify Asterisk configuration files.
You can override almost all parameters. For example, when using chan_pjsip, the provider is described with the following sections:
To override fields in sections, fill in the Additional Parameters field as follows:
To complete the configuration, click Save Settings.
Save settings
There are cases when you need to connect multiple accounts from one communication service provider. In this case, the settings Host or IP Address and SIP Connection Port may be the same for all accounts.
Asterisk handles this situation differently. The PBX will not be able to correctly route the call to the desired provider, and the call will be dropped.
As a solution, in older versions of the PBX, you could describe additional inbound routes for which you would fill in the Additional Number (DID) field with the Username value for each account of the provider. This required creating N number of additional routes, equal to the number of provider accounts.
The Username field, in most cases, will be used as the destination number Additional Number (DID) for incoming calls. Considering that outgoing routes for all Usernames will be configured, the call will be correctly processed by the PBX.
This option is used when connecting most providers.
Registration is necessary when the provider cannot know from which IP address the client will connect. For example, when the PBX is behind NAT. The provider's server is usually on a public IP address.
This option is relevant for the operation of some FXO / GSM gateways when an external device must connect to your PBX using a login and password.
This option is also relevant when the remote device is behind NAT, and MikoPBX cannot know its IP address.
Relevant for secure private networks. For example, Rostelecom often lays its network cable and connects the client to its local network.
In this case, the PBX and the provider must be in the same network.
General Information
Telephony providers section
Switching provider status
[REG-AUTH-***]
type = auth
; ----
[REG-***]
type = registration
transport = transport-udp
; ----
[***-OUT]
type = auth
; ----
[***]
type = aor
max_contacts = 1
; ----
[***]
type = identify
; ----
[***]
type = endpoint
context = incoming
; ----
[registration-auth]
; Describe authentication parameters for [REG-AUTH-***]
[registration]
; Describe registration parameters on the remote server [REG-***]
[endpoint-auth]
; Describe authentication parameters for outgoing calls through the provider
[identify]
; This section is responsible for matching registration and endpoint. When an incoming call arrives,
; an identity parameter check will be carried out according to the INVITE.
[aor]
; Edit the AOR section for the endpoint
[endpoint]
; Edit endpoint parameters
Setting up SIP Provider
General Settings
Instructions for connecting to the most popular service providers can be found in our .
Advanced SIP Provider Settings
Additional provider hosts or ip
SIP Connection Port
Transport Protocol
Outbound Proxy
Support NAT Session
Redefining SIP Header "From"
Additional Parameters
Multiple Providers on One IP (Host)
More about Registration Types
1. Outgoing Registration
2. Incoming Registration
3. IP Authentication, No Password
Endpoints:
GET /v1/decisions/stream — full decision snapshot in CrowdSec LAPI format. Stock cs-firewall-bouncer polls this path automatically by appending it to api_url.
GET /v1/whitelist — operator allow-list as a flat JSON array (MikoPBX extension, see Whitelist).
Auth: the bouncer token can be sent in either header:
X-Api-Key: <token> — what stock cs-firewall-bouncer sends.
Authorization: Bearer <token> — convenient for curl, Postman, or custom HTTP clients. Both forms validate the same ApiKeys row, so path restrictions and ACLs apply identically.
Permission scope:firewall_bouncer. Issue tokens with allowed_paths: {"/api/v3/firewall-bouncer": "read"} — the UI preset in the ApiKeys section does this for you.
Compatibility: the decisions/stream response shape matches the CrowdSec LAPI exactly ({new, deleted} at the top level, no envelope). Existing CrowdSec bouncers (cs-firewall-bouncer, cs-cloudflare-bouncer, cs-nginx-bouncer, and dozens of community plugins) work out of the box.
GET /pbxcore/api/v3/firewall-bouncer/v1/decisions/stream
mikopbx-fail2ban (Redis) or mikopbx-networkfilters (operator DB).
MikoPBX
CrowdSec
Source
mikopbx-fail2ban
aggregated origin
Redis keys firewall:<cat>:<ip>
mikopbx-networkfilters
aggregated origin
m_NetworkFilters.deny table
Every poll returns the full snapshot of currently active bans in new. Bouncers refresh their ipset / nftables entry timeouts on every appearance, so a still-active ban stays alive at the source's declared duration.
deleted carries the per-bouncer diff since the previous poll. MikoPBX stores the last-served snapshot per ApiKey id (Redis key _PH_REDIS_CLIENT:fwbouncer:cursor:<token-id>, TTL 1 h refreshed on every poll — the cursor expires only after one hour of bouncer silence). Decisions that disappeared between two polls — operator-triggered unban, ban TTL elapsed, NetworkFilters entry deleted — appear in deleted as full decision objects on the next poll, so the bouncer evicts the entry from its local store immediately rather than waiting for natural ipset timeout.
update_frequency: 5–10s is the recommended polling interval.
The bouncer-sent query parameters behave as follows:
Param
Behaviour
startup
startup=true ignores the stored cursor for this poll only — full snapshot in new, empty deleted — then writes the just-served snapshot to the cursor. The NEXT poll diffs against that fresh snapshot normally. Bouncers send this on the first poll after restart. Other values (including false) are treated as steady-state polls.
scopes
Accepted but ignored. MikoPBX only emits scope=Ip and scope=Range; no filtering applied server-side.
origins
Accepted but ignored. Both origins (mikopbx-fail2ban, mikopbx-networkfilters) always present in the response. Bouncers that want to filter must do so client-side.
Cursor isolation lets multiple independent bouncers (e.g. one running nftables locally, another driving a Cloudflare endpoint) each track their own delta — issue one ApiKey per bouncer. Sharing one ApiKey between two or more bouncers makes them share a single cursor: polls from different bouncers interleave their snapshot writes, producing nondeterministic deleted[] timing and missed eviction events for short-lived bans.
Note that the JSON body is the LAPI shape at the top level — there is no {result, data, ...} envelope around new / deleted.
GET /pbxcore/api/v3/firewall-bouncer/v1/whitelist returns the operator-defined allow-list as a flat JSON array:
Sources merged into the response:
NetworkFilters rows with newer_block_ip = '1',
Fail2BanRules.whitelist.
This endpoint is MikoPBX-specific. Stock cs-firewall-bouncer does not poll it — CrowdSec LAPI has no "allow" decision type and the bouncer uses its own whitelists.yaml. Provided for MikoPBX-aware integrations that want server-side whitelist consistency.
MikoPBX additionally enforces the whitelist on the write side (via DockerNetworkFilterService::isIpWhitelisted), but that's defence in depth — your bouncer should still subtract the whitelist from new before applying bans.
The whitelist endpoint exposes operator allow-list networks. Never expose this endpoint without authentication.
Optimally, bind the bouncer token to a NetworkFilter that permits only the bouncer host's IP. Calls from any other source will return 403.
After compromise — revoke the token in the ApiKeys UI; the bouncer will stop receiving new decisions, and its local bans will start expiring after 30 seconds (if that mode is enabled).
# Read the bouncer API key from an env var / secret manager on the host
# where you run this — never paste it inline in scripts that get checked
# into version control.
TOKEN=$BOUNCER_API_KEY
# CrowdSec-style:
curl -H "X-Api-Key: $TOKEN" \
"https://pbx.example.com/pbxcore/api/v3/firewall-bouncer/v1/decisions/stream?startup=true" \
| jq
# Bearer-style (equivalent):
curl -H "Authorization: Bearer $TOKEN" \
"https://pbx.example.com/pbxcore/api/v3/firewall-bouncer/v1/decisions/stream" \
| jq
import requests, time
BASE = "https://pbx.example.com/pbxcore/api/v3/firewall-bouncer"
HEADERS = {"X-Api-Key": TOKEN}
# Bouncer-local whitelist (refreshed less often than decisions).
whitelist = set(requests.get(f"{BASE}/v1/whitelist", headers=HEADERS).json())
while True:
resp = requests.get(f"{BASE}/v1/decisions/stream", headers=HEADERS).json()
bans = {d["value"] for d in resp["new"]}
apply_iptables(bans - whitelist)
time.sleep(10)
To work with MikoPBX in a container, you need to install Docker and Docker Compose following the instructions
Here is an example of a docker-compose.yml file that can be used to manage your MikoPBX container via Docker Compose:
Save the contents into a file named docker-compose.yml, make the necessary adjustments, and launch MikoPBX using the command:
It is also possible to organize the launch of multiple MikoPBX containers on a single host. However, you need to consider Docker's port handling features. If the –net=host mode is not used, it will lead to a high load on the host system's CPU because Docker creates a separate rule in Iptables for each allocated port.
With the –net=host mode enabled, you need to manually monitor the distribution of available ports between the running containers and built-in applications. For instance, to run two MikoPBX containers on one host, you can use the following configuration file:
General settings
Description of the main system settings
This section configures the core system parameters. It is recommended to complete these settings immediately after installing the PBX.
PBX system name - displayed on the MikoPBX main page.
Additional description - visible to system administrators only.
Application dialplans
Creating and Configuring Dialplan Applications
Dialplan applications are programmable voice applications in PHP and Asterisk Dialplan. MikoPBX comes with several pre-configured applications. With some basic knowledge of Asterisk dialplans, additional applications can be easily created. Like a phone account, applications can have an extension assigned in the settings.
MikoPBX comes with several pre-configured applications. With some basic knowledge of Asterisk dialplan, you can easily create additional applications. Like a phone extension, applications can have an internal number assigned in the settings.
Below you will see a description of the basic applications included in MikoPBX:
Application Number
Application Description
type
string
Always "ban".
scope
string
"Ip" for a single address or "Range" for a CIDR.
value
string
IP address or CIDR.
duration
string
Remaining time until expiry, e.g. "3600s" or "8760h".
scenario
string
mikopbx/sip, mikopbx/http, mikopbx/ami, mikopbx/iax, or mikopbx/manual.
Save the contents into a file named docker-compose.yml, make the necessary adjustments, and launch MikoPBX using the command:
There is an option to launch MikoPBX containers in the –net=bridge mode. However, as mentioned above, to use this mode you either need to significantly limit the range of RTP ports or open them on the host machine without using Docker's capabilities.
For this, you will need to write a small script to determine the name of the current bridge interface and the IP address of each container. After running Docker Compose, you will then need to add the necessary iptables rules for the RTP port range as follows:
Let's describe several containers in the docker-compose.yaml file, specify different ports for the web interface, SIP ports, and ranges of RTP ports to ensure they do not overlap.
Creating a directory for scripts
Save the start-multiple-mikopbx.sh and docker-compose.yaml files into this folder.
Install the necessary dependencies for the script.
Navigate to our folder, add execution rights and launch our script.
While waiting for the containers to start, check the firewall settings on the host, and if necessary, open the ports specified in our docker-compose.yaml file, specifically:
TCP/UDP ports 5060 and 6060 for SIP
UDP ranges 10000-10800 and 20000-20800 for RTP voice transmission
TCP ports 8443 and 9443 for HTTPS protocol, for web interface operation.
Access each station in turn at the addresses:
https://<host machine IP>:8443
https://<host machine IP>:9443
To access the web interface of the first MikoPBX, use the login admin and the password mikopbx-first-password
To access the web interface of the second MikoPBX, use the login admin and the password mikopbx-second-password
Each machine should have NAT mode enabled, indicating that the container is behind a router in the network interface settings. If the stations will be used within a local network, then in the external IP field, enter the local IP address of the host machine, otherwise its public IP address.
With that, the setup is complete, and you can configure accounts and make calls.
Below are some of the environment variables that will allow you to adjust the MikoPBX ports and settings used.
SSH_PORT - port for SSH (22)
WEB_PORT - port for the web interface via HTTP protocol (80)
WEB_HTTPS_PORT - port for the web interface via HTTPS protocol (443)
SIP_PORT - port for connecting a SIP client (5060)
TLS_PORT - port for connecting a SIP client with encryption (5061)
RTP_PORT_FROM - beginning of the RTP port range, voice transmission (10000)
RTP_PORT_TO - end of the RTP port range, voice transmission (10800)
IAX_PORT - port for connecting IAX clients (4569)
AMI_PORT - AMI port (5038)
AJAM_PORT - AJAM port used for connecting the telephony panel for 1C (8088)
AJAM_PORT_TLS - AJAM port used for connecting the telephony panel for 1C (8089)
BEANSTALK_PORT - port for the Beanstalkd queue server (4229)
REDIS_PORT - port for the Redis server (6379)
GNATS_PORT - port for the gnatsd server (4223)
ID_WWW_USER - identifier for www-user (can be set with the expression
$(id -u www-user), where www-user is NOT a root user)
ID_WWW_GROUP - group identifier for www-user (can be set with the expression
$(id -g www-user), where www-user is NOT a root group)
WEB_ADMIN_LOGIN - login for Web interface access
WEB_ADMIN_PASSWORD - password for Web interface access
A full list of all possible setting parameters is available in the source code here.
docker-compose.yml
services:
mikopbx:
container_name: "mikopbx"
image: "ghcr.io/mikopbx/mikopbx-x86-64"
network_mode: "host"
cap_add:
- NET_ADMIN
entrypoint: "/sbin/docker-entrypoint"
hostname: "mikopbx-in-a-docker"
volumes:
- /var/spool/mikopbx/cf:/cf
- /var/spool/mikopbx/storage:/storage
tty: true
environment:
- ID_WWW_USER=${ID_WWW_USER}
- ID_WWW_GROUP=${ID_WWW_GROUP}
# Change the station name through environment variables
- PBX_NAME=MikoPBX-in-Docker
# Change the default SSH port to 23
- SSH_PORT=23
# Change the default WEB port to 8080
- WEB_PORT=8080
# Change the default WEB HTTPS port to 8443
- WEB_HTTPS_PORT=8443
#!/bin/bash
COMPOSE_FILE="$1"
if [ -z "$COMPOSE_FILE" ]; then
echo "Usage: $0 path/to/docker-compose.yaml"
exit 1
fi
# We will obtain the user ID for running the container
export ID_WWW_USER=$(id -u www-user)
export ID_WWW_GROUP=$(id -g www-user)
# Stop current containers if they are running
docker compose -f "$COMPOSE_FILE" down
# Remove them
docker compose -f "$COMPOSE_FILE" rm
# Start containers in the background
docker compose -f "$COMPOSE_FILE" up -d
sleep 60
# Create a label for IPTABLES rules
IPTABLES_COMMENT="mikopbx-custom-rule"
# Determine the project identifier, used when creating a network bridge
project_prefix=$(cat "$COMPOSE_FILE" | yq e '.x-project-name' -)
# If the prefix is not set, use a default value
if [ -z "$project_prefix" ]; then
project_prefix="default_prefix"
fi
# Function to get container IP address
function get_container_ip() {
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' "$1"
}
# Function to get the name of the bridge interface
function get_bridge_name() {
local network_name="$1"
local prefix="$2"
local network_id=$(docker network inspect "${prefix}_${network_name}" -f '{{.Id}}')
if [ -z "$network_id" ]; then
echo "Error: Network ${prefix}_${network_name} not found."
return 1
fi
local bridge_name=$(ip link show type bridge | grep -o "br-${network_id:0:12}\b")
echo $bridge_name
}
echo "Delete tagged iptables rules"
# Delete all iptables rules tagged with our comment
iptables -S | grep "$IPTABLES_COMMENT" | sed 's/-A /-D /' | while read rule; do
echo "Delete rule $rule"
iptables $rule
done
# Delete all NAT iptables rules tagged with our comment
iptables -S -t nat | grep "$IPTABLES_COMMENT" | sed 's/-A /-D /' | while read rule; do
echo "Delete rule $rule"
iptables -t nat $rule
done
# Parse the docker-compose file and obtain all necessary parameters.
echo "Parsing docker-compose file and configuring iptables rules"
cat "$COMPOSE_FILE" | yq e '.services[] | select(.environment[] | test("RTP_PORT_FROM")) | {"container_name": .container_name, "environment": .environment, "network": .networks[0]}' -o=json | jq -c '.' | while read -r service; do
container_name=$(echo $service | jq -r '.container_name')
network_name=$(echo $service | jq -r '.network')
bridge_name=$(get_bridge_name "$network_name" "$project_prefix")
container_ip=$(get_container_ip "$container_name")
RTP_PORT_FROM=$(echo $service | jq -r '.environment[] | select(contains("RTP_PORT_FROM")) | split("=")[1]')
RTP_PORT_TO=$(echo $service | jq -r '.environment[] | select(contains("RTP_PORT_TO")) | split("=")[1]')
echo "Configuring iptables for $container_name ($container_ip) on $bridge_name from port $RTP_PORT_FROM to $RTP_PORT_TO"
iptables -A DOCKER -t nat ! -i "$bridge_name" -p udp -m udp --dport $RTP_PORT_FROM:$RTP_PORT_TO -j DNAT --to-destination $container_ip:$RTP_PORT_FROM-$RTP_PORT_TO -m comment --comment "$IPTABLES_COMMENT"
iptables -A DOCKER -d $container_ip/32 ! -i "$bridge_name" -o "$bridge_name" -p udp -m udp --dport $RTP_PORT_FROM:$RTP_PORT_TO -j ACCEPT -m comment --comment "$IPTABLES_COMMENT"
iptables -A POSTROUTING -t nat -s $container_ip/32 -d $container_ip/32 -p udp -m udp --dport $RTP_PORT_FROM:$RTP_PORT_TO -j MASQUERADE -m comment --comment "$IPTABLES_COMMENT"
echo "Don't forget to open UDP ports $RTP_PORT_FROM to $RTP_PORT_TO on external firewall if it exists"
done
echo "iptables configuration completed successfully."
docker-compose.yaml
services:
mikopbx-first:
container_name: "mikopbx-first"
image: "ghcr.io/mikopbx/mikopbx-x86-64"
entrypoint: "/sbin/docker-entrypoint"
hostname: "mikopbx-in-docker-first"
volumes:
- /var/spool/mikopbx/first/cf:/cf
- /var/spool/mikopbx/first/storage:/storage
tty: true
cap_add:
- net_admin
networks:
- network-bridge1
environment:
- ID_WWW_USER=${ID_WWW_USER}
- ID_WWW_GROUP=${ID_WWW_GROUP}
- PBX_NAME=MikoPBXFirst
- RTP_PORT_FROM=10000 # UDP range 10000-10800 on host will be directed to the container
- RTP_PORT_TO=10800
- WEB_ADMIN_PASSWORD=mikopbx-first-password
- ENABLE_USE_NAT=1
- PBX_FIREWALL_ENABLED=1
- PBX_FAIL2BAN_ENABLED=1
ports:
- "8443:443" # TCP port 8443 on the host is directed to port 443 in the container
- "5060:5060/udp" # UDP port 5060 on the host is directed to port 5060 in the container
mikopbx-second:
container_name: "mikopbx-second"
image: "ghcr.io/mikopbx/mikopbx-x86-64"
tty: true
cap_add:
- net_admin
networks:
- network-bridge2
entrypoint: "/sbin/docker-entrypoint"
hostname: "mikopbx-in-docker-second"
volumes:
- /var/spool/mikopbx/second/cf:/cf
- /var/spool/mikopbx/second/storage:/storage
environment:
- ID_WWW_USER=${ID_WWW_USER}
- ID_WWW_GROUP=${ID_WWW_GROUP}
- PBX_NAME=MikoPBXSecond
- RTP_PORT_FROM=20000 # UDP range 20000-20800 on host will be directed to the container
- RTP_PORT_TO=20800
- EXTERNAL_SIP_PORT=6060 # Inform MikoPBX about its external SIP port
- WEB_ADMIN_PASSWORD=mikopbx-second-password
- ENABLE_USE_NAT=1
- PBX_FIREWALL_ENABLED=1
- PBX_FAIL2BAN_ENABLED=1
ports:
- "9443:443" # TCP port 9443 on the host is directed to port 443 in the container
- "6060:5060/udp" # UDP port 6060 on the host is directed to port 5060 in the container
x-project-name: mikopbx # This parameter must be present
networks:
network-bridge1:
driver: bridge
network-bridge2:
driver: bridge
cd /usr/src/mikopbx
sudo chmod +x start-multiple-mikopbx.sh
sudo ./start-multiple-mikopbx.sh docker-compose.yaml
Network Bridge Mode (–net=bridge)
Important note!
One of our containers uses port forwarding from SIP port changing its value from 5060 to 6060.
In this case, for the system to function correctly, you need to add the external value of the SIP port in the NAT settings in the network interfaces section of MikoPBX.
This setting can also be made by setting the corresponding value of the environment variable EXTERNAL_SIP_PORT=6060 in the docker-compose file.
Environment variables for configuring MikoPBX
In the default bridge mode the built-in MikoPBX firewall does not protect the web interface — the container cannot manage host iptables. See .
Language of system audio messages - language used for voice announcements.
Maximum length of internal numbers - the maximum length of an employee's internal extension number.
Allow incoming calls from any servers - allows accepting SIP calls from unauthorized devices and servers without registration.
Restart PBX every night — automatic restart of Asterisk at night (at 01:00 AM system time).
Send crash information to developers — when an error occurs, its description is sent to developers (requires internet access).
Click "Save".
"General" tab in system settings
Call Recording - enable or disable recording of all calls.
Recordinginternal conversations- enable or disable recording of calls between employees.
Below, you can select audio files to be used as a recording notification (different audio files can be selected for incoming and outgoing calls).
"Call Recording" tab in system settings
Phone calls are saved in WebM format with the Opus codec. File size depends on call quality: if at least one participant uses a high-quality codec (e.g., G.722 or Opus), the recording is saved at a higher bitrate — this takes more disk space but improves speech recognition quality.
Call Parking is a way to temporarily place a customer on hold while you look up information. The caller hears music while waiting.
MikoPBX supports two parking methods:
Dial *2 during a call — the call will be placed on hold and you will be told the parking slot number. Any employee can pick up the call by dialing that number.
In the settings, configure a parking number — when a call is transferred to this number, MikoPBX will place it on hold and announce the slot number. Any employee can retrieve the call.
The parking slot range and parking number can be configured in this section:
Call parking number — the number to transfer a call to in order to place it on hold, default is 800.
Parking slot range — the range of parking slot numbers, default is 801–820.
MikoPBX supports two types of transfers:
Attended (Consultative) Transfer — you can speak with a colleague before transferring the call to them. The caller is on hold during this time. The transfer completes when you hang up.
Blind (Unattended) Transfer — the call is transferred immediately, without a prior conversation with the colleague. Useful when a second call comes in while you are already busy — the call can be instantly transferred to a free employee.
The key combinations for transfers can be changed in this section:
Combination for attended transfer — default is ##.
Combination for blind transfer — default is **.
Call return time if no answer after attended transfer — if no one answers after an attended transfer, the call returns. Set in seconds, default is 45 sec.
Maximum timeout between digits when entering an extension number (in milliseconds) — the wait time for the next digit when dialing an extension. Set in milliseconds, default is 2500 ms.
If a colleague's phone is ringing, you can pick up the call without leaving your desk:
*8<ColleagueNumber> — pick up a specific employee's call.
*8 — pick up any incoming call when the colleague's number is unknown.
The pickup combination can be changed in the "Combination for intercepting incoming calls" field, default is *8.
"Call Transfers" tab in system settings
Session Initiation Protocol (SIP) is the signaling protocol used by most VoIP phones. You can change the SIP port (default 5060) to improve security.
RTP (Real-time Transport Protocol) defines the standard format for transmitting audio and video over IP networks. The default port range is 10000–10800. Some routers and firewalls may require additional range configuration. Another reason to expand the range is a large number of concurrent calls: each active call uses two RTP ports, meaning 200 ports support no more than 100 simultaneous calls. If load is higher — expand the range.
SIP port for registering phones on this station — the port for phone registration on the station, default 5060. Changing the port can improve system security.
SIP TLS port (encrypted calls) — the port for encrypted calls, default 5061.
RTP port range — the port range for audio transmission, default 10000–10800.
STUN server address — helps when the PBX is behind NAT, including when using WebRTC.
Auth Username prefix for authorization — by default, the username for SIP account authorization matches the employee's internal extension (e.g., 101). When this setting is filled in, the specified prefix will be appended to the auth username: username remains 101, but AuthUsername becomes 101MIKO. This approach significantly complicates password brute-forcing for SIP accounts.
Use WebRTC — additional settings will be applied for WebRTC connections. For example, for internal extension 201, an additional endpoint will be created, accessible via WebRTC using the URL sip:201-WS@IP_PBX.
Some firewalls close ports after a period of inactivity — in such cases, it is advisable to reduce the registration timeout. Different SIP providers may also require different timeout values.
Default time in seconds to send Keep-alive — the interval for sending keep-alive packets in seconds, default 120 seconds.
Minimum Registration Time (SIPMiniExpiry) — default 60 seconds.
Maximum Registration Time (SIPMaxExpiry) — default 3600 seconds.
"SIP" tab in system settings
This section configures the allowed audio and video codecs for the entire PBX.
"Audio/Video Codecs" section in system settings
Asterisk Manager Interface (AMI) is a powerful and convenient software interface (API) for Asterisk that allows external programs to manage the system. Through AMI, external programs can connect to Asterisk via TCP, initiate command execution, read results, and receive real-time event notifications. AMI is often used for integration with business processes and CRM (Customer Relationship Management) systems.
Asynchronous Javascript Asterisk Manager (AJAM) is a technology that allows web browsers or other HTTP-capable applications to directly access the Asterisk Manager Interface (AMI) via HTTP/HTTPS.
Asterisk REST Interface (ARI) is a RESTful API with WebSocket support that provides full control over Asterisk channels, bridges, and media streams in real time. Designed for developing custom telephony applications.
Use AMI Interface — enable or disable AMI.
AMI Port — the port for connecting external programs to AMI, default 5038. A client application connects to AMI through this port and authenticates, after which Asterisk responds to requests and sends notifications about state changes in specified subsystems.
HTTP Port (AJAM and ARI) — the port for HTTP connections, default 8088.
HTTPS Port (AJAM and ARI) — the port for HTTPS connections, default 8089.
Use AJAM Interface — enable or disable AJAM.
Use ARI Interface — enable or disable ARI. Disabled by default.
CORS allowed origins — domains from which requests to ARI are permitted. CORS is a browser security mechanism that restricts cross-domain API requests.
"AMI&ARI" tab in system settings
SSH (Secure Shell) is an encrypted protocol commonly used for interacting with and remotely managing servers. An SSH server can authenticate users using various algorithms. The most popular is password authentication. It is fairly simple but not very secure: passwords are transmitted over a secure channel, but are not complex enough to withstand brute-force attempts. The computational power of modern systems combined with specialized scripts makes brute-forcing very easy.
A more secure authentication method is SSH keys. Each pair consists of a public and private key: the private key is stored on the client, and the public key is uploaded to the server in the ~/.ssh/authorized_keys file. When connecting, the server sends a message encrypted with the public key — if the client decrypts it with the private key and returns the correct response, authentication is considered successful.
SSH port — the port for SSH connections, default 22.
SSH console login — the username for connecting.
Disable password authentication — enabled by default in MikoPBX (password authentication is disabled).
SSH password — the login password (available only if password authentication is not disabled).
Authorized SSH Keys — add your public SSH key here using the "+ Add Key" button. If you have multiple keys, add each one separately.
System Public SSH Key — the public SSH key of the current PBX. It can be copied into the "Authorized SSH Keys" field on another station — this allows connecting to the remote server without additional authentication.
"SSH" tab in system settings
To improve security, you can change the HTTP port (default 80) or enable HTTPS mode. HTTPS encrypts traffic between the browser and the PBX using SSL/TLS protocols. The default TCP port is 443.
HTTP port — the port for accessing the web interface via HTTP, default 80.
HTTPS port — the port for accessing the web interface via HTTPS, default 443.
Redirect to HTTPS — when the web interface is opened via HTTP, the user will be automatically redirected to HTTPS.
An SSL/TLS certificate is a digital document that verifies the server's identity and ensures encrypted communication between the browser and the PBX. In MikoPBX, the certificate is used for:
HTTPS access to the web interface
WebRTC connections (required for browser-based calls)
Secure AJAM and ARI connections via HTTPS
Secured REST API for integrations
The certificate must be in PEM format — beginning with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----. If you have intermediate certificates, add them after the main certificate in the same field.
Ways to obtain a certificate:
Let's Encrypt Module — automatic issuance and renewal of free certificates. Recommended method.
Purchase from a Certificate Authority (DigiCert, Comodo, GlobalSign, etc.)
Self-signed Certificate — automatically generated on first PBX startup, but causes browser warnings.
The secret key used to decrypt SSL/TLS connections. It must exactly match the public certificate — if they do not match, HTTPS will not work.
The key must be in PEM format — beginning with -----BEGIN RSA PRIVATE KEY----- or -----BEGIN PRIVATE KEY-----.
Security recommendations:
Keep a backup copy of the key in a secure location.
Use keys of at least 2048 bits in length (4096 recommended).
Regularly renew certificates and keys.
"HTTP/HTTPS" tab in system settings
In this section, you can change the login and password for accessing the web interface, and configure login via Passkeys.
Login — the username for logging into the web interface.
Password — the password for logging into the web interface.
Passkeys are a modern passwordless login method using biometrics or a hardware security key: Face ID, Touch ID, Windows Hello, or YubiKey. This is faster and more secure than traditional passwords.
To add a Passkey, click the "+ Add Passkey" button and follow the browser instructions.
"WEB Interface Password" tab in system settings
This section allows you to fully reset the system to its factory state. The reset will permanently delete all settings, call history, call recording files, and installed extension modules.
To confirm, type delete everything in the input field and click "Save".
"System Settings Reset" section in system settings
Main
"General Settings" section in the MikoPBX web interface
Enabling this option may pose a security risk. Make sure your network is properly protected and filtering rules are in place!
Call Recording
Approximately 1 hour of conversation takes 14–28 MB of disk space depending on recording quality.
Call Transfers
Parking (Hold)
Call Transfers
Combinations are entered from the phone during an active call, followed by the internal extension number of the employee to transfer to.
Timeouts
Call Pickup
SIP
SIP Signaling Port and RTP Range Settings
Additional Parameters
Registration Duration Settings
Audio/Video Codecs
AMI&ARI
AMI Settings
HTTP Server Settings
AJAM Settings
ARI Settings
Never use * in production. Only specify trusted domains over HTTPS.
SSH
In MikoPBX, password authentication is disabled by default — SSH keys must be used to connect. A key can be added in this section or when creating a virtual machine in the cloud (it will be automatically applied during MikoPBX installation).
You can read more about connecting to MikoPBX via SSH .
Section Parameters
HTTP/HTTPS
HTTPS Public Key (SSL/TLS Certificate)
We recommend using the Let's Encrypt module for automatic certificate management. Learn more .
HTTPS private key
Never share your private key with third parties. If the key is compromised, an attacker will be able to intercept encrypted traffic. In case of compromise — replace the key pair immediately.
WEB interface password
Default MikoPBX credentials:
Login: admin
Password: admin — it is recommended to change this immediately.
Passkeys (Biometric Authentication)
You can read more about this .
System settings deletion
This action is irreversible. Before clearing the system, make sure you have a backup of all important data.
000063
The application reads the internal number of the employee used to call the application and voices it to the employee, i.e. the employee is voiced his internal number on the PBX
000064
0000MILLI - Generates a constant sound signal with a frequency of 1000 Hz. Used to check the quality of the connection.
10003246
The Echo application sends the received audio signals back to the user so that the delay duration can be determined. In general, you hear what you say. The application is mainly used for testing.
MikoPBX applications are created from several plans of the Asterisk application suite. There are many examples of ready-to-run applications in the system. To add a new MikoPBX application, click on "Add a New" in the application menu.
"Add a new" button
In just a few steps, you can create your own applications. First, define the Name and Call Number for the application, and optionally fill in the Comment field.
Possible application code types:
PHP-AGI script - AGI is an embedded method in Asterisk for executing external scripts (similar to CGI for HTTP servers), which can extend Asterisk's functionality using other programming languages, particularly PHP. AGI scripts can control call handling in the dialplan and are invoked from the extensions.conf file.
Asterisk Dialplan - The configuration of the dialplan is contained in the Asterisk configuration file called extensions.conf. This is one of the most important configuration files where the processing and routing of incoming and outgoing calls are defined. This file governs the behavior of all connections passing through your PBX (Private Branch Exchange).
Parameters of the new dialplan application
Let's clarify: we will refer to MikoPBX applications as "applications" and Asterisk dialplan functions as "functions". For example, Answer(), NoOP(), Set(), and Wait() are functions. These are individual target functions in Asterisk that are then combined in MikoPBX to create more powerful MikoPBX applications.
Describe the logical operations in the text field of the Programme Code. Please note that only one command is allowed per line, for example:
"Programme code" section
The figure shows an example of the simplest application for the number 000063. After dialing the number, you will hear the robot voice your internal number.
Description of Asterisk functions that you can use in your applications:
Наименование команды
Описание
answer
Transfer the call to the answered state.
channel status
Returns the status of the connected channel.
control stream file
List of basic Application dialplans
Creating applications
MikoPBX will check the commands used. It is possible that incorrectly programmed operations may affect the performance of your telephone system.
ARI Access
Short description of ARI (Asterisk REST Interface)
ARI is a RESTful API with WebSocket support that gives full control over Asterisk channels, bridges, and media streams in real time. Unlike the MikoPBX REST API, ARI works directly with the Asterisk core and is designed for building custom telephony applications.
Detailed ARI documentation is available on the official Asterisk website:
What is it used for?
ARI is used when the standard PBX features are not enough and custom call handling logic is required:
WebRTC applications and softphones — web phones and mobile clients with direct media stream control
Interactive voice response (IVR) — custom menu logic unavailable through the standard dialplan
Conference calls — programmatic control of bridges and participants
Call recording and processing — real-time audio interception for analytics or transcription
Voice bots and assistants — integration with external AI services
Advanced queues — custom call distribution logic
ARI consists of three components:
REST API — management of Asterisk objects: channels, bridges, recordings
Stasis — a dialplan application that passes a channel to your ARI application for control
Typical scenario: a call enters the dialplan → Stasis() passes the channel to your application → the application controls the call via REST API and receives events via WebSocket.
Before starting, you need to enable the ARI interface (it is disabled by default). Go to "System" → "General Settings".
Go to the "AMI & ARI" tab and toggle the "Use ARI Interface" switch. In the "CORS allowed origins" field, specify the domains from which requests to ARI will be made. CORS is a browser security mechanism that restricts cross-domain API requests.
Value
When to use
Go to "System" → "ARI Access".
Click "Add User".
Fill in the following parameters:
Username — login for connection, e.g. ari_user.
Password — password for connection.
Description — description for the current user, e.g. "WebRTC Demo".
Save the settings.
Type
URL
Replace [application] with the name of your Stasis application.
Type
URL
Authentication: HTTP Basic Auth — ARI user login and password.
This is a minimal ARI example — a channel enters a Stasis application, the application plays a sound file and ends the call.
The example is taken from the official Asterisk documentation:
In MikoPBX, go to "Routing" → "Dialplan Applications", create an application with the type "Asterisk Dialplan" and the following code:
Assign the application to the required incoming route.
When an incoming call arrives, the WebSocket will receive a StasisStart event:
Open a new terminal window and run the following command:
On successful playback, you will see the following output in the terminal:
After the call ends, the WebSocket will send a StasisEnd event:
A live employee status table in the terminal — no incoming route or Stasis application configuration required. Works by subscribing to all station events.
Install dependencies:
As calls are made, the table will update in real time:
Full ARI documentation is available on the Asterisk website:
Sending a preset audio file to the channel, with the ability to control its playback (pause/rewind/resume playback) using the DTMF digits received from the subscriber, if specified. (Asterisk 1.2)
database del
Deleting a key/value from the database.
database deltree
Deleting the key/value tree from the database.
database get
Get the value from the database.
database put
Adding/changing a value in the database.
exec
Execution of the specified Command. (Commands are functions that you use when describing the set plan in the extensions.conf file).
get data
Get data from the channel.
get option
Behaves similarly to the "STREAM FILE" command, but is used with a specified value for timeout. (Asterisk 1.2)
get variable
Get the value of the channel variable.
hangup
Break the connection (Hangup) on the current channel.
noop
An empty command. Does nothing.
receive char
Accepts one character from the channel if it supports this feature.
receive text
Accepts a text string from a channel if it supports this feature.
record file
Writes to the specified file.
say alpha
Pronounces the specified string of characters. (Asterisk 1.2)
say date
Pronounces the date. (Asterisk 1.2)
say datetime
Pronounces the date and time according to the specified format. (Asterisk 1.2)
say digits
Pronounces the specified string of digits.
say number
Pronounces the specified number.
say phonetic
Pronounces the specified string of characters.
say time
Pronounces the time.
send image
Sends the image to the channel if it supports this feature.
send text
Sends text to the channel if it supports this feature.
set autohangup
Automatic termination of the connection (Autohangup) on the channel at the specified time.
set callerid
Setting the caller id for the current channel.
set context
Setting the context for the current channel.
set extension
Change the extension for the current channel.
set music
Включение/Выключение музыки ожидания (Music on hold), например: «SET MUSIC ON default».
set priority
Enabling/Turning off the standby music (Music on hold), for example: "SET MUSIC ON default".
set variable
Setting the channel variable.
stream file
Sending an audio file to the channel.
tdd mode
Setting the TDD mode for a channel that can support it to enable interaction with TDD.
verbose
Writing a message to the verbose log of the asterisk server.
wait for digit
Waiting for the DTMF button to be pressed
*
All origins — for testing purposes only
Applications — specify the names of Stasis applications the user has access to. Leave the field empty for access to all applications.
(empty)
Access from the same domain only
http://localhost:3000
Local development
https://app.mycompany.com
Production application
Regular
ws://your-mikopbx.com:8088/asterisk/ari/events
Secure (TLS)
wss://your-mikopbx.com:8089/asterisk/ari/events
HTTP
http://your-mikopbx.com:8088/asterisk/ari
HTTPS
https://your-mikopbx.com:8089/asterisk/ari/
How does it work?
Configuring an ARI User
Never use * in production. Only specify trusted domains over HTTPS.
Common applications
ari-app: Main ARI application
stasis: Base Stasis application
external-media: Working with external media streams
bridge-app: Call bridge management
channel-spy: Channel monitoring
Connection Parameters
WebSocket
REST API
It is recommended to use secure connections (wss:// and https://) with a valid SSL certificate. Regular ws:// and http:// are acceptable only in an isolated test environment.
import asyncio
import websockets
import json
import os
from datetime import datetime
ARI_HOST = 'your-mikopbx.com'
ARI_USER = 'ari_user'
ARI_PASS = 'your-ari-password'
peers = {}
STATES = {
'NOT_INUSE': ('🟢', 'Available'),
'BUSY': ('🔴', 'Busy'),
'UNAVAILABLE': ('⚫', 'Unavailable'),
}
def draw():
print('\033[2J\033[H', end='')
now = datetime.now().strftime('%H:%M:%S')
print(f'MikoPBX — Presence Monitor [{now}]')
print('─' * 50)
print(f' {"Number":<10} {"Name":<20} {"Status":<15} {"Updated"}')
print('─' * 50)
for number, info in sorted(peers.items()):
icon, label = STATES.get(info['state'], ('❓', info['state']))
print(f' {number:<10} {info["name"]:<20} {icon} {label:<12} {info["updated"]}')
print('─' * 50)
print(f' Employees: {len(peers)}')
async def run():
uri = (
f"wss://{ARI_USER}:{ARI_PASS}@{ARI_HOST}:8089/asterisk/ari/events"
f"?app=auto-receptionist&subscribeAll=true"
)
async with websockets.connect(uri) as ws:
draw()
async for message in ws:
event = json.loads(message)
etype = event.get('type')
if etype == 'DeviceStateChanged':
ds = event.get('device_state', {})
name = ds.get('name', '')
state = ds.get('state', '')
if not name.startswith('PJSIP/'):
continue
number = name.replace('PJSIP/', '')
if number not in peers:
peers[number] = {'name': number, 'state': state, 'updated': '—'}
peers[number]['state'] = state
peers[number]['updated'] = datetime.now().strftime('%H:%M:%S')
draw()
elif etype == 'PeerStatusChange':
ep = event.get('endpoint', {})
number = ep.get('resource', '')
state = ep.get('state', '')
if not number:
continue
if number not in peers:
peers[number] = {'name': number, 'state': 'unknown', 'updated': '—'}
if state == 'online':
peers[number]['state'] = 'NOT_INUSE'
elif state == 'offline':
peers[number]['state'] = 'UNAVAILABLE'
peers[number]['updated'] = datetime.now().strftime('%H:%M:%S')
draw()
elif etype == 'ContactStatusChange':
ep = event.get('endpoint', {})
number = ep.get('resource', '')
ci = event.get('contact_info', {})
status = ci.get('contact_status', '')
if not number:
continue
if number not in peers:
peers[number] = {'name': number, 'state': 'unknown', 'updated': '—'}
if status == 'Reachable':
peers[number]['state'] = 'NOT_INUSE'
elif status in ('Unreachable', 'NonQualified'):
peers[number]['state'] = 'UNAVAILABLE'
peers[number]['updated'] = datetime.now().strftime('%H:%M:%S')
draw()
asyncio.run(run())
MikoPBX — Presence Monitor [11:34:43]
──────────────────────────────────────────────────
Number Name Status Updated
──────────────────────────────────────────────────
202 202 🟢 Available 11:34:25
243 243 ⚫ Unavailable 11:34:43
252 252 🔴 Busy 11:34:41
──────────────────────────────────────────────────
Employees: 3
AWS Terraform Script
Instructions for deploying MikoPBX in AWS via Terraform script
This guide describes deploying MikoPBX in AWS using the Infrastructure as Code (IaC) approach with Terraform. The entire infrastructure — EC2 instance, network rules, disks, and IP address — is declared in code, ensuring reproducibility, versioning, and the ability to quickly redeploy in any environment.
General process:
Download .raw → Upload to S3 → Import as AMI → Deploy via Terraform
Note: AMI image import cannot be performed directly via Terraform — AWS does not support this process through the Terraform provider. A separate bash script is used for the import, after which Terraform uses the created AMI.
Prerequisites
Terraform >= 1.3.0
AWS CLI configured with access keys (aws configure)
Bash (macOS / Linux)
IAM permissions: ec2:*, s3:*, iam:CreateRole, iam:PutRolePolicy
Configuring AWS CLI
Go to the MikoPBX releases page:
Download the latest image with the .raw extension.
Go to the .
Navigate to Services → Storage → S3.
Click Create bucket. Enter a unique bucket name in the Bucket name field. Use default values for all other fields.
Confirm by clicking Create bucket.
Open the created bucket by clicking its name. Click Upload and select the disk image file with the .raw extension.
Click Upload to confirm.
AWS requires a special IAM role vmimport for image imports. Perform these steps once per account.
Create a file trust-policy.json with the following content:
Create a file role-policy.json with the following content:
Replace mikopbx-bucket with your S3 bucket name.
Run the following commands to apply the policies:
Save the script below as import-image.sh and edit the variables DEFAULT_BUCKET, DEFAULT_IMAGE, and DEFAULT_NAME.
import-image.sh
Run the script:
Once complete, the script will output the AMI ID — save it, as it will be needed for Terraform.
Create all of the following files (directory structure):
Below we walk through each file and the content to add to each:
The main configuration file describing all AWS resources to be created: EC2 instance, Security Group, EBS disks, and Elastic IP. By default, the Security Group opens only the ports required for MikoPBX to operate: SSH, HTTP/HTTPS, SIP, and RTP.
Warning: Be sure to configure the Firewall in MikoPBX after your first login!
Declares variables with their types, descriptions, and default values. Does not contain specific values on its own — only the schema.
Defines what data Terraform will output after a successful apply: the web interface URL, and the login and password for the first login. Convenient for quickly retrieving credentials without opening the AWS Console.
Contains the specific variable values for your environment: region, AMI ID, instance type, etc. This is the file that changes when moving between environments (dev/staging/prod).
Note: Specify your own parameters in this file — replace aws_region, instance_name, instance_type, storage_disk_size, allowed_ssh_cidr, create_key_pair, and public_key_path as needed. Be sure to replace custom_ami_id with the ID of the AMI you created earlier.
Make sure all 4 files are created, then run the following commands:
You will see the following output:
Run the following command to preview the configuration:
You will see the configuration that Terraform has parsed and plans to create. Review all parameters, then run:
Enter yes to confirm. Upon successful creation of the MikoPBX instance, the required credentials will be displayed:
After a successful terraform apply:
Copy the URL from the output values.
Open it in your browser: https://<URL>
Use the credentials displayed during infrastructure creation to log in.
⚠️ After logging in, be sure to configure the Firewall in MikoPBX.
⚠️ The AMI and the S3 bucket containing the image are not deleted automatically — they must be removed manually via the AWS Console or CLI if no longer needed.
Error: InvalidAMIID.NotFound
Cause: The AMI exists in a different region.
Solution: Make sure the region in terraform.tfvars matches the region where the import script was run.
Error: OptInRequired during import
Cause: The vmimport role has not been created or lacks the required permissions.
Solution: Repeat the IAM role configuration step.
Error: import status error
Cause: Corrupted .raw file or incorrect format.
Solution: Verify that the original image was downloaded correctly and that the filename in DEFAULT_IMAGE is accurate.
Slow snapshot import
Importing a large image can take 10–30 minutes. The script automatically waits for completion, polling the status every 30 seconds.
==========================================
AMI successfully created: ami-0c8820696110d0613
Use this ID in terraform.tfvars:
custom_ami_id = "ami-0c8820696110d0613"
==========================================
variable "aws_region" {
description = "AWS region"
type = string
default = "us-east-1"
}
variable "custom_ami_id" {
description = "ID of the custom AMI created by import-image.sh"
type = string
# Value must be provided via terraform.tfvars
}
variable "instance_name" {
description = "EC2 instance name"
type = string
default = "mikopbx-vm"
}
variable "instance_type" {
description = "EC2 instance type"
type = string
default = "t3.micro"
}
variable "storage_disk_size" {
description = "Size of the recordings disk (GB)"
type = number
default = 50
}
variable "allowed_ssh_cidr" {
description = "CIDR block for SSH access"
type = string
default = "0.0.0.0/0"
}
variable "create_key_pair" {
description = "Create an SSH Key Pair (true) or use an existing one (false)"
type = bool
default = true
}
variable "public_key_path" {
description = "Path to the public SSH key"
type = string
default = "~/.ssh/id_rsa.pub"
}
variable "existing_key_pair_name" {
description = "Name of an existing Key Pair (if create_key_pair = false)"
type = string
default = ""
}
output "first_login" {
description = "Credentials for the first login to the MikoPBX web interface"
value = <<-EOT
======================================
MikoPBX is ready!
======================================
URL: https://${aws_eip.mikopbx_eip.public_ip}
Login: admin
Password: ${aws_instance.mikopbx.id}
======================================
EOT
}
cd mikopbx-aws-custom # Navigate to the directory with the created files
terraform init
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
# Delete the AMI
aws ec2 deregister-image --image-id ami-0a1b2c3d4e5f67890
# Delete the snapshot (ID can be found in AWS Console → EC2 → Snapshots)
aws ec2 delete-snapshot --snapshot-id snap-xxxxxxxxxxxxxxxxx
# Delete the file from S3
aws s3 rm s3://mikopbx-bucket/mikopbx-2026.1.223-x86_64.raw
# Delete the bucket (if empty)
aws s3 rb s3://mikopbx-bucket
Error: InvalidAMIID.NotFound: The image id 'ami-xxxx' does not exist
MikoPBX Web-Interface (Deployed using terraform in AWS)
REST API Usage Examples
Instructions with examples on creating and using API keys
Working with the REST API follows the OpenAPI standard. To get the current list of endpoints, use the "Documentation" section inside the PBX. Below are examples of working with the main features of the MikoPBX REST interface.
If you do not have a trusted certificate — add verify=False to each request and disable warnings:
It is strongly recommended to issue a trusted certificate. The easiest way to do this is by using the Let's Encrypt module.
Connection
To run all examples in this guide, create an API key and configure the following access permissions (see the general article for details):
Resource
Access Level
Used for
In this article we will be working with Python, so you need to install the required dependencies:
Below is a connection template for accessing the station via an API key. Use it before all scripts in this guide. The API key is passed directly in the request header — no additional authentication is required:
Endpoint:POST /pbxcore/api/v3/employees
The table below lists the parameters for this request.
Field
Req.
Type / constraints
Description
Example API response (HTTP 201):
Possible response codes:
Code
Description
On successful execution, you will see the following console output:
Employees 283 and 284 will be created on the station.
On successful execution, you will see the following console output:
On successful execution, you will see the following console output:
3 employees will be created on the station.
Endpoint:POST /pbxcore/api/v3/sip-providers
Field
Req.
Type
Description
On successful execution, you will see the following console output:
A provider will be created on the station:
On successful execution, you will see the following console output:
Endpoint:GET /pbxcore/api/v3/cdr — read-only.
Parameter
Type
Description
On successful execution, you will see the following console output:
On successful execution, you will see the following console output:
Field
Type
Description
Endpoints:GET /pbxcore/api/v3/sip , GET /pbxcore/api/v3/sip-providers
On successful execution, you will see the following console output:
Employee statuses (status field)
Value
Description
Provider statuses (state field)
Value
Description
Endpoint:GET /pbxcore/api/v3/pbx-status
On successful execution, you will see the following console output:
The full list of endpoints and interactive documentation is available in the section.
Created: 283 (John Smith), id=113
Created: 284 (Anna Johnson), id=114
Process finished with exit code 0
def list_employees(search: str = '', limit: int = 100, offset: int = 0) -> list:
params = {'limit': limit, 'offset': offset}
if search: params['search'] = search
r = requests.get(f'{BASE_URL}/employees', headers=HEADERS, params=params)
return r.json().get('data', {}).get('data', [])
for emp in list_employees():
print(f" {emp.get('number'):>6} {emp.get('user_username', '')}")
202 Brown Brandon
203 Collins Melanie
201 Smith James
283 John Smith
284 Anna Johnson
Process finished with exit code 0
import time
employees = [
{'number': '291', 'name': 'John Smith', 'secret': 'Pass#9201'},
{'number': '292', 'name': 'Anna Johnson', 'secret': 'Pass#9202'},
{'number': '293', 'name': 'Peter Brown', 'secret': 'Pass#9203'},
]
created, failed = [], []
for emp in employees:
r = requests.post(
f'{BASE_URL}/employees',
headers=HEADERS,
json={
'number': emp['number'],
'user_username': emp['name'],
'sip_secret': emp['secret'],
}
)
result = r.json()
if result.get('result'):
created.append(emp['number'])
print(f" {emp['number']} {emp['name']}")
else:
failed.append(emp['number'])
print(f" {emp['number']}: {result.get('messages', {}).get('error', [])}")
time.sleep(0.2) # small pause between requests
print(f'Created: {len(created)}, Errors: {len(failed)}')
291 John Smith
292 Anna Johnson
293 Peter Brown
Created: 3, Errors: 0
Process finished with exit code 0
def create_sip_provider(
description: str,
host: str,
username: str = '',
password: str = '',
registration_type: str = 'outbound',
qualify: bool = True,
) -> dict:
payload = {
'description': description,
'host': host,
}
if username: payload['username'] = username
if password: payload['secret'] = password
if registration_type: payload['registration_type'] = registration_type
if not qualify: payload['qualify'] = qualify
r = requests.post(f'{BASE_URL}/sip-providers', headers=HEADERS, json=payload)
result = r.json()
if result.get('result'):
print(f" Provider created: {description}")
else:
print(f" Error: {result.get('messages', {}).get('error', [])}")
return result
create_sip_provider(
description='Zadarma',
host='sip.zadarma.com',
username='316811',
password='mysecretpass',
)
Provider created: Zadarma
Process finished with exit code 0
def list_providers() -> list:
r = requests.get(f'{BASE_URL}/sip-providers', headers=HEADERS)
return r.json().get('data', [])
for prov in list_providers():
print(f" {prov.get('id'):<20} {prov.get('description', '')} [{prov.get('type', '')}]")
SIP-TRUNK-34F7CAFE [SIP]
SIP-TRUNK-7B5977ED [SIP]
Process finished with exit code 0
from datetime import datetime, timedelta
def get_cdr(
offset: int = 0,
limit: int = 20,
date_from: str = None,
date_to: str = None,
src_num: str = None,
dst_num: str = None,
disposition: str = None,
) -> list:
params = {'offset': offset, 'limit': min(limit, 100)}
if date_from: params['dateFrom'] = date_from
if date_to: params['dateTo'] = date_to
if src_num: params['src_num'] = src_num
if dst_num: params['dst_num'] = dst_num
if disposition: params['disposition'] = disposition
r = requests.get(f'{BASE_URL}/cdr', headers=HEADERS, params=params)
return r.json().get('data', {}).get('records', [])
now = datetime.now()
then = now - timedelta(days=7)
for row in get_cdr(
date_from=then.strftime('%Y-%m-%dT%H:%M:%S'),
date_to=now.strftime('%Y-%m-%dT%H:%M:%S'),
):
print(
str(row.get('start', ''))[:16],
row.get('src_num', ''), '→', row.get('dst_num', ''),
row.get('disposition', ''), row.get('totalBillsec', 0), 's'
)
2026-03-17 13:30 252 → 202 ANSWERED 48 s
2026-03-17 13:30 243 → 252 BUSY 0 s
2026-03-17 13:30 243 → 89161111111 CHANUNAVAIL 0 s
2026-03-17 13:29 202 → 243 NOANSWER 0 s
2026-03-17 13:29 202 → 202 ANSWERED 2 s
2026-03-17 13:29 202 → 243 NOANSWER 0 s
2026-03-17 13:29 202 → 10003246 NOANSWER 0 s
2026-03-17 13:28 202 → 243 NOANSWER 0 s
Process finished with exit code 0
def cdr_stats(days: int = 1) -> dict:
now = datetime.now()
then = now - timedelta(days=days)
records = get_cdr(
date_from=then.strftime('%Y-%m-%dT%H:%M:%S'),
date_to=now.strftime('%Y-%m-%dT%H:%M:%S'),
limit=100
)
answered = [r for r in records if r.get('disposition') == 'ANSWERED']
missed = [r for r in records if r.get('disposition') in ('NO ANSWER', 'NOANSWER')]
total_dur = sum(r.get('totalBillsec', 0) for r in answered)
return {
'total': len(records),
'answered': len(answered),
'missed': len(missed),
'avg_sec': total_dur // len(answered) if answered else 0,
}
stats = cdr_stats(days=7)
print(f"Calls over 7 days: {stats['total']}")
print(f"Answered: {stats['answered']}")
print(f"Missed: {stats['missed']}")
print(f"Avg. duration: {stats['avg_sec']}s")
Calls over 7 days: 13
Answered: 2
Missed: 5
Avg. duration: 25s
Process finished with exit code 0
from datetime import datetime
def show_employees():
r = requests.get(f'{BASE_URL}/sip:getStatuses', headers=HEADERS)
peers = r.json().get('data', {})
for number, info in peers.items():
icon = '🟢' if info.get('status') == 'Available' else '🔴'
print(f" {icon} {number:>6} {info.get('callerid', '')} [{info.get('status', '')}]")
def show_providers():
r = requests.get(f'{BASE_URL}/sip-providers:getStatuses', headers=HEADERS)
providers = r.json().get('data', {}).get('sip', {})
for prov_id, info in providers.items():
icon = '🟢' if info.get('state') == 'registered' else '🔴'
print(f" {icon} {info.get('description', prov_id):>20} {info.get('username', '')}@{info.get('host', '')} [{info.get('state', '')}]")
if __name__ == '__main__':
print(f'MikoPBX Monitor [{datetime.now().strftime("%Y-%m-%d %H:%M:%S")}]')
print('\n── Employees ───────────────────────────────')
show_employees()
print('\n── Providers ───────────────────────────────')
show_providers()
MikoPBX Monitor [2026-03-17 16:47:35]
── Employees ───────────────────────────────
🔴 201 Smith James [Unavailable]
🟢 202 Brown Brandon [Available]
🔴 203 Collins Melanie [Unavailable]
🔴 243 John Smith [Unavailable]
🟢 244 Anna Johnson [Available]
🔴 251 John Smith [Unavailable]
🟢 252 Anna Johnson [Available]
🔴 253 Peter Brown [Unavailable]
── Providers ───────────────────────────────
🔴 Demo provider SIP-PROVIDER-122642725b9265fd7151c@demo.askozia.ru [rejected]
🟢 Zadarma 316811@sip.zadarma.com [registered]
Process finished with exit code 0
Active calls: 1
243 → 252 [John Smith → Anna Johnson]
Process finished with exit code 0
import urllib3
urllib3.disable_warnings()
Interactive Documentation and Endpoint List
Description of documentation and endpoint table for working with REST API in MikoPBX
MikoPBX REST API follows the OpenAPI standard. The interactive documentation is built directly into the PBX and always contains the current list of endpoints, parameters, and schemas for your version of the system.
How to Open the Documentation
Go to "System" → "API Keys".
Section "System" -> "API Keys" in MikoPBX web-interface
Click the "API Documentation" button.
The documentation is built on the OpenAPI standard and provides a complete description of all MikoPBX REST API endpoints.
Endpoint navigation — in the left panel, all endpoints are grouped by section.
For each endpoint, a brief description is shown along with the request method (GET, POST, PUT, PATCH, DELETE) and the endpoint with the PBX address substituted. All available request parameters are displayed below.
Code examples — ready-made request examples in different languages are available for each endpoint. The switcher is located below the parameters panel — Shell / cURL is shown by default, other languages are also available (click the language name to switch — in this guide, Python 3).
A server response example is shown below.
Online request execution — the documentation allows you to send real requests directly from the browser and receive responses from your PBX. The server is determined automatically from the current page address.
At the bottom of the page you will find possible response codes with brief explanations, as well as all body parameters for the selected response.
Base prefix for all paths: /pbxcore/api/v3
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
Method
Path
Description
— exports ban decisions for external bouncers (CrowdSec-compatible). Available starting from MikoPBX 2026.1.76.
